1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd November 14, 2022 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail-specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/etc/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _fib 196.Pq Vt int 197The 198.Xr setfib 1 199value to run the service under. 200.It Ao Ar name Ac Ns Va _group 201.Pq Vt str 202Run the chrooted service under this system group. 203Unlike the 204.Ao Ar name Ac Ns Va _user 205setting, this setting has no effect if the service is not chrooted. 206.It Ao Ar name Ac Ns Va _limits 207.Pq Vt str 208Resource limits to apply to the service using 209.Xr limits 1 . 210By default, resource limits are based on the login class defined in 211.Ao Ar name Ac Ns Va _login_class . 212.It Ao Ar name Ac Ns Va _login_class 213.Pq Vt str 214Login class to be used with 215.Ao Ar name Ac Ns Va _limits . 216Defaults to 217.Dq Li daemon . 218.It Ao Ar name Ac Ns Va _nice 219.Pq Vt int 220The 221.Xr nice 1 222value to run the service under. 223.It Ao Ar name Ac Ns Va _oomprotect 224.Pq Vt str 225Use 226.Xr protect 1 227to prevent the service from being killed when swap space 228is exhausted. 229Use 230.Dq Li YES 231to protect only the service itself, and 232.Dq Li ALL 233to protect the service and all its child processes. 234.Pp 235Please note that rc scripts which redefine 236.Dl ${argument}_cmd 237.Pq see Xr rc.subr 8 238such as PostgreSQL will not inherit the OOM killer protection. 239.Pp 240This variable has no effect on services running within a 241.Xr jail 8 . 242.It Ao Ar name Ac Ns Va _umask 243.Pq Vt int 244Run the service using this 245.Xr umask 1 246value. 247.It Ao Ar name Ac Ns Va _user 248.Pq Vt str 249Run the service under this user account. 250.It Va apm_enable 251.Pq Vt bool 252If set to 253.Dq Li YES , 254enable support for Automatic Power Management with 255the 256.Xr apm 8 257command. 258.It Va apmd_enable 259.Pq Vt bool 260Run 261.Xr apmd 8 262to handle APM event from userland. 263This also enables support for APM. 264.It Va apmd_flags 265.Pq Vt str 266If 267.Va apmd_enable 268is set to 269.Dq Li YES , 270these are the flags to pass to the 271.Xr apmd 8 272daemon. 273.It Va devd_enable 274.Pq Vt bool 275Run 276.Xr devd 8 277to handle device added, removed or unknown events from the kernel. 278.It Va ddb_enable 279.Pq Vt bool 280Run 281.Xr ddb 8 282to install 283.Xr ddb 4 284scripts at boot time. 285.It Va ddb_config 286.Pq Vt str 287Configuration file for 288.Xr ddb 8 . 289Default 290.Pa /etc/ddb.conf . 291.It Va devmatch_enable 292.Pq Vt bool 293If set to 294.Dq Li NO , 295disable auto-loading of kernel modules with 296.Xr devmatch 8 . 297.It Va devmatch_blocklist 298.Pq Vt str 299A whitespace-separated list of kernel modules to be ignored by 300.Xr devmatch 8 . 301In addition, the 302.Xr kenv 1 303.Va devmatch_blocklist 304is appended to this variable to allow disabling of 305.Xr devmatch 8 306loaded modules from the boot loader. 307.It Va devmatch_blacklist 308.Pq Vt str 309This variable is deprecated. 310Use 311.Va devmatch_blocklist 312instead. 313A whitespace-separated list of kernel modules to be ignored by 314.Xr devmatch 8 . 315.It Va kld_list 316.Pq Vt str 317A whitespace-separated list of kernel modules to load right after 318the local disks are mounted, without any 319.Pa .ko 320extension or path. 321Loading modules at this point in the boot process is 322much faster than doing it via 323.Pa /boot/loader.conf 324for those modules not necessary for mounting local disks. 325.It Va kldxref_enable 326.Pq Vt bool 327Set to 328.Dq Li NO 329by default. 330Set to 331.Dq Li YES 332to automatically rebuild 333.Pa linker.hints 334files with 335.Xr kldxref 8 336at boot time. 337.It Va kldxref_clobber 338.Pq Vt bool 339Set to 340.Dq Li NO 341by default. 342If 343.Va kldxref_enable 344is true, 345setting to 346.Dq Li YES 347will overwrite existing 348.Pa linker.hints 349files at boot time. 350Otherwise, 351only missing 352.Pa linker.hints 353files are generated. 354.It Va kldxref_module_path 355.Pq Vt str 356Empty by default. 357A semi-colon 358.Pq Ql \&; 359delimited list of paths containing 360.Xr kld 4 361modules. 362If empty, 363the contents of the 364.Va kern.module_path 365.Xr sysctl 8 366are used. 367.It Va powerd_enable 368.Pq Vt bool 369If set to 370.Dq Li YES , 371enable the system power control facility with the 372.Xr powerd 8 373daemon. 374.It Va powerd_flags 375.Pq Vt str 376If 377.Va powerd_enable 378is set to 379.Dq Li YES , 380these are the flags to pass to the 381.Xr powerd 8 382daemon. 383.It Va tmpmfs 384Controls the creation of a 385.Pa /tmp 386memory file system. 387Always happens if set to 388.Dq Li YES 389and never happens if set to 390.Dq Li NO . 391If set to anything else, a memory file system is created if 392.Pa /tmp 393is not writable. 394.It Va tmpsize 395Controls the size of a created 396.Pa /tmp 397memory file system. 398.It Va tmpmfs_flags 399Extra options passed to the 400.Xr mdmfs 8 401utility when the memory file system for 402.Pa /tmp 403is created. 404The default is 405.Dq Li "-S" , 406which inhibits the use of softupdates on 407.Pa /tmp 408so that file system space is freed without delay 409after file truncation or deletion. 410See 411.Xr mdmfs 8 412for other options you can use in 413.Va tmpmfs_flags . 414.It Va varmfs 415Controls the creation of a 416.Pa /var 417memory file system. 418Always happens if set to 419.Dq Li YES 420and never happens if set to 421.Dq Li NO . 422If set to anything else, a memory file system is created if 423.Pa /var 424is not writable. 425.It Va varsize 426Controls the size of a created 427.Pa /var 428memory file system. 429.It Va varmfs_flags 430Extra options passed to the 431.Xr mdmfs 8 432utility when the memory file system for 433.Pa /var 434is created. 435The default is 436.Dq Li "-S" , 437which inhibits the use of softupdates on 438.Pa /var 439so that file system space is freed without delay 440after file truncation or deletion. 441See 442.Xr mdmfs 8 443for other options you can use in 444.Va varmfs_flags . 445.It Va populate_var 446Controls the automatic population of the 447.Pa /var 448file system. 449Always happens if set to 450.Dq Li YES 451and never happens if set to 452.Dq Li NO . 453If set to anything else, a memory file system is created if 454.Pa /var 455is not writable. 456Note that this process requires access to certain commands in 457.Pa /usr 458before 459.Pa /usr 460is mounted on normal systems. 461.It Va cleanvar_enable 462.Pq Vt bool 463Clean the 464.Pa /var 465directory. 466.It Va var_run_enable 467.Pq Vt bool 468Set to "YES" to enable saving of the 469.Pa /var/run 470directory strcucture into an mtree file at shutdown and the reload of the 471.Pa /var/run 472directory structure at boot. 473.It Va var_run_autosave 474.Pq Vt bool 475In some cases it may be undesirable to save 476.Pa /var/run 477at shutdown. 478When set to "NO" 479.Pa /var/run 480is loaded at reboot but not saved at shutdown. Typically in this scenario 481a 482.Pa service 483.Pa var_run 484.Pa save 485would be performed to save a copy of the 486.Pa /var/run 487directory structure once, to be reload during all subsequent reboots. 488.It Va var_run_mtree 489.Pq Vt str 490Where to save the 491.Pa /var/run 492mtree. The default location is 493.Pa /var/db/mtree/BSD.var-run.mtree . 494.It Va local_startup 495.Pq Vt str 496List of directories to search for startup script files. 497.It Va script_name_sep 498.Pq Vt str 499The field separator to use for breaking down the list of startup script files 500into individual filenames. 501The default is a space. 502It is not necessary to change this unless there are startup scripts with names 503containing spaces. 504.It Va hostapd_enable 505.Pq Vt bool 506Set to 507.Dq Li YES 508to start 509.Xr hostapd 8 510at system boot time. 511.It Va hostname 512.Pq Vt str 513The fully qualified domain name (FQDN) of this host on the network. 514This should almost certainly be set to something meaningful, even if 515there is no network connection. 516If 517.Xr dhclient 8 518is used to set the hostname via DHCP, 519this variable should be set to an empty string. 520Within a 521.Xr jail 8 522the hostname is generally already set and this variable may be absent. 523If this value remains unset when the system is done booting 524your console login will display the default hostname of 525.Dq Amnesiac . 526.It Va nisdomainname 527.Pq Vt str 528The NIS domain name of this host, or 529.Dq Li NO 530if NIS is not used. 531.It Va dhclient_program 532.Pq Vt str 533Path to the DHCP client program 534.Pa ( /sbin/dhclient , 535the 536.Ox 537DHCP client, 538is the default). 539.It Va dhclient_flags 540.Pq Vt str 541Additional flags to pass to the DHCP client program. 542For the 543.Ox 544DHCP client, see the 545.Xr dhclient 8 546manpage for a description of the command line options available. 547.It Va dhclient_flags_ Ns Aq Ar iface 548Additional flags to pass to the DHCP client program running on 549.Ar iface 550only. 551When specified, this variable overrides 552.Va dhclient_flags . 553.It Va background_dhclient 554.Pq Vt bool 555Set to 556.Dq Li YES 557to start the DHCP client in background. 558This can cause trouble with applications depending on 559a working network, but it will provide a faster startup 560in many cases. 561.It Va background_dhclient_ Ns Aq Ar iface 562When specified, this variable overrides the 563.Va background_dhclient 564variable for interface 565.Ar iface 566only. 567.It Va synchronous_dhclient 568.Pq Vt bool 569Set to 570.Dq Li YES 571to start 572.Xr dhclient 8 573synchronously at startup. 574This behavior can be overridden on a per-interface basis by replacing 575the 576.Dq Li DHCP 577keyword in the 578.Va ifconfig_ Ns Aq Ar interface 579variable with 580.Dq Li SYNCDHCP 581or 582.Dq Li NOSYNCDHCP . 583.It Va defaultroute_delay 584.Pq Vt int 585When set to a positive value, wait up to this long after configuring 586DHCP interfaces at startup to give the interfaces time to receive a lease. 587.It Va firewall_enable 588.Pq Vt bool 589Set to 590.Dq Li YES 591to load firewall rules at startup. 592If the kernel was not built with 593.Cd "options IPFIREWALL" , 594the 595.Pa ipfw.ko 596kernel module will be loaded. 597See also 598.Va ipfilter_enable . 599.It Va firewall_script 600.Pq Vt str 601This variable specifies the full path to the firewall script to run. 602The default is 603.Pa /etc/rc.firewall . 604.It Va firewall_type 605.Pq Vt str 606Names the firewall type from the selection in 607.Pa /etc/rc.firewall , 608or the file which contains the local firewall ruleset. 609Valid selections from 610.Pa /etc/rc.firewall 611are: 612.Pp 613.Bl -tag -width ".Li workstation" -compact 614.It Li open 615unrestricted IP access 616.It Li closed 617all IP services disabled, except via 618.Dq Li lo0 619.It Li client 620basic protection for a workstation 621.It Li workstation 622basic protection for a workstation using stateful firewalling 623.It Li simple 624basic protection for a LAN. 625.El 626.Pp 627If a filename is specified, the full path 628must be given. 629.Pp 630Most of the predefined rulesets define additional configuration variables. 631These are documented in 632.Pa /etc/rc.firewall . 633.It Va firewall_quiet 634.Pq Vt bool 635Set to 636.Dq Li YES 637to disable the display of firewall rules on the console during boot. 638.It Va firewall_logging 639.Pq Vt bool 640Set to 641.Dq Li YES 642to enable firewall event logging. 643This is equivalent to the 644.Dv IPFIREWALL_VERBOSE 645kernel option. 646.It Va firewall_logif 647.Pq Vt bool 648Set to 649.Dq Li YES 650to create pseudo interface 651.Li ipfw0 652for logging. 653For more details, see 654.Xr ipfw 8 655manual page. 656.It Va firewall_flags 657.Pq Vt str 658Flags passed to 659.Xr ipfw 8 660if 661.Va firewall_type 662specifies a filename. 663.It Va firewall_coscripts 664.Pq Vt str 665List of executables and/or rc scripts to run after firewall starts/stops. 666Default is empty. 667.\" ----- firewall_nat_enable setting -------------------------------- 668.It Va firewall_nat_enable 669.Pq Vt bool 670The 671.Xr ipfw 8 672equivalent of 673.Va natd_enable . 674Setting this to 675.Dq Li YES 676will automatically load the 677.Xr ipfw 8 678NAT kernel module if 679.Va firewall_enable 680is also set to 681.Dq Li YES . 682.It Va firewall_nat_interface 683.Pq Vt str 684The 685.Xr ipfw 8 686equivalent of 687.Va natd_interface . 688This is the name of the public interface or IP address on which 689kernel NAT should run. 690.It Va firewall_nat_flags 691.Pq Vt str 692Additional configuration parameters for kernel NAT should be placed here. 693.It Va firewall_nat64_enable 694.Pq Vt bool 695Setting this to 696.Dq Li YES 697will automatically load the 698.Xr ipfw 8 699NAT64 kernel module if 700.Va firewall_enable 701is also set to 702.Dq Li YES . 703.It Va firewall_nptv6_enable 704.Pq Vt bool 705Setting this to 706.Dq Li YES 707will automatically load the 708.Xr ipfw 8 709NPTv6 kernel module if 710.Va firewall_enable 711is also set to 712.Dq Li YES . 713.It Va firewall_pmod_enable 714.Pq Vt bool 715Setting this to 716.Dq Li YES 717will automatically load the 718.Xr ipfw 8 719pmod kernel module if 720.Va firewall_enable 721is also set to 722.Dq Li YES . 723.It Va dummynet_enable 724.Pq Vt bool 725Setting this to 726.Dq Li YES 727will automatically load the 728.Xr dummynet 4 729module if 730.Va firewall_enable 731is also set to 732.Dq Li YES . 733.\" ------------------------------------------------------------------- 734.It Va ipfw_netflow_enable 735.Pq Vt bool 736Setting this to 737.Dq Li YES 738will enable netflow logging via 739.Xr ng_netflow 4 740.Pp 741By default a ipfw rule is inserted and all packets are duplicated with 742the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 743port using protocol version 5. 744.It Va ipfw_netflow_hook 745.Pq Vt int 746netflow hook name, must be numerical 747(default 748.Pa 9995 ) . 749.It Va ipfw_netflow_rule 750.Pq Vt int 751ipfw rule number 752(default 753.Pa 1000 ) . 754.It Va ipfw_netflow_ip 755.Pq Vt str 756Destination server ip for receiving netflow data 757(default 758.Pa 127.0.0.1 ) . 759.It Va ipfw_netflow_port 760.Pq Vt int 761Destination server port for receiving netflow data 762(default 763.Pa 9995 ) . 764.It Va ipfw_netflow_version 765.Pq Vt int 766Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 767.It Va ipfw_netflow_fib 768.Pq Vt int 769Only match packet in FIB 770.Pa ipfw_netflow_fib 771(default is undefined meaning all FIBs). 772.It Va natd_program 773.Pq Vt str 774Path to 775.Xr natd 8 . 776.It Va natd_enable 777.Pq Vt bool 778Set to 779.Dq Li YES 780to enable 781.Xr natd 8 . 782.Va firewall_enable 783must also be set to 784.Dq Li YES , 785and 786.Xr divert 4 787sockets must be enabled in the kernel. 788If the kernel was not built with 789.Cd "options IPDIVERT" , 790the 791.Pa ipdivert.ko 792kernel module will be loaded. 793.It Va natd_interface 794.Pq Vt str 795This is the name of the public interface on which 796.Xr natd 8 797should run. 798The interface may be given as an interface name or as an IP address. 799.It Va natd_flags 800.Pq Vt str 801Additional 802.Xr natd 8 803flags should be placed here. 804The 805.Fl n 806or 807.Fl a 808flag is automatically added with the above 809.Va natd_interface 810as an argument. 811.\" ----- ipfilter_enable setting -------------------------------- 812.It Va ipfilter_enable 813.Pq Vt bool 814Set to 815.Dq Li NO 816by default. 817Setting this to 818.Dq Li YES 819enables 820.Xr ipf 8 821packet filtering. 822.Pp 823Typical usage will require putting 824.Bd -literal 825ipfilter_enable="YES" 826ipnat_enable="YES" 827ipmon_enable="YES" 828ipfs_enable="YES" 829.Ed 830.Pp 831into 832.Pa /etc/rc.conf 833and editing 834.Pa /etc/ipf.rules 835and 836.Pa /etc/ipnat.rules 837appropriately. 838.Pp 839Note that 840.Va ipfilter_enable 841and 842.Va ipnat_enable 843can be enabled independently. 844.Va ipmon_enable 845and 846.Va ipfs_enable 847both require at least one of 848.Va ipfilter_enable 849and 850.Va ipnat_enable 851to be enabled. 852.Pp 853Having 854.Bd -literal 855options IPFILTER 856options IPFILTER_LOG 857options IPFILTER_DEFAULT_BLOCK 858.Ed 859.Pp 860in the kernel configuration file is a good idea, too. 861.\" ----- ipfilter_program setting ------------------------------ 862.It Va ipfilter_program 863.Pq Vt str 864Path to 865.Xr ipf 8 866(default 867.Pa /sbin/ipf ) . 868.\" ----- ipfilter_rules setting -------------------------------- 869.It Va ipfilter_rules 870.Pq Vt str 871Set to 872.Pa /etc/ipf.rules 873by default. 874This variable contains the name of the filter rule definition file. 875The file is expected to be readable for the 876.Xr ipf 8 877command to execute. 878.\" ----- ipfilter_flags setting -------------------------------- 879.It Va ipfilter_flags 880.Pq Vt str 881Empty by default. 882This variable contains flags passed to the 883.Xr ipf 8 884program. 885.\" ----- ipnat_enable setting ---------------------------------- 886.It Va ipnat_enable 887.Pq Vt bool 888Set to 889.Dq Li NO 890by default. 891Set it to 892.Dq Li YES 893to enable 894.Xr ipnat 8 895network address translation. 896See 897.Va ipfilter_enable 898for a detailed discussion. 899.\" ----- ipnat_program setting --------------------------------- 900.It Va ipnat_program 901.Pq Vt str 902Path to 903.Xr ipnat 8 904(default 905.Pa /sbin/ipnat ) . 906.\" ----- ipnat_rules setting ----------------------------------- 907.It Va ipnat_rules 908.Pq Vt str 909Set to 910.Pa /etc/ipnat.rules 911by default. 912This variable contains the name of the file 913holding the network address translation definition. 914This file is expected to be readable for the 915.Xr ipnat 8 916command to execute. 917.\" ----- ipnat_flags setting ----------------------------------- 918.It Va ipnat_flags 919.Pq Vt str 920Empty by default. 921This variable contains flags passed to the 922.Xr ipnat 8 923program. 924.\" ----- ipmon_enable setting ---------------------------------- 925.It Va ipmon_enable 926.Pq Vt bool 927Set to 928.Dq Li NO 929by default. 930Set it to 931.Dq Li YES 932to enable 933.Xr ipmon 8 934monitoring (logging 935.Xr ipf 8 936and 937.Xr ipnat 8 938events). 939Setting this variable needs setting 940.Va ipfilter_enable 941or 942.Va ipnat_enable 943too. 944See 945.Va ipfilter_enable 946for a detailed discussion. 947.\" ----- ipmon_program setting --------------------------------- 948.It Va ipmon_program 949.Pq Vt str 950Path to 951.Xr ipmon 8 952(default 953.Pa /sbin/ipmon ) . 954.\" ----- ipmon_flags setting ----------------------------------- 955.It Va ipmon_flags 956.Pq Vt str 957Set to 958.Dq Li -Ds 959by default. 960This variable contains flags passed to the 961.Xr ipmon 8 962program. 963Another typical example would be 964.Dq Fl D Pa /var/log/ipflog 965to have 966.Xr ipmon 8 967log directly to a file bypassing 968.Xr syslogd 8 . 969Make sure to adjust 970.Pa /etc/newsyslog.conf 971in such case like this: 972.Bd -literal 973/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 974.Ed 975.\" ----- ipfs_enable setting ----------------------------------- 976.It Va ipfs_enable 977.Pq Vt bool 978Set to 979.Dq Li NO 980by default. 981Set it to 982.Dq Li YES 983to enable 984.Xr ipfs 8 985saving the filter and NAT state tables during shutdown 986and reloading them during startup again. 987Setting this variable needs setting 988.Va ipfilter_enable 989or 990.Va ipnat_enable 991to 992.Dq Li YES 993too. 994See 995.Va ipfilter_enable 996for a detailed discussion. 997Note that if 998.Va kern_securelevel 999is set to 3, 1000.Va ipfs_enable 1001cannot be used 1002because the raised securelevel will prevent 1003.Xr ipfs 8 1004from saving the state tables at shutdown time. 1005.\" ----- ipfs_program setting ---------------------------------- 1006.It Va ipfs_program 1007.Pq Vt str 1008Path to 1009.Xr ipfs 8 1010(default 1011.Pa /sbin/ipfs ) . 1012.\" ----- ipfs_flags setting ------------------------------------ 1013.It Va ipfs_flags 1014.Pq Vt str 1015Empty by default. 1016This variable contains flags passed to the 1017.Xr ipfs 8 1018program. 1019.\" ----- end of added ipf hook --------------------------------- 1020.It Va pf_enable 1021.Pq Vt bool 1022Set to 1023.Dq Li NO 1024by default. 1025Setting this to 1026.Dq Li YES 1027enables 1028.Xr pf 4 1029packet filtering. 1030.Pp 1031Typical usage will require putting 1032.Pp 1033.Dl pf_enable="YES" 1034.Pp 1035into 1036.Pa /etc/rc.conf 1037and editing 1038.Pa /etc/pf.conf 1039appropriately. 1040Adding 1041.Pp 1042.Dl "device pf" 1043.Pp 1044builds support for 1045.Xr pf 4 1046into the kernel, otherwise the 1047kernel module will be loaded. 1048.It Va pf_rules 1049.Pq Vt str 1050Path to 1051.Xr pf 4 1052ruleset configuration file 1053(default 1054.Pa /etc/pf.conf ) . 1055.It Va pf_program 1056.Pq Vt str 1057Path to 1058.Xr pfctl 8 1059(default 1060.Pa /sbin/pfctl ) . 1061.It Va pf_flags 1062.Pq Vt str 1063If 1064.Va pf_enable 1065is set to 1066.Dq Li YES , 1067these flags are passed to the 1068.Xr pfctl 8 1069program when loading the ruleset. 1070.It Va pf_fallback_rules_enable 1071.Pq Vt bool 1072Set to 1073.Dq Li NO 1074by default. 1075Setting this to 1076.Dq Li YES 1077enables loading 1078.Va pf_fallback_rules_file 1079or 1080.Va pf_fallback_rules 1081in case of a problem when loading the ruleset in 1082.Va pf_rules . 1083.It Va pf_fallback_rules_file 1084.Pq Vt str 1085Path to a pf ruleset to load in case of failure when loading the 1086ruleset in 1087.Va pf_rules 1088(default 1089.Pa /etc/pf-fallback.conf ) . 1090.It Va pf_fallback_rules 1091.Pq Vt str 1092A pf ruleset to load in case of failure when loading the ruleset in 1093.Va pf_rules 1094and 1095.Va pf_fallback_rules_file 1096is not found. 1097Multiple rules can be set as follows: 1098.Bd -literal 1099pf_fallback_rules="\\ 1100 block drop log all\\ 1101 pass in quick on em0" 1102.Pp 1103.Ed 1104The default fallback rule is 1105.Dq block drop log all 1106.It Va pflog_enable 1107.Pq Vt bool 1108Set to 1109.Dq Li NO 1110by default. 1111Setting this to 1112.Dq Li YES 1113enables 1114.Xr pflogd 8 1115which logs packets from the 1116.Xr pf 4 1117packet filter. 1118.It Va pflog_logfile 1119.Pq Vt str 1120If 1121.Va pflog_enable 1122is set to 1123.Dq Li YES 1124this controls where 1125.Xr pflogd 8 1126stores the logfile 1127(default 1128.Pa /var/log/pflog ) . 1129Check 1130.Pa /etc/newsyslog.conf 1131to adjust logfile rotation for this. 1132.It Va pflog_program 1133.Pq Vt str 1134Path to 1135.Xr pflogd 8 1136(default 1137.Pa /sbin/pflogd ) . 1138.It Va pflog_flags 1139.Pq Vt str 1140Empty by default. 1141This variable contains additional flags passed to the 1142.Xr pflogd 8 1143program. 1144.It Va pflog_instances 1145.Pq Vt str 1146If logging to more than one 1147.Xr pflog 4 1148interface is desired, 1149.Va pflog_instances 1150is set to the list of 1151.Xr pflogd 8 1152instances that should be started at system boot time. 1153If 1154.Va pflog_instances 1155is set, for each whitespace-separated 1156.Ar element 1157in the list, 1158.Ao Ar element Ac Ns Va _dev 1159and 1160.Ao Ar element Ac Ns Va _logfile 1161elements are assumed to exist. 1162.Ao Ar element Ac Ns Va _dev 1163must contain the 1164.Xr pflog 4 1165interface to be watched by the named 1166.Xr pflogd 8 1167instance. 1168.Ao Ar element Ac Ns Va _logfile 1169must contain the name of the logfile that will be used by the 1170.Xr pflogd 8 1171instance. 1172.It Va ftpproxy_enable 1173.Pq Vt bool 1174Set to 1175.Dq Li NO 1176by default. 1177Setting this to 1178.Dq Li YES 1179enables 1180.Xr ftp-proxy 8 1181which supports the 1182.Xr pf 4 1183packet filter in translating ftp connections. 1184.It Va ftpproxy_flags 1185.Pq Vt str 1186Empty by default. 1187This variable contains additional flags passed to the 1188.Xr ftp-proxy 8 1189program. 1190.It Va ftpproxy_instances 1191.Pq Vt str 1192Empty by default. 1193If multiple instances of 1194.Xr ftp-proxy 8 1195are desired at boot time, 1196.Va ftpproxy_instances 1197should contain a whitespace-separated list of instance names. 1198For each 1199.Ar element 1200in the list, a variable named 1201.Ao Ar element Ac Ns Va _flags 1202should be defined, containing the command-line flags to be passed to the 1203.Xr ftp-proxy 8 1204instance. 1205.It Va pfsync_enable 1206.Pq Vt bool 1207Set to 1208.Dq Li NO 1209by default. 1210Setting this to 1211.Dq Li YES 1212enables exposing 1213.Xr pf 4 1214state changes to other hosts over the network by means of 1215.Xr pfsync 4 . 1216The 1217.Va pfsync_syncdev 1218variable 1219must also be set then. 1220.It Va pfsync_syncdev 1221.Pq Vt str 1222Empty by default. 1223This variable specifies the name of the network interface 1224.Xr pfsync 4 1225should operate through. 1226It must be set accordingly if 1227.Va pfsync_enable 1228is set to 1229.Dq Li YES . 1230.It Va pfsync_syncpeer 1231.Pq Vt str 1232Empty by default. 1233This variable is optional. 1234By default, state change messages are sent out on the synchronisation 1235interface using IP multicast packets. 1236The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1237224.0.0.240. 1238When a peer address is specified using the 1239.Va pfsync_syncpeer 1240option, the peer address is used as a destination for the pfsync 1241traffic, and the traffic can then be protected using 1242.Xr ipsec 4 . 1243See the 1244.Xr pfsync 4 1245manpage for more details about using 1246.Xr ipsec 4 1247with 1248.Xr pfsync 4 1249interfaces. 1250.It Va pfsync_ifconfig 1251.Pq Vt str 1252Empty by default. 1253This variable can contain additional options to be passed to the 1254.Xr ifconfig 8 1255command used to set up 1256.Xr pfsync 4 . 1257.It Va tcp_extensions 1258.Pq Vt bool 1259Set to 1260.Dq Li YES 1261by default. 1262Setting this to 1263.Dq Li NO 1264disables certain TCP options as described by 1265.Rs 1266.%T "RFC 1323" 1267.Re 1268Setting this to 1269.Dq Li NO 1270might help remedy such problems with connections as randomly hanging 1271or other weird behavior. 1272Some network devices are known 1273to be broken with respect to these options. 1274.It Va log_in_vain 1275.Pq Vt int 1276Set to 0 by default. 1277The 1278.Xr sysctl 8 1279variables, 1280.Va net.inet.tcp.log_in_vain 1281and 1282.Va net.inet.udp.log_in_vain , 1283as described in 1284.Xr tcp 4 1285and 1286.Xr udp 4 , 1287are set to the given value. 1288.It Va tcp_keepalive 1289.Pq Vt bool 1290Set to 1291.Dq Li YES 1292by default. 1293Setting to 1294.Dq Li NO 1295will disable probing idle TCP connections to verify that the 1296peer is still up and reachable. 1297.It Va tcp_drop_synfin 1298.Pq Vt bool 1299Set to 1300.Dq Li NO 1301by default. 1302Setting to 1303.Dq Li YES 1304will cause the kernel to ignore TCP frames that have both 1305the SYN and FIN flags set. 1306This prevents OS fingerprinting, but may 1307break some legitimate applications. 1308.It Va icmp_drop_redirect 1309.Pq Vt bool 1310Set to 1311.Dq Li AUTO 1312by default. 1313This setting will be identical to 1314.Dq Li YES , 1315if a dynamicrouting daemon is enabled, because redirect processing may 1316cause performance issues for large routing tables. 1317If no such service is enabled, this setting behaves like a 1318.Dq Li NO . 1319Setting to 1320.Dq Li YES 1321will cause the kernel to ignore ICMP REDIRECT packets. 1322Setting to 1323.Dq Li NO 1324will cause the kernel to process ICMP REDIRECT packets. 1325Refer to 1326.Xr icmp 4 1327for more information. 1328.It Va icmp_log_redirect 1329.Pq Vt bool 1330Set to 1331.Dq Li NO 1332by default. 1333Setting to 1334.Dq Li YES 1335will cause the kernel to log ICMP REDIRECT packets. 1336Note that 1337the log messages are not rate-limited, so this option should only be used 1338for troubleshooting networks. 1339Refer to 1340.Xr icmp 4 1341for more information. 1342.It Va icmp_bmcastecho 1343.Pq Vt bool 1344Set to 1345.Dq Li YES 1346to respond to broadcast or multicast ICMP ping packets. 1347Refer to 1348.Xr icmp 4 1349for more information. 1350.It Va ip_portrange_first 1351.Pq Vt int 1352If not set to 1353.Dq Li NO , 1354this is the first port in the default portrange. 1355Refer to 1356.Xr ip 4 1357for more information. 1358.It Va ip_portrange_last 1359.Pq Vt int 1360If not set to 1361.Dq Li NO , 1362this is the last port in the default portrange. 1363Refer to 1364.Xr ip 4 1365for more information. 1366.It Va network_interfaces 1367.Pq Vt str 1368Set to the list of network interfaces to configure on this host or 1369.Dq Li AUTO 1370(the default) for all current interfaces. 1371Setting the 1372.Va network_interfaces 1373variable to anything other than the default is deprecated. 1374Interfaces that the administrator wishes to store configuration for, 1375but not start at boot should be configured with the 1376.Dq Li NOAUTO 1377keyword in their 1378.Va ifconfig_ Ns Aq Ar interface 1379variables as described below. 1380.Pp 1381An 1382.Va ifconfig_ Ns Aq Ar interface 1383variable is also assumed to exist for each value of 1384.Ar interface . 1385When an interface name contains any of the characters 1386.Dq Li .-/+ 1387they are translated to 1388.Dq Li _ 1389before lookup. 1390The variable can contain arguments to 1391.Xr ifconfig 8 , 1392as well as special case-insensitive keywords described below. 1393Such keywords are removed before passing the value to 1394.Xr ifconfig 8 1395while the order of the other arguments is preserved. 1396.Pp 1397It is possible to add IP alias entries using 1398.Xr ifconfig 8 1399syntax with the address family keyword such as 1400.Li inet . 1401Assuming that the interface in question was 1402.Li em0 , 1403it might look something like this: 1404.Bd -literal 1405ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1406ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1407.Ed 1408.Pp 1409It also possible to configure multiple IP addresses in Classless 1410Inter-Domain Routing 1411.Pq CIDR 1412address notation, 1413whose each address component can be a range like 1414.Li inet 192.0.2.5-23/24 1415or 1416.Li inet6 2001:db8:1-f::1/64 . 1417This notation allows address and prefix length part only, 1418not the other address modifiers. 1419Note that the maximum number of the generated addresses from a range 1420specification is limited to an integer value specified in 1421.Va netif_ipexpand_max 1422in 1423.Nm 1424because a small typo can unexpectedly generate a large number of addresses. 1425The default value is 1426.Li 2048 . 1427It can be increased by adding the following line into 1428.Nm : 1429.Bd -literal 1430netif_ipexpand_max="4096" 1431.Ed 1432.Pp 1433In the case of 1434.Li 192.0.2.5-23/24 , 1435the address 192.0.2.5 will be configured with the 1436netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1437the non-conflicting netmask /32 as explained in the 1438.Xr ifconfig 8 1439alias section. 1440Note that this special netmask handling is only for 1441.Li inet , 1442not for the other address families such as 1443.Li inet6 . 1444.Pp 1445With the interface in question being 1446.Li em0 , 1447an example could look like: 1448.Bd -literal 1449ifconfig_em0_alias2="inet 192.0.2.129/27" 1450ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1451.Ed 1452.Pp 1453and so on. 1454.Pp 1455Note that deprecated 1456.Va ipv4_addrs_ Ns Aq Ar interface 1457variable was supported for IPv4 CIDR address notation. 1458The 1459.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1460variable replaces it, though 1461.Va ipv4_addrs_ Ns Aq Ar interface 1462is still supported for backward compatibility. 1463.Pp 1464For each 1465.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1466entry with an address family keyword, 1467its contents are passed to 1468.Xr ifconfig 8 . 1469Execution stops at the first unsuccessful access, so if 1470something like this is present: 1471.Bd -literal 1472ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1473ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1474ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1475ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1476.Ed 1477.Pp 1478Then note that alias4 would 1479.Em not 1480be added since the search would 1481stop with the missing 1482.Dq Li alias3 1483entry. 1484Because of this difficult to manage behavior, 1485there is 1486.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1487variable, which has the same functionality as 1488.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1489and can have all of entries in a variable like the following: 1490.Bd -literal 1491ifconfig_em0_aliases="\\ 1492 inet 127.0.0.251 netmask 0xffffffff \\ 1493 inet 127.0.0.252 netmask 0xffffffff \\ 1494 inet 127.0.0.253 netmask 0xffffffff \\ 1495 inet 127.0.0.254 netmask 0xffffffff" 1496.Ed 1497.Pp 1498It also supports CIDR notation. 1499.Pp 1500If the 1501.Pa /etc/start_if . Ns Aq Ar interface 1502file is present, it is read and executed by the 1503.Xr sh 1 1504interpreter 1505before configuring the interface as specified in the 1506.Va ifconfig_ Ns Aq Ar interface 1507and 1508.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1509variables. 1510.Pp 1511If a 1512.Va vlans_ Ns Aq Ar interface 1513variable is set, 1514a 1515.Xr vlan 4 1516interface will be created for each item in the list with the 1517.Ar vlandev 1518argument set to 1519.Ar interface . 1520If a vlan interface's name is a number, 1521then that number is used as the vlan tag and the new vlan interface is 1522named 1523.Ar interface . Ns Ar tag . 1524Otherwise, 1525the vlan tag must be specified via a 1526.Va vlan 1527parameter in the 1528.Va create_args_ Ns Aq Ar interface 1529variable. 1530.Pp 1531To create a vlan device named 1532.Li em0.101 1533on 1534.Li em0 1535with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1536.Bd -literal 1537vlans_em0="101" 1538ifconfig_em0_101="inet 192.0.2.1/24" 1539.Ed 1540.Pp 1541To create a vlan device named 1542.Li myvlan 1543on 1544.Li em0 1545with the vlan tag 102: 1546.Bd -literal 1547vlans_em0="myvlan" 1548create_args_myvlan="vlan 102" 1549.Ed 1550.Pp 1551If a 1552.Va wlans_ Ns Aq Ar interface 1553variable is set, 1554an 1555.Xr wlan 4 1556interface will be created for each item in the list with the 1557.Ar wlandev 1558argument set to 1559.Ar interface . 1560Further wlan cloning arguments may be passed to the 1561.Xr ifconfig 8 1562.Cm create 1563command by setting the 1564.Va create_args_ Ns Aq Ar interface 1565variable. 1566One or more 1567.Xr wlan 4 1568devices must be created for each wireless devices as of 1569.Fx 8.0 . 1570Debugging flags for 1571.Xr wlan 4 1572devices as set by 1573.Xr wlandebug 8 1574may be specified with an 1575.Va wlandebug_ Ns Aq Ar interface 1576variable. 1577The contents of this variable will be passed directly to 1578.Xr wlandebug 8 . 1579.Pp 1580If the 1581.Va ifconfig_ Ns Aq Ar interface 1582contains the keyword 1583.Dq Li NOAUTO 1584then the interface will not be configured 1585at boot or by 1586.Pa /etc/pccard_ether 1587when 1588.Va network_interfaces 1589is set to 1590.Dq Li AUTO . 1591.Pp 1592It is possible to bring up an interface with DHCP by adding 1593.Dq Li DHCP 1594to the 1595.Va ifconfig_ Ns Aq Ar interface 1596variable. 1597For instance, to initialize the 1598.Li em0 1599device via DHCP, 1600it is possible to use something like: 1601.Bd -literal 1602ifconfig_em0="DHCP" 1603.Ed 1604.Pp 1605If you want to configure your wireless interface with 1606.Xr wpa_supplicant 8 1607for use with WPA, EAP/LEAP or WEP, you need to add 1608.Dq Li WPA 1609to the 1610.Va ifconfig_ Ns Aq Ar interface 1611variable. 1612.Pp 1613On the other hand, if you want to configure your wireless interface with 1614.Xr hostapd 8 , 1615you need to add 1616.Dq Li HOSTAP 1617to the 1618.Va ifconfig_ Ns Aq Ar interface 1619variable. 1620.Xr hostapd 8 1621will use the settings from 1622.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1623.Pp 1624Finally, you can add 1625.Xr ifconfig 8 1626options in this variable, in addition to the 1627.Pa /etc/start_if . Ns Aq Ar interface 1628file. 1629For instance, to configure an 1630.Xr ath 4 1631wireless device in station mode with an address obtained 1632via DHCP, using WPA authentication and 802.11b mode, it is 1633possible to use something like: 1634.Bd -literal 1635wlans_ath0="wlan0" 1636ifconfig_wlan0="DHCP WPA mode 11b" 1637.Ed 1638.Pp 1639In addition to the 1640.Va ifconfig_ Ns Aq Ar interface 1641form, a fallback variable 1642.Va ifconfig_DEFAULT 1643may be configured. 1644It will be used for all interfaces with no 1645.Va ifconfig_ Ns Aq Ar interface 1646variable. 1647This is intended to replace the no longer supported 1648.Va pccard_ifconfig 1649variable. 1650.Pp 1651It is also possible to rename an interface by doing: 1652.Bd -literal 1653ifconfig_em0_name="net0" 1654ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1655.Ed 1656.It Va ipv6_enable 1657.Pq Vt bool 1658This variable is deprecated. 1659Use 1660.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1661and 1662.Va ipv6_activate_all_interfaces 1663if necessary. 1664.Pp 1665If the variable is 1666.Dq Li YES , 1667.Dq Li inet6 accept_rtadv 1668is added to all of 1669.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1670and the 1671.Va ipv6_activate_all_interfaces 1672is defined as 1673.Dq Li YES . 1674.It Va ipv6_prefer 1675.Pq Vt bool 1676This variable is deprecated. 1677Use 1678.Va ip6addrctl_policy 1679instead. 1680.Pp 1681If the variable is 1682.Dq Li YES , 1683the default address selection policy table set by 1684.Xr ip6addrctl 8 1685will be IPv6-preferred. 1686.Pp 1687If the variable is 1688.Dq Li NO , 1689the default address selection policy table set by 1690.Xr ip6addrctl 8 1691will be IPv4-preferred. 1692.It Va ipv6_activate_all_interfaces 1693.Pq Vt bool 1694This controls initial configuration on IPv6-capable 1695interfaces with no corresponding 1696.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1697variable. 1698Note that it is not always necessary to set this variable to 1699.Dq YES 1700to use IPv6 functionality on 1701.Fx . 1702In most cases, just configuring 1703.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1704variables works. 1705.Pp 1706If the variable is 1707.Dq Li NO , 1708all interfaces which do not have a corresponding 1709.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1710variable will be marked as 1711.Dq Li IFDISABLED 1712at creation. 1713This means that all of IPv6 functionality on that interface 1714is completely disabled to enforce a security policy. 1715If the variable is set to 1716.Dq YES , 1717the flag will be cleared on all of the interfaces. 1718.Pp 1719In most cases, just defining an 1720.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1721for an IPv6-capable interface should be sufficient. 1722However, if an interface is added dynamically 1723.Pq by some tunneling protocols such as PPP, for example , 1724it is often difficult to define the variable in advance. 1725In such a case, configuring the 1726.Dq Li IFDISABLED 1727flag can be disabled by setting this variable to 1728.Dq YES . 1729.Pp 1730For more details of the 1731.Dq Li IFDISABLED 1732flag and keywords 1733.Dq Li inet6 ifdisabled , 1734see 1735.Xr ifconfig 8 . 1736.Pp 1737Default is 1738.Dq Li NO . 1739.It Va ipv6_privacy 1740.Pq Vt bool 1741If the variable is 1742.Dq Li YES 1743privacy addresses will be generated for each IPv6 1744interface as described in RFC 4941. 1745.It Va ipv6_network_interfaces 1746.Pq Vt str 1747This is the IPv6 equivalent of 1748.Va network_interfaces . 1749Normally manual configuration of this variable is not needed. 1750.It Va ipv6_cpe_wanif 1751.Pq Vt str 1752If the variable is set to an interface name, 1753the 1754.Xr ifconfig 8 1755options 1756.Dq inet6 -no_radr accept_rtadv 1757will be added to the specified interface automatically before evaluating 1758.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1759and two 1760.Xr sysctl 8 1761variables 1762.Va net.inet6.ip6.rfc6204w3 1763and 1764.Va net.inet6.ip6.no_radr 1765will be set to 1. 1766.Pp 1767This means the specified interface will accept ICMPv6 Router 1768Advertisement messages on that link and add the discovered 1769routers into the Default Router List. 1770While the other interfaces can still accept RA messages if the 1771.Dq inet6 accept_rtadv 1772option is specified, adding 1773routes into the Default Router List will be disabled by 1774.Dq inet6 no_radr 1775option by default. 1776See 1777.Xr ifconfig 8 1778for more details. 1779.Pp 1780Note that ICMPv6 Router Advertisement messages will be 1781accepted even when 1782.Va net.inet6.ip6.forwarding 1783is 1 1784.Pq packet forwarding is enabled 1785when 1786.Va net.inet6.ip6.rfc6204w3 1787is set to 1. 1788.Pp 1789Default is 1790.Dq Li NO . 1791.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1792.Pq Vt str 1793This assigns arbitrary description to an interface. 1794The 1795.Xr sysctl 8 1796variable 1797.Va net.ifdescr_maxlen 1798limits its length. 1799This static setting may be overridden by commands 1800started with dynamic interface configuration utilities 1801like 1802.Xr dhclient 8 1803hooks. 1804The description can be seen with 1805.Xr ifconfig 8 1806command and it may be exported with 1807.Xr bsnmpd 1 1808daemon using its MIB-2 module. 1809.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1810.Pq Vt str 1811IPv6 functionality on an interface should be configured by 1812.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1813instead of setting ifconfig parameters in 1814.Va ifconfig_ Ns Aq Ar interface . 1815If this variable is empty, all of IPv6 configurations on the 1816specified interface by other variables such as 1817.Va ipv6_prefix_ Ns Ao Ar interface Ac 1818will be ignored. 1819.Pp 1820Aliases should be set by 1821.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1822with 1823.Dq Li inet6 1824keyword. 1825For example: 1826.Bd -literal 1827ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1828ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1829.Ed 1830.Pp 1831Interfaces that have an 1832.Dq Li inet6 accept_rtadv 1833keyword in 1834.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1835setting will be automatically configured by SLAAC 1836.Pq StateLess Address AutoConfiguration 1837described in 1838.Rs 1839.%T "RFC 4862" 1840.Re 1841.Pp 1842Note that a link-local address will be automatically configured in 1843addition to the configured global-scope addresses because the IPv6 1844specifications require it on each link. 1845The address is calculated from the MAC address by using an algorithm 1846defined in 1847.Rs 1848.%T "RFC 4862" 1849.%O "Section 5.3" 1850.Re 1851.Pp 1852If only a link-local address is needed on the interface, 1853the following configuration can be used: 1854.Bd -literal 1855ifconfig_em0_ipv6="inet6 auto_linklocal" 1856.Ed 1857.Pp 1858A link-local address can also be configured manually. 1859This is useful for the default router address of an IPv6 router 1860so that it does not change when the network interface 1861card is replaced. 1862For example: 1863.Bd -literal 1864ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1865.Ed 1866.It Va ipv6_prefix_ Ns Aq Ar interface 1867.Pq Vt str 1868If one or more prefixes are defined in 1869.Va ipv6_prefix_ Ns Aq Ar interface 1870addresses based on each prefix and the EUI-64 interface index will be 1871configured on that interface. 1872Note that this variable will be ignored when 1873.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1874is empty. 1875.Pp 1876For example, the following configuration 1877.Bd -literal 1878ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1879.Ed 1880.Pp 1881is equivalent to the following: 1882.Bd -literal 1883ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1884ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1885ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1886ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1887.Ed 1888.Pp 1889These Subnet-Router anycast addresses will be added only when 1890.Va ipv6_gateway_enable 1891is YES. 1892.It Va ipv6_default_interface 1893.Pq Vt str 1894If not set to 1895.Dq Li NO , 1896this is the default output interface for scoped addresses. 1897This works only with ipv6_gateway_enable="NO". 1898.It Va ip6addrctl_enable 1899.Pq Vt bool 1900This variable is to enable configuring default address selection policy table 1901.Pq RFC 3484 . 1902The table can be specified in another variable 1903.Va ip6addrctl_policy . 1904For 1905.Va ip6addrctl_policy 1906the following keywords can be specified: 1907.Dq Li ipv4_prefer , 1908.Dq Li ipv6_prefer , 1909or 1910.Dq Li AUTO . 1911.Pp 1912If 1913.Dq Li ipv4_prefer 1914or 1915.Dq Li ipv6_prefer 1916is specified, 1917.Xr ip6addrctl 8 1918installs a pre-defined policy table described in Section 10.3 1919.Pq IPv4-preferred 1920or 2.1 1921.Pq IPv6-preferred 1922of RFC 3484. 1923.Pp 1924If 1925.Dq Li AUTO 1926is specified, it attempts to read a file 1927.Pa /etc/ip6addrctl.conf 1928first. 1929If this file is found, 1930.Xr ip6addrctl 8 1931reads and installs it. 1932If not found, a policy is automatically set 1933according to 1934.Va ipv6_activate_all_interfaces 1935variable; if the variable is set to 1936.Dq Li YES 1937the IPv6-preferred one is used. 1938Otherwise IPv4-preferred. 1939.Pp 1940The default value of 1941.Va ip6addrctl_enable 1942and 1943.Va ip6addrctl_policy 1944are 1945.Dq Li YES 1946and 1947.Dq Li AUTO , 1948respectively. 1949.It Va cloned_interfaces 1950.Pq Vt str 1951Set to the list of clonable network interfaces to create on this host. 1952Further cloning arguments may be passed to the 1953.Xr ifconfig 8 1954.Cm create 1955command for each interface by setting the 1956.Va create_args_ Ns Aq Ar interface 1957variable. 1958If an interface name is specified with 1959.Dq :sticky 1960keyword, 1961the interface will not be destroyed even when 1962.Pa rc.d/netif 1963script is invoked with 1964.Dq stop 1965argument. 1966This is useful when reconfiguring the interface without destroying it. 1967Entries in 1968.Va cloned_interfaces 1969are automatically appended to 1970.Va network_interfaces 1971for configuration. 1972.It Va cloned_interfaces_sticky 1973.Pq Vt bool 1974This variable is to globally enable functionality of 1975.Dq :sticky 1976keyword in 1977.Va cloned_interfaces 1978for all interfaces. 1979The default value is 1980.Dq NO . 1981Even if this variable is specified to 1982.Dq YES , 1983.Dq :nosticky 1984keyword can be used to override it on per interface basis. 1985.It Va gif_interfaces 1986Set to the list of 1987.Xr gif 4 1988tunnel interfaces to configure on this host. 1989A 1990.Va gifconfig_ Ns Aq Ar interface 1991variable is assumed to exist for each value of 1992.Ar interface . 1993The value of this variable is used to configure the link layer of the 1994tunnel using the 1995.Cm tunnel 1996option to 1997.Xr ifconfig 8 . 1998Additionally, this option ensures that each listed interface is created 1999via the 2000.Cm create 2001option to 2002.Xr ifconfig 8 2003before attempting to configure it. 2004.Pp 2005For example, configure two 2006.Xr gif 4 2007interfaces with: 2008.Bd -literal 2009gif_interfaces="gif0 gif1" 2010gifconfig_gif0="100.64.0.1 100.64.0.2" 2011ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 2012gifconfig_gif1="inet6 2a00::1 2a01::1" 2013ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 2014.Ed 2015.It Va ppp_enable 2016.Pq Vt bool 2017If set to 2018.Dq Li YES , 2019run the 2020.Xr ppp 8 2021daemon. 2022.It Va ppp_profile 2023.Pq Vt str 2024The name of the profile to use from 2025.Pa /etc/ppp/ppp.conf . 2026Also used for per-profile overrides of 2027.Va ppp_mode 2028and 2029.Va ppp_nat , 2030and 2031.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 2032When the profile name contains any of the characters 2033.Dq Li .-/+ 2034they are translated to 2035.Dq Li _ 2036for the proposes of the override variable names. 2037.It Va ppp_mode 2038.Pq Vt str 2039Mode in which to run the 2040.Xr ppp 8 2041daemon. 2042.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2043.Pq Vt str 2044Overrides the global 2045.Va ppp_mode 2046for 2047.Ar profile . 2048Accepted modes are 2049.Dq Li auto , 2050.Dq Li ddial , 2051.Dq Li direct 2052and 2053.Dq Li dedicated . 2054See the manual for a full description. 2055.It Va ppp_nat 2056.Pq Vt bool 2057If set to 2058.Dq Li YES , 2059enables network address translation. 2060Used in conjunction with 2061.Va gateway_enable 2062allows hosts on private network addresses access to the Internet using 2063this host as a network address translating router. 2064Default is 2065.Dq Li YES . 2066.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2067.Pq Vt str 2068Overrides the global 2069.Va ppp_nat 2070for 2071.Ar profile . 2072.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2073.Pq Vt int 2074Set the unit number to be used for this profile. 2075See the manual description of 2076.Fl unit Ns Ar N 2077for details. 2078.It Va ppp_user 2079.Pq Vt str 2080The name of the user under which 2081.Xr ppp 8 2082should be started. 2083By 2084default, 2085.Xr ppp 8 2086is started as 2087.Dq Li root . 2088.It Va rc_conf_files 2089.Pq Vt str 2090This option is used to specify a list of files that will override 2091the settings in 2092.Pa /etc/defaults/rc.conf . 2093The files will be read in the order in which they are specified and should 2094include the full path to the file. 2095By default, the files specified are 2096.Pa /etc/rc.conf 2097and 2098.Pa /etc/rc.conf.local 2099.It Va zfs_enable 2100.Pq Vt bool 2101If set to 2102.Dq Li YES , 2103.Pa /etc/rc.d/zfs 2104will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2105(ZVOLs). 2106.It Va zpool_reguid 2107.Pq Vt str 2108A space-separated list of ZFS pool names for which new pool GUIDs should be 2109assigned upon first boot. 2110This is useful when using a ZFS pool copied from a template, such as a virtual 2111machine image. 2112.It Va zpool_upgrade 2113.Pq Vt str 2114A space-separated list of ZFS pool names for which version should be upgraded 2115upon first boot. 2116This is useful when using a ZFS pool generated by the 2117.Xr makefs 8 2118utility. 2119.It Va gptboot_enable 2120.Pq Vt bool 2121If set to 2122.Dq Li YES , 2123.Pa /etc/rc.d/gptboot 2124will log if the system successfully (or not) booted from a GPT partition, 2125which had the 2126.Ar bootonce 2127attribute set using 2128.Xr gpart 8 2129utility. 2130.It Va gbde_autoattach_all 2131.Pq Vt bool 2132If set to 2133.Dq Li YES , 2134.Pa /etc/rc.d/gbde 2135will attempt to automatically initialize your .bde devices in 2136.Pa /etc/fstab . 2137.It Va gbde_devices 2138.Pq Vt str 2139List the devices that the script should try to attach, 2140or 2141.Dq Li AUTO . 2142.It Va gbde_lockdir 2143.Pq Vt str 2144The directory where the 2145.Xr gbde 4 2146lockfiles are located. 2147The default lockfile directory is 2148.Pa /etc . 2149.Pp 2150The lockfile for each individual 2151.Xr gbde 4 2152device can be overridden by setting the variable 2153.Va gbde_lock_ Ns Aq Ar device , 2154where 2155.Ar device 2156is the encrypted device without the 2157.Dq Pa /dev/ 2158and 2159.Dq Pa .bde 2160parts. 2161.It Va gbde_attach_attempts 2162.Pq Vt int 2163Number of times to attempt attaching to a 2164.Xr gbde 4 2165device, i.e., how many times the user is asked for the pass-phrase. 2166Default is 3. 2167.It Va geli_devices 2168.Pq Vt str 2169List of devices to automatically attach on boot. 2170Note that .eli devices from 2171.Pa /etc/fstab 2172are automatically appended to this list. 2173.It Va geli_groups 2174.Pq Vt str 2175List of groups containing devices to automatically attach on boot with the same 2176keyfiles and passphrase. 2177This must be accompanied with a corresponding 2178.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2179variable. 2180.It Va geli_tries 2181.Pq Vt int 2182Number of times user is asked for the pass-phrase. 2183If empty, it will be taken from 2184.Va kern.geom.eli.tries 2185sysctl variable. 2186.It Va geli_default_flags 2187.Pq Vt str 2188Default flags to use by 2189.Xr geli 8 2190when configuring disk encryption. 2191Flags can be configured for every device separately by defining the 2192.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2193variable, and for every group separately by defining the 2194.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2195variable. 2196.It Va geli_autodetach 2197.Pq Vt str 2198Specifies if GELI devices should be marked for detach on last close after 2199file systems are mounted. 2200Default is 2201.Dq Li YES . 2202This can be changed for every device separately by defining the 2203.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2204variable. 2205.It Va root_rw_mount 2206.Pq Vt bool 2207Set to 2208.Dq Li YES 2209by default. 2210After the file systems are checked at boot time, the root file system 2211is remounted as read-write if this is set to 2212.Dq Li YES . 2213Diskless systems that mount their root file system from a read-only remote 2214NFS share should set this to 2215.Dq Li NO 2216in their 2217.Pa rc.conf . 2218.It Va fsck_y_enable 2219.Pq Vt bool 2220If set to 2221.Dq Li YES , 2222.Xr fsck 8 2223will be run with the 2224.Fl y 2225flag if the initial preen 2226of the file systems fails. 2227.It Va background_fsck 2228.Pq Vt bool 2229If set to 2230.Dq Li NO , 2231the system will not attempt to run 2232.Xr fsck 8 2233in the background where possible. 2234.It Va background_fsck_delay 2235.Pq Vt int 2236The amount of time in seconds to sleep before starting a background 2237.Xr fsck 8 . 2238It defaults to sixty seconds to allow large applications such as 2239the X server to start before disk I/O bandwidth is monopolized by 2240.Xr fsck 8 . 2241If set to a negative number, the background file system check will be 2242delayed indefinitely to allow the administrator to run it at a more 2243convenient time. 2244For example it may be run from 2245.Xr cron 8 2246by adding a line like 2247.Pp 2248.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2249.Pp 2250to 2251.Pa /etc/crontab . 2252.It Va netfs_types 2253.Pq Vt str 2254List of file system types that are network-based. 2255This list should generally not be modified by end users. 2256Use 2257.Va extra_netfs_types 2258instead. 2259.It Va extra_netfs_types 2260.Pq Vt str 2261If set to something other than 2262.Dq Li NO 2263(the default), 2264this variable extends the list of file system types 2265for which automatic mounting at startup by 2266.Xr rc 8 2267should be delayed until the network is initialized. 2268It should contain 2269a whitespace-separated list of network file system descriptor pairs, 2270each consisting of a file system type as passed to 2271.Xr mount 8 2272and a human-readable, one-word description, 2273joined with a colon 2274.Pq Ql \&: . 2275Extending the default list in this way is only necessary 2276when third party file system types are used. 2277.It Va syslogd_enable 2278.Pq Vt bool 2279If set to 2280.Dq Li YES , 2281run the 2282.Xr syslogd 8 2283daemon. 2284.It Va syslogd_program 2285.Pq Vt str 2286Path to 2287.Xr syslogd 8 2288(default 2289.Pa /usr/sbin/syslogd ) . 2290.It Va syslogd_flags 2291.Pq Vt str 2292If 2293.Va syslogd_enable 2294is set to 2295.Dq Li YES , 2296these are the flags to pass to 2297.Xr syslogd 8 . 2298.It Va inetd_enable 2299.Pq Vt bool 2300If set to 2301.Dq Li YES , 2302run the 2303.Xr inetd 8 2304daemon. 2305.It Va inetd_program 2306.Pq Vt str 2307Path to 2308.Xr inetd 8 2309(default 2310.Pa /usr/sbin/inetd ) . 2311.It Va inetd_flags 2312.Pq Vt str 2313If 2314.Va inetd_enable 2315is set to 2316.Dq Li YES , 2317these are the flags to pass to 2318.Xr inetd 8 . 2319.It Va hastd_enable 2320.Pq Vt bool 2321If set to 2322.Dq Li YES , 2323run the 2324.Xr hastd 8 2325daemon. 2326.It Va hastd_program 2327.Pq Vt str 2328Path to 2329.Xr hastd 8 2330(default 2331.Pa /sbin/hastd ) . 2332.It Va hastd_flags 2333.Pq Vt str 2334If 2335.Va hastd_enable 2336is set to 2337.Dq Li YES , 2338these are the flags to pass to 2339.Xr hastd 8 . 2340.It Va local_unbound_enable 2341.Pq Vt bool 2342If set to 2343.Dq Li YES , 2344run the 2345.Xr unbound 8 2346daemon as a local caching resolver. 2347.It Va kdc_enable 2348.Pq Vt bool 2349Set to 2350.Dq Li YES 2351to start a Kerberos 5 authentication server 2352at boot time. 2353.It Va kdc_program 2354.Pq Vt str 2355If 2356.Va kdc_enable 2357is set to 2358.Dq Li YES 2359this is the path to Kerberos 5 Authentication Server. 2360.It Va kdc_flags 2361.Pq Vt str 2362Empty by default. 2363This variable contains additional flags to be passed to the Kerberos 5 2364authentication server. 2365.It Va kadmind_enable 2366.Pq Vt bool 2367Set to 2368.Dq Li YES 2369to start 2370.Xr kadmind 8 , 2371the Kerberos 5 Administration Daemon; set to 2372.Dq Li NO 2373on a slave server. 2374.It Va kadmind_program 2375.Pq Vt str 2376If 2377.Va kadmind_enable 2378is set to 2379.Dq Li YES 2380this is the path to Kerberos 5 Administration Daemon. 2381.It Va kpasswdd_enable 2382.Pq Vt bool 2383Set to 2384.Dq Li YES 2385to start 2386.Xr kpasswdd 8 , 2387the Kerberos 5 Password-Changing Daemon; set to 2388.Dq Li NO 2389on a slave server. 2390.It Va kpasswdd_program 2391.Pq Vt str 2392If 2393.Va kpasswdd_enable 2394is set to 2395.Dq Li YES 2396this is the path to Kerberos 5 Password-Changing Daemon. 2397.It Va kfd_enable 2398.Pq Vt bool 2399Set to 2400.Dq Li YES 2401to start 2402.Xr kfd 8 , 2403the Kerberos 5 ticket forwarding daemon, at the boot time. 2404.It Va kfd_program 2405.Pq Vt str 2406Path to 2407.Xr kfd 8 2408(default 2409.Pa /usr/libexec/kfd ) . 2410.It Va rwhod_enable 2411.Pq Vt bool 2412If set to 2413.Dq Li YES , 2414run the 2415.Xr rwhod 8 2416daemon at boot time. 2417.It Va rwhod_flags 2418.Pq Vt str 2419If 2420.Va rwhod_enable 2421is set to 2422.Dq Li YES , 2423these are the flags to pass to it. 2424.It Va update_motd 2425.Pq Vt bool 2426If set to 2427.Dq Li YES , 2428.Pa /etc/motd 2429will be updated at boot time to reflect the kernel release 2430being run. 2431If set to 2432.Dq Li NO , 2433.Pa /etc/motd 2434will not be updated. 2435.It Va nfs_client_enable 2436.Pq Vt bool 2437If set to 2438.Dq Li YES , 2439run the NFS client daemons at boot time. 2440.It Va nfs_access_cache 2441.Pq Vt int 2442If 2443.Va nfs_client_enable 2444is set to 2445.Dq Li YES , 2446this can be set to 2447.Dq Li 0 2448to disable NFS ACCESS RPC caching, or to the number of seconds for which 2449NFS ACCESS 2450results should be cached. 2451A value of 2-10 seconds will substantially reduce network 2452traffic for many NFS operations. 2453.It Va nfs_server_enable 2454.Pq Vt bool 2455If set to 2456.Dq Li YES , 2457run the NFS server daemons at boot time. 2458.It Va nfs_server_flags 2459.Pq Vt str 2460If 2461.Va nfs_server_enable 2462is set to 2463.Dq Li YES , 2464these are the flags to pass to the 2465.Xr nfsd 8 2466daemon. 2467.It Va nfsv4_server_enable 2468.Pq Vt bool 2469If 2470.Va nfs_server_enable 2471is set to 2472.Dq Li YES 2473and 2474.Va nfsv4_server_enable 2475is set to 2476.Dq Li YES , 2477enable the server for NFSv4 as well as NFSv2 and NFSv3. 2478.It Va nfsv4_server_only 2479.Pq Vt bool 2480If 2481.Va nfs_server_enable 2482is set to 2483.Dq Li YES 2484and 2485.Va nfsv4_server_only 2486is set to 2487.Dq Li YES , 2488enable the NFS server for NFSv4 only. 2489.It Va nfs_server_maxio 2490.Pq Vt int 2491value to set vfs.nfsd.srvmaxio to, which is the 2492maximum I/O size for the NFS server. 2493.It Va tlsclntd_enable 2494.Pq Vt bool 2495If set to 2496.Dq Li YES , 2497run the 2498.Xr rpc.tlsclntd 8 2499daemon, which is needed for NFS-over-TLS NFS mounts. 2500.It Va tlsservd_enable 2501.Pq Vt bool 2502If set to 2503.Dq Li YES , 2504run the 2505.Xr rpc.tlsservd 8 2506daemon, which is needed for the 2507.Xr nfsd 8 2508to support NFS-over-TLS NFS mounts. 2509.It Va nfsuserd_enable 2510.Pq Vt bool 2511If 2512.Va nfsuserd_enable 2513is set to 2514.Dq Li YES , 2515run the nfsuserd daemon, which is needed for NFSv4 in order 2516to map between user/group names vs uid/gid numbers. 2517If 2518.Va nfsv4_server_enable 2519is set to 2520.Dq Li YES , 2521this will be forced enabled. 2522.It Va nfsuserd_flags 2523.Pq Vt str 2524If 2525.Va nfsuserd_enable 2526is set to 2527.Dq Li YES , 2528these are the flags to pass to the 2529.Xr nfsuserd 8 2530daemon. 2531.It Va nfscbd_enable 2532.Pq Vt bool 2533If 2534.Va nfscbd_enable 2535is set to 2536.Dq Li YES , 2537run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2538.It Va nfscbd_flags 2539.Pq Vt str 2540If 2541.Va nfscbd_enable 2542is set to 2543.Dq Li YES , 2544these are the flags to pass to the 2545.Xr nfscbd 8 2546daemon. 2547.It Va mountd_enable 2548.Pq Vt bool 2549If set to 2550.Dq Li YES , 2551and no 2552.Va nfs_server_enable 2553is set, start 2554.Xr mountd 8 , 2555but not 2556.Xr nfsd 8 2557daemon. 2558It is commonly needed to run CFS without real NFS used. 2559.It Va mountd_flags 2560.Pq Vt str 2561If 2562.Va mountd_enable 2563is set to 2564.Dq Li YES , 2565these are the flags to pass to the 2566.Xr mountd 8 2567daemon. 2568.It Va weak_mountd_authentication 2569.Pq Vt bool 2570If set to 2571.Dq Li YES , 2572allow services like PCNFSD to make non-privileged mount 2573requests. 2574.It Va nfs_reserved_port_only 2575.Pq Vt bool 2576If set to 2577.Dq Li YES , 2578provide NFS services only on a secure port. 2579.It Va nfs_bufpackets 2580.Pq Vt int 2581If set to a number, indicates the number of packets worth of 2582socket buffer space to reserve on an NFS client. 2583The kernel default is typically 4. 2584Using a higher number may be 2585useful on gigabit networks to improve performance. 2586The minimum value is 25872 and the maximum is 64. 2588.It Va rpc_lockd_enable 2589.Pq Vt bool 2590If set to 2591.Dq Li YES 2592and also an NFS server or client, run 2593.Xr rpc.lockd 8 2594at boot time. 2595.It Va rpc_lockd_flags 2596.Pq Vt str 2597If 2598.Va rpc_lockd_enable 2599is set to 2600.Dq Li YES , 2601these are the flags to pass to the 2602.Xr rpc.lockd 8 2603daemon. 2604.It Va rpc_statd_enable 2605.Pq Vt bool 2606If set to 2607.Dq Li YES 2608and also an NFS server or client, run 2609.Xr rpc.statd 8 2610at boot time. 2611.It Va rpc_statd_flags 2612.Pq Vt str 2613If 2614.Va rpc_statd_enable 2615is set to 2616.Dq Li YES , 2617these are the flags to pass to the 2618.Xr rpc.statd 8 2619daemon. 2620.It Va rpcbind_program 2621.Pq Vt str 2622Path to 2623.Xr rpcbind 8 2624(default 2625.Pa /usr/sbin/rpcbind ) . 2626.It Va rpcbind_enable 2627.Pq Vt bool 2628If set to 2629.Dq Li YES , 2630run the 2631.Xr rpcbind 8 2632service at boot time. 2633.It Va rpcbind_flags 2634.Pq Vt str 2635If 2636.Va rpcbind_enable 2637is set to 2638.Dq Li YES , 2639these are the flags to pass to the 2640.Xr rpcbind 8 2641daemon. 2642.It Va keyserv_enable 2643.Pq Vt bool 2644If set to 2645.Dq Li YES , 2646run the 2647.Xr keyserv 8 2648daemon on boot for running Secure RPC. 2649.It Va keyserv_flags 2650.Pq Vt str 2651If 2652.Va keyserv_enable 2653is set to 2654.Dq Li YES , 2655these are the flags to pass to 2656.Xr keyserv 8 2657daemon. 2658.It Va pppoed_enable 2659.Pq Vt bool 2660If set to 2661.Dq Li YES , 2662run the 2663.Xr pppoed 8 2664daemon at boot time to provide PPP over Ethernet services. 2665.It Va pppoed_ Ns Aq Ar provider 2666.Pq Vt str 2667.Xr pppoed 8 2668listens to requests to this 2669.Ar provider 2670and ultimately runs 2671.Xr ppp 8 2672with a 2673.Ar system 2674argument of the same name. 2675.It Va pppoed_flags 2676.Pq Vt str 2677Additional flags to pass to 2678.Xr pppoed 8 . 2679.It Va pppoed_interface 2680.Pq Vt str 2681The network interface to run 2682.Xr pppoed 8 2683on. 2684This is mandatory when 2685.Va pppoed_enable 2686is set to 2687.Dq Li YES . 2688.It Va ntpdate_enable 2689.Pq Vt bool 2690If set to 2691.Dq Li YES , 2692run 2693.Xr ntpdate 8 2694at system startup. 2695This command is intended to 2696synchronize the system clock only 2697.Em once 2698from some standard reference. 2699.Pp 2700Note that the use of the 2701.Va ntpd_sync_on_start 2702variable is a preferred alternative to the 2703.Xr ntpdate 8 2704utility as 2705.Xr ntpdate 8 2706is to be retired from the NTP distribution. 2707.It Va ntpdate_config 2708.Pq Vt str 2709Configuration file for 2710.Xr ntpdate 8 . 2711Default 2712.Pa /etc/ntp.conf . 2713.It Va ntpdate_hosts 2714.Pq Vt str 2715A whitespace-separated list of NTP servers to synchronize with at startup. 2716The default is to use the servers listed in 2717.Va ntpdate_config , 2718if that file exists. 2719.It Va ntpdate_program 2720.Pq Vt str 2721Path to 2722.Xr ntpdate 8 2723(default 2724.Pa /usr/sbin/ntpdate ) . 2725.It Va ntpdate_flags 2726.Pq Vt str 2727If 2728.Va ntpdate_enable 2729is set to 2730.Dq Li YES , 2731these are the flags to pass to the 2732.Xr ntpdate 8 2733command (typically a hostname). 2734.It Va ntpd_enable 2735.Pq Vt bool 2736If set to 2737.Dq Li YES , 2738run the 2739.Xr ntpd 8 2740command at boot time. 2741.It Va ntpd_program 2742.Pq Vt str 2743Path to 2744.Xr ntpd 8 2745(default 2746.Pa /usr/sbin/ntpd ) . 2747.It Va ntpd_config 2748.Pq Vt str 2749Path to 2750.Xr ntpd 8 2751configuration file. 2752Default 2753.Pa /etc/ntp.conf . 2754.It Va ntpd_flags 2755.Pq Vt str 2756If 2757.Va ntpd_enable 2758is set to 2759.Dq Li YES , 2760these are the flags to pass to the 2761.Xr ntpd 8 2762daemon. 2763.It Va ntpd_sync_on_start 2764.Pq Vt bool 2765If set to 2766.Dq Li YES , 2767.Xr ntpd 8 2768is run with the 2769.Fl g 2770flag, which syncs the system's clock on startup. 2771See 2772.Xr ntpd 8 2773for more information regarding the 2774.Fl g 2775option. 2776This is a preferred alternative to using 2777.Xr ntpdate 8 2778or specifying the 2779.Va ntpdate_enable 2780variable. 2781.It Va nis_client_enable 2782.Pq Vt bool 2783If set to 2784.Dq Li YES , 2785run the 2786.Xr ypbind 8 2787service at system boot time. 2788.It Va nis_client_flags 2789.Pq Vt str 2790If 2791.Va nis_client_enable 2792is set to 2793.Dq Li YES , 2794these are the flags to pass to the 2795.Xr ypbind 8 2796service. 2797.It Va nis_ypldap_enable 2798.Pq Vt bool 2799If set to 2800.Dq Li YES , 2801run the 2802.Xr ypldap 8 2803daemon at system boot time. 2804.It Va nis_ypldap_flags 2805.Pq Vt str 2806If 2807.Va nis.ypldap_enable 2808is set to 2809.Dq Li YES , 2810these are the flags to pass to the 2811.Xr ypldap 8 2812daemon. 2813.It Va nis_ypset_enable 2814.Pq Vt bool 2815If set to 2816.Dq Li YES , 2817run the 2818.Xr ypset 8 2819daemon at system boot time. 2820.It Va nis_ypset_flags 2821.Pq Vt str 2822If 2823.Va nis_ypset_enable 2824is set to 2825.Dq Li YES , 2826these are the flags to pass to the 2827.Xr ypset 8 2828daemon. 2829.It Va nis_server_enable 2830.Pq Vt bool 2831If set to 2832.Dq Li YES , 2833run the 2834.Xr ypserv 8 2835daemon at system boot time. 2836.It Va nis_server_flags 2837.Pq Vt str 2838If 2839.Va nis_server_enable 2840is set to 2841.Dq Li YES , 2842these are the flags to pass to the 2843.Xr ypserv 8 2844daemon. 2845.It Va nis_ypxfrd_enable 2846.Pq Vt bool 2847If set to 2848.Dq Li YES , 2849run the 2850.Xr rpc.ypxfrd 8 2851daemon at system boot time. 2852.It Va nis_ypxfrd_flags 2853.Pq Vt str 2854If 2855.Va nis_ypxfrd_enable 2856is set to 2857.Dq Li YES , 2858these are the flags to pass to the 2859.Xr rpc.ypxfrd 8 2860daemon. 2861.It Va nis_yppasswdd_enable 2862.Pq Vt bool 2863If set to 2864.Dq Li YES , 2865run the 2866.Xr rpc.yppasswdd 8 2867daemon at system boot time. 2868.It Va nis_yppasswdd_flags 2869.Pq Vt str 2870If 2871.Va nis_yppasswdd_enable 2872is set to 2873.Dq Li YES , 2874these are the flags to pass to the 2875.Xr rpc.yppasswdd 8 2876daemon. 2877.It Va rpc_ypupdated_enable 2878.Pq Vt bool 2879If set to 2880.Dq Li YES , 2881run the 2882.Nm rpc.ypupdated 2883daemon at system boot time. 2884.It Va bsnmpd_enable 2885.Pq Vt bool 2886If set to 2887.Dq Li YES , 2888run the 2889.Xr bsnmpd 1 2890daemon at system boot time. 2891Be sure to understand the security implications of running SNMP daemon 2892on your host. 2893.It Va bsnmpd_flags 2894.Pq Vt str 2895If 2896.Va bsnmpd_enable 2897is set to 2898.Dq Li YES , 2899these are the flags to pass to the 2900.Xr bsnmpd 1 2901daemon. 2902.It Va defaultrouter 2903.Pq Vt str 2904If not set to 2905.Dq Li NO , 2906create a default route to this host name or IP address 2907(use an IP address if this router is also required to get to the 2908name server!). 2909.It Va defaultrouter_fibN 2910.Pq Vt str 2911If not set to 2912.Dq Li NO , 2913create a default route in FIB N to this host name or IP address. 2914.It Va ipv6_defaultrouter 2915.Pq Vt str 2916The IPv6 equivalent of 2917.Va defaultrouter . 2918.It Va ipv6_defaultrouter_fibN 2919.Pq Vt str 2920The IPv6 equivalent of 2921.Va defaultrouter_fibN . 2922.It Va static_arp_pairs 2923.Pq Vt str 2924Set to the list of static ARP pairs that are to be added at system 2925boot time. 2926For each whitespace separated 2927.Ar element 2928in the value, a 2929.Va static_arp_ Ns Aq Ar element 2930variable is assumed to exist whose contents will later be passed to a 2931.Dq Nm arp Cm -S 2932operation. 2933For example 2934.Bd -literal 2935static_arp_pairs="gw" 2936static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2937.Ed 2938.It Va static_ndp_pairs 2939.Pq Vt str 2940Set to the list of static NDP pairs that are to be added at system 2941boot time. 2942For each whitespace separated 2943.Ar element 2944in the value, a 2945.Va static_ndp_ Ns Aq Ar element 2946variable is assumed to exist whose contents will later be passed to a 2947.Dq Nm ndp Cm -s 2948operation. 2949For example 2950.Bd -literal 2951static_ndp_pairs="gw" 2952static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2953.Ed 2954.It Va static_routes 2955.Pq Vt str 2956Set to the list of static routes that are to be added at system 2957boot time. 2958If not set to 2959.Dq Li NO 2960then for each whitespace separated 2961.Ar element 2962in the value, a 2963.Va route_ Ns Aq Ar element 2964variable is assumed to exist 2965whose contents will later be passed to a 2966.Dq Nm route Cm add 2967operation. 2968For example: 2969.Bd -literal 2970static_routes="ext mcast:gif0 gif0local:gif0" 2971route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2972route_mcast="-net 224.0.0.0/4 -iface gif0" 2973route_gif0local="-host 169.254.1.1 -iface lo0" 2974.Ed 2975.Pp 2976When an 2977.Ar element 2978is in the form of 2979.Li name:ifname , 2980the route is specific to the interface 2981.Li ifname . 2982.It Va ipv6_static_routes 2983.Pq Vt str 2984The IPv6 equivalent of 2985.Va static_routes . 2986If not set to 2987.Dq Li NO 2988then for each whitespace separated 2989.Ar element 2990in the value, a 2991.Va ipv6_route_ Ns Aq Ar element 2992variable is assumed to exist 2993whose contents will later be passed to a 2994.Dq Nm route Cm add Fl inet6 2995operation. 2996.It Va gateway_enable 2997.Pq Vt bool 2998If set to 2999.Dq Li YES , 3000configure host to act as an IP router, e.g.\& to forward packets 3001between interfaces. 3002.It Va ipv6_gateway_enable 3003.Pq Vt bool 3004The IPv6 equivalent of 3005.Va gateway_enable . 3006.It Va routed_enable 3007.Pq Vt bool 3008If set to 3009.Dq Li YES , 3010run a routing daemon of some sort, based on the 3011settings of 3012.Va routed_program 3013and 3014.Va routed_flags . 3015.It Va route6d_enable 3016.Pq Vt bool 3017The IPv6 equivalent of 3018.Va routed_enable . 3019If set to 3020.Dq Li YES , 3021run a routing daemon of some sort, based on the 3022settings of 3023.Va route6d_program 3024and 3025.Va route6d_flags . 3026.It Va routed_program 3027.Pq Vt str 3028If 3029.Va routed_enable 3030is set to 3031.Dq Li YES , 3032this is the name of the routing daemon to use. 3033.It Va route6d_program 3034.Pq Vt str 3035The IPv6 equivalent of 3036.Va routed_program . 3037.It Va routed_flags 3038.Pq Vt str 3039If 3040.Va routed_enable 3041is set to 3042.Dq Li YES , 3043these are the flags to pass to the routing daemon. 3044.It Va route6d_flags 3045.Pq Vt str 3046The IPv6 equivalent of 3047.Va routed_flags . 3048.It Va rtadvd_enable 3049.Pq Vt bool 3050If set to 3051.Dq Li YES , 3052run the 3053.Xr rtadvd 8 3054daemon at boot time. 3055The 3056.Xr rtadvd 8 3057utility sends ICMPv6 Router Advertisement messages to 3058the interfaces specified in 3059.Va rtadvd_interfaces . 3060This should only be enabled with great care. 3061You may want to fine-tune 3062.Xr rtadvd.conf 5 . 3063.It Va rtadvd_interfaces 3064.Pq Vt str 3065If 3066.Va rtadvd_enable 3067is set to 3068.Dq Li YES 3069this is the list of interfaces to use. 3070.It Va arpproxy_all 3071.Pq Vt bool 3072If set to 3073.Dq Li YES , 3074enable global proxy ARP. 3075.It Va forward_sourceroute 3076.Pq Vt bool 3077If set to 3078.Dq Li YES 3079and 3080.Va gateway_enable 3081is also set to 3082.Dq Li YES , 3083source-routed packets are forwarded. 3084.It Va accept_sourceroute 3085.Pq Vt bool 3086If set to 3087.Dq Li YES , 3088the system will accept source-routed packets directed at it. 3089.It Va rarpd_enable 3090.Pq Vt bool 3091If set to 3092.Dq Li YES , 3093run the 3094.Xr rarpd 8 3095daemon at system boot time. 3096.It Va rarpd_flags 3097.Pq Vt str 3098If 3099.Va rarpd_enable 3100is set to 3101.Dq Li YES , 3102these are the flags to pass to the 3103.Xr rarpd 8 3104daemon. 3105.It Va bootparamd_enable 3106.Pq Vt bool 3107If set to 3108.Dq Li YES , 3109run the 3110.Xr bootparamd 8 3111daemon at system boot time. 3112.It Va bootparamd_flags 3113.Pq Vt str 3114If 3115.Va bootparamd_enable 3116is set to 3117.Dq Li YES , 3118these are the flags to pass to the 3119.Xr bootparamd 8 3120daemon. 3121.It Va stf_interface_ipv4addr 3122.Pq Vt str 3123If not set to 3124.Dq Li NO , 3125this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3126interface). 3127Specify this entry to enable the 6to4 interface. 3128.It Va stf_interface_ipv4plen 3129.Pq Vt int 3130Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3131An effective value is 0-31. 3132.It Va stf_interface_ipv6_ifid 3133.Pq Vt str 3134IPv6 interface ID for 3135.Xr stf 4 . 3136This can be set to 3137.Dq Li AUTO . 3138.It Va stf_interface_ipv6_slaid 3139.Pq Vt str 3140IPv6 Site Level Aggregator for 3141.Xr stf 4 . 3142.It Va ipv6_ipv4mapping 3143.Pq Vt bool 3144If set to 3145.Dq Li YES 3146this enables IPv4 mapped IPv6 address communication (like 3147.Li ::ffff:a.b.c.d ) . 3148.It Va rtsold_enable 3149.Pq Vt bool 3150Set to 3151.Dq Li YES 3152to enable the 3153.Xr rtsold 8 3154daemon to send ICMPv6 Router Solicitation messages. 3155.It Va rtsold_flags 3156.Pq Vt str 3157If 3158.Va rtsold_enable 3159is set to 3160.Dq Li YES , 3161these are the flags to pass to 3162.Xr rtsold 8 . 3163.It Va rtsol_flags 3164.Pq Vt str 3165For interfaces configured with the 3166.Dq Li inet6 accept_rtadv 3167keyword, these are the flags to pass to 3168.Xr rtsol 8 . 3169.Pp 3170Note that 3171.Va rtsold_enable 3172is mutually exclusive to 3173.Va rtsol_flags ; 3174.Va rtsold_enable 3175takes precedence. 3176.It Va keybell 3177.Pq Vt str 3178The keyboard bell sound. 3179Set to 3180.Dq Li normal , 3181.Dq Li visual , 3182.Dq Li off , 3183or 3184.Dq Li NO 3185if the default behavior is desired. 3186For details, refer to the 3187.Xr kbdcontrol 1 3188manpage. 3189.It Va keyboard 3190.Pq Vt str 3191If set to a non-null string, the virtual console's keyboard input is 3192set to this device. 3193.It Va keymap 3194.Pq Vt str 3195If set to 3196.Dq Li NO , 3197no keymap is installed, otherwise the value is used to install 3198the keymap file found in 3199.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3200(if using 3201.Xr syscons 4 ) or 3202.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3203(if using 3204.Xr vt 4 ) . 3205.It Va keyrate 3206.Pq Vt str 3207The keyboard repeat speed. 3208Set to 3209.Dq Li slow , 3210.Dq Li normal , 3211.Dq Li fast , 3212or 3213.Dq Li NO 3214if the default behavior is desired. 3215.It Va keychange 3216.Pq Vt str 3217If not set to 3218.Dq Li NO , 3219attempt to program the function keys with the value. 3220The value should 3221be a single string of the form: 3222.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3223.It Va cursor 3224.Pq Vt str 3225Can be set to the value of 3226.Dq Li normal , 3227.Dq Li blink , 3228.Dq Li destructive , 3229or 3230.Dq Li NO 3231to set the cursor behavior explicitly or choose the default behavior. 3232.It Va scrnmap 3233.Pq Vt str 3234If set to 3235.Dq Li NO , 3236no screen map is installed, otherwise the value is used to install 3237the screen map file in 3238.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3239This parameter is ignored when using 3240.Xr vt 4 3241as the console driver. 3242.It Va font8x16 3243.Pq Vt str 3244If set to 3245.Dq Li NO , 3246the default 8x16 font value is used for screen size requests, otherwise 3247the value in 3248.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3249or 3250.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3251is used (depending on the console driver being used). 3252.It Va font8x14 3253.Pq Vt str 3254If set to 3255.Dq Li NO , 3256the default 8x14 font value is used for screen size requests, otherwise 3257the value in 3258.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3259or 3260.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3261is used (depending on the console driver being used). 3262.It Va font8x8 3263.Pq Vt str 3264If set to 3265.Dq Li NO , 3266the default 8x8 font value is used for screen size requests, otherwise 3267the value in 3268.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3269or 3270.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3271is used (depending on the console driver being used). 3272.It Va blanktime 3273.Pq Vt int 3274If set to 3275.Dq Li NO , 3276the default screen blanking interval is used, otherwise it is set 3277to 3278.Ar value 3279seconds. 3280.It Va saver 3281.Pq Vt str 3282If not set to 3283.Dq Li NO , 3284this is the actual screen saver to use 3285.Li ( blank , snake , daemon , 3286etc). 3287.It Va moused_nondefault_enable 3288.Pq Vt str 3289If set to 3290.Dq Li NO , 3291the mouse device specified on 3292the command line is not automatically treated as enabled by the 3293.Pa /etc/rc.d/moused 3294script. 3295Having this variable set to 3296.Dq Li YES 3297allows a 3298.Xr usb 4 3299mouse, 3300for example, 3301to be enabled as soon as it is plugged in. 3302.It Va moused_enable 3303.Pq Vt str 3304If set to 3305.Dq Li YES , 3306the 3307.Xr moused 8 3308daemon is started for doing cut/paste selection on the console. 3309.It Va moused_type 3310.Pq Vt str 3311This is the protocol type of the mouse connected to this host. 3312This variable must be set if 3313.Va moused_enable 3314is set to 3315.Dq Li YES . 3316The 3317.Xr moused 8 3318daemon 3319is able to detect the appropriate mouse type automatically in many cases. 3320Set this variable to 3321.Dq Li auto 3322to let the daemon detect it, or 3323select one from the following list if the automatic detection fails. 3324.Pp 3325If the mouse is attached to the PS/2 mouse port, choose 3326.Dq Li auto 3327or 3328.Dq Li ps/2 , 3329regardless of the brand and model of the mouse. 3330Likewise, if the 3331mouse is attached to the bus mouse port, choose 3332.Dq Li auto 3333or 3334.Dq Li busmouse . 3335All other protocols are for serial mice and will not work with 3336the PS/2 and bus mice. 3337If this is a USB mouse, 3338.Dq Li auto 3339is the only protocol type which will work. 3340.Pp 3341.Bl -tag -width ".Li x10mouseremote" -compact 3342.It Li microsoft 3343Microsoft mouse (serial) 3344.It Li intellimouse 3345Microsoft IntelliMouse (serial) 3346.It Li mousesystems 3347Mouse systems Corp.\& mouse (serial) 3348.It Li mmseries 3349MM Series mouse (serial) 3350.It Li logitech 3351Logitech mouse (serial) 3352.It Li busmouse 3353A bus mouse 3354.It Li mouseman 3355Logitech MouseMan and TrackMan (serial) 3356.It Li glidepoint 3357ALPS GlidePoint (serial) 3358.It Li thinkingmouse 3359Kensington ThinkingMouse (serial) 3360.It Li ps/2 3361PS/2 mouse 3362.It Li mmhittab 3363MM HitTablet (serial) 3364.It Li x10mouseremote 3365X10 MouseRemote (serial) 3366.It Li versapad 3367Interlink VersaPad (serial) 3368.El 3369.Pp 3370Even if the mouse is not in the above list, it may be compatible 3371with one in the list. 3372Refer to the manual page for 3373.Xr moused 8 3374for compatibility information. 3375.Pp 3376It should also be noted that while this is enabled, any 3377other client of the mouse (such as an X server) should access 3378the mouse through the virtual mouse device, 3379.Pa /dev/sysmouse , 3380and configure it as a 3381.Dq Li sysmouse 3382type mouse, since all 3383mouse data is converted to this single canonical format when 3384using 3385.Xr moused 8 . 3386If the client program does not support the 3387.Dq Li sysmouse 3388type, 3389specify the 3390.Dq Li mousesystems 3391type. 3392It is the second preferred type. 3393.It Va moused_port 3394.Pq Vt str 3395If 3396.Va moused_enable 3397is set to 3398.Dq Li YES , 3399this is the actual port the mouse is on. 3400It might be 3401.Pa /dev/cuau0 3402for a COM1 serial mouse, or 3403.Pa /dev/psm0 3404for a PS/2 mouse, for example. 3405.It Va moused_flags 3406.Pq Vt str 3407If 3408.Va moused_flags 3409is set, its value is used as an additional set of flags to pass to the 3410.Xr moused 8 3411daemon. 3412.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3413When 3414.Va moused_nondefault_enable 3415is enabled, and a 3416.Xr moused 8 3417daemon is started for a non-default port, the 3418.Va "moused_" Ns Ar XXX Ns Va "_flags" 3419set of options has precedence over and replaces the default 3420.Va moused_flags 3421(where 3422.Ar XXX 3423is the name of the non-default port, i.e.,\& 3424.Ar ums0 ) . 3425By setting 3426.Va "moused_" Ns Ar XXX Ns Va "_flags" 3427it is possible to set up a different set of default flags for each 3428.Xr moused 8 3429instance. 3430For example, you can use 3431.Dq Li "-3" 3432for the default 3433.Va moused_flags 3434to make your laptop's touchpad more comfortable to use, 3435but an empty set of options for 3436.Va moused_ums0_flags 3437when your 3438.Xr usb 4 3439mouse has three or more buttons. 3440.It Va mousechar_start 3441.Pq Vt int 3442If set to 3443.Dq Li NO , 3444the default mouse cursor character range 3445.Li 0xd0 Ns - Ns Li 0xd3 3446is used, 3447otherwise the range start is set 3448to 3449.Ar value 3450character, see 3451.Xr vidcontrol 1 . 3452Use if the default range is occupied in the language code table. 3453.It Va allscreens_flags 3454.Pq Vt str 3455If set, 3456.Xr vidcontrol 1 3457is run with these options for each of the virtual terminals 3458.Pq Pa /dev/ttyv* . 3459For example, 3460.Dq Fl m Cm on 3461will enable the mouse pointer on all virtual terminals 3462if 3463.Va moused_enable 3464is set to 3465.Dq Li YES . 3466.It Va allscreens_kbdflags 3467.Pq Vt str 3468If set, 3469.Xr kbdcontrol 1 3470is run with these options for each of the virtual terminals 3471.Pq Pa /dev/ttyv* . 3472For example, 3473.Dq Fl h Li 200 3474will set the 3475.Xr syscons 4 3476or 3477.Xr vt 4 3478scrollback (history) buffer to 200 lines. 3479.It Va cron_enable 3480.Pq Vt bool 3481If set to 3482.Dq Li YES , 3483run the 3484.Xr cron 8 3485daemon at system boot time. 3486.It Va cron_program 3487.Pq Vt str 3488Path to 3489.Xr cron 8 3490(default 3491.Pa /usr/sbin/cron ) . 3492.It Va cron_flags 3493.Pq Vt str 3494If 3495.Va cron_enable 3496is set to 3497.Dq Li YES , 3498these are the flags to pass to 3499.Xr cron 8 . 3500.It Va cron_dst 3501.Pq Vt bool 3502If set to 3503.Dq Li YES , 3504enable the special handling of transitions to and from the 3505Daylight Saving Time in 3506.Xr cron 8 3507(equivalent to using the flag 3508.Fl s ) . 3509.It Va lpd_program 3510.Pq Vt str 3511Path to 3512.Xr lpd 8 3513(default 3514.Pa /usr/sbin/lpd ) . 3515.It Va lpd_enable 3516.Pq Vt bool 3517If set to 3518.Dq Li YES , 3519run the 3520.Xr lpd 8 3521daemon at system boot time. 3522.It Va lpd_flags 3523.Pq Vt str 3524If 3525.Va lpd_enable 3526is set to 3527.Dq Li YES , 3528these are the flags to pass to the 3529.Xr lpd 8 3530daemon. 3531.It Va chkprintcap_enable 3532.Pq Vt bool 3533If set to 3534.Dq Li YES , 3535run the 3536.Xr chkprintcap 8 3537command before starting the 3538.Xr lpd 8 3539daemon. 3540.It Va chkprintcap_flags 3541.Pq Vt str 3542If 3543.Va lpd_enable 3544and 3545.Va chkprintcap_enable 3546are set to 3547.Dq Li YES , 3548these are the flags to pass to the 3549.Xr chkprintcap 8 3550program. 3551The default is 3552.Dq Li -d , 3553which causes missing directories to be created. 3554.It Va dumpdev 3555.Pq Vt str 3556Indicates the device (usually a swap partition) to which a crash dump 3557should be written in the event of a system crash. 3558If the value of this variable is 3559.Dq Li AUTO , 3560the first suitable swap device listed in 3561.Pa /etc/fstab 3562will be used as dump device. 3563Otherwise, the value of this variable is passed as the argument to 3564.Xr dumpon 8 3565and 3566.Xr savecore 8 . 3567To disable crash dumps, set this variable to 3568.Dq Li NO . 3569.It Va dumpon_flags 3570.Pq Vt str 3571Flags to pass to 3572.Xr dumpon 8 3573when configuring 3574.Va dumpdev 3575as the system dump device. 3576.It Va dumpdir 3577.Pq Vt str 3578When the system reboots after a crash and a crash dump is found on the 3579device specified by the 3580.Va dumpdev 3581variable, 3582.Xr savecore 8 3583will save that crash dump and a copy of the kernel to the directory 3584specified by the 3585.Va dumpdir 3586variable. 3587The default value is 3588.Pa /var/crash . 3589Set to 3590.Dq Li NO 3591to not run 3592.Xr savecore 8 3593at boot time when 3594.Va dumpdir 3595is set. 3596.It Va savecore_enable 3597.Pq Vt bool 3598If set to 3599.Dq Li NO , 3600disable automatic extraction of the crash dump from the 3601.Va dumpdev . 3602.It Va savecore_flags 3603.Pq Vt str 3604If crash dumps are enabled, these are the flags to pass to the 3605.Xr savecore 8 3606utility. 3607.It Va quota_enable 3608.Pq Vt bool 3609Set to 3610.Dq Li YES 3611to turn on user and group disk quotas on system startup via the 3612.Xr quotaon 8 3613command for all file systems marked as having quotas enabled in 3614.Pa /etc/fstab . 3615The kernel must be built with 3616.Cd "options QUOTA" 3617for disk quotas to function. 3618.It Va check_quotas 3619.Pq Vt bool 3620Set to 3621.Dq Li YES 3622to enable user and group disk quota checking via the 3623.Xr quotacheck 8 3624command. 3625.It Va quotacheck_flags 3626.Pq Vt str 3627If 3628.Va quota_enable 3629is set to 3630.Dq Li YES , 3631and 3632.Va check_quotas 3633is set to 3634.Dq Li YES , 3635these are the flags to pass to the 3636.Xr quotacheck 8 3637utility. 3638The default is 3639.Dq Li "-a" , 3640which checks quotas for all file systems with quotas enabled in 3641.Pa /etc/fstab . 3642.It Va quotaon_flags 3643.Pq Vt str 3644If 3645.Va quota_enable 3646is set to 3647.Dq Li YES , 3648these are the flags to pass to the 3649.Xr quotaon 8 3650utility. 3651The default is 3652.Dq Li "-a" , 3653which enables quotas for all file systems with quotas enabled in 3654.Pa /etc/fstab . 3655.It Va quotaoff_flags 3656.Pq Vt str 3657If 3658.Va quota_enable 3659is set to 3660.Dq Li YES , 3661these are the flags to pass to the 3662.Xr quotaoff 8 3663utility when shutting down the quota system. 3664The default is 3665.Dq Li "-a" , 3666which disables quotas for all file systems with quotas enabled in 3667.Pa /etc/fstab . 3668.It Va accounting_enable 3669.Pq Vt bool 3670Set to 3671.Dq Li YES 3672to enable system accounting through the 3673.Xr accton 8 3674facility. 3675.It Va firstboot_sentinel 3676.Pq Vt str 3677This variable specifies the full path to a 3678.Dq first boot 3679sentinel file. 3680If a file exists with this path, 3681.Pa rc.d 3682scripts with the 3683.Dq firstboot 3684keyword will be run on startup and the sentinel file will be deleted 3685after the boot process completes. 3686The sentinel file must be located on a writable file system which is 3687mounted no later than 3688.Va early_late_divider 3689to function properly. 3690The default is 3691.Pa /firstboot . 3692.It Va linux_enable 3693.Pq Vt bool 3694Set to 3695.Dq Li YES 3696to enable Linux/ELF binary emulation at system initial 3697boot time. 3698.It Va sysvipc_enable 3699.Pq Vt bool 3700If set to 3701.Dq Li YES , 3702load System V IPC primitives at boot time. 3703.It Va clear_tmp_enable 3704.Pq Vt bool 3705Set to 3706.Dq Li YES 3707to have 3708.Pa /tmp 3709cleaned at startup. 3710.It Va clear_tmp_X 3711.Pq Vt bool 3712Set to 3713.Dq Li NO 3714to disable removing of X11 lock files, 3715and the removal and (secure) recreation 3716of the various socket directories for X11 3717related programs. 3718.It Va ldconfig_paths 3719.Pq Vt str 3720Set to the list of shared library paths to use with 3721.Xr ldconfig 8 . 3722NOTE: 3723.Pa /lib 3724and 3725.Pa /usr/lib 3726will always be added first, so they need not appear in this list. 3727.It Va ldconfig32_paths 3728.Pq Vt str 3729Set to the list of 32-bit compatibility shared library paths to 3730use with 3731.Xr ldconfig 8 . 3732.It Va ldconfig_insecure 3733.Pq Vt bool 3734The 3735.Xr ldconfig 8 3736utility normally refuses to use directories 3737which are writable by anyone except root. 3738Set this variable to 3739.Dq Li YES 3740to disable that security check during system startup. 3741.It Va ldconfig_local_dirs 3742.Pq Vt str 3743Set to the list of local 3744.Xr ldconfig 8 3745directories. 3746The names of all files in the directories listed will be 3747passed as arguments to 3748.Xr ldconfig 8 . 3749.It Va ldconfig_local32_dirs 3750.Pq Vt str 3751Set to the list of local 32-bit compatibility 3752.Xr ldconfig 8 3753directories. 3754The names of all files in the directories listed will be 3755passed as arguments to 3756.Dq Nm ldconfig Fl 32 . 3757.It Va kern_securelevel_enable 3758.Pq Vt bool 3759Set to 3760.Dq Li YES 3761to set the kernel security level at system startup. 3762.It Va kern_securelevel 3763.Pq Vt int 3764The kernel security level to set at startup. 3765The allowed range of 3766.Ar value 3767ranges from \-1 (the compile time default) to 3 (the 3768most secure). 3769See 3770.Xr security 7 3771for the list of possible security levels and their effect 3772on system operation. 3773.It Va sshd_program 3774.Pq Vt str 3775Path to the SSH server program 3776.Pa ( /usr/sbin/sshd 3777is the default). 3778.It Va sshd_enable 3779.Pq Vt bool 3780Set to 3781.Dq Li YES 3782to start 3783.Xr sshd 8 3784at system boot time. 3785.It Va sshd_flags 3786.Pq Vt str 3787If 3788.Va sshd_enable 3789is set to 3790.Dq Li YES , 3791these are the flags to pass to the 3792.Xr sshd 8 3793daemon. 3794.It Va ftpd_program 3795.Pq Vt str 3796Path to the FTP server program 3797.Pa ( /usr/libexec/ftpd 3798is the default). 3799.It Va ftpd_enable 3800.Pq Vt bool 3801Set to 3802.Dq Li YES 3803to start 3804.Xr ftpd 8 3805as a stand-alone daemon at system boot time. 3806.It Va ftpd_flags 3807.Pq Vt str 3808If 3809.Va ftpd_enable 3810is set to 3811.Dq Li YES , 3812these are the additional flags to pass to the 3813.Xr ftpd 8 3814daemon. 3815.It Va watchdogd_enable 3816.Pq Vt bool 3817If set to 3818.Dq Li YES , 3819start the 3820.Xr watchdogd 8 3821daemon at boot time. 3822This requires that the kernel have been compiled with a 3823.Xr watchdog 4 3824compatible device. 3825.It Va watchdogd_flags 3826.Pq Vt str 3827If 3828.Va watchdogd_enable 3829is set to 3830.Dq Li YES , 3831these are the flags passed to the 3832.Xr watchdogd 8 3833daemon. 3834.It Va watchdogd_timeout 3835.Pq Vt int 3836If 3837.Va watchdogd_enable 3838is set to 3839.Dq Li YES , 3840this is a timeout that will be used by the 3841.Xr watchdogd 8 3842daemon. 3843If this option is set, it overrides 3844.Fl t 3845in 3846.Va watchdogd_flags . 3847.It Va watchdogd_shutdown_timeout 3848.Pq Vt int 3849If 3850.Va watchdogd_enable 3851is set to 3852.Dq Li YES , 3853this is a timeout that will be set by the 3854.Xr watchdogd 8 3855daemon when it exits during the system shutdown. 3856This timeout will not be set when returning to the single-user mode 3857or when the watchdogd service is stopped individually using the 3858.Xr service 8 3859command or the rc.d script. 3860Note that the timeout will be applied if 3861.Xr watchdogd 8 3862is stopped outside of 3863.Xr rc 8 3864framework. 3865If this option is set, it overrides 3866.Fl x 3867in 3868.Va watchdogd_flags . 3869.It Va devfs_rulesets 3870.Pq Vt str 3871List of files containing sets of rules for 3872.Xr devfs 8 . 3873.It Va devfs_system_ruleset 3874.Pq Vt str 3875Rule name(s) to apply to the system 3876.Pa /dev 3877itself. 3878.It Va devfs_set_rulesets 3879.Pq Vt str 3880Pairs of already-mounted 3881.Pa dev 3882directories and rulesets that should be applied to them. 3883For example: /mount/dev=ruleset_name 3884.It Va devfs_load_rulesets 3885.Pq Vt bool 3886If set, always load the default rulesets listed in 3887.Va devfs_rulesets . 3888.It Va performance_cx_lowest 3889.Pq Vt str 3890CPU idle state to use while on AC power. 3891The string 3892.Dq Li LOW 3893indicates that 3894.Xr acpi 4 3895should use the lowest power state available while 3896.Dq Li HIGH 3897indicates that the lowest latency state (less power savings) should be used. 3898.It Va performance_cpu_freq 3899.Pq Vt str 3900CPU clock frequency to use while on AC power. 3901The string 3902.Dq Li LOW 3903indicates that 3904.Xr cpufreq 4 3905should use the lowest frequency available while 3906.Dq Li HIGH 3907indicates that the highest frequency (less power savings) should be used. 3908.It Va economy_cx_lowest 3909.Pq Vt str 3910CPU idle state to use when off AC power. 3911The string 3912.Dq Li LOW 3913indicates that 3914.Xr acpi 4 3915should use the lowest power state available while 3916.Dq Li HIGH 3917indicates that the lowest latency state (less power savings) should be used. 3918.It Va economy_cpu_freq 3919.Pq Vt str 3920CPU clock frequency to use when off AC power. 3921The string 3922.Dq Li LOW 3923indicates that 3924.Xr cpufreq 4 3925should use the lowest frequency available while 3926.Dq Li HIGH 3927indicates that the highest frequency (less power savings) should be used. 3928.It Va jail_enable 3929.Pq Vt bool 3930If set to 3931.Dq Li NO , 3932any configured jails will not be started. 3933.It Va jail_conf 3934.Pq Vt str 3935The configuration filename used by 3936.Xr jail 8 3937utility. 3938The default value is 3939.Pa /etc/jail.conf . 3940.Pa /etc/jail. Ns Ao Ar jname Ac Ns Va .conf 3941and 3942.Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf 3943will also be used if 3944.Va Ao Ar jname Ac Va 3945is set in 3946.Va jail_list . 3947.It Va jail_parallel_start 3948.Pq Vt bool 3949If set to 3950.Dq Li YES , 3951all configured jails will be started in the background (in parallel). 3952.It Va jail_flags 3953.Pq Vt str 3954Unset by default. 3955When set, use as default value for 3956.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3957for every jail in 3958.Va jail_list . 3959.It Va jail_list 3960.Pq Vt str 3961A space-delimited list of jail names. 3962When left empty, all of the 3963.Xr jail 8 3964instances defined in the configuration file are started. 3965The names specified in this list control the jail startup order. 3966.Xr jail 8 3967instances missing from 3968.Va jail_list 3969must be started manually. 3970Note that a jail's 3971.Va depend 3972parameter in the configuration file may override this list. 3973.It Va jail_reverse_stop 3974.Pq Vt bool 3975When set to 3976.Dq Li YES , 3977all configured jails in 3978.Va jail_list 3979are stopped in reverse order. 3980.It Va jail_ Ns * variables 3981Note that older releases supported per-jail configuration via 3982.Nm 3983variables. 3984For example, 3985hostname of a jail named 3986.Li vjail 3987was able to be set by 3988.Li jail_vjail_hostname . 3989These per-jail configuration variables are now obsolete in favor of 3990.Xr jail 8 3991configuration file. 3992For backward compatibility, 3993when per-jail configuration variables are defined, 3994.Xr jail 8 3995configuration files are created as 3996.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 3997and used. 3998.Pp 3999The following per-jail parameters are handled by 4000.Pa rc.d/jail 4001script out of their corresponding 4002.Nm 4003variables. 4004In addition to them, parameters in 4005.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4006will be added to the configuration file. 4007They must be a semi-colon 4008.Pq Ql \&; 4009delimited list of 4010.Dq key=value . 4011For more details, 4012see 4013.Xr jail 8 4014manual page. 4015.Bl -tag -width "host.hostname" -offset indent 4016.It Li path 4017set from 4018.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4019.It Li host.hostname 4020set from 4021.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4022.It Li exec.consolelog 4023set from 4024.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 4025The default value is 4026.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 4027.It Li interface 4028set from 4029.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4030.It Li vnet.interface 4031set from 4032.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4033This implies 4034.Li vnet 4035parameter will be enabled and cannot be specified with 4036.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4037.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4038and/or 4039.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4040at the same time. 4041.It Li fstab 4042set from 4043.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4044.It Li mount 4045set from 4046.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4047.It Li exec.fib 4048set from 4049.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4050.It Li exec.start 4051set from 4052.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4053The parameter name was 4054.Li command 4055in some older releases. 4056.It Li exec.prestart 4057set from 4058.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4059.It Li exec.poststart 4060set from 4061.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4062.It Li exec.stop 4063set from 4064.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4065.It Li exec.prestop 4066set from 4067.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4068.It Li exec.poststop 4069set from 4070.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4071.It Li ip4.addr 4072set if 4073.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4074or 4075.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4076contain IPv4 addresses 4077.It Li ip6.addr 4078set if 4079.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4080or 4081.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4082contain IPv6 addresses 4083.It Li allow.mount 4084set from 4085.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4086.It Li mount.devfs 4087set from 4088.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4089.It Li devfs_ruleset 4090set from 4091.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4092This must be an integer, 4093not a string. 4094.It Li mount.fdescfs 4095set from 4096.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4097.It Li allow.set_hostname 4098set from 4099.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4100.It Li allow.rawsocket 4101set from 4102.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4103.It Li allow.sysvipc 4104set from 4105.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4106.El 4107.\" ----------------------------------------------------- 4108.It Va harvest_mask 4109.Pq Vt int 4110Set to a bit-mask 4111representing the entropy sources 4112you wish to harvest. 4113Refer to 4114.Xr random 4 4115for more information. 4116.It Va entropy_dir 4117.Pq Vt str 4118Set to 4119.Dq Li NO 4120to disable caching entropy via 4121.Xr cron 8 . 4122Otherwise set to the directory 4123in which the entropy files are stored. 4124To be useful, 4125there must be 4126a system cron job 4127that regularly writes and rotates 4128files here. 4129All files found 4130will be used at boot time. 4131The default is 4132.Pa /var/db/entropy . 4133.It Va entropy_file 4134.Pq Vt str 4135Set to 4136.Dq Li NO 4137to disable caching entropy through reboots. 4138Otherwise set to the name 4139of a file used to store cached entropy. 4140This file should be located 4141on a file system that is readable 4142before all the volumes specified in 4143.Xr fstab 5 4144are mounted. 4145By default, 4146.Pa /entropy 4147is used, 4148but if 4149.Pa /var/db/entropy-file 4150is found it will also be used. 4151This will be of some use to 4152.Xr bsdinstall 8 . 4153.It Va entropy_boot_file 4154.Pq Vt str 4155Set to 4156.Dq Li NO 4157to disable 4158very early caching entropy 4159through reboots. 4160Otherwise set to the filename 4161used to read 4162very early reboot cached entropy. 4163This file should be located where 4164.Xr loader 8 4165can read it. 4166See also 4167.Xr loader.conf 5 . 4168The default location is 4169.Pa /boot/entropy . 4170.It Va entropy_save_sz 4171.Pq Vt int 4172Size of the entropy cache files saved by 4173.Nm save-entropy 4174periodically. 4175.It Va entropy_save_num 4176.Pq Vt int 4177Number of entropy cache files to save by 4178.Nm save-entropy 4179periodically. 4180.It Va ipsec_enable 4181.Pq Vt bool 4182Set to 4183.Dq Li YES 4184to run 4185.Xr setkey 8 4186on 4187.Va ipsec_file 4188at boot time. 4189.It Va ipsec_file 4190.Pq Vt str 4191Configuration file for 4192.Xr setkey 8 . 4193.It Va dmesg_enable 4194.Pq Vt bool 4195Set to 4196.Dq Li YES 4197to save 4198.Xr dmesg 8 4199to 4200.Pa /var/run/dmesg.boot 4201on boot. 4202.It Va rcshutdown_timeout 4203.Pq Vt int 4204If set, start a watchdog timer in the background which will terminate 4205.Pa rc.shutdown 4206if 4207.Xr shutdown 8 4208has not completed within the specified time (in seconds). 4209Notice that in addition to this soft timeout, 4210.Xr init 8 4211also applies a hard timeout for the execution of 4212.Pa rc.shutdown . 4213This is configured via 4214.Xr sysctl 8 4215variable 4216.Va kern.init_shutdown_timeout 4217and defaults to 120 seconds. 4218Setting the value of 4219.Va rcshutdown_timeout 4220to more than 120 seconds will have no effect until the 4221.Xr sysctl 8 4222variable 4223.Va kern.init_shutdown_timeout 4224is also increased. 4225.It Va virecover_enable 4226.Pq Vt bool 4227Set to 4228.Dq Li NO 4229to prevent the system from trying to 4230recover pre-maturely terminated 4231.Xr vi 1 4232sessions. 4233.It Va ugidfw_enable 4234.Pq Vt bool 4235Set to 4236.Dq Li YES 4237to load the 4238.Xr mac_bsdextended 4 4239module upon system initialization and load a default 4240ruleset file. 4241.It Va bsdextended_script 4242.Pq Vt str 4243The default 4244.Xr mac_bsdextended 4 4245ruleset file to load. 4246The default value of this variable is 4247.Pa /etc/rc.bsdextended . 4248.It Va newsyslog_enable 4249.Pq Vt bool 4250If set to 4251.Dq Li YES , 4252run 4253.Xr newsyslog 8 4254command at startup. 4255.It Va newsyslog_flags 4256.Pq Vt str 4257If 4258.Va newsyslog_enable 4259is set to 4260.Dq Li YES , 4261these are the flags to pass to the 4262.Xr newsyslog 8 4263program. 4264The default is 4265.Dq Li -CN , 4266which causes log files flagged with a 4267.Cm C 4268to be created. 4269.It Va mdconfig_md Ns Aq Ar X 4270.Pq Vt str 4271Arguments to 4272.Xr mdconfig 8 4273for 4274.Xr md 4 4275device 4276.Ar X . 4277At minimum a 4278.Fl t Ar type 4279must be specified and either a 4280.Fl s Ar size 4281for malloc or swap backed 4282.Xr md 4 4283devices or a 4284.Fl f Ar file 4285for vnode backed 4286.Xr md 4 4287devices. 4288Note that 4289.Va mdconfig_md Ns Aq Ar X 4290variables are evaluated until one variable is unset or null. 4291.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4292.Pq Vt str 4293Optional arguments passed to 4294.Xr newfs 8 4295to initialize 4296.Xr md 4 4297device 4298.Ar X . 4299.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4300.Pq Vt str 4301An ownership specification passed to 4302.Xr chown 8 4303after the specified 4304.Xr md 4 4305device 4306.Ar X 4307has been mounted. 4308Both the 4309.Xr md 4 4310device and the mount point will be changed. 4311.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4312.Pq Vt str 4313A mode string passed to 4314.Xr chmod 1 4315after the specified 4316.Xr md 4 4317device 4318.Ar X 4319has been mounted. 4320Both the 4321.Xr md 4 4322device and the mount point will be changed. 4323.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4324.Pq Vt str 4325Files to be copied to the mount point of the 4326.Xr md 4 4327device 4328.Ar X 4329after it has been mounted. 4330.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4331.Pq Vt str 4332Command to execute after the specified 4333.Xr md 4 4334device 4335.Ar X 4336has been mounted. 4337Note that the command is passed to 4338.Ic eval 4339and that both 4340.Va _dev 4341and 4342.Va _mp 4343variables can be used to reference respectively the 4344.Xr md 4 4345device and the mount point. 4346Assuming that the 4347.Xr md 4 4348device is 4349.Li md0 , 4350one could set the following: 4351.Bd -literal 4352mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4353.Ed 4354.It Va autobridge_interfaces 4355.Pq Vt str 4356Set to the list of bridge interfaces that will have newly arriving interfaces 4357checked against to be automatically added. 4358If not set to 4359.Dq Li NO 4360then for each whitespace separated 4361.Ar element 4362in the value, a 4363.Va autobridge_ Ns Aq Ar element 4364variable is assumed to exist which has a whitespace separated list of interface 4365names to match, these names can use wildcards. 4366For example: 4367.Bd -literal 4368autobridge_interfaces="bridge0" 4369autobridge_bridge0="tap* dc0 vlan[345]" 4370.Ed 4371.It Va mixer_enable 4372.Pq Vt bool 4373If set to 4374.Dq Li YES , 4375enable support for sound mixer. 4376.It Va hcsecd_enable 4377.Pq Vt bool 4378If set to 4379.Dq Li YES , 4380enable Bluetooth security daemon. 4381.It Va hcsecd_config 4382.Pq Vt str 4383Configuration file for 4384.Xr hcsecd 8 . 4385Default 4386.Pa /etc/bluetooth/hcsecd.conf . 4387.It Va sdpd_enable 4388.Pq Vt bool 4389If set to 4390.Dq Li YES , 4391enable Bluetooth Service Discovery Protocol daemon. 4392.It Va sdpd_control 4393.Pq Vt str 4394Path to 4395.Xr sdpd 8 4396control socket. 4397Default 4398.Pa /var/run/sdp . 4399.It Va sdpd_groupname 4400.Pq Vt str 4401Sets 4402.Xr sdpd 8 4403group to run as after it initializes. 4404Default 4405.Dq Li nobody . 4406.It Va sdpd_username 4407.Pq Vt str 4408Sets 4409.Xr sdpd 8 4410user to run as after it initializes. 4411Default 4412.Dq Li nobody . 4413.It Va bthidd_enable 4414.Pq Vt bool 4415If set to 4416.Dq Li YES , 4417enable Bluetooth Human Interface Device daemon. 4418.It Va bthidd_config 4419.Pq Vt str 4420Configuration file for 4421.Xr bthidd 8 . 4422Default 4423.Pa /etc/bluetooth/bthidd.conf . 4424.It Va bthidd_hids 4425.Pq Vt str 4426Path to a file, where 4427.Xr bthidd 8 4428will store information about known HID devices. 4429Default 4430.Pa /var/db/bthidd.hids . 4431.It Va rfcomm_pppd_server_enable 4432.Pq Vt bool 4433If set to 4434.Dq Li YES , 4435enable Bluetooth RFCOMM PPP wrapper daemon. 4436.It Va rfcomm_pppd_server_profile 4437.Pq Vt str 4438The name of the profile to use from 4439.Pa /etc/ppp/ppp.conf . 4440Multiple profiles can be specified here. 4441Also used to specify per-profile overrides. 4442When the profile name contains any of the characters 4443.Dq Li .-/+ 4444they are translated to 4445.Dq Li _ 4446for the proposes of the override variable names. 4447.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4448.Pq Vt str 4449Overrides local address to listen on. 4450By default 4451.Xr rfcomm_pppd 8 4452will listen on 4453.Dq Li ANY 4454address. 4455The address can be specified as BD_ADDR or name. 4456.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4457.Pq Vt str 4458Overrides local RFCOMM channel to listen on. 4459By default 4460.Xr rfcomm_pppd 8 4461will listen on RFCOMM channel 1. 4462Must set properly if multiple profiles used in the same time. 4463.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4464.Pq Vt bool 4465Tells 4466.Xr rfcomm_pppd 8 4467if it should register Serial Port service on the specified RFCOMM channel. 4468Default 4469.Dq Li NO . 4470.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4471.Pq Vt bool 4472Tells 4473.Xr rfcomm_pppd 8 4474if it should register Dial-Up Networking service on the specified 4475RFCOMM channel. 4476Default 4477.Dq Li NO . 4478.It Va ubthidhci_enable 4479.Pq Vt bool 4480If set to 4481.Dq Li YES , 4482change the USB Bluetooth controller from HID mode to HCI mode. 4483You also need to specify the location of USB Bluetooth controller with the 4484.Va ubthidhci_busnum 4485and 4486.Va ubthidhci_addr 4487variables. 4488.It Va ubthidhci_busnum 4489Bus number where the USB Bluetooth controller is located. 4490Check the output of 4491.Xr usbconfig 8 4492on your system to find this information. 4493.It Va ubthidhci_addr 4494Bus address of the USB Bluetooth controller. 4495Check the output of 4496.Xr usbconfig 8 4497on your system to find this information. 4498.It Va netwait_enable 4499.Pq Vt bool 4500If set to 4501.Dq Li YES , 4502delays the start of network-reliant services until 4503.Va netwait_if 4504is up and ICMP packets to a destination defined in 4505.Va netwait_ip 4506are flowing. 4507Link state is examined first, followed by 4508.Dq Li pinging 4509an IP address to verify network usability. 4510If no destination can be reached or timeouts are exceeded, 4511network services are started anyway with no guarantee that 4512the network is usable. 4513Use of this variable requires both 4514.Va netwait_ip 4515and 4516.Va netwait_if 4517to be set. 4518.It Va netwait_ip 4519.Pq Vt str 4520Empty by default. 4521This variable contains a space-delimited list of IP addresses to 4522.Xr ping 8 . 4523DNS hostnames should not be used as resolution is not guaranteed 4524to be functional at this point. 4525If multiple IP addresses are specified, 4526each will be tried until one is successful or the list is exhausted. 4527.It Va netwait_timeout 4528.Pq Vt int 4529Indicates the total number of seconds to perform a 4530.Dq Li ping 4531against each IP address in 4532.Va netwait_ip , 4533at a rate of one ping per second. 4534If any of the pings are successful, 4535full network connectivity is considered reliable. 4536The default is 60. 4537.It Va netwait_if 4538.Pq Vt str 4539Empty by default. 4540Defines the name of the network interface on which watch for link. 4541.Xr ifconfig 8 4542is used to monitor the interface, looking for 4543.Dq Li status: no carrier . 4544Once gone, the link is considered up. 4545This can be a 4546.Xr vlan 4 4547interface if desired. 4548.It Va netwait_if_timeout 4549.Pq Vt int 4550Defines the total number of seconds to wait for link to become usable, 4551polled at a 1-second interval. 4552The default is 30. 4553.It Va rctl_enable 4554.Pq Vt bool 4555If set to 4556.Dq Li YES , 4557load 4558.Xr rctl 8 4559rules from the defined ruleset. 4560The kernel must be built with 4561.Cd "options RACCT" 4562and 4563.Cd "options RCTL" . 4564.It Va rctl_rules 4565.Pq Vt str 4566Set to 4567.Pa /etc/rctl.conf 4568by default. 4569This variables contains the 4570.Xr rctl.conf 5 4571ruleset to load for 4572.Xr rctl 8 . 4573.It Va iovctl_files 4574.Pq Vt str 4575A space-separated list of configuration files used by 4576.Xr iovctl 8 . 4577The default value is an empty string. 4578.It Va autofs_enable 4579.Pq Vt bool 4580If set to 4581.Dq Li YES , 4582start the 4583.Xr automount 8 4584utility and the 4585.Xr automountd 8 4586and 4587.Xr autounmountd 8 4588daemons at boot time. 4589.It Va automount_flags 4590.Pq Vt str 4591If 4592.Va autofs_enable 4593is set to 4594.Dq Li YES , 4595these are the flags to pass to the 4596.Xr automount 8 4597program. 4598By default no flags are passed. 4599.It Va automountd_flags 4600.Pq Vt str 4601If 4602.Va autofs_enable 4603is set to 4604.Dq Li YES , 4605these are the flags to pass to the 4606.Xr automountd 8 4607daemon. 4608By default no flags are passed. 4609.It Va autounmountd_flags 4610.Pq Vt str 4611If 4612.Va autofs_enable 4613is set to 4614.Dq Li YES , 4615these are the flags to pass to the 4616.Xr autounmountd 8 4617daemon. 4618By default no flags are passed. 4619.It Va ctld_enable 4620.Pq Vt bool 4621If set to 4622.Dq Li YES , 4623start the 4624.Xr ctld 8 4625daemon at boot time. 4626.It Va iscsid_enable 4627.Pq Vt bool 4628If set to 4629.Dq Li YES , 4630start the 4631.Xr iscsid 8 4632daemon at boot time. 4633.It Va iscsictl_enable 4634.Pq Vt bool 4635If set to 4636.Dq Li YES , 4637start the 4638.Xr iscsictl 8 4639utility at boot time. 4640.It Va iscsictl_flags 4641.Pq Vt str 4642If 4643.Va iscsictl_enable 4644is set to 4645.Dq Li YES , 4646these are the flags to pass to the 4647.Xr iscsictl 8 4648program. 4649The default is 4650.Dq Li -Aa , 4651which configures sessions based on the 4652.Pa /etc/iscsi.conf 4653configuration file. 4654.It Va cfumass_enable 4655.Pq Vt bool 4656If set to 4657.Dq Li YES , 4658create and export an USB LUN using 4659.Xr cfumass 4 4660at boot time. 4661.It Va cfumass_dir 4662.Pq Vt str 4663The directory where the files exported by USB LUN are located. 4664The default directory is 4665.Pa /var/cfumass . 4666.It Va service_delete_empty 4667.Pq Vt bool 4668If set to 4669.Dq Li YES , 4670.Ql Li service delete 4671removes empty 4672.Dq Li rc.conf.d 4673files. 4674.It Va zfs_bootonce_activate 4675.Pq Vt bool 4676If set to 4677.Dq Li YES , 4678and a boot environment marked bootonce is successfully booted, 4679it will be made permanently active. 4680.It Va zfskeys_enable 4681.Pq Vt bool 4682If set to 4683.Dq Li YES , 4684enable auto-loading of encryption keys for encrypted ZFS datasets. 4685For every dataset the script will first load the appropriate encryption key 4686and then attempt to unlock the dataset. 4687.Pp 4688The script operates only on datasets which are encrypted with 4689ZFS native encryption 4690and have a ZFS 4691.Dq Li keylocation 4692dataset property beginning with 4693.Dq Li file:// . 4694.It Va zfskeys_datasets 4695.Pq Vt str 4696A whitespace-separated list of ZFS datasets to unlock. 4697The list is empty by default, 4698which means that the script will attempt to unlock all datasets. 4699.It Va zfskeys_timeout 4700.Pq Vt int 4701Define the total number of seconds to wait for the zfskeys script 4702to unlock an encrypted dataset. 4703The default is 10. 4704.It Va sendmail_enable 4705.Pq Vt str 4706If set to 4707.Dq Li YES , 4708run the 4709.Xr sendmail 8 4710daemon at system boot time. 4711If set to 4712.Dq Li NO , 4713do not run a 4714.Xr sendmail 8 4715daemon to listen for incoming network mail. 4716This does not preclude a 4717.Xr sendmail 8 4718daemon listening on the SMTP port of the loopback interface. 4719The 4720.Dq Li NONE 4721option sets each 4722.Va sendmail_enable , 4723.Va sendmail_submit_enable , 4724.Va sendmail_outbound_enable , 4725.Va sendmail_msp_queue_enable 4726to 4727.Dq Li NO . 4728.It Va sendmail_cert_create 4729.Pq Vt str 4730If 4731.Va sendmail_enable 4732is set to 4733.Dq Li YES , 4734create a signed certificate 4735.Pa /etc/mail/certs/host.cert 4736representing 4737.Pa /etc/mail/certs/host.key 4738by the CA certificate in 4739.Pa /etc/mail/certs/cacert.pem . 4740This will enable connecting hosts to negotiate STARTTLS allowing incoming 4741email to be encrypted in transit. 4742.Xr sendmail 8 4743needs to be configured to use these generated files. 4744The default configuration in 4745.Pa /etc/mail/freebsd.mc 4746has the required options in it. 4747.It Va sendmail_cert_cn 4748.Pq Vt str 4749If 4750.Va sendmail_enable 4751is set to 4752.Dq Li YES 4753and 4754.Va sendmail_cert_create 4755is set to 4756.Dq Li YES , 4757this is the Common Name (CN) of the certificate that will be created. 4758If 4759.Va sendmail_cert_cn 4760is not set, the system's hostname will be used. 4761If there is no hostname set, 4762.Dq Li amnesiac 4763will be used. 4764.It Va sendmail_flags 4765.Pq Vt str 4766If 4767.Va sendmail_enable 4768is set to 4769.Dq Li YES , 4770these are the flags to pass to the 4771.Xr sendmail 8 4772daemon. 4773.It Va sendmail_submit_enable 4774.Pq Vt bool 4775If set to 4776.Dq Li YES 4777and 4778.Va sendmail_enable 4779is set to 4780.Dq Li NO , 4781run 4782.Xr sendmail 8 4783using 4784.Va sendmail_submit_flags 4785instead of 4786.Va sendmail_flags . 4787This is intended to allow local mail submission via 4788a localhost-only listening SMTP service required for running 4789.Xr sendmail 8 4790as a non-set-user-ID binary. 4791Note that this does not work inside 4792.Xr jail 2 4793systems, as jails do not allow binding to just the localhost interface. 4794.It Va sendmail_submit_flags 4795.Pq Vt str 4796If 4797.Va sendmail_enable 4798is set to 4799.Dq Li NO 4800and 4801.Va sendmail_submit_enable 4802is set to 4803.Dq Li YES , 4804these are the flags to pass to the 4805.Xr sendmail 8 4806daemon. 4807.It Va sendmail_outbound_enable 4808.Pq Vt bool 4809If set to 4810.Dq Li YES 4811and both 4812.Va sendmail_enable 4813and 4814.Va sendmail_submit_enable 4815are set to 4816.Dq Li NO , 4817run 4818.Xr sendmail 8 4819using 4820.Va sendmail_outbound_flags 4821instead of 4822.Va sendmail_flags . 4823This is intended to allow local mail queue management 4824for systems that do not offer a listening SMTP service. 4825.It Va sendmail_outbound_flags 4826.Pq Vt str 4827If both 4828.Va sendmail_enable 4829and 4830.Va sendmail_submit_enable 4831are set to 4832.Dq Li NO 4833and 4834.Va sendmail_outbound_enable 4835is set to 4836.Dq Li YES , 4837these are the flags to pass to the 4838.Xr sendmail 8 4839daemon. 4840.It Va sendmail_msp_queue_enable 4841.Pq Vt bool 4842If set to 4843.Dq Li YES , 4844start a client (MSP) queue runner 4845.Xr sendmail 8 4846daemon at system boot time. 4847As of sendmail 8.12, a separate queue is used for command line 4848submissions. 4849The client queue runner ensures that nothing is 4850left behind in the submission queue. 4851.It Va sendmail_msp_queue_flags 4852.Pq Vt str 4853If 4854.Va sendmail_msp_queue_enable 4855is set to 4856daemon. 4857.Dq Li YES , 4858these are the flags to pass to the 4859.Xr sendmail 8 4860.El 4861.Sh FILES 4862.Bl -tag -width "/etc/defaults/rc.conf" -compact 4863.It Pa /etc/defaults/rc.conf 4864.It Pa /etc/defaults/vendor.conf 4865.It Pa /etc/rc.conf 4866.It Pa /etc/rc.conf.local 4867.It Pa /etc/rc.conf.d/ 4868.El 4869.Sh SEE ALSO 4870.Xr chmod 1 , 4871.Xr gdb 1 Pq Pa ports/devel/gdb , 4872.Xr info 1 , 4873.Xr kbdcontrol 1 , 4874.Xr limits 1 , 4875.Xr protect 1 , 4876.Xr sh 1 , 4877.Xr umask 1 , 4878.Xr vi 1 , 4879.Xr vidcontrol 1 , 4880.Xr bridge 4 , 4881.Xr dummynet 4 , 4882.Xr ip 4 , 4883.Xr ipf 4 , 4884.Xr ipfw 4 , 4885.Xr ipnat 4 , 4886.Xr kld 4 , 4887.Xr pf 4 , 4888.Xr pflog 4 , 4889.Xr pfsync 4 , 4890.Xr tcp 4 , 4891.Xr udp 4 , 4892.Xr exports 5 , 4893.Xr fstab 5 , 4894.Xr ipf 5 , 4895.Xr ipnat 5 , 4896.Xr jail.conf 5 , 4897.Xr loader.conf 5 , 4898.Xr login.conf 5 , 4899.Xr motd 5 , 4900.Xr newsyslog.conf 5 , 4901.Xr pf.conf 5 , 4902.Xr firewall 7 , 4903.Xr growfs 7 , 4904.Xr security 7 , 4905.Xr tuning 7 , 4906.Xr accton 8 , 4907.Xr apm 8 , 4908.Xr bsdinstall 8 , 4909.Xr bthidd 8 , 4910.Xr chkprintcap 8 , 4911.Xr chown 8 , 4912.Xr cron 8 , 4913.Xr devfs 8 , 4914.Xr dhclient 8 , 4915.Xr ftpd 8 , 4916.Xr geli 8 , 4917.Xr hcsecd 8 , 4918.Xr ifconfig 8 , 4919.Xr inetd 8 , 4920.Xr iovctl 8 , 4921.Xr ipf 8 , 4922.Xr ipfw 8 , 4923.Xr ipnat 8 , 4924.Xr jail 8 , 4925.Xr kldxref 8 , 4926.Xr loader 8 , 4927.Xr lpd 8 , 4928.Xr makewhatis 8 , 4929.Xr mdconfig 8 , 4930.Xr mdmfs 8 , 4931.Xr mixer 8 , 4932.Xr mountd 8 , 4933.Xr moused 8 , 4934.Xr newfs 8 , 4935.Xr newsyslog 8 , 4936.Xr nfsd 8 , 4937.Xr ntpd 8 , 4938.Xr ntpdate 8 , 4939.Xr pfctl 8 , 4940.Xr pflogd 8 , 4941.Xr ping 8 , 4942.Xr powerd 8 , 4943.Xr quotacheck 8 , 4944.Xr quotaon 8 , 4945.Xr rc 8 , 4946.Xr rc.subr 8 , 4947.Xr rcorder 8 , 4948.Xr rfcomm_pppd 8 , 4949.Xr route 8 , 4950.Xr routed 8 , 4951.Xr rpc.lockd 8 , 4952.Xr rpc.statd 8 , 4953.Xr rpc.tlsclntd 8 , 4954.Xr rpc.tlsservd 8 , 4955.Xr rpcbind 8 , 4956.Xr rwhod 8 , 4957.Xr savecore 8 , 4958.Xr sdpd 8 , 4959.Xr sendmail 8 , 4960.Xr service 8 , 4961.Xr sshd 8 , 4962.Xr swapon 8 , 4963.Xr sysctl 8 , 4964.Xr syslogd 8 , 4965.Xr sysrc 8 , 4966.Xr unbound 8 , 4967.Xr usbconfig 8 , 4968.Xr wlandebug 8 , 4969.Xr yp 8 , 4970.Xr ypbind 8 , 4971.Xr ypserv 8 , 4972.Xr ypset 8 4973.Sh HISTORY 4974The 4975.Nm 4976file appeared in 4977.Fx 2.2.2 . 4978.Sh AUTHORS 4979.An Jordan K. Hubbard . 4980