xref: /freebsd/share/man/man5/rc.conf.5 (revision ee7b0571c2c18bdec848ed2044223cc88db29bd8)
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd February 15, 2014
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions
46directly.
47Instead, it is included by the
48various generic startup scripts in
49.Pa /etc
50which conditionalize their
51internal actions according to the settings found there.
52.Pp
53The
54.Pa /etc/rc.conf
55file is included from the file
56.Pa /etc/defaults/rc.conf ,
57which specifies the default settings for all the available options.
58Options need only be specified in
59.Pa /etc/rc.conf
60when the system administrator wishes to override these defaults.
61The file
62.Pa /etc/rc.conf.local
63is used to override settings in
64.Pa /etc/rc.conf
65for historical reasons.
66In addition to
67.Pa /etc/rc.conf.local
68you can also place smaller configuration files for each
69.Xr rc 8
70script in the
71.Pa /etc/rc.conf.d
72directory, which will be included by the
73.Va load_rc_config
74function.
75For jail configurations you could use the file
76.Pa /etc/rc.conf.d/jail
77to store jail specific configuration options.
78Also see the
79.Va rc_conf_files
80variable below.
81.Pp
82Options are set with
83.Dq Ar name Ns Li = Ns Ar value
84assignments that use
85.Xr sh 1
86syntax.
87The following list provides a name and short description for each
88variable that can be set in the
89.Nm
90file:
91.Bl -tag -width indent-two
92.It Va rc_debug
93.Pq Vt bool
94If set to
95.Dq Li YES ,
96enable output of debug messages from rc scripts.
97This variable can be helpful in diagnosing mistakes when
98editing or integrating new scripts.
99Beware that this produces copious output to the terminal and
100.Xr syslog 3 .
101.It Va rc_info
102.Pq Vt bool
103If set to
104.Dq Li NO ,
105disable informational messages from the rc scripts.
106Informational messages are displayed when
107a condition that is not serious enough to warrant a warning or
108an error occurs.
109.It Va rc_startmsgs
110.Pq Vt bool
111If set to
112.Dq Li YES ,
113show
114.Dq Starting foo:
115when faststart is used (e.g., at boot time).
116.It Va early_late_divider
117.Pq Vt str
118The name of the script that should be used as the
119delimiter between the
120.Dq early
121and
122.Dq late
123stages of the boot process.
124The early stage should contain all the services needed to
125get the disks (local or remote) mounted so that the late
126stage can include scripts contained in the directories
127listed in the
128.Va local_startup
129variable (see below).
130Thus, the two likely candidates for this value are
131.Pa mountcritlocal
132for the typical system, and
133.Pa mountcritremote
134if the system needs remote file
135systems mounted to get access to the
136.Va local_startup
137directories; for example when
138.Pa /usr/local
139is NFS mounted.
140For
141.Pa rc.conf
142within a
143.Xr jail 8
144.Pa NETWORKING
145is likely to be an appropriate value.
146Extreme care should be taken when changing this value,
147and before changing it one should ensure that there are
148adequate provisions to recover from a failed boot
149(such as physical contact with the machine,
150or reliable remote console access).
151.It Va always_force_depends
152.Pq Vt bool
153Various
154.Pa rc.d
155scripts use the force_depend function to check whether required
156services are already running, and to start them if necessary.
157By default during boot time this check is bypassed if the
158required service is enabled in
159.Pa /etc/rc.conf[.local] .
160Setting this option will bypass that check at boot time and
161always test whether or not the service is actually running.
162Enabling this option is likely to increase your boot time if
163services are enabled that utilize the force_depend check.
164.It Ao Ar name Ac Ns Va _chroot
165.Pq Vt str
166.Xr chroot
167to this directory before running the service.
168.It Ao Ar name Ac Ns Va _user
169.Pq Vt str
170Run the service under this user account.
171.It Ao Ar name Ac Ns Va _group
172.Pq Vt str
173Run the chrooted service under this system group. Unlike the _user
174setting, this setting has no effect if the service is not chrooted.
175.It Ao Ar name Ac Ns Va _fib
176.Pq Vt int
177The
178.Xr setfib 1
179value to run the service under.
180.It Ao Ar name Ac Ns Va _nice
181.Pq Vt int
182The
183.Xr nice 1
184value to run the service under.
185.It Va apm_enable
186.Pq Vt bool
187If set to
188.Dq Li YES ,
189enable support for Automatic Power Management with
190the
191.Xr apm 8
192command.
193.It Va apmd_enable
194.Pq Vt bool
195Run
196.Xr apmd 8
197to handle APM event from userland.
198This also enables support for APM.
199.It Va apmd_flags
200.Pq Vt str
201If
202.Va apmd_enable
203is set to
204.Dq Li YES ,
205these are the flags to pass to the
206.Xr apmd 8
207daemon.
208.It Va devd_enable
209.Pq Vt bool
210Run
211.Xr devd 8
212to handle device added, removed or unknown events from the kernel.
213.It Va ddb_enable
214.Pq Vt bool
215Run
216.Xr ddb 8
217to install
218.Xr ddb 4
219scripts at boot time.
220.It Va ddb_config
221.Pq Vt str
222Configuration file for
223.Xr ddb 8 .
224Default
225.Pa /etc/ddb.conf .
226.It Va kld_list
227.Pq Vt str
228A list of kernel modules to load right after the local
229disks are mounted.
230Loading modules at this point in the boot process is
231much faster than doing it via
232.Pa /boot/loader.conf
233for those modules not necessary for mounting local disk.
234.It Va kldxref_enable
235.Pq Vt bool
236Set to
237.Dq Li NO
238by default.
239Set to
240.Dq Li YES
241to automatically rebuild
242.Pa linker.hints
243files with
244.Xr kldxref 8
245at boot time.
246.It Va kldxref_clobber
247.Pq Vt bool
248Set to
249.Dq Li NO
250by default.
251If
252.Va kldxref_enable
253is true,
254setting to
255.Dq Li YES
256will overwrite existing
257.Pa linker.hints
258files at boot time.
259Otherwise,
260only missing
261.Pa linker.hints
262files are generated.
263.It Va kldxref_module_path
264.Pq Vt str
265Empty by default.
266A semi-colon
267.Pq Ql \&;
268delimited list of paths containing
269.Xr kld 4
270modules.
271If empty,
272the contents of the
273.Va kern.module_path
274.Xr sysctl 8
275are used.
276.It Va powerd_enable
277.Pq Vt bool
278If set to
279.Dq Li YES ,
280enable the system power control facility with the
281.Xr powerd 8
282daemon.
283.It Va powerd_flags
284.Pq Vt str
285If
286.Va powerd_enable
287is set to
288.Dq Li YES ,
289these are the flags to pass to the
290.Xr powerd 8
291daemon.
292.It Va tmpmfs
293Controls the creation of a
294.Pa /tmp
295memory file system.
296Always happens if set to
297.Dq Li YES
298and never happens if set to
299.Dq Li NO .
300If set to anything else, a memory file system is created if
301.Pa /tmp
302is not writable.
303.It Va tmpsize
304Controls the size of a created
305.Pa /tmp
306memory file system.
307.It Va tmpmfs_flags
308Extra options passed to the
309.Xr mdmfs 8
310utility when the memory file system for
311.Pa /tmp
312is created.
313The default is
314.Dq Li "-S" ,
315which inhibits the use of softupdates on
316.Pa /tmp
317so that file system space is freed without delay
318after file truncation or deletion.
319See
320.Xr mdmfs 8
321for other options you can use in
322.Va tmpmfs_flags .
323.It Va varmfs
324Controls the creation of a
325.Pa /var
326memory file system.
327Always happens if set to
328.Dq Li YES
329and never happens if set to
330.Dq Li NO .
331If set to anything else, a memory file system is created if
332.Pa /var
333is not writable.
334.It Va varsize
335Controls the size of a created
336.Pa /var
337memory file system.
338.It Va varmfs_flags
339Extra options passed to the
340.Xr mdmfs 8
341utility when the memory file system for
342.Pa /var
343is created.
344The default is
345.Dq Li "-S" ,
346which inhibits the use of softupdates on
347.Pa /var
348so that file system space is freed without delay
349after file truncation or deletion.
350See
351.Xr mdmfs 8
352for other options you can use in
353.Va varmfs_flags .
354.It Va populate_var
355Controls the automatic population of the
356.Pa /var
357file system.
358Always happens if set to
359.Dq Li YES
360and never happens if set to
361.Dq Li NO .
362If set to anything else, a memory file system is created if
363.Pa /var
364is not writable.
365Note that this process requires access to certain commands in
366.Pa /usr
367before
368.Pa /usr
369is mounted on normal systems.
370.It Va cleanvar_enable
371.Pq Vt bool
372Clean the
373.Pa /var
374directory.
375.It Va local_startup
376.Pq Vt str
377List of directories to search for startup script files.
378.It Va script_name_sep
379.Pq Vt str
380The field separator to use for breaking down the list of startup script files
381into individual filenames.
382The default is a space.
383It is not necessary to change this unless there are startup scripts with names
384containing spaces.
385.It Va hostapd_enable
386.Pq Vt bool
387Set to
388.Dq Li YES
389to start
390.Xr hostapd 8
391at system boot time.
392.It Va hostname
393.Pq Vt str
394The fully qualified domain name (FQDN) of this host on the network.
395This should almost certainly be set to something meaningful, even if
396there is no network connection.
397If
398.Xr dhclient 8
399is used to set the hostname via DHCP,
400this variable should be set to an empty string.
401If this value remains unset when the system is done booting
402your console login will display the default hostname of
403.Dq Amnesiac .
404.It Va nisdomainname
405.Pq Vt str
406The NIS domain name of this host, or
407.Dq Li NO
408if NIS is not used.
409.It Va dhclient_program
410.Pq Vt str
411Path to the DHCP client program
412.Pa ( /sbin/dhclient ,
413the
414.Ox
415DHCP client,
416is the default).
417.It Va dhclient_flags
418.Pq Vt str
419Additional flags to pass to the DHCP client program.
420For the
421.Ox
422DHCP client, see the
423.Xr dhclient 8
424manpage for a description of the command line options available.
425.It Va dhclient_flags_ Ns Aq Ar iface
426Additional flags to pass to the DHCP client program running on
427.Ar iface
428only.
429When specified, this variable overrides
430.Va dhclient_flags .
431.It Va background_dhclient
432.Pq Vt bool
433Set to
434.Dq Li YES
435to start the DHCP client in background.
436This can cause trouble with applications depending on
437a working network, but it will provide a faster startup
438in many cases.
439.It Va background_dhclient_ Ns Aq Ar iface
440When specified, this variable overrides the
441.Va background_dhclient
442variable for interface
443.Ar iface
444only.
445.It Va synchronous_dhclient
446.Pq Vt bool
447Set to
448.Dq Li YES
449to start
450.Xr dhclient 8
451synchronously at startup.
452This behavior can be overridden on a per-interface basis by replacing
453the
454.Dq Li DHCP
455keyword in the
456.Va ifconfig_ Ns Aq Ar interface
457variable with
458.Dq Li SYNCDHCP
459or
460.Dq Li NOSYNCDHCP .
461.It Va defaultroute_delay
462.Pq Vt int
463When set to a positive value, wait up to this long after configuring
464DHCP interfaces at startup to give the interfaces time to receive a lease.
465.It Va firewall_enable
466.Pq Vt bool
467Set to
468.Dq Li YES
469to load firewall rules at startup.
470If the kernel was not built with
471.Cd "options IPFIREWALL" ,
472the
473.Pa ipfw.ko
474kernel module will be loaded.
475See also
476.Va ipfilter_enable .
477.It Va firewall_script
478.Pq Vt str
479This variable specifies the full path to the firewall script to run.
480The default is
481.Pa /etc/rc.firewall .
482.It Va firewall_type
483.Pq Vt str
484Names the firewall type from the selection in
485.Pa /etc/rc.firewall ,
486or the file which contains the local firewall ruleset.
487Valid selections from
488.Pa /etc/rc.firewall
489are:
490.Pp
491.Bl -tag -width ".Li simple" -compact
492.It Li open
493unrestricted IP access
494.It Li closed
495all IP services disabled, except via
496.Dq Li lo0
497.It Li client
498basic protection for a workstation
499.It Li simple
500basic protection for a LAN.
501.El
502.Pp
503If a filename is specified, the full path
504must be given.
505.It Va firewall_quiet
506.Pq Vt bool
507Set to
508.Dq Li YES
509to disable the display of firewall rules on the console during boot.
510.It Va firewall_logging
511.Pq Vt bool
512Set to
513.Dq Li YES
514to enable firewall event logging.
515This is equivalent to the
516.Dv IPFIREWALL_VERBOSE
517kernel option.
518.It Va firewall_logif
519.Pq Vt bool
520Set to
521.Dq Li YES
522to create pseudo interface
523.Li ipfw0
524for logging.
525For more details, see
526.Xr ipfw 8
527manual page.
528.It Va firewall_flags
529.Pq Vt str
530Flags passed to
531.Xr ipfw 8
532if
533.Va firewall_type
534specifies a filename.
535.It Va firewall_coscripts
536.Pq Vt str
537List of executables and/or rc scripts to run after firewall starts/stops.
538Default is empty.
539.\" ----- firewall_nat_enable setting --------------------------------
540.It Va firewall_nat_enable
541.Pq Vt bool
542The
543.Xr ipfw 8
544equivalent of
545.Va natd_enable .
546Setting this to
547.Dq Li YES
548enables kernel NAT.
549.Va firewall_enable
550must also be set to
551.Dq Li YES .
552.It Va firewall_nat_interface
553.Pq Vt str
554The
555.Xr ipfw 8
556equivalent of
557.Va natd_interface .
558This is the name of the public interface or IP address on which
559kernel NAT should run.
560.It Va firewall_nat_flags
561.Pq Vt str
562Additional configuration parameters for kernel NAT should be placed here.
563.It Va dummynet_enable
564.Pq Vt bool
565Setting this to
566.Dq Li YES
567will automatically load the
568.Xr dummynet 4
569module if
570.Va firewall_enable
571is also set to
572.Dq Li YES .
573.\" -------------------------------------------------------------------
574.It Va natd_program
575.Pq Vt str
576Path to
577.Xr natd 8 .
578.It Va natd_enable
579.Pq Vt bool
580Set to
581.Dq Li YES
582to enable
583.Xr natd 8 .
584.Va firewall_enable
585must also be set to
586.Dq Li YES ,
587and
588.Xr divert 4
589sockets must be enabled in the kernel.
590If the kernel was not built with
591.Cd "options IPDIVERT" ,
592the
593.Pa ipdivert.ko
594kernel module will be loaded.
595.It Va natd_interface
596.Pq Vt str
597This is the name of the public interface on which
598.Xr natd 8
599should run.
600The interface may be given as an interface name or as an IP address.
601.It Va natd_flags
602.Pq Vt str
603Additional
604.Xr natd 8
605flags should be placed here.
606The
607.Fl n
608or
609.Fl a
610flag is automatically added with the above
611.Va natd_interface
612as an argument.
613.\" ----- ipfilter_enable setting --------------------------------
614.It Va ipfilter_enable
615.Pq Vt bool
616Set to
617.Dq Li NO
618by default.
619Setting this to
620.Dq Li YES
621enables
622.Xr ipf 8
623packet filtering.
624.Pp
625Typical usage will require putting
626.Bd -literal
627ipfilter_enable="YES"
628ipnat_enable="YES"
629ipmon_enable="YES"
630ipfs_enable="YES"
631.Ed
632.Pp
633into
634.Pa /etc/rc.conf
635and editing
636.Pa /etc/ipf.rules
637and
638.Pa /etc/ipnat.rules
639appropriately.
640.Pp
641Note that
642.Va ipfilter_enable
643and
644.Va ipnat_enable
645can be enabled independently.
646.Va ipmon_enable
647and
648.Va ipfs_enable
649both require at least one of
650.Va ipfilter_enable
651and
652.Va ipnat_enable
653to be enabled.
654.Pp
655Having
656.Bd -literal
657options IPFILTER
658options IPFILTER_LOG
659options IPFILTER_DEFAULT_BLOCK
660.Ed
661.Pp
662in the kernel configuration file is a good idea, too.
663.\" ----- ipfilter_program setting ------------------------------
664.It Va ipfilter_program
665.Pq Vt str
666Path to
667.Xr ipf 8
668(default
669.Pa /sbin/ipf ) .
670.\" ----- ipfilter_rules setting --------------------------------
671.It Va ipfilter_rules
672.Pq Vt str
673Set to
674.Pa /etc/ipf.rules
675by default.
676This variable contains the name of the filter rule definition file.
677The file is expected to be readable for the
678.Xr ipf 8
679command to execute.
680.\" ----- ipv6_ipfilter_rules setting ---------------------------
681.It Va ipv6_ipfilter_rules
682.Pq Vt str
683Set to
684.Pa /etc/ipf6.rules
685by default.
686This variable contains the IPv6 filter rule definition file.
687The file is expected to be readable for the
688.Xr ipf 8
689command to execute.
690.\" ----- ipfilter_flags setting --------------------------------
691.It Va ipfilter_flags
692.Pq Vt str
693Empty by default.
694This variable contains flags passed to the
695.Xr ipf 8
696program.
697.\" ----- ipnat_enable setting ----------------------------------
698.It Va ipnat_enable
699.Pq Vt bool
700Set to
701.Dq Li NO
702by default.
703Set it to
704.Dq Li YES
705to enable
706.Xr ipnat 8
707network address translation.
708See
709.Va ipfilter_enable
710for a detailed discussion.
711.\" ----- ipnat_program setting ---------------------------------
712.It Va ipnat_program
713.Pq Vt str
714Path to
715.Xr ipnat 8
716(default
717.Pa /sbin/ipnat ) .
718.\" ----- ipnat_rules setting -----------------------------------
719.It Va ipnat_rules
720.Pq Vt str
721Set to
722.Pa /etc/ipnat.rules
723by default.
724This variable contains the name of the file
725holding the network address translation definition.
726This file is expected to be readable for the
727.Xr ipnat 8
728command to execute.
729.\" ----- ipnat_flags setting -----------------------------------
730.It Va ipnat_flags
731.Pq Vt str
732Empty by default.
733This variable contains flags passed to the
734.Xr ipnat 8
735program.
736.\" ----- ipmon_enable setting ----------------------------------
737.It Va ipmon_enable
738.Pq Vt bool
739Set to
740.Dq Li NO
741by default.
742Set it to
743.Dq Li YES
744to enable
745.Xr ipmon 8
746monitoring (logging
747.Xr ipf 8
748and
749.Xr ipnat 8
750events).
751Setting this variable needs setting
752.Va ipfilter_enable
753or
754.Va ipnat_enable
755too.
756See
757.Va ipfilter_enable
758for a detailed discussion.
759.\" ----- ipmon_program setting ---------------------------------
760.It Va ipmon_program
761.Pq Vt str
762Path to
763.Xr ipmon 8
764(default
765.Pa /sbin/ipmon ) .
766.\" ----- ipmon_flags setting -----------------------------------
767.It Va ipmon_flags
768.Pq Vt str
769Set to
770.Dq Li -Ds
771by default.
772This variable contains flags passed to the
773.Xr ipmon 8
774program.
775Another typical example would be
776.Dq Fl D Pa /var/log/ipflog
777to have
778.Xr ipmon 8
779log directly to a file bypassing
780.Xr syslogd 8 .
781Make sure to adjust
782.Pa /etc/newsyslog.conf
783in such case like this:
784.Bd -literal
785/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
786.Ed
787.\" ----- ipfs_enable setting -----------------------------------
788.It Va ipfs_enable
789.Pq Vt bool
790Set to
791.Dq Li NO
792by default.
793Set it to
794.Dq Li YES
795to enable
796.Xr ipfs 8
797saving the filter and NAT state tables during shutdown
798and reloading them during startup again.
799Setting this variable needs setting
800.Va ipfilter_enable
801or
802.Va ipnat_enable
803to
804.Dq Li YES
805too.
806See
807.Va ipfilter_enable
808for a detailed discussion.
809Note that if
810.Va kern_securelevel
811is set to 3,
812.Va ipfs_enable
813cannot be used
814because the raised securelevel will prevent
815.Xr ipfs 8
816from saving the state tables at shutdown time.
817.\" ----- ipfs_program setting ----------------------------------
818.It Va ipfs_program
819.Pq Vt str
820Path to
821.Xr ipfs 8
822(default
823.Pa /sbin/ipfs ) .
824.\" ----- ipfs_flags setting ------------------------------------
825.It Va ipfs_flags
826.Pq Vt str
827Empty by default.
828This variable contains flags passed to the
829.Xr ipfs 8
830program.
831.\" ----- end of added ipf hook ---------------------------------
832.It Va pf_enable
833.Pq Vt bool
834Set to
835.Dq Li NO
836by default.
837Setting this to
838.Dq Li YES
839enables
840.Xr pf 4
841packet filtering.
842.Pp
843Typical usage will require putting
844.Pp
845.Dl pf_enable="YES"
846.Pp
847into
848.Pa /etc/rc.conf
849and editing
850.Pa /etc/pf.conf
851appropriately.
852Adding
853.Pp
854.Dl "device pf"
855.Pp
856builds support for
857.Xr pf 4
858into the kernel, otherwise the
859kernel module will be loaded.
860.It Va pf_rules
861.Pq Vt str
862Path to
863.Xr pf 4
864ruleset configuration file
865(default
866.Pa /etc/pf.conf ) .
867.It Va pf_program
868.Pq Vt str
869Path to
870.Xr pfctl 8
871(default
872.Pa /sbin/pfctl ) .
873.It Va pf_flags
874.Pq Vt str
875If
876.Va pf_enable
877is set to
878.Dq Li YES ,
879these flags are passed to the
880.Xr pfctl 8
881program when loading the ruleset.
882.It Va pflog_enable
883.Pq Vt bool
884Set to
885.Dq Li NO
886by default.
887Setting this to
888.Dq Li YES
889enables
890.Xr pflogd 8
891which logs packets from the
892.Xr pf 4
893packet filter.
894.It Va pflog_logfile
895.Pq Vt str
896If
897.Va pflog_enable
898is set to
899.Dq Li YES
900this controls where
901.Xr pflogd 8
902stores the logfile
903(default
904.Pa /var/log/pflog ) .
905Check
906.Pa /etc/newsyslog.conf
907to adjust logfile rotation for this.
908.It Va pflog_program
909.Pq Vt str
910Path to
911.Xr pflogd 8
912(default
913.Pa /sbin/pflogd ) .
914.It Va pflog_flags
915.Pq Vt str
916Empty by default.
917This variable contains additional flags passed to the
918.Xr pflogd 8
919program.
920.It Va pflog_instances
921.Pq Vt str
922If logging to more than one
923.Xr pflog 4
924interface is desired,
925.Va pflog_instances
926is set to the list of
927.Xr pflogd 8
928instances that should be started at system boot time. If
929.Va pflog_instances
930is set, for each whitespace-seperated
931.Ar element
932in the list,
933.Ao Ar element Ac Ns Va _dev
934and
935.Ao Ar element Ac Ns Va _logfile
936elements are assumed to exist.
937.Ao Ar element Ac Ns Va _dev
938must contain the
939.Xr pflog 4
940interface to be watched by the named
941.Xr pflogd 8
942instance.
943.Ao Ar element Ac Ns Va _logfile
944must contain the name of the logfile that will be used by the
945.Xr pflogd 8
946instance.
947.It Va ftpproxy_enable
948.Pq Vt bool
949Set to
950.Dq Li NO
951by default.
952Setting this to
953.Dq Li YES
954enables
955.Xr ftp-proxy 8
956which supports the
957.Xr pf 4
958packet filter in translating ftp connections.
959.It Va ftpproxy_flags
960.Pq Vt str
961Empty by default.
962This variable contains additional flags passed to the
963.Xr ftp-proxy 8
964program.
965.It Va ftpproxy_instances
966.Pq Vt str
967Empty by default. If multiple instances of
968.Xr ftp-proxy 8
969are desired at boot time,
970.Va ftpproxy_instances
971should contain a whitespace-seperated list of instance names. For each
972.Ar element
973in the list, a variable named
974.Ao Ar element Ac Ns Va _flags
975should be defined, containing the command-line flags to be passed to the
976.Xr ftp-proxy 8
977instance.
978.It Va pfsync_enable
979.Pq Vt bool
980Set to
981.Dq Li NO
982by default.
983Setting this to
984.Dq Li YES
985enables exposing
986.Xr pf 4
987state changes to other hosts over the network by means of
988.Xr pfsync 4 .
989The
990.Va pfsync_syncdev
991variable
992must also be set then.
993.It Va pfsync_syncdev
994.Pq Vt str
995Empty by default.
996This variable specifies the name of the network interface
997.Xr pfsync 4
998should operate through.
999It must be set accordingly if
1000.Va pfsync_enable
1001is set to
1002.Dq Li YES .
1003.It Va pfsync_syncpeer
1004.Pq Vt str
1005Empty by default.
1006This variable is optional.
1007By default, state change messages are sent out on the synchronisation
1008interface using IP multicast packets.
1009The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1010224.0.0.240.
1011When a peer address is specified using the
1012.Va pfsync_syncpeer
1013option, the peer address is used as a destination for the pfsync
1014traffic, and the traffic can then be protected using
1015.Xr ipsec 4 .
1016See the
1017.Xr pfsync 4
1018manpage for more details about using
1019.Xr ipsec 4
1020with
1021.Xr pfsync 4
1022interfaces.
1023.It Va pfsync_ifconfig
1024.Pq Vt str
1025Empty by default.
1026This variable can contain additional options to be passed to the
1027.Xr ifconfig 8
1028command used to set up
1029.Xr pfsync 4 .
1030.It Va tcp_extensions
1031.Pq Vt bool
1032Set to
1033.Dq Li YES
1034by default.
1035Setting this to
1036.Dq Li NO
1037disables certain TCP options as described by
1038.Rs
1039.%T "RFC 1323"
1040.Re
1041Setting this to
1042.Dq Li NO
1043might help remedy such problems with connections as randomly hanging
1044or other weird behavior.
1045Some network devices are known
1046to be broken with respect to these options.
1047.It Va log_in_vain
1048.Pq Vt int
1049Set to 0 by default.
1050The
1051.Xr sysctl 8
1052variables,
1053.Va net.inet.tcp.log_in_vain
1054and
1055.Va net.inet.udp.log_in_vain ,
1056as described in
1057.Xr tcp 4
1058and
1059.Xr udp 4 ,
1060are set to the given value.
1061.It Va tcp_keepalive
1062.Pq Vt bool
1063Set to
1064.Dq Li YES
1065by default.
1066Setting to
1067.Dq Li NO
1068will disable probing idle TCP connections to verify that the
1069peer is still up and reachable.
1070.It Va tcp_drop_synfin
1071.Pq Vt bool
1072Set to
1073.Dq Li NO
1074by default.
1075Setting to
1076.Dq Li YES
1077will cause the kernel to ignore TCP frames that have both
1078the SYN and FIN flags set.
1079This prevents OS fingerprinting, but may
1080break some legitimate applications.
1081.It Va icmp_drop_redirect
1082.Pq Vt bool
1083Set to
1084.Dq Li NO
1085by default.
1086Setting to
1087.Dq Li YES
1088will cause the kernel to ignore ICMP REDIRECT packets.
1089Refer to
1090.Xr icmp 4
1091for more information.
1092.It Va icmp_log_redirect
1093.Pq Vt bool
1094Set to
1095.Dq Li NO
1096by default.
1097Setting to
1098.Dq Li YES
1099will cause the kernel to log ICMP REDIRECT packets.
1100Note that
1101the log messages are not rate-limited, so this option should only be used
1102for troubleshooting networks.
1103Refer to
1104.Xr icmp 4
1105for more information.
1106.It Va icmp_bmcastecho
1107.Pq Vt bool
1108Set to
1109.Dq Li YES
1110to respond to broadcast or multicast ICMP ping packets.
1111Refer to
1112.Xr icmp 4
1113for more information.
1114.It Va ip_portrange_first
1115.Pq Vt int
1116If not set to
1117.Dq Li NO ,
1118this is the first port in the default portrange.
1119Refer to
1120.Xr ip 4
1121for more information.
1122.It Va ip_portrange_last
1123.Pq Vt int
1124If not set to
1125.Dq Li NO ,
1126this is the last port in the default portrange.
1127Refer to
1128.Xr ip 4
1129for more information.
1130.It Va network_interfaces
1131.Pq Vt str
1132Set to the list of network interfaces to configure on this host or
1133.Dq Li AUTO
1134(the default) for all current interfaces.
1135Setting the
1136.Va network_interfaces
1137variable to anything other than the default is deprecated.
1138Interfaces that the administrator wishes to store configuration for,
1139but not start at boot should be configured with the
1140.Dq Li NOAUTO
1141keyword in their
1142.Va ifconfig_ Ns Aq Ar interface
1143variables as described below.
1144.Pp
1145An
1146.Va ifconfig_ Ns Aq Ar interface
1147variable is also assumed to exist for each value of
1148.Ar interface .
1149When an interface name contains any of the characters
1150.Dq Li .-/+
1151they are translated to
1152.Dq Li _
1153before lookup.
1154The variable can contain arguments to
1155.Xr ifconfig 8 ,
1156as well as special case-insensitive keywords described below.
1157Such keywords are removed before passing the value to
1158.Xr ifconfig 8
1159while the order of the other arguments is preserved.
1160.Pp
1161It is possible to add IP alias entries using
1162.Xr ifconfig 8
1163syntax with the address family keyword such as
1164.Li inet .
1165Assuming that the interface in question was
1166.Li ed0 ,
1167it might look something like this:
1168.Bd -literal
1169ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1170ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1171.Ed
1172.Pp
1173It also possible to configure multiple IP addresses in Classless
1174Inter-Domain Routing
1175.Pq CIDR
1176address notation,
1177whose each address component can be a range like
1178.Li inet 192.0.2.5-23/24
1179or
1180.Li inet6 2001:db8:1-f::1/64 .
1181This notation allows address and prefix length part only,
1182not the other address modifiers.
1183.Pp
1184In the case of
1185.Li 192.0.2.5-23/24 ,
1186the address 192.0.2.5 will be configured with the
1187netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1188the non-conflicting netmask /32 as explained in the
1189.Xr ifconfig 8
1190alias section.
1191Note that this special netmask handling is only for
1192.Li inet ,
1193not for the other address families such as
1194.Li inet6 .
1195.Pp
1196With the interface in question being
1197.Li ed0 ,
1198an example could look like:
1199.Bd -literal
1200ifconfig_ed0_alias2="inet 192.0.2.129/27"
1201ifconfig_ed0_alias3="inet 192.0.2.1-5/28"
1202.Ed
1203.Pp
1204and so on.
1205.Pp
1206Note that
1207.Va ipv4_addrs_ Ns Aq Ar interface
1208variable was supported for IPv4 CIDR address notation.
1209It is now deprecated because the functionality was integrated into
1210.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1211though
1212.Va ipv4_addrs_ Ns Aq Ar interface
1213is still supported for backward compatibility.
1214.Pp
1215For each
1216.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1217entry with an address family keyword,
1218its contents are passed to
1219.Xr ifconfig 8 .
1220Execution stops at the first unsuccessful access, so if
1221something like this is present:
1222.Bd -literal
1223ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1224ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1225ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1226ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1227.Ed
1228.Pp
1229Then note that alias4 would
1230.Em not
1231be added since the search would
1232stop with the missing
1233.Dq Li alias3
1234entry.
1235Because of this difficult to manage behavior,
1236there is
1237.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1238variable, which has the same functionality as
1239.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1240and can have all of entries in a variable like the following:
1241.Bd -literal
1242ifconfig_ed0_aliases="\\
1243	inet 127.0.0.251 netmask 0xffffffff \\
1244	inet 127.0.0.252 netmask 0xffffffff \\
1245	inet 127.0.0.253 netmask 0xffffffff \\
1246	inet 127.0.0.254 netmask 0xffffffff"
1247.Ed
1248.Pp
1249It also supports CIDR notation.
1250.Pp
1251If the
1252.Pa /etc/start_if. Ns Aq Ar interface
1253file is present, it is read and executed by the
1254.Xr sh 1
1255interpreter
1256before configuring the interface as specified in the
1257.Va ifconfig_ Ns Aq Ar interface
1258and
1259.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1260variables.
1261.Pp
1262If a
1263.Va vlans_ Ns Aq Ar interface
1264variable is set,
1265a
1266.Xr vlan 4
1267interface will be created for each item in the list with the
1268.Ar vlandev
1269argument set to
1270.Ar interface .
1271If a vlan interface's name is a number,
1272then that number is used as the vlan tag and the new vlan interface is
1273named
1274.Ar interface . Ns Ar tag .
1275Otherwise,
1276the vlan tag must be specified via a
1277.Va vlan
1278parameter in the
1279.Va create_args_ Ns Aq Ar interface
1280variable.
1281.Pp
1282To create a vlan device named
1283.Li em0.101
1284on
1285.Li em0
1286with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1287.Bd -literal
1288vlans_em0="101"
1289ifconfig_em0_101="inet 192.0.2.1/24"
1290.Ed
1291.Pp
1292To create a vlan device named
1293.Li myvlan
1294on
1295.Li em0
1296with the vlan tag 102:
1297.Bd -literal
1298vlans_em0="myvlan"
1299create_args_myvlan="vlan 102"
1300.Ed
1301.Pp
1302If a
1303.Va wlans_ Ns Aq Ar interface
1304variable is set,
1305an
1306.Xr wlan 4
1307interface will be created for each item in the list with the
1308.Ar wlandev
1309argument set to
1310.Ar interface .
1311Further wlan cloning arguments may be passed to the
1312.Xr ifconfig 8
1313.Cm create
1314command by setting the
1315.Va create_args_ Ns Aq Ar interface
1316variable.
1317One or more
1318.Xr wlan 4
1319devices must be created for each wireless devices as of
1320.Fx 8.0 .
1321Debugging flags for
1322.Xr wlan 4
1323devices as set by
1324.Xr wlandebug 8
1325may be specified with an
1326.Va wlandebug_ Ns Aq Ar interface
1327variable.
1328The contents of this variable will be passed directly to
1329.Xr wlandebug 8 .
1330.Pp
1331If the
1332.Va ifconfig_ Ns Aq Ar interface
1333contains the keyword
1334.Dq Li NOAUTO
1335then the interface will not be configured
1336at boot or by
1337.Pa /etc/pccard_ether
1338when
1339.Va network_interfaces
1340is set to
1341.Dq Li AUTO .
1342.Pp
1343It is possible to bring up an interface with DHCP by adding
1344.Dq Li DHCP
1345to the
1346.Va ifconfig_ Ns Aq Ar interface
1347variable.
1348For instance, to initialize the
1349.Li ed0
1350device via DHCP,
1351it is possible to use something like:
1352.Bd -literal
1353ifconfig_ed0="DHCP"
1354.Ed
1355.Pp
1356If you want to configure your wireless interface with
1357.Xr wpa_supplicant 8
1358for use with WPA, EAP/LEAP or WEP, you need to add
1359.Dq Li WPA
1360to the
1361.Va ifconfig_ Ns Aq Ar interface
1362variable.
1363.Pp
1364On the other hand, if you want to configure your wireless interface with
1365.Xr hostapd 8 ,
1366you need to add
1367.Dq Li HOSTAP
1368to the
1369.Va ifconfig_ Ns Aq Ar interface
1370variable.
1371.Xr hostapd 8
1372will use the settings from
1373.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1374.Pp
1375Finally, you can add
1376.Xr ifconfig 8
1377options in this variable, in addition to the
1378.Pa /etc/start_if. Ns Aq Ar interface
1379file.
1380For instance, to configure an
1381.Xr ath 4
1382wireless device in station mode with an address obtained
1383via DHCP, using WPA authentication and 802.11b mode, it is
1384possible to use something like:
1385.Bd -literal
1386wlans_ath0="wlan0"
1387ifconfig_wlan0="DHCP WPA mode 11b"
1388.Ed
1389.Pp
1390In addition to the
1391.Va ifconfig_ Ns Aq Ar interface
1392form, a fallback variable
1393.Va ifconfig_DEFAULT
1394may be configured.
1395It will be used for all interfaces with no
1396.Va ifconfig_ Ns Aq Ar interface
1397variable.
1398This is intended to replace the no longer supported
1399.Va pccard_ifconfig
1400variable.
1401.Pp
1402It is also possible to rename an interface by doing:
1403.Bd -literal
1404ifconfig_ed0_name="net0"
1405ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1406.Ed
1407.It Va ipv6_enable
1408.Pq Vt bool
1409This variable is deprecated.
1410Use
1411.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1412and
1413.Va ipv6_activate_all_interfaces
1414if necessary.
1415.Pp
1416If the variable is
1417.Dq Li YES ,
1418.Dq Li inet6 accept_rtadv
1419is added to all of
1420.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1421and the
1422.Va ipv6_activate_all_interfaces
1423is defined as
1424.Dq Li YES .
1425.It Va ipv6_prefer
1426.Pq Vt bool
1427This variable is deprecated.
1428Use
1429.Va ip6addrctl_policy
1430instead.
1431.Pp
1432If the variable is
1433.Dq Li YES ,
1434the default address selection policy table set by
1435.Xr ip6addrctl 8
1436will be IPv6-preferred.
1437.Pp
1438If the variable is
1439.Dq Li NO ,
1440the default address selection policy table set by
1441.Xr ip6addrctl 8
1442will be IPv4-preferred.
1443.It Va ipv6_activate_all_interfaces
1444.Pq Vt bool
1445This controls initial configuration on IPv6-capable
1446interfaces with no corresponding
1447.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1448variable.
1449Note that it is not always necessary to set this variable to
1450.Dq YES
1451to use IPv6 functionality on
1452.Fx .
1453In most cases, just configuring
1454.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1455variables works.
1456.Pp
1457If the variable is
1458.Dq Li NO ,
1459all interfaces which do not have a corresponding
1460.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1461variable will be marked as
1462.Dq Li IFDISABLED
1463at creation.
1464This means that all of IPv6 functionality on that interface
1465is completely disabled to enforce a security policy.
1466If the variable is set to
1467.Dq YES ,
1468the flag will be cleared on all of the interfaces.
1469.Pp
1470In most cases, just defining an
1471.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1472for an IPv6-capable interface should be sufficient.
1473However, if an interface is added dynamically
1474.Pq by some tunneling protocols such as PPP, for example ,
1475it is often difficult to define the variable in advance.
1476In such a case, configuring the
1477.Dq Li IFDISABLED
1478flag can be disabled by setting this variable to
1479.Dq YES .
1480.Pp
1481For more details of the
1482.Dq Li IFDISABLED
1483flag and keywords
1484.Dq Li inet6 ifdisabled ,
1485see
1486.Xr ifconfig 8 .
1487.Pp
1488Default is
1489.Dq Li NO .
1490.It Va ipv6_privacy
1491.Pq Vt bool
1492If the variable is
1493.Dq Li YES
1494privacy addresses will be generated for each IPv6
1495interface as described in RFC 4941.
1496.It Va ipv6_network_interfaces
1497.Pq Vt str
1498This is the IPv6 equivalent of
1499.Va network_interfaces .
1500Normally manual configuration of this variable is not needed.
1501.It Va ipv6_cpe_wanif
1502.Pq Vt str
1503If the variable is set to an interface name,
1504the
1505.Xr ifconfig 8
1506options
1507.Dq inet6 -no_radr accept_rtadv
1508will be added to the specified interface automatically before evaluating
1509.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1510and two
1511.Xr sysctl 8
1512variables
1513.Va net.inet6.ip6.rfc6204w3
1514and
1515.Va net.inet6.ip6.no_radr
1516will be set to 1.
1517.Pp
1518This means the specified interface will accept ICMPv6 Router
1519Advertisement messages on that link and add the discovered
1520routers into the Default Router List.
1521While the other interfaces can still accept RA messages if the
1522.Dq inet6 accept_rtadv
1523option is specified, adding
1524routes into the Default Router List will be disabled by
1525.Dq inet6 no_radr
1526option by default.
1527See
1528.Xr ifconfig 8
1529for more details.
1530.Pp
1531Note that ICMPv6 Router Advertisement messages will be
1532accepted even when
1533.Va net.inet6.ip6.forwarding
1534is 1
1535.Pq packet forwarding is enabled
1536when
1537.Va net.inet6.ip6.rfc6204w3
1538is set to 1.
1539.Pp
1540Default is
1541.Dq Li NO .
1542.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1543.Pq Vt str
1544IPv6 functionality on an interface should be configured by
1545.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1546instead of setting ifconfig parameters in
1547.Va ifconfig_ Ns Aq Ar interface .
1548If this variable is empty, all of IPv6 configurations on the
1549specified interface by other variables such as
1550.Va ipv6_prefix_ Ns Ao Ar interface Ac
1551will be ignored.
1552.Pp
1553Aliases should be set by
1554.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1555with
1556.Dq Li inet6
1557keyword.
1558For example:
1559.Bd -literal
1560ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1561ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1562.Ed
1563.Pp
1564Interfaces that have an
1565.Dq Li inet6 accept_rtadv
1566keyword in
1567.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1568setting will be automatically configured by SLAAC
1569.Pq StateLess Address AutoConfiguration
1570described in
1571.Rs
1572.%T "RFC 4862"
1573.Re
1574.Pp
1575Note that a link-local address will be automatically configured in
1576addition to the configured global-scope addresses because the IPv6
1577specifications require it on each link.
1578The address is calculated from the MAC address by using an algorithm
1579defined in
1580.Rs
1581.%T "RFC 4862"
1582.%O "Section 5.3"
1583.Re
1584.Pp
1585If only a link-local address is needed on the interface,
1586the following configuration can be used:
1587.Bd -literal
1588ifconfig_ed0_ipv6="inet6 auto_linklocal"
1589.Ed
1590.Pp
1591A link-local address can also be configured manually.
1592This is useful for the default router address of an IPv6 router
1593so that it does not change when the network interface
1594card is replaced.
1595For example:
1596.Bd -literal
1597ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64"
1598.Ed
1599.It Va ipv6_prefix_ Ns Aq Ar interface
1600.Pq Vt str
1601If one or more prefixes are defined in
1602.Va ipv6_prefix_ Ns Aq Ar interface
1603addresses based on each prefix and the EUI-64 interface index will be
1604configured on that interface.
1605Note that this variable will be ignored when
1606.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1607is empty.
1608.Pp
1609For example, the following configuration
1610.Bd -literal
1611ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0"
1612.Ed
1613.Pp
1614is equivalent to the following:
1615.Bd -literal
1616ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1617ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1618ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1619ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1620.Ed
1621.Pp
1622These Subnet-Router anycast addresses will be added only when
1623.Va ipv6_gateway_enable
1624is YES.
1625.It Va ipv6_default_interface
1626.Pq Vt str
1627If not set to
1628.Dq Li NO ,
1629this is the default output interface for scoped addresses.
1630This works only with ipv6_gateway_enable="NO".
1631.It Va ip6addrctl_enable
1632.Pq Vt bool
1633This variable is to enable configuring default address selection policy table
1634.Pq RFC 3484 .
1635The table can be specified in another variable
1636.Va ip6addrctl_policy .
1637For
1638.Va ip6addrctl_policy
1639the following keywords can be specified:
1640.Dq Li ipv4_prefer ,
1641.Dq Li ipv6_prefer ,
1642or
1643.Dq Li AUTO .
1644.Pp
1645If
1646.Dq Li ipv4_prefer
1647or
1648.Dq Li ipv6_prefer
1649is specified,
1650.Xr ip6addrctl 8
1651installs a pre-defined policy table described in Section 2.1
1652.Pq IPv6-preferred
1653or 10.3
1654.Pq IPv4-preferred
1655of RFC 3484.
1656.Pp
1657If
1658.Dq Li AUTO
1659is specified, it attempts to read a file
1660.Pa /etc/ip6addrctl.conf
1661first.
1662If this file is found,
1663.Xr ip6addrctl 8
1664reads and installs it.
1665If not found, a policy is automatically set
1666according to
1667.Va ipv6_activate_all_interfaces
1668variable; if the variable is set to
1669.Dq Li YES
1670the IPv6-preferred one is used.
1671Otherwise IPv4-preferred.
1672.Pp
1673The default value of
1674.Va ip6addrctl_enable
1675and
1676.Va ip6addrctl_policy
1677are
1678.Dq Li YES
1679and
1680.Dq Li AUTO ,
1681respectively.
1682.It Va cloned_interfaces
1683.Pq Vt str
1684Set to the list of clonable network interfaces to create on this host.
1685Further cloning arguments may be passed to the
1686.Xr ifconfig 8
1687.Cm create
1688command for each interface by setting the
1689.Va create_args_ Ns Aq Ar interface
1690variable.
1691If an interface name is specified with
1692.Dq :sticky
1693keyword,
1694the interface will not be destroyed even when
1695.Pa rc.d/netif
1696script is invoked with
1697.Dq stop
1698argument.
1699This is useful when reconfiguring the interface without destroying it.
1700Entries in
1701.Va cloned_interfaces
1702are automatically appended to
1703.Va network_interfaces
1704for configuration.
1705.It Va cloned_interfaces_sticky
1706.Pq Vt bool
1707This variable is to globally enable functionality of
1708.Dq :sticky
1709keyword in
1710.Va cloned_interfaces
1711for all interfaces.
1712The default value is
1713.Dq NO .
1714Even if this variable is specified to
1715.Dq YES ,
1716.Dq :nosticky
1717keyword can be used to override it on per interface basis.
1718.It Va gif_interfaces
1719.Pq Vt str
1720This variable is deprecated in favor of
1721.Va cloned_interfaces .
1722Set to the list of
1723.Xr gif 4
1724tunnel interfaces to configure on this host.
1725A
1726.Va gifconfig_ Ns Aq Ar interface
1727variable is assumed to exist for each value of
1728.Ar interface .
1729The value of this variable is used to configure the link layer of the
1730tunnel according to the syntax of the
1731.Cm tunnel
1732option to
1733.Xr ifconfig 8 .
1734Additionally, this option ensures that each listed interface is created
1735via the
1736.Cm create
1737option to
1738.Xr ifconfig 8
1739before attempting to configure it.
1740.It Va sppp_interfaces
1741.Pq Vt str
1742Set to the list of
1743.Xr sppp 4
1744interfaces to configure on this host.
1745A
1746.Va spppconfig_ Ns Aq Ar interface
1747variable is assumed to exist for each value of
1748.Ar interface .
1749Each interface should also be configured by a general
1750.Va ifconfig_ Ns Aq Ar interface
1751setting.
1752Refer to
1753.Xr spppcontrol 8
1754for more information about available options.
1755.It Va ppp_enable
1756.Pq Vt bool
1757If set to
1758.Dq Li YES ,
1759run the
1760.Xr ppp 8
1761daemon.
1762.It Va ppp_profile
1763.Pq Vt str
1764The name of the profile to use from
1765.Pa /etc/ppp/ppp.conf .
1766Also used for per-profile overrides of
1767.Va ppp_mode
1768and
1769.Va ppp_nat ,
1770and
1771.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1772When the profile name contains any of the characters
1773.Dq Li .-/+
1774they are translated to
1775.Dq Li _
1776for the proposes of the override variable names.
1777.It Va ppp_mode
1778.Pq Vt str
1779Mode in which to run the
1780.Xr ppp 8
1781daemon.
1782.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1783.Pq Vt str
1784Overrides the global
1785.Va ppp_mode
1786for
1787.Ar profile .
1788Accepted modes are
1789.Dq Li auto ,
1790.Dq Li ddial ,
1791.Dq Li direct
1792and
1793.Dq Li dedicated .
1794See the manual for a full description.
1795.It Va ppp_nat
1796.Pq Vt bool
1797If set to
1798.Dq Li YES ,
1799enables network address translation.
1800Used in conjunction with
1801.Va gateway_enable
1802allows hosts on private network addresses access to the Internet using
1803this host as a network address translating router.
1804.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1805.Pq Vt str
1806Overrides the global
1807.Va ppp_nat
1808for
1809.Ar profile .
1810.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1811.Pq Vt int
1812Set the unit number to be used for this profile.
1813See the manual description of
1814.Fl unit Ns Ar N
1815for details.
1816.It Va ppp_user
1817.Pq Vt str
1818The name of the user under which
1819.Xr ppp 8
1820should be started.
1821By
1822default,
1823.Xr ppp 8
1824is started as
1825.Dq Li root .
1826.It Va rc_conf_files
1827.Pq Vt str
1828This option is used to specify a list of files that will override
1829the settings in
1830.Pa /etc/defaults/rc.conf .
1831The files will be read in the order in which they are specified and should
1832include the full path to the file.
1833By default, the files specified are
1834.Pa /etc/rc.conf
1835and
1836.Pa /etc/rc.conf.local
1837.It Va zfs_enable
1838.Pq Vt bool
1839If set to
1840.Dq Li YES ,
1841.Pa /etc/rc.d/zfs
1842will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1843(ZVOLs).
1844.It Va gptboot_enable
1845.Pq Vt bool
1846If set to
1847.Dq Li YES ,
1848.Pa /etc/rc.d/gptboot
1849will log if the system successfully (or not) booted from a GPT partition,
1850which had the
1851.Ar bootonce
1852attribute set using
1853.Xr gpart 8
1854utility.
1855.It Va gbde_autoattach_all
1856.Pq Vt bool
1857If set to
1858.Dq Li YES ,
1859.Pa /etc/rc.d/gbde
1860will attempt to automatically initialize your .bde devices in
1861.Pa /etc/fstab .
1862.It Va gbde_devices
1863.Pq Vt str
1864List the devices that the script should try to attach,
1865or
1866.Dq Li AUTO .
1867.It Va gbde_lockdir
1868.Pq Vt str
1869The directory where the
1870.Xr gbde 4
1871lockfiles are located.
1872The default lockfile directory is
1873.Pa /etc .
1874.Pp
1875The lockfile for each individual
1876.Xr gbde 4
1877device can be overridden by setting the variable
1878.Va gbde_lock_ Ns Aq Ar device ,
1879where
1880.Ar device
1881is the encrypted device without the
1882.Dq Pa /dev/
1883and
1884.Dq Pa .bde
1885parts.
1886.It Va gbde_attach_attempts
1887.Pq Vt int
1888Number of times to attempt attaching to a
1889.Xr gbde 4
1890device, i.e., how many times the user is asked for the pass-phrase.
1891Default is 3.
1892.It Va geli_devices
1893.Pq Vt str
1894List of devices to automatically attach on boot.
1895Note that .eli devices from
1896.Pa /etc/fstab
1897are automatically appended to this list.
1898.It Va geli_tries
1899.Pq Vt int
1900Number of times user is asked for the pass-phrase.
1901If empty, it will be taken from
1902.Va kern.geom.eli.tries
1903sysctl variable.
1904.It Va geli_default_flags
1905.Pq Vt str
1906Default flags to use by
1907.Xr geli 8
1908when configuring disk encryption.
1909Flags can be configured for every device separately by defining
1910.Va geli_ Ns Ao Ar device Ac Ns Va _flags
1911variable.
1912.It Va geli_autodetach
1913.Pq Vt str
1914Specifies if GELI devices should be marked for detach on last close after
1915file systems are mounted.
1916Default is
1917.Dq Li YES .
1918This can be changed for every device separately by defining
1919.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1920variable.
1921.It Va root_rw_mount
1922.Pq Vt bool
1923Set to
1924.Dq Li YES
1925by default.
1926After the file systems are checked at boot time, the root file system
1927is remounted as read-write if this is set to
1928.Dq Li YES .
1929Diskless systems that mount their root file system from a read-only remote
1930NFS share should set this to
1931.Dq Li NO
1932in their
1933.Pa rc.conf .
1934.It Va fsck_y_enable
1935.Pq Vt bool
1936If set to
1937.Dq Li YES ,
1938.Xr fsck 8
1939will be run with the
1940.Fl y
1941flag if the initial preen
1942of the file systems fails.
1943.It Va background_fsck
1944.Pq Vt bool
1945If set to
1946.Dq Li YES ,
1947the system will attempt to run
1948.Xr fsck 8
1949in the background where possible.
1950.It Va background_fsck_delay
1951.Pq Vt int
1952The amount of time in seconds to sleep before starting a background
1953.Xr fsck 8 .
1954It defaults to sixty seconds to allow large applications such as
1955the X server to start before disk I/O bandwidth is monopolized by
1956.Xr fsck 8 .
1957If set to a negative number, the background file system check will be
1958delayed indefinitely to allow the administrator to run it at a more
1959convenient time.
1960For example it may be run from
1961.Xr cron 8
1962by adding a line like
1963.Pp
1964.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
1965.Pp
1966to
1967.Pa /etc/crontab .
1968.It Va netfs_types
1969.Pq Vt str
1970List of file system types that are network-based.
1971This list should generally not be modified by end users.
1972Use
1973.Va extra_netfs_types
1974instead.
1975.It Va extra_netfs_types
1976.Pq Vt str
1977If set to something other than
1978.Dq Li NO
1979(the default),
1980this variable extends the list of file system types
1981for which automatic mounting at startup by
1982.Xr rc 8
1983should be delayed until the network is initialized.
1984It should contain
1985a whitespace-separated list of network file system descriptor pairs,
1986each consisting of a file system type as passed to
1987.Xr mount 8
1988and a human-readable, one-word description,
1989joined with a colon
1990.Pq Ql \&: .
1991Extending the default list in this way is only necessary
1992when third party file system types are used.
1993.It Va syslogd_enable
1994.Pq Vt bool
1995If set to
1996.Dq Li YES ,
1997run the
1998.Xr syslogd 8
1999daemon.
2000.It Va syslogd_program
2001.Pq Vt str
2002Path to
2003.Xr syslogd 8
2004(default
2005.Pa /usr/sbin/syslogd ) .
2006.It Va syslogd_flags
2007.Pq Vt str
2008If
2009.Va syslogd_enable
2010is set to
2011.Dq Li YES ,
2012these are the flags to pass to
2013.Xr syslogd 8 .
2014.It Va inetd_enable
2015.Pq Vt bool
2016If set to
2017.Dq Li YES ,
2018run the
2019.Xr inetd 8
2020daemon.
2021.It Va inetd_program
2022.Pq Vt str
2023Path to
2024.Xr inetd 8
2025(default
2026.Pa /usr/sbin/inetd ) .
2027.It Va inetd_flags
2028.Pq Vt str
2029If
2030.Va inetd_enable
2031is set to
2032.Dq Li YES ,
2033these are the flags to pass to
2034.Xr inetd 8 .
2035.It Va hastd_enable
2036.Pq Vt bool
2037If set to
2038.Dq Li YES ,
2039run the
2040.Xr hastd 8
2041daemon.
2042.It Va hastd_program
2043.Pq Vt str
2044Path to
2045.Xr hastd 8
2046(default
2047.Pa /sbin/hastd ) .
2048.It Va hastd_flags
2049.Pq Vt str
2050If
2051.Va hastd_enable
2052is set to
2053.Dq Li YES ,
2054these are the flags to pass to
2055.Xr hastd 8 .
2056.It Va local_unbound_enable
2057.Pq Vt bool
2058If set to
2059.Dq Li YES ,
2060run the
2061.Xr unbound 8
2062daemon as a local caching resolver.
2063.It Va kerberos5_server_enable
2064.Pq Vt bool
2065Set to
2066.Dq Li YES
2067to start a Kerberos 5 authentication server
2068at boot time.
2069.It Va kerberos5_server
2070.Pq Vt str
2071If
2072.Va kerberos5_server_enable
2073is set to
2074.Dq Li YES
2075this is the path to Kerberos 5 Authentication Server.
2076.It Va kerberos5_server_flags
2077.Pq Vt str
2078Empty by default.
2079This variable contains additional flags to be passed to the Kerberos 5
2080authentication server.
2081.It Va kadmind5_server_enable
2082.Pq Vt bool
2083Set to
2084.Dq Li YES
2085to start
2086.Xr kadmind 8 ,
2087the Kerberos 5 Administration Daemon; set to
2088.Dq Li NO
2089on a slave server.
2090.It Va kadmind5_server
2091.Pq Vt str
2092If
2093.Va kadmind5_server_enable
2094is set to
2095.Dq Li YES
2096this is the path to Kerberos 5 Administration Daemon.
2097.It Va kpasswdd_server_enable
2098.Pq Vt bool
2099Set to
2100.Dq Li YES
2101to start
2102.Xr kpasswdd 8 ,
2103the Kerberos 5 Password-Changing Daemon; set to
2104.Dq Li NO
2105on a slave server.
2106.It Va kpasswdd_server
2107.Pq Vt str
2108If
2109.Va kpasswdd_server_enable
2110is set to
2111.Dq Li YES
2112this is the path to Kerberos 5 Password-Changing Daemon.
2113.It Va kfd_enable
2114.Pq Vt bool
2115Set to
2116.Dq Li YES
2117to start
2118.Xr kfd 8 ,
2119the Kerberos 5 ticket forwarding daemon, at the boot time.
2120.It Va kfd_program
2121.Pq Vt str
2122Path to
2123.Xr kfd 8
2124(default
2125.Pa /usr/libexec/kfd ) .
2126.It Va rwhod_enable
2127.Pq Vt bool
2128If set to
2129.Dq Li YES ,
2130run the
2131.Xr rwhod 8
2132daemon at boot time.
2133.It Va rwhod_flags
2134.Pq Vt str
2135If
2136.Va rwhod_enable
2137is set to
2138.Dq Li YES ,
2139these are the flags to pass to it.
2140.It Va amd_enable
2141.Pq Vt bool
2142If set to
2143.Dq Li YES ,
2144run the
2145.Xr amd 8
2146daemon at boot time.
2147.It Va amd_flags
2148.Pq Vt str
2149If
2150.Va amd_enable
2151is set to
2152.Dq Li YES ,
2153these are the flags to pass to it.
2154See the
2155.Xr amd 8
2156manpage for more information.
2157.It Va amd_map_program
2158.Pq Vt str
2159If set,
2160the specified program is run to get the list of
2161.Xr amd 8
2162maps.
2163For example, if the
2164.Xr amd 8
2165maps are stored in NIS, one can set this to
2166run
2167.Xr ypcat 1
2168to get a list of
2169.Xr amd 8
2170maps from the
2171.Pa amd.master
2172NIS map.
2173.It Va update_motd
2174.Pq Vt bool
2175If set to
2176.Dq Li YES ,
2177.Pa /etc/motd
2178will be updated at boot time to reflect the kernel release
2179being run.
2180If set to
2181.Dq Li NO ,
2182.Pa /etc/motd
2183will not be updated.
2184.It Va nfs_client_enable
2185.Pq Vt bool
2186If set to
2187.Dq Li YES ,
2188run the NFS client daemons at boot time.
2189.It Va nfs_access_cache
2190.Pq Vt int
2191If
2192.Va nfs_client_enable
2193is set to
2194.Dq Li YES ,
2195this can be set to
2196.Dq Li 0
2197to disable NFS ACCESS RPC caching, or to the number of seconds for which
2198NFS ACCESS
2199results should be cached.
2200A value of 2-10 seconds will substantially reduce network
2201traffic for many NFS operations.
2202.It Va nfs_server_enable
2203.Pq Vt bool
2204If set to
2205.Dq Li YES ,
2206run the NFS server daemons at boot time.
2207.It Va nfs_server_flags
2208.Pq Vt str
2209If
2210.Va nfs_server_enable
2211is set to
2212.Dq Li YES ,
2213these are the flags to pass to the
2214.Xr nfsd 8
2215daemon.
2216.It Va nfsv4_server_enable
2217.Pq Vt bool
2218If
2219.Va nfs_server_enable
2220is set to
2221.Dq Li YES
2222and
2223.Va nfsv4_server_enable
2224are set to
2225.Dq Li YES ,
2226enable the server for NFSv4 as well as NFSv2 and NFSv3.
2227.It Va nfsuserd_enable
2228.Pq Vt bool
2229If
2230.Va nfsuserd_enable
2231is set to
2232.Dq Li YES ,
2233run the nfsuserd daemon, which is needed for NFSv4 in order
2234to map between user/group names vs uid/gid numbers.
2235If
2236.Va nfsv4_server_enable
2237is set to
2238.Dq Li YES ,
2239this will be forced enabled.
2240.It Va nfsuserd_flags
2241.Pq Vt str
2242If
2243.Va nfsuserd_enable
2244is set to
2245.Dq Li YES ,
2246these are the flags to pass to the
2247.Xr nfsuserd 8
2248daemon.
2249.It Va nfscbd_enable
2250.Pq Vt bool
2251If
2252.Va nfscbd_enable
2253is set to
2254.Dq Li YES ,
2255run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2256.It Va nfscbd_flags
2257.Pq Vt str
2258If
2259.Va nfscbd_enable
2260is set to
2261.Dq Li YES ,
2262these are the flags to pass to the
2263.Xr nfscbd 8
2264daemon.
2265.It Va oldnfs_server_enable
2266.Pq Vt bool
2267If
2268.Va oldnfs_server_enable
2269is set to
2270.Dq Li YES ,
2271force the NFS server daemons to run the old NFS server code
2272that does not support NFSv4.
2273.It Va mountd_enable
2274.Pq Vt bool
2275If set to
2276.Dq Li YES ,
2277and no
2278.Va nfs_server_enable
2279is set, start
2280.Xr mountd 8 ,
2281but not
2282.Xr nfsd 8
2283daemon.
2284It is commonly needed to run CFS without real NFS used.
2285.It Va mountd_flags
2286.Pq Vt str
2287If
2288.Va mountd_enable
2289is set to
2290.Dq Li YES ,
2291these are the flags to pass to the
2292.Xr mountd 8
2293daemon.
2294.It Va weak_mountd_authentication
2295.Pq Vt bool
2296If set to
2297.Dq Li YES ,
2298allow services like PCNFSD to make non-privileged mount
2299requests.
2300.It Va nfs_reserved_port_only
2301.Pq Vt bool
2302If set to
2303.Dq Li YES ,
2304provide NFS services only on a secure port.
2305.It Va nfs_bufpackets
2306.Pq Vt int
2307If set to a number, indicates the number of packets worth of
2308socket buffer space to reserve on an NFS client.
2309The kernel default is typically 4.
2310Using a higher number may be
2311useful on gigabit networks to improve performance.
2312The minimum value is
23132 and the maximum is 64.
2314.It Va rpc_lockd_enable
2315.Pq Vt bool
2316If set to
2317.Dq Li YES
2318and also an NFS server or client, run
2319.Xr rpc.lockd 8
2320at boot time.
2321.It Va rpc_lockd_flags
2322.Pq Vt str
2323If
2324.Va rpc_lockd_enable
2325is set to
2326.Dq Li YES ,
2327these are the flags to pass to the
2328.Xr rpc.lockd 8
2329daemon.
2330.It Va rpc_statd_enable
2331.Pq Vt bool
2332If set to
2333.Dq Li YES
2334and also an NFS server or client, run
2335.Xr rpc.statd 8
2336at boot time.
2337.It Va rpc_statd_flags
2338.Pq Vt str
2339If
2340.Va rpc_statd_enable
2341is set to
2342.Dq Li YES ,
2343these are the flags to pass to the
2344.Xr rpc.statd 8
2345daemon.
2346.It Va rpcbind_program
2347.Pq Vt str
2348Path to
2349.Xr rpcbind 8
2350(default
2351.Pa /usr/sbin/rpcbind ) .
2352.It Va rpcbind_enable
2353.Pq Vt bool
2354If set to
2355.Dq Li YES ,
2356run the
2357.Xr rpcbind 8
2358service at boot time.
2359.It Va rpcbind_flags
2360.Pq Vt str
2361If
2362.Va rpcbind_enable
2363is set to
2364.Dq Li YES ,
2365these are the flags to pass to the
2366.Xr rpcbind 8
2367daemon.
2368.It Va keyserv_enable
2369.Pq Vt bool
2370If set to
2371.Dq Li YES ,
2372run the
2373.Xr keyserv 8
2374daemon on boot for running Secure RPC.
2375.It Va keyserv_flags
2376.Pq Vt str
2377If
2378.Va keyserv_enable
2379is set to
2380.Dq Li YES ,
2381these are the flags to pass to
2382.Xr keyserv 8
2383daemon.
2384.It Va pppoed_enable
2385.Pq Vt bool
2386If set to
2387.Dq Li YES ,
2388run the
2389.Xr pppoed 8
2390daemon at boot time to provide PPP over Ethernet services.
2391.It Va pppoed_ Ns Aq Ar provider
2392.Pq Vt str
2393.Xr pppoed 8
2394listens to requests to this
2395.Ar provider
2396and ultimately runs
2397.Xr ppp 8
2398with a
2399.Ar system
2400argument of the same name.
2401.It Va pppoed_flags
2402.Pq Vt str
2403Additional flags to pass to
2404.Xr pppoed 8 .
2405.It Va pppoed_interface
2406.Pq Vt str
2407The network interface to run
2408.Xr pppoed 8
2409on.
2410This is mandatory when
2411.Va pppoed_enable
2412is set to
2413.Dq Li YES .
2414.It Va timed_enable
2415.Pq Vt bool
2416If set to
2417.Dq Li YES ,
2418run the
2419.Xr timed 8
2420service at boot time.
2421This command is intended for networks of
2422machines where a consistent
2423.Dq "network time"
2424for all hosts must be established.
2425This is often useful in large NFS
2426environments where time stamps on files are expected to be consistent
2427network-wide.
2428.It Va timed_flags
2429.Pq Vt str
2430If
2431.Va timed_enable
2432is set to
2433.Dq Li YES ,
2434these are the flags to pass to the
2435.Xr timed 8
2436service.
2437.It Va ntpdate_enable
2438.Pq Vt bool
2439If set to
2440.Dq Li YES ,
2441run
2442.Xr ntpdate 8
2443at system startup.
2444This command is intended to
2445synchronize the system clock only
2446.Em once
2447from some standard reference.
2448.It Va ntpdate_config
2449.Pq Vt str
2450Configuration file for
2451.Xr ntpdate 8 .
2452Default
2453.Pa /etc/ntp.conf .
2454.It Va ntpdate_hosts
2455.Pq Vt str
2456A whitespace-separated list of NTP servers to synchronize with at startup.
2457The default is to use the servers listed in
2458.Va ntpdate_config ,
2459if that file exists.
2460.It Va ntpdate_program
2461.Pq Vt str
2462Path to
2463.Xr ntpdate 8
2464(default
2465.Pa /usr/sbin/ntpdate ) .
2466.It Va ntpdate_flags
2467.Pq Vt str
2468If
2469.Va ntpdate_enable
2470is set to
2471.Dq Li YES ,
2472these are the flags to pass to the
2473.Xr ntpdate 8
2474command (typically a hostname).
2475.It Va ntpd_enable
2476.Pq Vt bool
2477If set to
2478.Dq Li YES ,
2479run the
2480.Xr ntpd 8
2481command at boot time.
2482.It Va ntpd_program
2483.Pq Vt str
2484Path to
2485.Xr ntpd 8
2486(default
2487.Pa /usr/sbin/ntpd ) .
2488.It Va ntpd_config
2489.Pq Vt str
2490Path to
2491.Xr ntpd 8
2492configuration file.
2493Default
2494.Pa /etc/ntp.conf .
2495.It Va ntpd_flags
2496.Pq Vt str
2497If
2498.Va ntpd_enable
2499is set to
2500.Dq Li YES ,
2501these are the flags to pass to the
2502.Xr ntpd 8
2503daemon.
2504.It Va ntpd_sync_on_start
2505.Pq Vt bool
2506If set to
2507.Dq Li YES ,
2508.Xr ntpd 8
2509is run with the
2510.Fl g
2511flag, which syncs the system's clock on startup.
2512See
2513.Xr ntpd 8
2514for more information regarding the
2515.Fl g
2516option.
2517This is a preferred alternative to using
2518.Xr ntpdate 8
2519or specifying the
2520.Va ntpdate_enable
2521variable.
2522.It Va nis_client_enable
2523.Pq Vt bool
2524If set to
2525.Dq Li YES ,
2526run the
2527.Xr ypbind 8
2528service at system boot time.
2529.It Va nis_client_flags
2530.Pq Vt str
2531If
2532.Va nis_client_enable
2533is set to
2534.Dq Li YES ,
2535these are the flags to pass to the
2536.Xr ypbind 8
2537service.
2538.It Va nis_ypset_enable
2539.Pq Vt bool
2540If set to
2541.Dq Li YES ,
2542run the
2543.Xr ypset 8
2544daemon at system boot time.
2545.It Va nis_ypset_flags
2546.Pq Vt str
2547If
2548.Va nis_ypset_enable
2549is set to
2550.Dq Li YES ,
2551these are the flags to pass to the
2552.Xr ypset 8
2553daemon.
2554.It Va nis_server_enable
2555.Pq Vt bool
2556If set to
2557.Dq Li YES ,
2558run the
2559.Xr ypserv 8
2560daemon at system boot time.
2561.It Va nis_server_flags
2562.Pq Vt str
2563If
2564.Va nis_server_enable
2565is set to
2566.Dq Li YES ,
2567these are the flags to pass to the
2568.Xr ypserv 8
2569daemon.
2570.It Va nis_ypxfrd_enable
2571.Pq Vt bool
2572If set to
2573.Dq Li YES ,
2574run the
2575.Xr rpc.ypxfrd 8
2576daemon at system boot time.
2577.It Va nis_ypxfrd_flags
2578.Pq Vt str
2579If
2580.Va nis_ypxfrd_enable
2581is set to
2582.Dq Li YES ,
2583these are the flags to pass to the
2584.Xr rpc.ypxfrd 8
2585daemon.
2586.It Va nis_yppasswdd_enable
2587.Pq Vt bool
2588If set to
2589.Dq Li YES ,
2590run the
2591.Xr rpc.yppasswdd 8
2592daemon at system boot time.
2593.It Va nis_yppasswdd_flags
2594.Pq Vt str
2595If
2596.Va nis_yppasswdd_enable
2597is set to
2598.Dq Li YES ,
2599these are the flags to pass to the
2600.Xr rpc.yppasswdd 8
2601daemon.
2602.It Va rpc_ypupdated_enable
2603.Pq Vt bool
2604If set to
2605.Dq Li YES ,
2606run the
2607.Nm rpc.ypupdated
2608daemon at system boot time.
2609.It Va bsnmpd_enable
2610.Pq Vt bool
2611If set to
2612.Dq Li YES ,
2613run the
2614.Xr bsnmpd 1
2615daemon at system boot time.
2616Be sure to understand the security implications of running SNMP daemon
2617on your host.
2618.It Va bsnmpd_flags
2619.Pq Vt str
2620If
2621.Va bsnmpd_enable
2622is set to
2623.Dq Li YES ,
2624these are the flags to pass to the
2625.Xr bsnmpd 1
2626daemon.
2627.It Va defaultrouter
2628.Pq Vt str
2629If not set to
2630.Dq Li NO ,
2631create a default route to this host name or IP address
2632(use an IP address if this router is also required to get to the
2633name server!).
2634.It Va ipv6_defaultrouter
2635.Pq Vt str
2636The IPv6 equivalent of
2637.Va defaultrouter .
2638.It Va static_arp_pairs
2639.Pq Vt str
2640Set to the list of static ARP pairs that are to be added at system
2641boot time.
2642For each whitespace separated
2643.Ar element
2644in the value, a
2645.Va static_arp_ Ns Aq Ar element
2646variable is assumed to exist whose contents will later be passed to a
2647.Dq Nm arp Cm -S
2648operation.
2649For example
2650.Bd -literal
2651static_arp_pairs="gw"
2652static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2653.Ed
2654.It Va static_ndp_pairs
2655.Pq Vt str
2656Set to the list of static NDP pairs that are to be added at system
2657boot time.
2658For each whitespace separated
2659.Ar element
2660in the value, a
2661.Va static_ndp_ Ns Aq Ar element
2662variable is assumed to exist whose contents will later be passed to a
2663.Dq Nm ndp Cm -s
2664operation.
2665For example
2666.Bd -literal
2667static_ndp_pairs="gw"
2668static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2669.Ed
2670.It Va static_routes
2671.Pq Vt str
2672Set to the list of static routes that are to be added at system
2673boot time.
2674If not set to
2675.Dq Li NO
2676then for each whitespace separated
2677.Ar element
2678in the value, a
2679.Va route_ Ns Aq Ar element
2680variable is assumed to exist
2681whose contents will later be passed to a
2682.Dq Nm route Cm add
2683operation.
2684For example:
2685.Bd -literal
2686static_routes="ext mcast:gif0 gif0local:gif0"
2687route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2688route_mcast="-net 224.0.0.0/4 -iface gif0"
2689route_gif0local="-host 169.254.1.1 -iface lo0"
2690.Ed
2691.Pp
2692When an
2693.Ar element
2694is in the form of
2695.Li name:ifname ,
2696the route is specific to the interface
2697.Li ifname .
2698.It Va ipv6_static_routes
2699.Pq Vt str
2700The IPv6 equivalent of
2701.Va static_routes .
2702If not set to
2703.Dq Li NO
2704then for each whitespace separated
2705.Ar element
2706in the value, a
2707.Va ipv6_route_ Ns Aq Ar element
2708variable is assumed to exist
2709whose contents will later be passed to a
2710.Dq Nm route Cm add Fl inet6
2711operation.
2712.It Va natm_static_routes
2713.Pq Vt str
2714The
2715.Xr natmip 4
2716equivalent of
2717.Va static_routes .
2718If not empty then for each whitespace separated
2719.Ar element
2720in the value, a
2721.Va route_ Ns Aq Ar element
2722variable is assumed to exist whose contents will later be passed to a
2723.Dq Nm atmconfig Cm natm Cm add
2724operation.
2725.It Va gateway_enable
2726.Pq Vt bool
2727If set to
2728.Dq Li YES ,
2729configure host to act as an IP router, e.g.\& to forward packets
2730between interfaces.
2731.It Va ipv6_gateway_enable
2732.Pq Vt bool
2733The IPv6 equivalent of
2734.Va gateway_enable .
2735.It Va routed_enable
2736.Pq Vt bool
2737If set to
2738.Dq Li YES ,
2739run a routing daemon of some sort, based on the
2740settings of
2741.Va routed_program
2742and
2743.Va routed_flags .
2744.It Va route6d_enable
2745.Pq Vt bool
2746The IPv6 equivalent of
2747.Va routed_enable .
2748If set to
2749.Dq Li YES ,
2750run a routing daemon of some sort, based on the
2751settings of
2752.Va route6d_program
2753and
2754.Va route6d_flags .
2755.It Va routed_program
2756.Pq Vt str
2757If
2758.Va routed_enable
2759is set to
2760.Dq Li YES ,
2761this is the name of the routing daemon to use.
2762.It Va route6d_program
2763.Pq Vt str
2764The IPv6 equivalent of
2765.Va routed_program .
2766.It Va routed_flags
2767.Pq Vt str
2768If
2769.Va routed_enable
2770is set to
2771.Dq Li YES ,
2772these are the flags to pass to the routing daemon.
2773.It Va route6d_flags
2774.Pq Vt str
2775The IPv6 equivalent of
2776.Va routed_flags .
2777.It Va mrouted_enable
2778.Pq Vt bool
2779If set to
2780.Dq Li YES ,
2781run the multicast routing daemon,
2782.Xr mrouted 8 .
2783.It Va mroute6d_enable
2784.Pq Vt bool
2785The IPv6 equivalent of
2786.Va mrouted_enable .
2787If set to
2788.Dq Li YES ,
2789run the IPv6 multicast routing daemon.
2790.Pp
2791Note that multicast routing daemons are no longer included in the
2792.Fx
2793base system, however, both
2794.Xr mrouted 8
2795and
2796.Xr pim6dd 8
2797may be installed from the
2798.Fx
2799Ports Collection.
2800.It Va mrouted_flags
2801.Pq Vt str
2802If
2803.Va mrouted_enable
2804is set to
2805.Dq Li YES ,
2806these are the flags to pass to the
2807.Xr mrouted 8
2808daemon.
2809.It Va mroute6d_flags
2810.Pq Vt str
2811The IPv6 equivalent of
2812.Va mrouted_flags .
2813If
2814.Va mroute6d_enable
2815is set to
2816.Dq Li YES ,
2817these are the flags passed to the IPv6 multicast routing daemon.
2818.It Va mroute6d_program
2819.Pq Vt str
2820If
2821.Va mroute6d_enable
2822is set to
2823.Dq Li YES ,
2824this is the path to the IPv6 multicast routing daemon.
2825.It Va rtadvd_enable
2826.Pq Vt bool
2827If set to
2828.Dq Li YES ,
2829run the
2830.Xr rtadvd 8
2831daemon at boot time.
2832The
2833.Xr rtadvd 8
2834utility sends ICMPv6 Router Advertisement messages to
2835the interfaces specified in
2836.Va rtadvd_interfaces .
2837This should only be enabled with great care.
2838You may want to fine-tune
2839.Xr rtadvd.conf 5 .
2840.It Va rtadvd_interfaces
2841.Pq Vt str
2842If
2843.Va rtadvd_enable
2844is set to
2845.Dq Li YES
2846this is the list of interfaces to use.
2847.It Va arpproxy_all
2848.Pq Vt bool
2849If set to
2850.Dq Li YES ,
2851enable global proxy ARP.
2852.It Va forward_sourceroute
2853.Pq Vt bool
2854If set to
2855.Dq Li YES
2856and
2857.Va gateway_enable
2858is also set to
2859.Dq Li YES ,
2860source-routed packets are forwarded.
2861.It Va accept_sourceroute
2862.Pq Vt bool
2863If set to
2864.Dq Li YES ,
2865the system will accept source-routed packets directed at it.
2866.It Va rarpd_enable
2867.Pq Vt bool
2868If set to
2869.Dq Li YES ,
2870run the
2871.Xr rarpd 8
2872daemon at system boot time.
2873.It Va rarpd_flags
2874.Pq Vt str
2875If
2876.Va rarpd_enable
2877is set to
2878.Dq Li YES ,
2879these are the flags to pass to the
2880.Xr rarpd 8
2881daemon.
2882.It Va bootparamd_enable
2883.Pq Vt bool
2884If set to
2885.Dq Li YES ,
2886run the
2887.Xr bootparamd 8
2888daemon at system boot time.
2889.It Va bootparamd_flags
2890.Pq Vt str
2891If
2892.Va bootparamd_enable
2893is set to
2894.Dq Li YES ,
2895these are the flags to pass to the
2896.Xr bootparamd 8
2897daemon.
2898.It Va stf_interface_ipv4addr
2899.Pq Vt str
2900If not set to
2901.Dq Li NO ,
2902this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2903interface).
2904Specify this entry to enable the 6to4 interface.
2905.It Va stf_interface_ipv4plen
2906.Pq Vt int
2907Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2908An effective value is 0-31.
2909.It Va stf_interface_ipv6_ifid
2910.Pq Vt str
2911IPv6 interface ID for
2912.Xr stf 4 .
2913This can be set to
2914.Dq Li AUTO .
2915.It Va stf_interface_ipv6_slaid
2916.Pq Vt str
2917IPv6 Site Level Aggregator for
2918.Xr stf 4 .
2919.It Va ipv6_faith_prefix
2920.Pq Vt str
2921If not set to
2922.Dq Li NO ,
2923this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
2924translator.
2925You also need
2926.Xr faithd 8
2927setup.
2928.It Va ipv6_ipv4mapping
2929.Pq Vt bool
2930If set to
2931.Dq Li YES
2932this enables IPv4 mapped IPv6 address communication (like
2933.Li ::ffff:a.b.c.d ) .
2934.It Va rtsold_enable
2935.Pq Vt bool
2936Set to
2937.Dq Li YES
2938to enable the
2939.Xr rtsold 8
2940daemon to send ICMPv6 Router Solicitation messages.
2941.It Va rtsold_flags
2942.Pq Vt str
2943If
2944.Va rtsold_enable
2945is set to
2946.Dq Li YES ,
2947these are the flags to pass to
2948.Xr rtsold 8 .
2949.It Va rtsol_flags
2950.Pq Vt str
2951For interfaces configured with the
2952.Dq Li inet6 accept_rtadv
2953keyword, these are the flags to pass to
2954.Xr rtsol 8 .
2955.Pp
2956Note that
2957.Va rtsold_enable
2958is mutually exclusive to
2959.Va rtsol_flags ;
2960.Va rtsold_enable
2961takes precedence.
2962.It Va atm_enable
2963.Pq Vt bool
2964Set to
2965.Dq Li YES
2966to enable the configuration of ATM interfaces at system boot time.
2967For all of the ATM variables described below, please refer to the
2968.Xr atm 8
2969manual page for further details on the available command parameters.
2970Also refer to the files in
2971.Pa /usr/share/examples/atm
2972for more detailed configuration information.
2973.It Va atm_load
2974.Pq Vt str
2975This is a list of physical ATM interface drivers to load.
2976Typical values are
2977.Dq Li hfa_pci
2978and/or
2979.Dq Li hea_pci .
2980.It Va atm_netif_ Ns Aq Ar intf
2981.Pq Vt str
2982For the ATM physical interface
2983.Ar intf ,
2984this variable defines the name prefix and count for the ATM network
2985interfaces to be created.
2986The value will be passed as the parameters of an
2987.Dq Nm atm Cm "set netif" Ar intf
2988command.
2989.It Va atm_sigmgr_ Ns Aq Ar intf
2990.Pq Vt str
2991For the ATM physical interface
2992.Ar intf ,
2993this variable defines the ATM signalling manager to be used.
2994The value will be passed as the parameters of an
2995.Dq Nm atm Cm attach Ar intf
2996command.
2997.It Va atm_prefix_ Ns Aq Ar intf
2998.Pq Vt str
2999For the ATM physical interface
3000.Ar intf ,
3001this variable defines the NSAP prefix for interfaces using a UNI signalling
3002manager.
3003If set to
3004.Dq Li ILMI ,
3005the prefix will automatically be set via the
3006.Xr ilmid 8
3007daemon.
3008Otherwise, the value will be passed as the parameters of an
3009.Dq Nm atm Cm "set prefix" Ar intf
3010command.
3011.It Va atm_macaddr_ Ns Aq Ar intf
3012.Pq Vt str
3013For the ATM physical interface
3014.Ar intf ,
3015this variable defines the MAC address for interfaces using a UNI signalling
3016manager.
3017If set to
3018.Dq Li NO ,
3019the hardware MAC address contained in the ATM interface card will be used.
3020Otherwise, the value will be passed as the parameters of an
3021.Dq Nm atm Cm "set mac" Ar intf
3022command.
3023.It Va atm_arpserver_ Ns Aq Ar netif
3024.Pq Vt str
3025For the ATM network interface
3026.Ar netif ,
3027this variable defines the ATM address for a host which is to provide ATMARP
3028service.
3029This variable is only applicable to interfaces using a UNI signalling
3030manager.
3031If set to
3032.Dq Li local ,
3033this host will become an ATMARP server.
3034The value will be passed as the parameters of an
3035.Dq Nm atm Cm "set arpserver" Ar netif
3036command.
3037.It Va atm_scsparp_ Ns Aq Ar netif
3038.Pq Vt bool
3039If set to
3040.Dq Li YES ,
3041SCSP/ATMARP service for the network interface
3042.Ar netif
3043will be initiated using the
3044.Xr scspd 8
3045and
3046.Xr atmarpd 8
3047daemons.
3048This variable is only applicable if
3049.Va atm_arpserver_ Ns Aq Ar netif
3050is set to
3051.Dq Li local .
3052.It Va atm_pvcs
3053.Pq Vt str
3054Set to the list of ATM PVCs to be added at system
3055boot time.
3056For each whitespace separated
3057.Ar element
3058in the value, an
3059.Va atm_pvc_ Ns Aq Ar element
3060variable is assumed to exist.
3061The value of each of these variables
3062will be passed as the parameters of an
3063.Dq Nm atm Cm "add pvc"
3064command.
3065.It Va atm_arps
3066.Pq Vt str
3067Set to the list of permanent ATM ARP entries to be added
3068at system boot time.
3069For each whitespace separated
3070.Ar element
3071in the value, an
3072.Va atm_arp_ Ns Aq Ar element
3073variable is assumed to exist.
3074The value of each of these variables
3075will be passed as the parameters of an
3076.Dq Nm atm Cm "add arp"
3077command.
3078.It Va natm_interfaces
3079.Pq Vt str
3080Set to the list of
3081.Xr natm 4
3082interfaces that will also be used for HARP through
3083.Xr harp 4 .
3084If this list is not empty all interfaces in the list will be brought up
3085with
3086.Xr ifconfig 8
3087and
3088.Xr harp 4
3089will be loaded.
3090For this to work the interface drivers must be either compiled into the
3091kernel or must reside on the root partition.
3092.It Va keybell
3093.Pq Vt str
3094The keyboard bell sound.
3095Set to
3096.Dq Li normal ,
3097.Dq Li visual ,
3098.Dq Li off ,
3099or
3100.Dq Li NO
3101if the default behavior is desired.
3102For details, refer to the
3103.Xr kbdcontrol 1
3104manpage.
3105.It Va keyboard
3106.Pq Vt str
3107If set to a non-null string, the virtual console's keyboard input is
3108set to this device.
3109.It Va keymap
3110.Pq Vt str
3111If set to
3112.Dq Li NO ,
3113no keymap is installed, otherwise the value is used to install
3114the keymap file in
3115.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
3116.It Va keyrate
3117.Pq Vt str
3118The keyboard repeat speed.
3119Set to
3120.Dq Li slow ,
3121.Dq Li normal ,
3122.Dq Li fast ,
3123or
3124.Dq Li NO
3125if the default behavior is desired.
3126.It Va keychange
3127.Pq Vt str
3128If not set to
3129.Dq Li NO ,
3130attempt to program the function keys with the value.
3131The value should
3132be a single string of the form:
3133.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3134.It Va cursor
3135.Pq Vt str
3136Can be set to the value of
3137.Dq Li normal ,
3138.Dq Li blink ,
3139.Dq Li destructive ,
3140or
3141.Dq Li NO
3142to set the cursor behavior explicitly or choose the default behavior.
3143.It Va scrnmap
3144.Pq Vt str
3145If set to
3146.Dq Li NO ,
3147no screen map is installed, otherwise the value is used to install
3148the screen map file in
3149.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3150.It Va font8x16
3151.Pq Vt str
3152If set to
3153.Dq Li NO ,
3154the default 8x16 font value is used for screen size requests, otherwise
3155the value in
3156.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3157is used.
3158.It Va font8x14
3159.Pq Vt str
3160If set to
3161.Dq Li NO ,
3162the default 8x14 font value is used for screen size requests, otherwise
3163the value in
3164.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3165is used.
3166.It Va font8x8
3167.Pq Vt str
3168If set to
3169.Dq Li NO ,
3170the default 8x8 font value is used for screen size requests, otherwise
3171the value in
3172.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3173is used.
3174.It Va blanktime
3175.Pq Vt int
3176If set to
3177.Dq Li NO ,
3178the default screen blanking interval is used, otherwise it is set
3179to
3180.Ar value
3181seconds.
3182.It Va saver
3183.Pq Vt str
3184If not set to
3185.Dq Li NO ,
3186this is the actual screen saver to use
3187.Li ( blank , snake , daemon ,
3188etc).
3189.It Va moused_nondefault_enable
3190.Pq Vt str
3191If set to
3192.Dq Li NO ,
3193the mouse device specified on
3194the command line is not automatically treated as enabled by the
3195.Pa /etc/rc.d/moused
3196script.
3197Having this variable set to
3198.Dq Li YES
3199allows a
3200.Xr usb 4
3201mouse,
3202for example,
3203to be enabled as soon as it is plugged in.
3204.It Va moused_enable
3205.Pq Vt str
3206If set to
3207.Dq Li YES ,
3208the
3209.Xr moused 8
3210daemon is started for doing cut/paste selection on the console.
3211.It Va moused_type
3212.Pq Vt str
3213This is the protocol type of the mouse connected to this host.
3214This variable must be set if
3215.Va moused_enable
3216is set to
3217.Dq Li YES .
3218The
3219.Xr moused 8
3220daemon
3221is able to detect the appropriate mouse type automatically in many cases.
3222Set this variable to
3223.Dq Li auto
3224to let the daemon detect it, or
3225select one from the following list if the automatic detection fails.
3226.Pp
3227If the mouse is attached to the PS/2 mouse port, choose
3228.Dq Li auto
3229or
3230.Dq Li ps/2 ,
3231regardless of the brand and model of the mouse.
3232Likewise, if the
3233mouse is attached to the bus mouse port, choose
3234.Dq Li auto
3235or
3236.Dq Li busmouse .
3237All other protocols are for serial mice and will not work with
3238the PS/2 and bus mice.
3239If this is a USB mouse,
3240.Dq Li auto
3241is the only protocol type which will work.
3242.Pp
3243.Bl -tag -width ".Li x10mouseremote" -compact
3244.It Li microsoft
3245Microsoft mouse (serial)
3246.It Li intellimouse
3247Microsoft IntelliMouse (serial)
3248.It Li mousesystems
3249Mouse systems Corp.\& mouse (serial)
3250.It Li mmseries
3251MM Series mouse (serial)
3252.It Li logitech
3253Logitech mouse (serial)
3254.It Li busmouse
3255A bus mouse
3256.It Li mouseman
3257Logitech MouseMan and TrackMan (serial)
3258.It Li glidepoint
3259ALPS GlidePoint (serial)
3260.It Li thinkingmouse
3261Kensington ThinkingMouse (serial)
3262.It Li ps/2
3263PS/2 mouse
3264.It Li mmhittab
3265MM HitTablet (serial)
3266.It Li x10mouseremote
3267X10 MouseRemote (serial)
3268.It Li versapad
3269Interlink VersaPad (serial)
3270.El
3271.Pp
3272Even if the mouse is not in the above list, it may be compatible
3273with one in the list.
3274Refer to the manual page for
3275.Xr moused 8
3276for compatibility information.
3277.Pp
3278It should also be noted that while this is enabled, any
3279other client of the mouse (such as an X server) should access
3280the mouse through the virtual mouse device,
3281.Pa /dev/sysmouse ,
3282and configure it as a
3283.Dq Li sysmouse
3284type mouse, since all
3285mouse data is converted to this single canonical format when
3286using
3287.Xr moused 8 .
3288If the client program does not support the
3289.Dq Li sysmouse
3290type,
3291specify the
3292.Dq Li mousesystems
3293type.
3294It is the second preferred type.
3295.It Va moused_port
3296.Pq Vt str
3297If
3298.Va moused_enable
3299is set to
3300.Dq Li YES ,
3301this is the actual port the mouse is on.
3302It might be
3303.Pa /dev/cuau0
3304for a COM1 serial mouse,
3305.Pa /dev/psm0
3306for a PS/2 mouse or
3307.Pa /dev/mse0
3308for a bus mouse, for example.
3309.It Va moused_flags
3310.Pq Vt str
3311If
3312.Va moused_flags
3313is set, its value is used as an additional set of flags to pass to the
3314.Xr moused 8
3315daemon.
3316.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3317When
3318.Va moused_nondefault_enable
3319is enabled, and a
3320.Xr moused 8
3321daemon is started for a non-default port, the
3322.Va "moused_" Ns Ar XXX Ns Va "_flags"
3323set of options has precedence over and replaces the default
3324.Va moused_flags
3325(where
3326.Ar XXX
3327is the name of the non-default port, i.e.,\&
3328.Ar ums0 ) .
3329By setting
3330.Va "moused_" Ns Ar XXX Ns Va "_flags"
3331it is possible to set up a different set of default flags for each
3332.Xr moused 8
3333instance.
3334For example, you can use
3335.Dq Li "-3"
3336for the default
3337.Va moused_flags
3338to make your laptop's touchpad more comfortable to use,
3339but an empty set of options for
3340.Va moused_ums0_flags
3341when your
3342.Xr usb 4
3343mouse has three or more buttons.
3344.It Va mousechar_start
3345.Pq Vt int
3346If set to
3347.Dq Li NO ,
3348the default mouse cursor character range
3349.Li 0xd0 Ns - Ns Li 0xd3
3350is used,
3351otherwise the range start is set
3352to
3353.Ar value
3354character, see
3355.Xr vidcontrol 1 .
3356Use if the default range is occupied in the language code table.
3357.It Va allscreens_flags
3358.Pq Vt str
3359If set,
3360.Xr vidcontrol 1
3361is run with these options for each of the virtual terminals
3362.Pq Pa /dev/ttyv* .
3363For example,
3364.Dq Fl m Cm on
3365will enable the mouse pointer on all virtual terminals
3366if
3367.Va moused_enable
3368is set to
3369.Dq Li YES .
3370.It Va allscreens_kbdflags
3371.Pq Vt str
3372If set,
3373.Xr kbdcontrol 1
3374is run with these options for each of the virtual terminals
3375.Pq Pa /dev/ttyv* .
3376For example,
3377.Dq Fl h Li 200
3378will set the
3379.Xr syscons 4
3380scrollback (history) buffer to 200 lines.
3381.It Va cron_enable
3382.Pq Vt bool
3383If set to
3384.Dq Li YES ,
3385run the
3386.Xr cron 8
3387daemon at system boot time.
3388.It Va cron_program
3389.Pq Vt str
3390Path to
3391.Xr cron 8
3392(default
3393.Pa /usr/sbin/cron ) .
3394.It Va cron_flags
3395.Pq Vt str
3396If
3397.Va cron_enable
3398is set to
3399.Dq Li YES ,
3400these are the flags to pass to
3401.Xr cron 8 .
3402.It Va cron_dst
3403.Pq Vt bool
3404If set to
3405.Dq Li YES ,
3406enable the special handling of transitions to and from the
3407Daylight Saving Time in
3408.Xr cron 8
3409(equivalent to using the flag
3410.Fl s ) .
3411.It Va lpd_program
3412.Pq Vt str
3413Path to
3414.Xr lpd 8
3415(default
3416.Pa /usr/sbin/lpd ) .
3417.It Va lpd_enable
3418.Pq Vt bool
3419If set to
3420.Dq Li YES ,
3421run the
3422.Xr lpd 8
3423daemon at system boot time.
3424.It Va lpd_flags
3425.Pq Vt str
3426If
3427.Va lpd_enable
3428is set to
3429.Dq Li YES ,
3430these are the flags to pass to the
3431.Xr lpd 8
3432daemon.
3433.It Va chkprintcap_enable
3434.Pq Vt bool
3435If set to
3436.Dq Li YES ,
3437run the
3438.Xr chkprintcap 8
3439command before starting the
3440.Xr lpd 8
3441daemon.
3442.It Va chkprintcap_flags
3443.Pq Vt str
3444If
3445.Va lpd_enable
3446and
3447.Va chkprintcap_enable
3448are set to
3449.Dq Li YES ,
3450these are the flags to pass to the
3451.Xr chkprintcap 8
3452program.
3453The default is
3454.Dq Li -d ,
3455which causes missing directories to be created.
3456.It Va mta_start_script
3457.Pq Vt str
3458This variable specifies the full path to the script to run to start
3459a mail transfer agent.
3460The default is
3461.Pa /etc/rc.sendmail .
3462The
3463.Va sendmail_*
3464variables which
3465.Pa /etc/rc.sendmail
3466uses are documented in the
3467.Xr rc.sendmail 8
3468manual page.
3469.It Va dumpdev
3470.Pq Vt str
3471Indicates the device (usually a swap partition) to which a crash dump
3472should be written in the event of a system crash.
3473If the value of this variable is
3474.Dq Li AUTO ,
3475the first suitable swap device listed in
3476.Pa /etc/fstab
3477will be used as dump device.
3478Otherwise, the value of this variable is passed as the argument to
3479.Xr dumpon 8 .
3480To disable crash dumps, set this variable to
3481.Dq Li NO .
3482.It Va dumpdir
3483.Pq Vt str
3484When the system reboots after a crash and a crash dump is found on the
3485device specified by the
3486.Va dumpdev
3487variable,
3488.Xr savecore 8
3489will save that crash dump and a copy of the kernel to the directory
3490specified by the
3491.Va dumpdir
3492variable.
3493The default value is
3494.Pa /var/crash .
3495Set to
3496.Dq Li NO
3497to not run
3498.Xr savecore 8
3499at boot time when
3500.Va dumpdir
3501is set.
3502.It Va savecore_flags
3503.Pq Vt str
3504If crash dumps are enabled, these are the flags to pass to the
3505.Xr savecore 8
3506utility.
3507.It Va quota_enable
3508.Pq Vt bool
3509Set to
3510.Dq Li YES
3511to turn on user and group disk quotas on system startup via the
3512.Xr quotaon 8
3513command for all file systems marked as having quotas enabled in
3514.Pa /etc/fstab .
3515The kernel must be built with
3516.Cd "options QUOTA"
3517for disk quotas to function.
3518.It Va check_quotas
3519.Pq Vt bool
3520Set to
3521.Dq Li YES
3522to enable user and group disk quota checking via the
3523.Xr quotacheck 8
3524command.
3525.It Va quotacheck_flags
3526.Pq Vt str
3527If
3528.Va quota_enable
3529is set to
3530.Dq Li YES ,
3531and
3532.Va check_quotas
3533is set to
3534.Dq Li YES ,
3535these are the flags to pass to the
3536.Xr quotacheck 8
3537utility.
3538The default is
3539.Dq Li "-a" ,
3540which checks quotas for all file systems with quotas enabled in
3541.Pa /etc/fstab .
3542.It Va quotaon_flags
3543.Pq Vt str
3544If
3545.Va quota_enable
3546is set to
3547.Dq Li YES ,
3548these are the flags to pass to the
3549.Xr quotaon 8
3550utility.
3551The default is
3552.Dq Li "-a" ,
3553which enables quotas for all file systems with quotas enabled in
3554.Pa /etc/fstab .
3555.It Va quotaoff_flags
3556.Pq Vt str
3557If
3558.Va quota_enable
3559is set to
3560.Dq Li YES ,
3561these are the flags to pass to the
3562.Xr quotaoff 8
3563utility when shutting down the quota system.
3564The default is
3565.Dq Li "-a" ,
3566which disables quotas for all file systems with quotas enabled in
3567.Pa /etc/fstab .
3568.It Va accounting_enable
3569.Pq Vt bool
3570Set to
3571.Dq Li YES
3572to enable system accounting through the
3573.Xr accton 8
3574facility.
3575.It Va ibcs2_enable
3576.Pq Vt bool
3577Set to
3578.Dq Li YES
3579to enable iBCS2 (SCO) binary emulation at system initial boot
3580time.
3581.It Va ibcs2_loaders
3582.Pq Vt str
3583If not set to
3584.Dq Li NO
3585and if
3586.Va ibcs2_enable
3587is set to
3588.Dq Li YES ,
3589this specifies a list of additional iBCS2 loaders to enable.
3590.It Va firstboot_sentinel
3591.Pq Vt str
3592This variable specifies the full path to a
3593.Dq first boot
3594sentinel file.
3595If a file exists with this path,
3596.Pa rc.d
3597scripts with the
3598.Dq firstboot
3599keyword will be run on startup and the sentinel file will be deleted
3600after the boot process completes.
3601The sentinel file must be located on a writable file system which is
3602mounted no later than
3603.Va early_late_divider
3604to function properly.
3605The default is
3606.Pa /firstboot .
3607.It Va linux_enable
3608.Pq Vt bool
3609Set to
3610.Dq Li YES
3611to enable Linux/ELF binary emulation at system initial
3612boot time.
3613.It Va svr4_enable
3614.Pq Vt bool
3615If set to
3616.Dq Li YES ,
3617enable SysVR4 emulation at boot time.
3618.It Va sysvipc_enable
3619.Pq Vt bool
3620If set to
3621.Dq Li YES ,
3622load System V IPC primitives at boot time.
3623.It Va clear_tmp_enable
3624.Pq Vt bool
3625Set to
3626.Dq Li YES
3627to have
3628.Pa /tmp
3629cleaned at startup.
3630.It Va clear_tmp_X
3631.Pq Vt bool
3632Set to
3633.Dq Li NO
3634to disable removing of X11 lock files,
3635and the removal and (secure) recreation
3636of the various socket directories for X11
3637related programs.
3638.It Va ldconfig_paths
3639.Pq Vt str
3640Set to the list of shared library paths to use with
3641.Xr ldconfig 8 .
3642NOTE:
3643.Pa /usr/lib
3644will always be added first, so it need not appear in this list.
3645.It Va ldconfig32_paths
3646.Pq Vt str
3647Set to the list of 32-bit compatibility shared library paths to
3648use with
3649.Xr ldconfig 8 .
3650.It Va ldconfig_paths_aout
3651.Pq Vt str
3652Set to the list of shared library paths to use with
3653.Xr ldconfig 8
3654legacy
3655.Xr a.out 5
3656support.
3657.It Va ldconfig_insecure
3658.Pq Vt bool
3659The
3660.Xr ldconfig 8
3661utility normally refuses to use directories
3662which are writable by anyone except root.
3663Set this variable to
3664.Dq Li YES
3665to disable that security check during system startup.
3666.It Va ldconfig_local_dirs
3667.Pq Vt str
3668Set to the list of local
3669.Xr ldconfig 8
3670directories.
3671The names of all files in the directories listed will be
3672passed as arguments to
3673.Xr ldconfig 8 .
3674.It Va ldconfig_local32_dirs
3675.Pq Vt str
3676Set to the list of local 32-bit compatibility
3677.Xr ldconfig 8
3678directories.
3679The names of all files in the directories listed will be
3680passed as arguments to
3681.Dq Nm ldconfig Fl 32 .
3682.It Va kern_securelevel_enable
3683.Pq Vt bool
3684Set to
3685.Dq Li YES
3686to set the kernel security level at system startup.
3687.It Va kern_securelevel
3688.Pq Vt int
3689The kernel security level to set at startup.
3690The allowed range of
3691.Ar value
3692ranges from \-1 (the compile time default) to 3 (the
3693most secure).
3694See
3695.Xr security 7
3696for the list of possible security levels and their effect
3697on system operation.
3698.It Va sshd_program
3699.Pq Vt str
3700Path to the SSH server program
3701.Pa ( /usr/sbin/sshd
3702is the default).
3703.It Va sshd_enable
3704.Pq Vt bool
3705Set to
3706.Dq Li YES
3707to start
3708.Xr sshd 8
3709at system boot time.
3710.It Va sshd_flags
3711.Pq Vt str
3712If
3713.Va sshd_enable
3714is set to
3715.Dq Li YES ,
3716these are the flags to pass to the
3717.Xr sshd 8
3718daemon.
3719.It Va ftpd_program
3720.Pq Vt str
3721Path to the FTP server program
3722.Pa ( /usr/libexec/ftpd
3723is the default).
3724.It Va ftpd_enable
3725.Pq Vt bool
3726Set to
3727.Dq Li YES
3728to start
3729.Xr ftpd 8
3730as a stand-alone daemon at system boot time.
3731.It Va ftpd_flags
3732.Pq Vt str
3733If
3734.Va ftpd_enable
3735is set to
3736.Dq Li YES ,
3737these are the additional flags to pass to the
3738.Xr ftpd 8
3739daemon.
3740.It Va watchdogd_enable
3741.Pq Vt bool
3742If set to
3743.Dq Li YES ,
3744start the
3745.Xr watchdogd 8
3746daemon at boot time.
3747This requires that the kernel have been compiled with a
3748.Xr watchdog 4
3749compatible device.
3750.It Va watchdogd_flags
3751.Pq Vt str
3752If
3753.Va watchdogd_enable
3754is set to
3755.Dq Li YES ,
3756these are the flags passed to the
3757.Xr watchdogd 8
3758daemon.
3759.It Va devfs_rulesets
3760.Pq Vt str
3761List of files containing sets of rules for
3762.Xr devfs 8 .
3763.It Va devfs_system_ruleset
3764.Pq Vt str
3765Rule name(s) to apply to the system
3766.Pa /dev
3767itself.
3768.It Va devfs_set_rulesets
3769.Pq Vt str
3770Pairs of already-mounted
3771.Pa dev
3772directories and rulesets that should be applied to them.
3773For example: /mount/dev=ruleset_name
3774.It Va devfs_load_rulesets
3775.Pq Vt bool
3776If set, always load the default rulesets listed in
3777.Va devfs_rulesets .
3778.It Va performance_cx_lowest
3779.Pq Vt str
3780CPU idle state to use while on AC power.
3781The string
3782.Dq Li LOW
3783indicates that
3784.Xr acpi 4
3785should use the lowest power state available while
3786.Dq Li HIGH
3787indicates that the lowest latency state (less power savings) should be used.
3788.It Va performance_cpu_freq
3789.Pq Vt str
3790CPU clock frequency to use while on AC power.
3791The string
3792.Dq Li LOW
3793indicates that
3794.Xr cpufreq 4
3795should use the lowest frequency available while
3796.Dq Li HIGH
3797indicates that the highest frequency (less power savings) should be used.
3798.It Va economy_cx_lowest
3799.Pq Vt str
3800CPU idle state to use when off AC power.
3801The string
3802.Dq Li LOW
3803indicates that
3804.Xr acpi 4
3805should use the lowest power state available while
3806.Dq Li HIGH
3807indicates that the lowest latency state (less power savings) should be used.
3808.It Va economy_cpu_freq
3809.Pq Vt str
3810CPU clock frequency to use when off AC power.
3811The string
3812.Dq Li LOW
3813indicates that
3814.Xr cpufreq 4
3815should use the lowest frequency available while
3816.Dq Li HIGH
3817indicates that the highest frequency (less power savings) should be used.
3818.It Va jail_enable
3819.Pq Vt bool
3820If set to
3821.Dq Li NO ,
3822any configured jails will not be started.
3823.It Va jail_conf
3824.Pq Vt str
3825The configuration filename used by
3826.Xr jail 8
3827utility.
3828The default value is
3829.Pa /etc/jail.conf .
3830.It Va jail_parallel_start
3831.Pq Vt bool
3832If set to
3833.Dq Li YES ,
3834all configured jails will be started in the background (in parallel).
3835.It Va jail_flags
3836.Pq Vt str
3837Unset by default.
3838When set, use as default value for
3839.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3840for every jail in
3841.Va jail_list .
3842.It Va jail_list
3843.Pq Vt str
3844A space separated list of names for jails.
3845If this variable is empty,
3846all of
3847.Xr jail 8
3848instances in the configuration file will be configured.
3849This is purely a configuration aid to help identify and
3850configure multiple jails.
3851The names specified in this list will be used to
3852identify settings common to an instance of a jail,
3853and should contain alphanumeric characters only.
3854The literal jail name of
3855.Dq Li 0
3856.Pq zero
3857is not allowed.
3858.It Va jail_* variables
3859Note that older releases supported per-jail configuration via
3860.Xr rc.conf 5
3861variables.
3862For example,
3863hostname of a jail named
3864.Li vjail
3865was able to be set by
3866.Li jail_vjail_hostname .
3867These per-jail configuration variables are now obsolete in favor of
3868.Xr jail 8
3869configuration file.
3870For backward compatibility,
3871when per-jail configuration variables are defined,
3872.Xr jail 8
3873configuration files are created as
3874.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf
3875and used.
3876.Pp
3877The following per-jail parameters are handled by
3878.Pa rc.d/jail
3879script out of their corresponding
3880.Nm
3881variables.
3882In addition to them, parameters in
3883.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3884will be added to the configuration file.
3885They must be a semi-colon
3886.Pq Ql \&;
3887delimited list of
3888.Dq key=value .
3889For more details,
3890see
3891.Xr jail 8
3892manual page.
3893.Bl  -tag -width "host.hostname" -offset indent
3894.It Li path
3895set from
3896.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3897.It Li host.hostname
3898set from
3899.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3900.It Li exec.consolelog
3901set from
3902.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3903The default value is
3904.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3905.It Li interface
3906set from
3907.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
3908.It Li vnet.interface
3909set from
3910.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
3911This implies
3912.Li vnet
3913parameter will be enabled and cannot be specified with
3914.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
3915.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3916and/or
3917.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3918at the same time.
3919.It Li fstab
3920set from
3921.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3922.It Li mount
3923set from
3924.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
3925.It Li exec.fib
3926set from
3927.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3928.It Li exec.start
3929set from
3930.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
3931The parameter name was
3932.Li command
3933in some older releases.
3934.It Li exec.prestart
3935set from
3936.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
3937.It Li exec.poststart
3938set from
3939.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
3940.It Li exec.stop
3941set from
3942.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3943.It Li exec.prestop
3944set from
3945.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
3946.It Li exec.poststop
3947set from
3948.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
3949.It Li ip4.addr
3950set if
3951.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3952or
3953.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3954contain IPv4 addresses
3955.It Li ip6.addr
3956set if
3957.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3958or
3959.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3960contain IPv6 addresses
3961.It Li allow.mount
3962set from
3963.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3964.It Li mount.devfs
3965set from
3966.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3967.It Li devfs_ruleset
3968set from
3969.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
3970This must be an integer,
3971not a string.
3972.It Li mount.fdescfs
3973set from
3974.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3975.It Li allow.set_hostname
3976set from
3977.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
3978.It Li allow.rawsocket
3979set from
3980.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
3981.It Li allow.sysvipc
3982set from
3983.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
3984.El
3985.\" -----------------------------------------------------
3986.It Va harvest_interrupt
3987.Pq Vt bool
3988Set to
3989.Dq Li YES
3990to use hardware interrupts as an entropy source.
3991Refer to
3992.Xr random 4
3993for more information.
3994.It Va harvest_ethernet
3995.Pq Vt bool
3996Set to
3997.Dq Li YES
3998to use LAN traffic as an entropy source.
3999Refer to
4000.Xr random 4
4001for more information.
4002.It Va harvest_p_to_p
4003.Pq Vt bool
4004Set to
4005.Dq Li YES
4006to use serial line traffic as an entropy source.
4007Refer to
4008.Xr random 4
4009for more information.
4010.It Va entropy_dir
4011.Pq Vt str
4012Set to
4013.Dq Li NO
4014to disable caching entropy via
4015.Xr cron 8 .
4016Otherwise set to the directory used to store entropy files in.
4017.It Va entropy_file
4018.Pq Vt str
4019Set to
4020.Dq Li NO
4021to disable caching entropy through reboots.
4022Otherwise set to the filename used to store cached entropy through
4023reboots.
4024This file should be located on the root file system to seed the
4025.Xr random 4
4026device as early as possible in the boot process.
4027.It Va entropy_save_sz
4028.Pq Vt int
4029Size of the entropy cache files saved by
4030.Nm save-entropy
4031periodically.
4032.It Va entropy_save_num
4033.Pq Vt int
4034Number of entropy cache files to save by
4035.Nm save-entropy
4036periodically.
4037.It Va ipsec_enable
4038.Pq Vt bool
4039Set to
4040.Dq Li YES
4041to run
4042.Xr setkey 8
4043on
4044.Va ipsec_file
4045at boot time.
4046.It Va ipsec_file
4047.Pq Vt str
4048Configuration file for
4049.Xr setkey 8 .
4050.It Va dmesg_enable
4051.Pq Vt bool
4052Set to
4053.Dq Li YES
4054to save
4055.Xr dmesg 8
4056to
4057.Pa /var/run/dmesg.boot
4058on boot.
4059.It Va rcshutdown_timeout
4060.Pq Vt int
4061If set, start a watchdog timer in the background which will terminate
4062.Pa rc.shutdown
4063if
4064.Xr shutdown 8
4065has not completed within the specified time (in seconds).
4066Notice that in addition to this soft timeout,
4067.Xr init 8
4068also applies a hard timeout for the execution of
4069.Pa rc.shutdown .
4070This is configured via
4071.Xr sysctl 8
4072variable
4073.Va kern.init_shutdown_timeout
4074and defaults to 120 seconds.
4075Setting the value of
4076.Va rcshutdown_timeout
4077to more than 120 seconds will have no effect until the
4078.Xr sysctl 8
4079variable
4080.Va kern.init_shutdown_timeout
4081is also increased.
4082.It Va virecover_enable
4083.Pq Vt bool
4084Set to
4085.Dq Li NO
4086to prevent the system from trying to
4087recover pre-maturely terminated
4088.Xr vi 1
4089sessions.
4090.It Va ugidfw_enable
4091.Pq Vt bool
4092Set to
4093.Dq Li YES
4094to load the
4095.Xr mac_bsdextended 4
4096module upon system initialization and load a default
4097ruleset file.
4098.It Va bsdextended_script
4099.Pq Vt str
4100The default
4101.Xr mac_bsdextended 4
4102ruleset file to load.
4103The default value of this variable is
4104.Pa /etc/rc.bsdextended .
4105.It Va newsyslog_enable
4106.Pq Vt bool
4107If set to
4108.Dq Li YES ,
4109run
4110.Xr newsyslog 8
4111command at startup.
4112.It Va newsyslog_flags
4113.Pq Vt str
4114If
4115.Va newsyslog_enable
4116is set to
4117.Dq Li YES ,
4118these are the flags to pass to the
4119.Xr newsyslog 8
4120program.
4121The default is
4122.Dq Li -CN ,
4123which causes log files flagged with a
4124.Cm C
4125to be created.
4126.It Va mdconfig_md Ns Aq Ar X
4127.Pq Vt str
4128Arguments to
4129.Xr mdconfig 8
4130for
4131.Xr md 4
4132device
4133.Ar X .
4134At minimum a
4135.Fl t Ar type
4136must be specified and either a
4137.Fl s Ar size
4138for malloc or swap backed
4139.Xr md 4
4140devices or a
4141.Fl f Ar file
4142for vnode backed
4143.Xr md 4
4144devices.
4145Note that
4146.Va mdconfig_md Ns Aq Ar X
4147variables are evaluated until one variable is unset or null.
4148.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4149.Pq Vt str
4150Optional arguments passed to
4151.Xr newfs 8
4152to initialize
4153.Xr md 4
4154device
4155.Ar X .
4156.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4157.Pq Vt str
4158An ownership specification passed to
4159.Xr chown 8
4160after the specified
4161.Xr md 4
4162device
4163.Ar X
4164has been mounted.
4165Both the
4166.Xr md 4
4167device and the mount point will be changed.
4168.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4169.Pq Vt str
4170A mode string passed to
4171.Xr chmod 1
4172after the specified
4173.Xr md 4
4174device
4175.Ar X
4176has been mounted.
4177Both the
4178.Xr md 4
4179device and the mount point will be changed.
4180.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4181.Pq Vt str
4182Files to be copied to the mount point of the
4183.Xr md 4
4184device
4185.Ar X
4186after it has been mounted.
4187.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4188.Pq Vt str
4189Command to execute after the specified
4190.Xr md 4
4191device
4192.Ar X
4193has been mounted.
4194Note that the command is passed to
4195.Ic eval
4196and that both
4197.Va _dev
4198and
4199.Va _mp
4200variables can be used to reference respectively the
4201.Xr md 4
4202device and the mount point.
4203Assuming that the
4204.Xr md 4
4205device is
4206.Li md0 ,
4207one could set the following:
4208.Bd -literal
4209mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4210.Ed
4211.It Va autobridge_interfaces
4212.Pq Vt str
4213Set to the list of bridge interfaces that will have newly arriving interfaces
4214checked against to be automatically added.
4215If not set to
4216.Dq Li NO
4217then for each whitespace separated
4218.Ar element
4219in the value, a
4220.Va autobridge_ Ns Aq Ar element
4221variable is assumed to exist which has a whitespace separated list of interface
4222names to match, these names can use wildcards.
4223For example:
4224.Bd -literal
4225autobridge_interfaces="bridge0"
4226autobridge_bridge0="tap* dc0 vlan[345]"
4227.Ed
4228.It Va mixer_enable
4229.Pq Vt bool
4230If set to
4231.Dq Li YES ,
4232enable support for sound mixer.
4233.It Va hcsecd_enable
4234.Pq Vt bool
4235If set to
4236.Dq Li YES ,
4237enable Bluetooth security daemon.
4238.It Va hcsecd_config
4239.Pq Vt str
4240Configuration file for
4241.Xr hcsecd 8 .
4242Default
4243.Pa /etc/bluetooth/hcsecd.conf .
4244.It Va sdpd_enable
4245.Pq Vt bool
4246If set to
4247.Dq Li YES ,
4248enable Bluetooth Service Discovery Protocol daemon.
4249.It Va sdpd_control
4250.Pq Vt str
4251Path to
4252.Xr sdpd 8
4253control socket.
4254Default
4255.Pa /var/run/sdp .
4256.It Va sdpd_groupname
4257.Pq Vt str
4258Sets
4259.Xr sdpd 8
4260group to run as after it initializes.
4261Default
4262.Dq Li nobody .
4263.It Va sdpd_username
4264.Pq Vt str
4265Sets
4266.Xr sdpd 8
4267user to run as after it initializes.
4268Default
4269.Dq Li nobody .
4270.It Va bthidd_enable
4271.Pq Vt bool
4272If set to
4273.Dq Li YES ,
4274enable Bluetooth Human Interface Device daemon.
4275.It Va bthidd_config
4276.Pq Vt str
4277Configuration file for
4278.Xr bthidd 8 .
4279Default
4280.Pa /etc/bluetooth/bthidd.conf .
4281.It Va bthidd_hids
4282.Pq Vt str
4283Path to a file, where
4284.Xr bthidd 8
4285will store information about known HID devices.
4286Default
4287.Pa /var/db/bthidd.hids .
4288.It Va rfcomm_pppd_server_enable
4289.Pq Vt bool
4290If set to
4291.Dq Li YES ,
4292enable Bluetooth RFCOMM PPP wrapper daemon.
4293.It Va rfcomm_pppd_server_profile
4294.Pq Vt str
4295The name of the profile to use from
4296.Pa /etc/ppp/ppp.conf .
4297Multiple profiles can be specified here.
4298Also used to specify per-profile overrides.
4299When the profile name contains any of the characters
4300.Dq Li .-/+
4301they are translated to
4302.Dq Li _
4303for the proposes of the override variable names.
4304.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4305.Pq Vt str
4306Overrides local address to listen on.
4307By default
4308.Xr rfcomm_pppd 8
4309will listen on
4310.Dq Li ANY
4311address.
4312The address can be specified as BD_ADDR or name.
4313.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4314.Pq Vt str
4315Overrides local RFCOMM channel to listen on.
4316By default
4317.Xr rfcomm_pppd 8
4318will listen on RFCOMM channel 1.
4319Must set properly if multiple profiles used in the same time.
4320.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4321.Pq Vt bool
4322Tells
4323.Xr rfcomm_pppd 8
4324if it should register Serial Port service on the specified RFCOMM channel.
4325Default
4326.Dq Li NO .
4327.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4328.Pq Vt bool
4329Tells
4330.Xr rfcomm_pppd 8
4331if it should register Dial-Up Networking service on the specified
4332RFCOMM channel.
4333Default
4334.Dq Li NO .
4335.It Va ubthidhci_enable
4336.Pq Vt bool
4337If set to
4338.Dq Li YES ,
4339change the USB Bluetooth controller from HID mode to HCI mode.
4340You also need to specify the location of USB Bluetooth controller with the
4341.Va ubthidhci_busnum
4342and
4343.Va ubthidhci_addr
4344variables.
4345.It Va ubthidhci_busnum
4346Bus number where the USB Bluetooth controller is located.
4347Check the output of
4348.Xr usbconfig 8
4349on your system to find this information.
4350.It Va ubthidhci_addr
4351Bus address of the USB Bluetooth controller.
4352Check the output of
4353.Xr usbconfig 8
4354on your system to find this information.
4355.It Va netwait_enable
4356.Pq Vt bool
4357If set to
4358.Dq Li YES ,
4359delays the start of network-reliant services until
4360.Va netwait_if
4361is up and ICMP packets to a destination defined in
4362.Va netwait_ip
4363are flowing.
4364Link state is examined first, followed by
4365.Dq Li pinging
4366an IP address to verify network usability.
4367If no destination can be reached or timeouts are exceeded,
4368network services are started anyway with no guarantee that
4369the network is usable.
4370Use of this variable requires both
4371.Va netwait_ip
4372and
4373.Va netwait_if
4374to be set.
4375.It Va netwait_ip
4376.Pq Vt str
4377Empty by default.
4378This variable contains a space-delimited list of IP addresses to
4379.Xr ping 8 .
4380DNS hostnames should not be used as resolution is not guaranteed
4381to be functional at this point.
4382If multiple IP addresses are specified,
4383each will be tried until one is successful or the list is exhausted.
4384.It Va netwait_timeout
4385.Pq Vt int
4386Indicates the total number of seconds to perform a
4387.Dq Li ping
4388against each IP address in
4389.Va netwait_ip ,
4390at a rate of one ping per second.
4391If any of the pings are successful,
4392full network connectivity is considered reliable.
4393The default is 60.
4394.It Va netwait_if
4395.Pq Vt str
4396Empty by default.
4397Defines the name of the network interface on which watch for link.
4398.Xr ifconfig 8
4399is used to monitor the interface, looking for
4400.Dq Li status: no carrier .
4401Once gone, the link is considered up.
4402This can be a
4403.Xr vlan 4
4404interface if desired.
4405.It Va netwait_if_timeout
4406.Pq Vt int
4407Defines the total number of seconds to wait for link to become usable,
4408polled at a 1-second interval.
4409The default is 30.
4410.It Va rctl_enable
4411.Pq Vt bool
4412Set to
4413.Dq Li YES
4414to load
4415.Xr rctl 8
4416rules from the defined ruleset.
4417The kernel must be built with
4418.Cd "options RACCT"
4419and
4420.Cd "options RCTL" .
4421.It Va rctl_rules
4422.Pq Vt str
4423Set to
4424.Pa /etc/rctl.conf
4425by default.
4426This variables contains the
4427.Xr rctl.conf 5
4428ruleset to load for
4429.Xr rctl 8 .
4430.El
4431.Sh FILES
4432.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4433.It Pa /etc/defaults/rc.conf
4434.It Pa /etc/rc.conf
4435.It Pa /etc/rc.conf.local
4436.El
4437.Sh SEE ALSO
4438.Xr catman 1 ,
4439.Xr chmod 1 ,
4440.Xr gdb 1 ,
4441.Xr info 1 ,
4442.Xr kbdcontrol 1 ,
4443.Xr makewhatis 1 ,
4444.Xr sh 1 ,
4445.Xr vi 1 ,
4446.Xr vidcontrol 1 ,
4447.Xr bridge 4 ,
4448.Xr dummynet 4 ,
4449.Xr ip 4 ,
4450.Xr ipf 4 ,
4451.Xr ipfw 4 ,
4452.Xr ipnat 4 ,
4453.Xr kld 4 ,
4454.Xr pf 4 ,
4455.Xr pflog 4 ,
4456.Xr pfsync 4 ,
4457.Xr tcp 4 ,
4458.Xr udp 4 ,
4459.Xr exports 5 ,
4460.Xr fstab 5 ,
4461.Xr ipf 5 ,
4462.Xr ipnat 5 ,
4463.Xr jail.conf 5 ,
4464.Xr motd 5 ,
4465.Xr newsyslog.conf 5 ,
4466.Xr pf.conf 5 ,
4467.Xr security 7 ,
4468.Xr accton 8 ,
4469.Xr amd 8 ,
4470.Xr apm 8 ,
4471.Xr atm 8 ,
4472.Xr bthidd 8 ,
4473.Xr chkprintcap 8 ,
4474.Xr chown 8 ,
4475.Xr cron 8 ,
4476.Xr devfs 8 ,
4477.Xr dhclient 8 ,
4478.Xr ftpd 8 ,
4479.Xr geli 8 ,
4480.Xr hcsecd 8 ,
4481.Xr ifconfig 8 ,
4482.Xr inetd 8 ,
4483.Xr ipf 8 ,
4484.Xr ipfw 8 ,
4485.Xr ipnat 8 ,
4486.Xr jail 8 ,
4487.Xr kldxref 8 ,
4488.Xr lpd 8 ,
4489.Xr mdconfig 8 ,
4490.Xr mdmfs 8 ,
4491.Xr mixer 8 ,
4492.Xr mountd 8 ,
4493.Xr moused 8 ,
4494.Xr mrouted 8 ,
4495.Xr newfs 8 ,
4496.Xr newsyslog 8 ,
4497.Xr nfsd 8 ,
4498.Xr ntpd 8 ,
4499.Xr ntpdate 8 ,
4500.Xr pfctl 8 ,
4501.Xr pflogd 8 ,
4502.Xr ping 8 ,
4503.Xr powerd 8 ,
4504.Xr quotacheck 8 ,
4505.Xr quotaon 8 ,
4506.Xr rc 8 ,
4507.Xr rc.sendmail 8 ,
4508.Xr rfcomm_pppd 8 ,
4509.Xr route 8 ,
4510.Xr routed 8 ,
4511.Xr rpcbind 8 ,
4512.Xr rpc.lockd 8 ,
4513.Xr rpc.statd 8 ,
4514.Xr rwhod 8 ,
4515.Xr savecore 8 ,
4516.Xr sdpd 8 ,
4517.Xr sshd 8 ,
4518.Xr swapon 8 ,
4519.Xr sysctl 8 ,
4520.Xr syslogd 8 ,
4521.Xr timed 8 ,
4522.Xr unbound 8 ,
4523.Xr usbconfig 8 ,
4524.Xr wlandebug 8 ,
4525.Xr yp 8 ,
4526.Xr ypbind 8 ,
4527.Xr ypserv 8 ,
4528.Xr ypset 8
4529.Sh HISTORY
4530The
4531.Nm
4532file appeared in
4533.Fx 2.2.2 .
4534.Sh AUTHORS
4535.An Jordan K. Hubbard .
4536