1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd June 25, 2013 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66In addition to 67.Pa /etc/rc.conf.local 68you can also place smaller configuration files for each 69.Xr rc 8 70script in the 71.Pa /etc/rc.conf.d 72directory, which will be included by the 73.Va load_rc_config 74function. 75For jail configurations you could use the file 76.Pa /etc/rc.conf.d/jail 77to store jail specific configuration options. 78Also see the 79.Va rc_conf_files 80variable below. 81.Pp 82Options are set with 83.Dq Ar name Ns Li = Ns Ar value 84assignments that use 85.Xr sh 1 86syntax. 87The following list provides a name and short description for each 88variable that can be set in the 89.Nm 90file: 91.Bl -tag -width indent-two 92.It Va rc_debug 93.Pq Vt bool 94If set to 95.Dq Li YES , 96enable output of debug messages from rc scripts. 97This variable can be helpful in diagnosing mistakes when 98editing or integrating new scripts. 99Beware that this produces copious output to the terminal and 100.Xr syslog 3 . 101.It Va rc_info 102.Pq Vt bool 103If set to 104.Dq Li NO , 105disable informational messages from the rc scripts. 106Informational messages are displayed when 107a condition that is not serious enough to warrant a warning or 108an error occurs. 109.It Va rc_startmsgs 110.Pq Vt bool 111If set to 112.Dq Li YES , 113show 114.Dq Starting foo: 115when faststart is used (e.g., at boot time). 116.It Va early_late_divider 117.Pq Vt str 118The name of the script that should be used as the 119delimiter between the 120.Dq early 121and 122.Dq late 123stages of the boot process. 124The early stage should contain all the services needed to 125get the disks (local or remote) mounted so that the late 126stage can include scripts contained in the directories 127listed in the 128.Va local_startup 129variable (see below). 130Thus, the two likely candidates for this value are 131.Pa mountcritlocal 132for the typical system, and 133.Pa mountcritremote 134if the system needs remote file 135systems mounted to get access to the 136.Va local_startup 137directories; for example when 138.Pa /usr/local 139is NFS mounted. 140For 141.Pa rc.conf 142within a 143.Xr jail 8 144.Pa NETWORKING 145is likely to be an appropriate value. 146Extreme care should be taken when changing this value, 147and before changing it one should ensure that there are 148adequate provisions to recover from a failed boot 149(such as physical contact with the machine, 150or reliable remote console access). 151.It Va always_force_depends 152.Pq Vt bool 153Various 154.Pa rc.d 155scripts use the force_depend function to check whether required 156services are already running, and to start them if necessary. 157By default during boot time this check is bypassed if the 158required service is enabled in 159.Pa /etc/rc.conf[.local] . 160Setting this option will bypass that check at boot time and 161always test whether or not the service is actually running. 162Enabling this option is likely to increase your boot time if 163services are enabled that utilize the force_depend check. 164.It Va swapfile 165.Pq Vt str 166If set to 167.Dq Li NO , 168no swapfile is installed, otherwise the value is used as the full 169pathname to a file to use for additional swap space. 170.It Ao Ar name Ac Ns Va _chroot 171.Pq Vt str 172.Xr chroot 173to this directory before running the service. 174.It Ao Ar name Ac Ns Va _user 175.Pq Vt str 176Run the service under this user account. 177.It Ao Ar name Ac Ns Va _group 178.Pq Vt str 179Run the chrooted service under this system group. Unlike the _user 180setting, this setting has no effect if the service is not chrooted. 181.It Ao Ar name Ac Ns Va _fib 182.Pq Vt int 183The 184.Xr setfib 1 185value to run the service under. 186.It Ao Ar name Ac Ns Va _nice 187.Pq Vt int 188The 189.Xr nice 1 190value to run the service under. 191.It Va apm_enable 192.Pq Vt bool 193If set to 194.Dq Li YES , 195enable support for Automatic Power Management with 196the 197.Xr apm 8 198command. 199.It Va apmd_enable 200.Pq Vt bool 201Run 202.Xr apmd 8 203to handle APM event from userland. 204This also enables support for APM. 205.It Va apmd_flags 206.Pq Vt str 207If 208.Va apmd_enable 209is set to 210.Dq Li YES , 211these are the flags to pass to the 212.Xr apmd 8 213daemon. 214.It Va devd_enable 215.Pq Vt bool 216Run 217.Xr devd 8 218to handle device added, removed or unknown events from the kernel. 219.It Va ddb_enable 220.Pq Vt bool 221Run 222.Xr ddb 8 223to install 224.Xr ddb 4 225scripts at boot time. 226.It Va ddb_config 227.Pq Vt str 228Configuration file for 229.Xr ddb 8 . 230Default 231.Pa /etc/ddb.conf . 232.It Va kld_list 233.Pq Vt str 234A list of kernel modules to load right after the local 235disks are mounted. 236Loading modules at this point in the boot process is 237much faster than doing it via 238.Pa /boot/loader.conf 239for those modules not necessary for mounting local disk. 240.It Va kldxref_enable 241.Pq Vt bool 242Set to 243.Dq Li NO 244by default. 245Set to 246.Dq Li YES 247to automatically rebuild 248.Pa linker.hints 249files with 250.Xr kldxref 8 251at boot time. 252.It Va kldxref_clobber 253.Pq Vt bool 254Set to 255.Dq Li NO 256by default. 257If 258.Va kldxref_enable 259is true, 260setting to 261.Dq Li YES 262will overwrite existing 263.Pa linker.hints 264files at boot time. 265Otherwise, 266only missing 267.Pa linker.hints 268files are generated. 269.It Va kldxref_module_path 270.Pq Vt str 271Empty by default. 272A semi-colon 273.Pq Ql \&; 274delimited list of paths containing 275.Xr kld 4 276modules. 277If empty, 278the contents of the 279.Va kern.module_path 280.Xr sysctl 8 281are used. 282.It Va powerd_enable 283.Pq Vt bool 284If set to 285.Dq Li YES , 286enable the system power control facility with the 287.Xr powerd 8 288daemon. 289.It Va powerd_flags 290.Pq Vt str 291If 292.Va powerd_enable 293is set to 294.Dq Li YES , 295these are the flags to pass to the 296.Xr powerd 8 297daemon. 298.It Va tmpmfs 299Controls the creation of a 300.Pa /tmp 301memory file system. 302Always happens if set to 303.Dq Li YES 304and never happens if set to 305.Dq Li NO . 306If set to anything else, a memory file system is created if 307.Pa /tmp 308is not writable. 309.It Va tmpsize 310Controls the size of a created 311.Pa /tmp 312memory file system. 313.It Va tmpmfs_flags 314Extra options passed to the 315.Xr mdmfs 8 316utility when the memory file system for 317.Pa /tmp 318is created. 319The default is 320.Dq Li "-S" , 321which inhibits the use of softupdates on 322.Pa /tmp 323so that file system space is freed without delay 324after file truncation or deletion. 325See 326.Xr mdmfs 8 327for other options you can use in 328.Va tmpmfs_flags . 329.It Va varmfs 330Controls the creation of a 331.Pa /var 332memory file system. 333Always happens if set to 334.Dq Li YES 335and never happens if set to 336.Dq Li NO . 337If set to anything else, a memory file system is created if 338.Pa /var 339is not writable. 340.It Va varsize 341Controls the size of a created 342.Pa /var 343memory file system. 344.It Va varmfs_flags 345Extra options passed to the 346.Xr mdmfs 8 347utility when the memory file system for 348.Pa /var 349is created. 350The default is 351.Dq Li "-S" , 352which inhibits the use of softupdates on 353.Pa /var 354so that file system space is freed without delay 355after file truncation or deletion. 356See 357.Xr mdmfs 8 358for other options you can use in 359.Va varmfs_flags . 360.It Va populate_var 361Controls the automatic population of the 362.Pa /var 363file system. 364Always happens if set to 365.Dq Li YES 366and never happens if set to 367.Dq Li NO . 368If set to anything else, a memory file system is created if 369.Pa /var 370is not writable. 371Note that this process requires access to certain commands in 372.Pa /usr 373before 374.Pa /usr 375is mounted on normal systems. 376.It Va cleanvar_enable 377.Pq Vt bool 378Clean the 379.Pa /var 380directory. 381.It Va local_startup 382.Pq Vt str 383List of directories to search for startup script files. 384.It Va script_name_sep 385.Pq Vt str 386The field separator to use for breaking down the list of startup script files 387into individual filenames. 388The default is a space. 389It is not necessary to change this unless there are startup scripts with names 390containing spaces. 391.It Va hostapd_enable 392.Pq Vt bool 393Set to 394.Dq Li YES 395to start 396.Xr hostapd 8 397at system boot time. 398.It Va hostname 399.Pq Vt str 400The fully qualified domain name (FQDN) of this host on the network. 401This should almost certainly be set to something meaningful, even if 402there is no network connection. 403If 404.Xr dhclient 8 405is used to set the hostname via DHCP, 406this variable should be set to an empty string. 407If this value remains unset when the system is done booting 408your console login will display the default hostname of 409.Dq Amnesiac . 410.It Va nisdomainname 411.Pq Vt str 412The NIS domain name of this host, or 413.Dq Li NO 414if NIS is not used. 415.It Va dhclient_program 416.Pq Vt str 417Path to the DHCP client program 418.Pa ( /sbin/dhclient , 419the 420.Ox 421DHCP client, 422is the default). 423.It Va dhclient_flags 424.Pq Vt str 425Additional flags to pass to the DHCP client program. 426For the 427.Ox 428DHCP client, see the 429.Xr dhclient 8 430manpage for a description of the command line options available. 431.It Va dhclient_flags_ Ns Aq Ar iface 432Additional flags to pass to the DHCP client program running on 433.Ar iface 434only. 435When specified, this variable overrides 436.Va dhclient_flags . 437.It Va background_dhclient 438.Pq Vt bool 439Set to 440.Dq Li YES 441to start the DHCP client in background. 442This can cause trouble with applications depending on 443a working network, but it will provide a faster startup 444in many cases. 445.It Va background_dhclient_ Ns Aq Ar iface 446When specified, this variable overrides the 447.Va background_dhclient 448variable for interface 449.Ar iface 450only. 451.It Va synchronous_dhclient 452.Pq Vt bool 453Set to 454.Dq Li YES 455to start 456.Xr dhclient 8 457synchronously at startup. 458This behavior can be overridden on a per-interface basis by replacing 459the 460.Dq Li DHCP 461keyword in the 462.Va ifconfig_ Ns Aq Ar interface 463variable with 464.Dq Li SYNCDHCP 465or 466.Dq Li NOSYNCDHCP . 467.It Va defaultroute_delay 468.Pq Vt int 469When set to a positive value, wait up to this long after configuring 470DHCP interfaces at startup to give the interfaces time to receive a lease. 471.It Va firewall_enable 472.Pq Vt bool 473Set to 474.Dq Li YES 475to load firewall rules at startup. 476If the kernel was not built with 477.Cd "options IPFIREWALL" , 478the 479.Pa ipfw.ko 480kernel module will be loaded. 481See also 482.Va ipfilter_enable . 483.It Va firewall_script 484.Pq Vt str 485This variable specifies the full path to the firewall script to run. 486The default is 487.Pa /etc/rc.firewall . 488.It Va firewall_type 489.Pq Vt str 490Names the firewall type from the selection in 491.Pa /etc/rc.firewall , 492or the file which contains the local firewall ruleset. 493Valid selections from 494.Pa /etc/rc.firewall 495are: 496.Pp 497.Bl -tag -width ".Li simple" -compact 498.It Li open 499unrestricted IP access 500.It Li closed 501all IP services disabled, except via 502.Dq Li lo0 503.It Li client 504basic protection for a workstation 505.It Li simple 506basic protection for a LAN. 507.El 508.Pp 509If a filename is specified, the full path 510must be given. 511.It Va firewall_quiet 512.Pq Vt bool 513Set to 514.Dq Li YES 515to disable the display of firewall rules on the console during boot. 516.It Va firewall_logging 517.Pq Vt bool 518Set to 519.Dq Li YES 520to enable firewall event logging. 521This is equivalent to the 522.Dv IPFIREWALL_VERBOSE 523kernel option. 524.It Va firewall_logif 525.Pq Vt bool 526Set to 527.Dq Li YES 528to create pseudo interface 529.Li ipfw0 530for logging. 531For more details, see 532.Xr ipfw 8 533manual page. 534.It Va firewall_flags 535.Pq Vt str 536Flags passed to 537.Xr ipfw 8 538if 539.Va firewall_type 540specifies a filename. 541.It Va firewall_coscripts 542.Pq Vt str 543List of executables and/or rc scripts to run after firewall starts/stops. 544Default is empty. 545.\" ----- firewall_nat_enable setting -------------------------------- 546.It Va firewall_nat_enable 547.Pq Vt bool 548The 549.Xr ipfw 8 550equivalent of 551.Va natd_enable . 552Setting this to 553.Dq Li YES 554enables kernel NAT. 555.Va firewall_enable 556must also be set to 557.Dq Li YES . 558.It Va firewall_nat_interface 559.Pq Vt str 560The 561.Xr ipfw 8 562equivalent of 563.Va natd_interface . 564This is the name of the public interface or IP address on which 565kernel NAT should run. 566.It Va firewall_nat_flags 567.Pq Vt str 568Additional configuration parameters for kernel NAT should be placed here. 569.It Va dummynet_enable 570.Pq Vt bool 571Setting this to 572.Dq Li YES 573will automatically load the 574.Xr dummynet 4 575module if 576.Va firewall_enable 577is also set to 578.Dq Li YES . 579.\" ------------------------------------------------------------------- 580.It Va natd_program 581.Pq Vt str 582Path to 583.Xr natd 8 . 584.It Va natd_enable 585.Pq Vt bool 586Set to 587.Dq Li YES 588to enable 589.Xr natd 8 . 590.Va firewall_enable 591must also be set to 592.Dq Li YES , 593and 594.Xr divert 4 595sockets must be enabled in the kernel. 596If the kernel was not built with 597.Cd "options IPDIVERT" , 598the 599.Pa ipdivert.ko 600kernel module will be loaded. 601.It Va natd_interface 602.Pq Vt str 603This is the name of the public interface on which 604.Xr natd 8 605should run. 606The interface may be given as an interface name or as an IP address. 607.It Va natd_flags 608.Pq Vt str 609Additional 610.Xr natd 8 611flags should be placed here. 612The 613.Fl n 614or 615.Fl a 616flag is automatically added with the above 617.Va natd_interface 618as an argument. 619.\" ----- ipfilter_enable setting -------------------------------- 620.It Va ipfilter_enable 621.Pq Vt bool 622Set to 623.Dq Li NO 624by default. 625Setting this to 626.Dq Li YES 627enables 628.Xr ipf 8 629packet filtering. 630.Pp 631Typical usage will require putting 632.Bd -literal 633ipfilter_enable="YES" 634ipnat_enable="YES" 635ipmon_enable="YES" 636ipfs_enable="YES" 637.Ed 638.Pp 639into 640.Pa /etc/rc.conf 641and editing 642.Pa /etc/ipf.rules 643and 644.Pa /etc/ipnat.rules 645appropriately. 646.Pp 647Note that 648.Va ipfilter_enable 649and 650.Va ipnat_enable 651can be enabled independently. 652.Va ipmon_enable 653and 654.Va ipfs_enable 655both require at least one of 656.Va ipfilter_enable 657and 658.Va ipnat_enable 659to be enabled. 660.Pp 661Having 662.Bd -literal 663options IPFILTER 664options IPFILTER_LOG 665options IPFILTER_DEFAULT_BLOCK 666.Ed 667.Pp 668in the kernel configuration file is a good idea, too. 669.\" ----- ipfilter_program setting ------------------------------ 670.It Va ipfilter_program 671.Pq Vt str 672Path to 673.Xr ipf 8 674(default 675.Pa /sbin/ipf ) . 676.\" ----- ipfilter_rules setting -------------------------------- 677.It Va ipfilter_rules 678.Pq Vt str 679Set to 680.Pa /etc/ipf.rules 681by default. 682This variable contains the name of the filter rule definition file. 683The file is expected to be readable for the 684.Xr ipf 8 685command to execute. 686.\" ----- ipv6_ipfilter_rules setting --------------------------- 687.It Va ipv6_ipfilter_rules 688.Pq Vt str 689Set to 690.Pa /etc/ipf6.rules 691by default. 692This variable contains the IPv6 filter rule definition file. 693The file is expected to be readable for the 694.Xr ipf 8 695command to execute. 696.\" ----- ipfilter_flags setting -------------------------------- 697.It Va ipfilter_flags 698.Pq Vt str 699Empty by default. 700This variable contains flags passed to the 701.Xr ipf 8 702program. 703.\" ----- ipnat_enable setting ---------------------------------- 704.It Va ipnat_enable 705.Pq Vt bool 706Set to 707.Dq Li NO 708by default. 709Set it to 710.Dq Li YES 711to enable 712.Xr ipnat 8 713network address translation. 714See 715.Va ipfilter_enable 716for a detailed discussion. 717.\" ----- ipnat_program setting --------------------------------- 718.It Va ipnat_program 719.Pq Vt str 720Path to 721.Xr ipnat 8 722(default 723.Pa /sbin/ipnat ) . 724.\" ----- ipnat_rules setting ----------------------------------- 725.It Va ipnat_rules 726.Pq Vt str 727Set to 728.Pa /etc/ipnat.rules 729by default. 730This variable contains the name of the file 731holding the network address translation definition. 732This file is expected to be readable for the 733.Xr ipnat 8 734command to execute. 735.\" ----- ipnat_flags setting ----------------------------------- 736.It Va ipnat_flags 737.Pq Vt str 738Empty by default. 739This variable contains flags passed to the 740.Xr ipnat 8 741program. 742.\" ----- ipmon_enable setting ---------------------------------- 743.It Va ipmon_enable 744.Pq Vt bool 745Set to 746.Dq Li NO 747by default. 748Set it to 749.Dq Li YES 750to enable 751.Xr ipmon 8 752monitoring (logging 753.Xr ipf 8 754and 755.Xr ipnat 8 756events). 757Setting this variable needs setting 758.Va ipfilter_enable 759or 760.Va ipnat_enable 761too. 762See 763.Va ipfilter_enable 764for a detailed discussion. 765.\" ----- ipmon_program setting --------------------------------- 766.It Va ipmon_program 767.Pq Vt str 768Path to 769.Xr ipmon 8 770(default 771.Pa /sbin/ipmon ) . 772.\" ----- ipmon_flags setting ----------------------------------- 773.It Va ipmon_flags 774.Pq Vt str 775Set to 776.Dq Li -Ds 777by default. 778This variable contains flags passed to the 779.Xr ipmon 8 780program. 781Another typical example would be 782.Dq Fl D Pa /var/log/ipflog 783to have 784.Xr ipmon 8 785log directly to a file bypassing 786.Xr syslogd 8 . 787Make sure to adjust 788.Pa /etc/newsyslog.conf 789in such case like this: 790.Bd -literal 791/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 792.Ed 793.\" ----- ipfs_enable setting ----------------------------------- 794.It Va ipfs_enable 795.Pq Vt bool 796Set to 797.Dq Li NO 798by default. 799Set it to 800.Dq Li YES 801to enable 802.Xr ipfs 8 803saving the filter and NAT state tables during shutdown 804and reloading them during startup again. 805Setting this variable needs setting 806.Va ipfilter_enable 807or 808.Va ipnat_enable 809to 810.Dq Li YES 811too. 812See 813.Va ipfilter_enable 814for a detailed discussion. 815Note that if 816.Va kern_securelevel 817is set to 3, 818.Va ipfs_enable 819cannot be used 820because the raised securelevel will prevent 821.Xr ipfs 8 822from saving the state tables at shutdown time. 823.\" ----- ipfs_program setting ---------------------------------- 824.It Va ipfs_program 825.Pq Vt str 826Path to 827.Xr ipfs 8 828(default 829.Pa /sbin/ipfs ) . 830.\" ----- ipfs_flags setting ------------------------------------ 831.It Va ipfs_flags 832.Pq Vt str 833Empty by default. 834This variable contains flags passed to the 835.Xr ipfs 8 836program. 837.\" ----- end of added ipf hook --------------------------------- 838.It Va pf_enable 839.Pq Vt bool 840Set to 841.Dq Li NO 842by default. 843Setting this to 844.Dq Li YES 845enables 846.Xr pf 4 847packet filtering. 848.Pp 849Typical usage will require putting 850.Pp 851.Dl pf_enable="YES" 852.Pp 853into 854.Pa /etc/rc.conf 855and editing 856.Pa /etc/pf.conf 857appropriately. 858Adding 859.Pp 860.Dl "device pf" 861.Pp 862builds support for 863.Xr pf 4 864into the kernel, otherwise the 865kernel module will be loaded. 866.It Va pf_rules 867.Pq Vt str 868Path to 869.Xr pf 4 870ruleset configuration file 871(default 872.Pa /etc/pf.conf ) . 873.It Va pf_program 874.Pq Vt str 875Path to 876.Xr pfctl 8 877(default 878.Pa /sbin/pfctl ) . 879.It Va pf_flags 880.Pq Vt str 881If 882.Va pf_enable 883is set to 884.Dq Li YES , 885these flags are passed to the 886.Xr pfctl 8 887program when loading the ruleset. 888.It Va pflog_enable 889.Pq Vt bool 890Set to 891.Dq Li NO 892by default. 893Setting this to 894.Dq Li YES 895enables 896.Xr pflogd 8 897which logs packets from the 898.Xr pf 4 899packet filter. 900.It Va pflog_logfile 901.Pq Vt str 902If 903.Va pflog_enable 904is set to 905.Dq Li YES 906this controls where 907.Xr pflogd 8 908stores the logfile 909(default 910.Pa /var/log/pflog ) . 911Check 912.Pa /etc/newsyslog.conf 913to adjust logfile rotation for this. 914.It Va pflog_program 915.Pq Vt str 916Path to 917.Xr pflogd 8 918(default 919.Pa /sbin/pflogd ) . 920.It Va pflog_flags 921.Pq Vt str 922Empty by default. 923This variable contains additional flags passed to the 924.Xr pflogd 8 925program. 926.It Va ftpproxy_enable 927.Pq Vt bool 928Set to 929.Dq Li NO 930by default. 931Setting this to 932.Dq Li YES 933enables 934.Xr ftp-proxy 8 935which supports the 936.Xr pf 4 937packet filter in translating ftp connections. 938.It Va ftpproxy_flags 939.Pq Vt str 940Empty by default. 941This variable contains additional flags passed to the 942.Xr ftp-proxy 8 943program. 944.It Va pfsync_enable 945.Pq Vt bool 946Set to 947.Dq Li NO 948by default. 949Setting this to 950.Dq Li YES 951enables exposing 952.Xr pf 4 953state changes to other hosts over the network by means of 954.Xr pfsync 4 . 955The 956.Va pfsync_syncdev 957variable 958must also be set then. 959.It Va pfsync_syncdev 960.Pq Vt str 961Empty by default. 962This variable specifies the name of the network interface 963.Xr pfsync 4 964should operate through. 965It must be set accordingly if 966.Va pfsync_enable 967is set to 968.Dq Li YES . 969.It Va pfsync_syncpeer 970.Pq Vt str 971Empty by default. 972This variable is optional. 973By default, state change messages are sent out on the synchronisation 974interface using IP multicast packets. 975The protocol is IP protocol 240, PFSYNC, and the multicast group used is 976224.0.0.240. 977When a peer address is specified using the 978.Va pfsync_syncpeer 979option, the peer address is used as a destination for the pfsync 980traffic, and the traffic can then be protected using 981.Xr ipsec 4 . 982See the 983.Xr pfsync 4 984manpage for more details about using 985.Xr ipsec 4 986with 987.Xr pfsync 4 988interfaces. 989.It Va pfsync_ifconfig 990.Pq Vt str 991Empty by default. 992This variable can contain additional options to be passed to the 993.Xr ifconfig 8 994command used to set up 995.Xr pfsync 4 . 996.It Va tcp_extensions 997.Pq Vt bool 998Set to 999.Dq Li YES 1000by default. 1001Setting this to 1002.Dq Li NO 1003disables certain TCP options as described by 1004.Rs 1005.%T "RFC 1323" 1006.Re 1007Setting this to 1008.Dq Li NO 1009might help remedy such problems with connections as randomly hanging 1010or other weird behavior. 1011Some network devices are known 1012to be broken with respect to these options. 1013.It Va log_in_vain 1014.Pq Vt int 1015Set to 0 by default. 1016The 1017.Xr sysctl 8 1018variables, 1019.Va net.inet.tcp.log_in_vain 1020and 1021.Va net.inet.udp.log_in_vain , 1022as described in 1023.Xr tcp 4 1024and 1025.Xr udp 4 , 1026are set to the given value. 1027.It Va tcp_keepalive 1028.Pq Vt bool 1029Set to 1030.Dq Li YES 1031by default. 1032Setting to 1033.Dq Li NO 1034will disable probing idle TCP connections to verify that the 1035peer is still up and reachable. 1036.It Va tcp_drop_synfin 1037.Pq Vt bool 1038Set to 1039.Dq Li NO 1040by default. 1041Setting to 1042.Dq Li YES 1043will cause the kernel to ignore TCP frames that have both 1044the SYN and FIN flags set. 1045This prevents OS fingerprinting, but may 1046break some legitimate applications. 1047.It Va icmp_drop_redirect 1048.Pq Vt bool 1049Set to 1050.Dq Li NO 1051by default. 1052Setting to 1053.Dq Li YES 1054will cause the kernel to ignore ICMP REDIRECT packets. 1055Refer to 1056.Xr icmp 4 1057for more information. 1058.It Va icmp_log_redirect 1059.Pq Vt bool 1060Set to 1061.Dq Li NO 1062by default. 1063Setting to 1064.Dq Li YES 1065will cause the kernel to log ICMP REDIRECT packets. 1066Note that 1067the log messages are not rate-limited, so this option should only be used 1068for troubleshooting networks. 1069Refer to 1070.Xr icmp 4 1071for more information. 1072.It Va icmp_bmcastecho 1073.Pq Vt bool 1074Set to 1075.Dq Li YES 1076to respond to broadcast or multicast ICMP ping packets. 1077Refer to 1078.Xr icmp 4 1079for more information. 1080.It Va ip_portrange_first 1081.Pq Vt int 1082If not set to 1083.Dq Li NO , 1084this is the first port in the default portrange. 1085Refer to 1086.Xr ip 4 1087for more information. 1088.It Va ip_portrange_last 1089.Pq Vt int 1090If not set to 1091.Dq Li NO , 1092this is the last port in the default portrange. 1093Refer to 1094.Xr ip 4 1095for more information. 1096.It Va network_interfaces 1097.Pq Vt str 1098Set to the list of network interfaces to configure on this host or 1099.Dq Li AUTO 1100(the default) for all current interfaces. 1101Setting the 1102.Va network_interfaces 1103variable to anything other than the default is deprecated. 1104Interfaces that the administrator wishes to store configuration for, 1105but not start at boot should be configured with the 1106.Dq Li NOAUTO 1107keyword in their 1108.Va ifconfig_ Ns Aq Ar interface 1109variables as described below. 1110.Pp 1111An 1112.Va ifconfig_ Ns Aq Ar interface 1113variable is also assumed to exist for each value of 1114.Ar interface . 1115When an interface name contains any of the characters 1116.Dq Li .-/+ 1117they are translated to 1118.Dq Li _ 1119before lookup. 1120The variable can contain arguments to 1121.Xr ifconfig 8 , 1122as well as special case-insensitive keywords described below. 1123Such keywords are removed before passing the value to 1124.Xr ifconfig 8 1125while the order of the other arguments is preserved. 1126.Pp 1127It is possible to add IP alias entries using 1128.Xr ifconfig 8 1129syntax with the address family keyword such as 1130.Li inet . 1131Assuming that the interface in question was 1132.Li ed0 , 1133it might look something like this: 1134.Bd -literal 1135ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1136ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1137.Ed 1138.Pp 1139It also possible to configure multiple IP addresses in Classless 1140Inter-Domain Routing 1141.Pq CIDR 1142address notation, 1143whose each address component can be a range like 1144.Li inet 192.0.2.5-23/24 1145or 1146.Li inet6 2001:db8:1-f::1/64 . 1147This notation allows address and prefix length part only, 1148not the other address modifiers. 1149.Pp 1150In the case of 1151.Li 192.0.2.5-23/24 , 1152the address 192.0.2.5 will be configured with the 1153netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1154the non-conflicting netmask /32 as explained in the 1155.Xr ifconfig 8 1156alias section. 1157Note that this special netmask handling is only for 1158.Li inet , 1159not for the other address families such as 1160.Li inet6 . 1161.Pp 1162With the interface in question being 1163.Li ed0 , 1164an example could look like: 1165.Bd -literal 1166ifconfig_ed0_alias2="inet 192.0.2.129/27" 1167ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1168.Ed 1169.Pp 1170and so on. 1171.Pp 1172Note that 1173.Va ipv4_addrs_ Ns Aq Ar interface 1174variable was supported for IPv4 CIDR address notation. 1175It is now deprecated because the functionality was integrated into 1176.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1177though 1178.Va ipv4_addrs_ Ns Aq Ar interface 1179is still supported for backward compatibility. 1180.Pp 1181For each 1182.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1183entry with an address family keyword, 1184its contents are passed to 1185.Xr ifconfig 8 . 1186Execution stops at the first unsuccessful access, so if 1187something like this is present: 1188.Bd -literal 1189ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1190ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1191ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1192ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1193.Ed 1194.Pp 1195Then note that alias4 would 1196.Em not 1197be added since the search would 1198stop with the missing 1199.Dq Li alias3 1200entry. 1201Due to this difficult to manage behavior, the 1202.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1203form is deprecated. 1204There is 1205.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1206variable, which has the same functionality as 1207.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1208and can have all of entries in a variable like the following: 1209.Bd -literal 1210ifconfig_ed0_aliases="\\ 1211 inet 127.0.0.251 netmask 0xffffffff \\ 1212 inet 127.0.0.252 netmask 0xffffffff \\ 1213 inet 127.0.0.253 netmask 0xffffffff \\ 1214 inet 127.0.0.254 netmask 0xffffffff" 1215.Ed 1216.Pp 1217It also supports CIDR notation. 1218.Pp 1219If the 1220.Pa /etc/start_if. Ns Aq Ar interface 1221file is present, it is read and executed by the 1222.Xr sh 1 1223interpreter 1224before configuring the interface as specified in the 1225.Va ifconfig_ Ns Aq Ar interface 1226and 1227.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1228variables. 1229.Pp 1230If a 1231.Va vlans_ Ns Aq Ar interface 1232variable is set, 1233a 1234.Xr vlan 4 1235interface will be created for each item in the list with the 1236.Ar vlandev 1237argument set to 1238.Ar interface . 1239If a vlan interface's name is a number, 1240then that number is used as the vlan tag and the new vlan interface is 1241named 1242.Ar interface . Ns Ar tag . 1243Otherwise, 1244the vlan tag must be specified via a 1245.Va vlan 1246parameter in the 1247.Va create_args_ Ns Aq Ar interface 1248variable. 1249.Pp 1250To create a vlan device named 1251.Li em0.101 1252on 1253.Li em0 1254with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1255.Bd -literal 1256vlans_em0="101" 1257ifconfig_em0_101="inet 192.0.2.1/24" 1258.Ed 1259.Pp 1260To create a vlan device named 1261.Li myvlan 1262on 1263.Li em0 1264with the vlan tag 102: 1265.Bd -literal 1266vlans_em0="myvlan" 1267create_args_myvlan="vlan 102" 1268.Ed 1269.Pp 1270If a 1271.Va wlans_ Ns Aq Ar interface 1272variable is set, 1273an 1274.Xr wlan 4 1275interface will be created for each item in the list with the 1276.Ar wlandev 1277argument set to 1278.Ar interface . 1279Further wlan cloning arguments may be passed to the 1280.Xr ifconfig 8 1281.Cm create 1282command by setting the 1283.Va create_args_ Ns Aq Ar interface 1284variable. 1285One or more 1286.Xr wlan 4 1287devices must be created for each wireless devices as of 1288.Fx 8.0 . 1289Debugging flags for 1290.Xr wlan 4 1291devices as set by 1292.Xr wlandebug 8 1293may be specified with an 1294.Va wlandebug_ Ns Aq Ar interface 1295variable. 1296The contents of this variable will be passed directly to 1297.Xr wlandebug 8 . 1298.Pp 1299If the 1300.Va ifconfig_ Ns Aq Ar interface 1301contains the keyword 1302.Dq Li NOAUTO 1303then the interface will not be configured 1304at boot or by 1305.Pa /etc/pccard_ether 1306when 1307.Va network_interfaces 1308is set to 1309.Dq Li AUTO . 1310.Pp 1311It is possible to bring up an interface with DHCP by adding 1312.Dq Li DHCP 1313to the 1314.Va ifconfig_ Ns Aq Ar interface 1315variable. 1316For instance, to initialize the 1317.Li ed0 1318device via DHCP, 1319it is possible to use something like: 1320.Bd -literal 1321ifconfig_ed0="DHCP" 1322.Ed 1323.Pp 1324If you want to configure your wireless interface with 1325.Xr wpa_supplicant 8 1326for use with WPA, EAP/LEAP or WEP, you need to add 1327.Dq Li WPA 1328to the 1329.Va ifconfig_ Ns Aq Ar interface 1330variable. 1331.Pp 1332On the other hand, if you want to configure your wireless interface with 1333.Xr hostapd 8 , 1334you need to add 1335.Dq Li HOSTAP 1336to the 1337.Va ifconfig_ Ns Aq Ar interface 1338variable. 1339.Xr hostapd 8 1340will use the settings from 1341.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1342.Pp 1343Finally, you can add 1344.Xr ifconfig 8 1345options in this variable, in addition to the 1346.Pa /etc/start_if. Ns Aq Ar interface 1347file. 1348For instance, to configure an 1349.Xr ath 4 1350wireless device in station mode with an address obtained 1351via DHCP, using WPA authentication and 802.11b mode, it is 1352possible to use something like: 1353.Bd -literal 1354wlans_ath0="wlan0" 1355ifconfig_wlan0="DHCP WPA mode 11b" 1356.Ed 1357.Pp 1358In addition to the 1359.Va ifconfig_ Ns Aq Ar interface 1360form, a fallback variable 1361.Va ifconfig_DEFAULT 1362may be configured. 1363It will be used for all interfaces with no 1364.Va ifconfig_ Ns Aq Ar interface 1365variable. 1366This is intended to replace the no longer supported 1367.Va pccard_ifconfig 1368variable. 1369.Pp 1370It is also possible to rename an interface by doing: 1371.Bd -literal 1372ifconfig_ed0_name="net0" 1373ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1374.Ed 1375.It Va ipv6_enable 1376.Pq Vt bool 1377This variable is deprecated. 1378Use 1379.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1380and 1381.Va ipv6_activate_all_interfaces 1382if necessary. 1383.Pp 1384If the variable is 1385.Dq Li YES , 1386.Dq Li inet6 accept_rtadv 1387is added to all of 1388.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1389and the 1390.Va ipv6_activate_all_interfaces 1391is defined as 1392.Dq Li YES . 1393.It Va ipv6_prefer 1394.Pq Vt bool 1395This variable is deprecated. 1396Use 1397.Va ip6addrctl_policy 1398instead. 1399.Pp 1400If the variable is 1401.Dq Li YES , 1402the default address selection policy table set by 1403.Xr ip6addrctl 8 1404will be IPv6-preferred. 1405.Pp 1406If the variable is 1407.Dq Li NO , 1408the default address selection policy table set by 1409.Xr ip6addrctl 8 1410will be IPv4-preferred. 1411.It Va ipv6_activate_all_interfaces 1412.Pq Vt bool 1413This controls initial configuration on IPv6-capable 1414interfaces with no corresponding 1415.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1416variable. 1417Note that it is not always necessary to set this variable to 1418.Dq YES 1419to use IPv6 functionality on 1420.Fx . 1421In most cases, just configuring 1422.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1423variables works. 1424.Pp 1425If the variable is 1426.Dq Li NO , 1427all interfaces which do not have a corresponding 1428.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1429variable will be marked as 1430.Dq Li IFDISABLED 1431at creation. 1432This means that all of IPv6 functionality on that interface 1433is completely disabled to enforce a security policy. 1434If the variable is set to 1435.Dq YES , 1436the flag will be cleared on all of the interfaces. 1437.Pp 1438In most cases, just defining an 1439.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1440for an IPv6-capable interface should be sufficient. 1441However, if an interface is added dynamically 1442.Pq by some tunneling protocols such as PPP, for example , 1443it is often difficult to define the variable in advance. 1444In such a case, configuring the 1445.Dq Li IFDISABLED 1446flag can be disabled by setting this variable to 1447.Dq YES . 1448.Pp 1449For more details of the 1450.Dq Li IFDISABLED 1451flag and keywords 1452.Dq Li inet6 ifdisabled , 1453see 1454.Xr ifconfig 8 . 1455.Pp 1456Default is 1457.Dq Li NO . 1458.It Va ipv6_privacy 1459.Pq Vt bool 1460If the variable is 1461.Dq Li YES 1462privacy addresses will be generated for each IPv6 1463interface as described in RFC 4941. 1464.It Va ipv6_network_interfaces 1465.Pq Vt str 1466This is the IPv6 equivalent of 1467.Va network_interfaces . 1468Normally manual configuration of this variable is not needed. 1469.Pp 1470.It Va ipv6_cpe_wanif 1471.Pq Vt str 1472If the variable is set to an interface name, 1473the 1474.Xr ifconfig 8 1475options 1476.Dq inet6 -no_radr accept_rtadv 1477will be added to the specified interface automatically before evaluating 1478.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1479and two 1480.Xr sysctl 8 1481variables 1482.Va net.inet6.ip6.rfc6204w3 1483and 1484.Va net.inet6.ip6.no_radr 1485will be set to 1. 1486.Pp 1487This means the specified interface will accept ICMPv6 Router 1488Advertisement messages on that link and add the discovered 1489routers into the Default Router List. 1490While the other interfaces can still accept RA messages if the 1491.Dq inet6 accept_rtadv 1492option is specified, adding 1493routes into the Default Router List will be disabled by 1494.Dq inet6 no_radr 1495option by default. 1496See 1497.Xr ifconfig 8 1498for more details. 1499.Pp 1500Note that ICMPv6 Router Advertisement messages will be 1501accepted even when 1502.Va net.inet6.ip6.forwarding 1503is 1 1504.Pq packet forwarding is enabled 1505when 1506.Va net.inet6.ip6.rfc6204w3 1507is set to 1. 1508.Pp 1509Default is 1510.Dq Li NO . 1511.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1512.Pq Vt str 1513IPv6 functionality on an interface should be configured by 1514.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1515instead of setting ifconfig parameters in 1516.Va ifconfig_ Ns Aq Ar interface . 1517If this variable is empty, all of IPv6 configurations on the 1518specified interface by other variables such as 1519.Va ipv6_prefix_ Ns Ao Ar interface Ac 1520will be ignored. 1521.Pp 1522Aliases should be set by 1523.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1524with 1525.Dq Li inet6 1526keyword. 1527For example: 1528.Bd -literal 1529ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1530ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1531.Ed 1532.Pp 1533Interfaces that have an 1534.Dq Li inet6 accept_rtadv 1535keyword in 1536.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1537setting will be automatically configured by SLAAC 1538.Pq StateLess Address AutoConfiguration 1539described in 1540.Rs 1541.%T "RFC 4862" 1542.Re 1543.Pp 1544Note that a link-local address will be automatically configured in 1545addition to the configured global-scope addresses because the IPv6 1546specifications require it on each link. 1547The address is calculated from the MAC address by using an algorithm 1548defined in 1549.Rs 1550.%T "RFC 4862" 1551.%O "Section 5.3" 1552.Re 1553.Pp 1554If only a link-local address is needed on the interface, 1555the following configuration can be used: 1556.Bd -literal 1557ifconfig_ed0_ipv6="inet6 auto_linklocal" 1558.Ed 1559.Pp 1560A link-local address can also be configured manually. 1561This is useful for the default router address of an IPv6 router 1562so that it does not change when the network interface 1563card is replaced. 1564For example: 1565.Bd -literal 1566ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1567.Ed 1568.It Va ipv6_prefix_ Ns Aq Ar interface 1569.Pq Vt str 1570If one or more prefixes are defined in 1571.Va ipv6_prefix_ Ns Aq Ar interface 1572addresses based on each prefix and the EUI-64 interface index will be 1573configured on that interface. 1574Note that this variable will be ignored when 1575.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1576is empty. 1577.Pp 1578For example, the following configuration 1579.Bd -literal 1580ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1581.Ed 1582.Pp 1583is equivalent to the following: 1584.Bd -literal 1585ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1586ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1587ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1588ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1589.Ed 1590.Pp 1591These Subnet-Router anycast addresses will be added only when 1592.Va ipv6_gateway_enable 1593is YES. 1594.It Va ipv6_default_interface 1595.Pq Vt str 1596If not set to 1597.Dq Li NO , 1598this is the default output interface for scoped addresses. 1599This works only with ipv6_gateway_enable="NO". 1600.It Va ip6addrctl_enable 1601.Pq Vt bool 1602This variable is to enable configuring default address selection policy table 1603.Pq RFC 3484 . 1604The table can be specified in another variable 1605.Va ip6addrctl_policy . 1606For 1607.Va ip6addrctl_policy 1608the following keywords can be specified: 1609.Dq Li ipv4_prefer , 1610.Dq Li ipv6_prefer , 1611or 1612.Dq Li AUTO . 1613.Pp 1614If 1615.Dq Li ipv4_prefer 1616or 1617.Dq Li ipv6_prefer 1618is specified, 1619.Xr ip6addrctl 8 1620installs a pre-defined policy table described in Section 2.1 1621.Pq IPv6-preferred 1622or 10.3 1623.Pq IPv4-preferred 1624of RFC 3484. 1625.Pp 1626If 1627.Dq Li AUTO 1628is specified, it attempts to read a file 1629.Pa /etc/ip6addrctl.conf 1630first. 1631If this file is found, 1632.Xr ip6addrctl 8 1633reads and installs it. 1634If not found, a policy is automatically set 1635according to 1636.Va ipv6_activate_all_interfaces 1637variable; if the variable is set to 1638.Dq Li YES 1639the IPv6-preferred one is used. 1640Otherwise IPv4-preferred. 1641.Pp 1642The default value of 1643.Va ip6addrctl_enable 1644and 1645.Va ip6addrctl_policy 1646are 1647.Dq Li YES 1648and 1649.Dq Li AUTO , 1650respectively. 1651.It Va cloned_interfaces 1652.Pq Vt str 1653Set to the list of clonable network interfaces to create on this host. 1654Further cloning arguments may be passed to the 1655.Xr ifconfig 8 1656.Cm create 1657command for each interface by setting the 1658.Va create_args_ Ns Aq Ar interface 1659variable. 1660Entries in 1661.Va cloned_interfaces 1662are automatically appended to 1663.Va network_interfaces 1664for configuration. 1665.It Va fec_interfaces 1666.Pq Vt str 1667Set to the list of 1668.Xr ng_fec 4 1669Fast EtherChannel interfaces to configure on this host. 1670A 1671.Va fecconfig_ Ns Aq Ar interface 1672variable is assumed to exist for each value of 1673.Ar interface . 1674The value of this variable is used to configure link aggregated interfaces 1675according to the syntax of the 1676.Cm NGM_FEC_ADD_IFACE 1677to 1678.Xr ngctl 8 1679msg. 1680Additionally, this option ensures that each listed interface is created 1681via the 1682.Cm mkpeer 1683command to 1684.Xr ngctl 8 1685before attempting to configure it. 1686For example: 1687.Bd -literal 1688fec_interfaces="fec0" 1689fecconfig_fec0="em0 em1" 1690ifconfig_fec0="DHCP" 1691.Ed 1692.It Va gif_interfaces 1693.Pq Vt str 1694Set to the list of 1695.Xr gif 4 1696tunnel interfaces to configure on this host. 1697A 1698.Va gifconfig_ Ns Aq Ar interface 1699variable is assumed to exist for each value of 1700.Ar interface . 1701The value of this variable is used to configure the link layer of the 1702tunnel according to the syntax of the 1703.Cm tunnel 1704option to 1705.Xr ifconfig 8 . 1706Additionally, this option ensures that each listed interface is created 1707via the 1708.Cm create 1709option to 1710.Xr ifconfig 8 1711before attempting to configure it. 1712.It Va sppp_interfaces 1713.Pq Vt str 1714Set to the list of 1715.Xr sppp 4 1716interfaces to configure on this host. 1717A 1718.Va spppconfig_ Ns Aq Ar interface 1719variable is assumed to exist for each value of 1720.Ar interface . 1721Each interface should also be configured by a general 1722.Va ifconfig_ Ns Aq Ar interface 1723setting. 1724Refer to 1725.Xr spppcontrol 8 1726for more information about available options. 1727.It Va ppp_enable 1728.Pq Vt bool 1729If set to 1730.Dq Li YES , 1731run the 1732.Xr ppp 8 1733daemon. 1734.It Va ppp_profile 1735.Pq Vt str 1736The name of the profile to use from 1737.Pa /etc/ppp/ppp.conf . 1738Also used for per-profile overrides of 1739.Va ppp_mode 1740and 1741.Va ppp_nat , 1742and 1743.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1744When the profile name contains any of the characters 1745.Dq Li .-/+ 1746they are translated to 1747.Dq Li _ 1748for the proposes of the override variable names. 1749.It Va ppp_mode 1750.Pq Vt str 1751Mode in which to run the 1752.Xr ppp 8 1753daemon. 1754.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1755.Pq Vt str 1756Overrides the global 1757.Va ppp_mode 1758for 1759.Ar profile . 1760Accepted modes are 1761.Dq Li auto , 1762.Dq Li ddial , 1763.Dq Li direct 1764and 1765.Dq Li dedicated . 1766See the manual for a full description. 1767.It Va ppp_nat 1768.Pq Vt bool 1769If set to 1770.Dq Li YES , 1771enables network address translation. 1772Used in conjunction with 1773.Va gateway_enable 1774allows hosts on private network addresses access to the Internet using 1775this host as a network address translating router. 1776.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1777.Pq Vt str 1778Overrides the global 1779.Va ppp_nat 1780for 1781.Ar profile . 1782.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1783.Pq Vt int 1784Set the unit number to be used for this profile. 1785See the manual description of 1786.Fl unit Ns Ar N 1787for details. 1788.It Va ppp_user 1789.Pq Vt str 1790The name of the user under which 1791.Xr ppp 8 1792should be started. 1793By 1794default, 1795.Xr ppp 8 1796is started as 1797.Dq Li root . 1798.It Va rc_conf_files 1799.Pq Vt str 1800This option is used to specify a list of files that will override 1801the settings in 1802.Pa /etc/defaults/rc.conf . 1803The files will be read in the order in which they are specified and should 1804include the full path to the file. 1805By default, the files specified are 1806.Pa /etc/rc.conf 1807and 1808.Pa /etc/rc.conf.local 1809.It Va zfs_enable 1810.Pq Vt bool 1811If set to 1812.Dq Li YES , 1813.Pa /etc/rc.d/zfs 1814will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1815(ZVOLs). 1816.It Va gptboot_enable 1817.Pq Vt bool 1818If set to 1819.Dq Li YES , 1820.Pa /etc/rc.d/gptboot 1821will log if the system successfully (or not) booted from a GPT partition, 1822which had the 1823.Ar bootonce 1824attribute set using 1825.Xr gpart 8 1826utility. 1827.It Va gbde_autoattach_all 1828.Pq Vt bool 1829If set to 1830.Dq Li YES , 1831.Pa /etc/rc.d/gbde 1832will attempt to automatically initialize your .bde devices in 1833.Pa /etc/fstab . 1834.It Va gbde_devices 1835.Pq Vt str 1836List the devices that the script should try to attach, 1837or 1838.Dq Li AUTO . 1839.It Va gbde_lockdir 1840.Pq Vt str 1841The directory where the 1842.Xr gbde 4 1843lockfiles are located. 1844The default lockfile directory is 1845.Pa /etc . 1846.Pp 1847The lockfile for each individual 1848.Xr gbde 4 1849device can be overridden by setting the variable 1850.Va gbde_lock_ Ns Aq Ar device , 1851where 1852.Ar device 1853is the encrypted device without the 1854.Dq Pa /dev/ 1855and 1856.Dq Pa .bde 1857parts. 1858.It Va gbde_attach_attempts 1859.Pq Vt int 1860Number of times to attempt attaching to a 1861.Xr gbde 4 1862device, i.e., how many times the user is asked for the pass-phrase. 1863Default is 3. 1864.It Va geli_devices 1865.Pq Vt str 1866List of devices to automatically attach on boot. 1867Note that .eli devices from 1868.Pa /etc/fstab 1869are automatically appended to this list. 1870.It Va geli_tries 1871.Pq Vt int 1872Number of times user is asked for the pass-phrase. 1873If empty, it will be taken from 1874.Va kern.geom.eli.tries 1875sysctl variable. 1876.It Va geli_default_flags 1877.Pq Vt str 1878Default flags to use by 1879.Xr geli 8 1880when configuring disk encryption. 1881Flags can be configured for every device separately by defining 1882.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1883variable. 1884.It Va geli_autodetach 1885.Pq Vt str 1886Specifies if GELI devices should be marked for detach on last close after 1887file systems are mounted. 1888Default is 1889.Dq Li YES . 1890This can be changed for every device separately by defining 1891.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1892variable. 1893.It Va geli_swap_flags 1894Options passed to the 1895.Xr geli 8 1896utility when encrypted GEOM providers for swap partitions are created. 1897The default is 1898.Dq Li "-e aes -l 256 -s 4096 -d" . 1899.It Va root_rw_mount 1900.Pq Vt bool 1901Set to 1902.Dq Li YES 1903by default. 1904After the file systems are checked at boot time, the root file system 1905is remounted as read-write if this is set to 1906.Dq Li YES . 1907Diskless systems that mount their root file system from a read-only remote 1908NFS share should set this to 1909.Dq Li NO 1910in their 1911.Pa rc.conf . 1912.It Va fsck_y_enable 1913.Pq Vt bool 1914If set to 1915.Dq Li YES , 1916.Xr fsck 8 1917will be run with the 1918.Fl y 1919flag if the initial preen 1920of the file systems fails. 1921.It Va background_fsck 1922.Pq Vt bool 1923If set to 1924.Dq Li YES , 1925the system will attempt to run 1926.Xr fsck 8 1927in the background where possible. 1928.It Va background_fsck_delay 1929.Pq Vt int 1930The amount of time in seconds to sleep before starting a background 1931.Xr fsck 8 . 1932It defaults to sixty seconds to allow large applications such as 1933the X server to start before disk I/O bandwidth is monopolized by 1934.Xr fsck 8 . 1935If set to a negative number, the background file system check will be 1936delayed indefinitely to allow the administrator to run it at a more 1937convenient time. 1938For example it may be run from 1939.Xr cron 8 1940by adding a line like 1941.Pp 1942.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1943.Pp 1944to 1945.Pa /etc/crontab . 1946.It Va netfs_types 1947.Pq Vt str 1948List of file system types that are network-based. 1949This list should generally not be modified by end users. 1950Use 1951.Va extra_netfs_types 1952instead. 1953.It Va extra_netfs_types 1954.Pq Vt str 1955If set to something other than 1956.Dq Li NO 1957(the default), 1958this variable extends the list of file system types 1959for which automatic mounting at startup by 1960.Xr rc 8 1961should be delayed until the network is initialized. 1962It should contain 1963a whitespace-separated list of network file system descriptor pairs, 1964each consisting of a file system type as passed to 1965.Xr mount 8 1966and a human-readable, one-word description, 1967joined with a colon 1968.Pq Ql \&: . 1969Extending the default list in this way is only necessary 1970when third party file system types are used. 1971.It Va syslogd_enable 1972.Pq Vt bool 1973If set to 1974.Dq Li YES , 1975run the 1976.Xr syslogd 8 1977daemon. 1978.It Va syslogd_program 1979.Pq Vt str 1980Path to 1981.Xr syslogd 8 1982(default 1983.Pa /usr/sbin/syslogd ) . 1984.It Va syslogd_flags 1985.Pq Vt str 1986If 1987.Va syslogd_enable 1988is set to 1989.Dq Li YES , 1990these are the flags to pass to 1991.Xr syslogd 8 . 1992.It Va inetd_enable 1993.Pq Vt bool 1994If set to 1995.Dq Li YES , 1996run the 1997.Xr inetd 8 1998daemon. 1999.It Va inetd_program 2000.Pq Vt str 2001Path to 2002.Xr inetd 8 2003(default 2004.Pa /usr/sbin/inetd ) . 2005.It Va inetd_flags 2006.Pq Vt str 2007If 2008.Va inetd_enable 2009is set to 2010.Dq Li YES , 2011these are the flags to pass to 2012.Xr inetd 8 . 2013.It Va hastd_enable 2014.Pq Vt bool 2015If set to 2016.Dq Li YES , 2017run the 2018.Xr hastd 8 2019daemon. 2020.It Va hastd_program 2021.Pq Vt str 2022Path to 2023.Xr hastd 8 2024(default 2025.Pa /sbin/hastd ) . 2026.It Va hastd_flags 2027.Pq Vt str 2028If 2029.Va hastd_enable 2030is set to 2031.Dq Li YES , 2032these are the flags to pass to 2033.Xr hastd 8 . 2034.It Va named_enable 2035.Pq Vt bool 2036If set to 2037.Dq Li YES , 2038run the 2039.Xr named 8 2040daemon. 2041.It Va named_program 2042.Pq Vt str 2043Path to 2044.Xr named 8 2045(default 2046.Pa /usr/sbin/named ) . 2047.It Va named_conf 2048.Pq Vt str 2049Path to 2050.Xr named 8 2051configuration file, (default 2052.Pa /etc/namedb/named.conf ) . 2053.It Va named_flags 2054.Pq Vt str 2055If 2056.Va named_enable 2057is set to 2058.Dq Li YES , 2059these are the flags to pass to 2060.Xr named 8 . 2061.It Va named_uid 2062.Pq Vt str 2063The user that the 2064.Xr named 8 2065process should be run as. 2066.It Va named_chrootdir 2067.Pq Vt str 2068The root directory for a name server run in a 2069.Xr chroot 8 2070environment (default 2071.Pa /var/named ) . 2072If left empty 2073.Xr named 8 2074will not be run in a 2075.Xr chroot 8 2076environment. 2077.It Va named_chroot_autoupdate 2078.Pq Vt bool 2079Set to 2080.Dq Li NO 2081to disable automatic update of the 2082.Xr chroot 8 2083environment. 2084.It Va named_symlink_enable 2085.Pq Vt bool 2086Set to 2087.Dq Li NO 2088to disable symlinking of 2089daemon's PID file 2090into the 2091.Xr chroot 8 2092environment. 2093.It Va named_wait 2094.Pq Vt bool 2095Set to have 2096.Pa /etc/rc.d/named 2097loop until working name service is established. 2098.It Va named_wait_host 2099.Pq Vt str 2100Name of host to lookup for the named_wait option. 2101(Default localhost) 2102.It Va named_auto_forward 2103.Pq Vt bool 2104Set to enable automatic creation of a forwarder 2105configuration file derived from 2106.Pa /etc/resolv.conf . 2107.It Va named_auto_forward_only 2108.Pq Vt bool 2109Set to change the default forwarder configuration from 2110.Dq forward first 2111to 2112.Dq forward only . 2113.It Va kerberos5_server_enable 2114.Pq Vt bool 2115Set to 2116.Dq Li YES 2117to start a Kerberos 5 authentication server 2118at boot time. 2119.It Va kerberos5_server 2120.Pq Vt str 2121If 2122.Va kerberos5_server_enable 2123is set to 2124.Dq Li YES 2125this is the path to Kerberos 5 Authentication Server. 2126.It Va kerberos5_server_flags 2127.Pq Vt str 2128Empty by default. 2129This variable contains additional flags to be passed to the Kerberos 5 2130authentication server. 2131.It Va kadmind5_server_enable 2132.Pq Vt bool 2133Set to 2134.Dq Li YES 2135to start 2136.Xr kadmind 8 , 2137the Kerberos 5 Administration Daemon; set to 2138.Dq Li NO 2139on a slave server. 2140.It Va kadmind5_server 2141.Pq Vt str 2142If 2143.Va kadmind5_server_enable 2144is set to 2145.Dq Li YES 2146this is the path to Kerberos 5 Administration Daemon. 2147.It Va kpasswdd_server_enable 2148.Pq Vt bool 2149Set to 2150.Dq Li YES 2151to start 2152.Xr kpasswdd 8 , 2153the Kerberos 5 Password-Changing Daemon; set to 2154.Dq Li NO 2155on a slave server. 2156.It Va kpasswdd_server 2157.Pq Vt str 2158If 2159.Va kpasswdd_server_enable 2160is set to 2161.Dq Li YES 2162this is the path to Kerberos 5 Password-Changing Daemon. 2163.It Va kfd_enable 2164.Pq Vt bool 2165Set to 2166.Dq Li YES 2167to start 2168.Xr kfd 8 , 2169the Kerberos 5 ticket forwarding daemon, at the boot time. 2170.It Va kfd_program 2171.Pq Vt str 2172Path to 2173.Xr kfd 8 2174(default 2175.Pa /usr/libexec/kfd ) . 2176.It Va rwhod_enable 2177.Pq Vt bool 2178If set to 2179.Dq Li YES , 2180run the 2181.Xr rwhod 8 2182daemon at boot time. 2183.It Va rwhod_flags 2184.Pq Vt str 2185If 2186.Va rwhod_enable 2187is set to 2188.Dq Li YES , 2189these are the flags to pass to it. 2190.It Va amd_enable 2191.Pq Vt bool 2192If set to 2193.Dq Li YES , 2194run the 2195.Xr amd 8 2196daemon at boot time. 2197.It Va amd_flags 2198.Pq Vt str 2199If 2200.Va amd_enable 2201is set to 2202.Dq Li YES , 2203these are the flags to pass to it. 2204See the 2205.Xr amd 8 2206manpage for more information. 2207.It Va amd_map_program 2208.Pq Vt str 2209If set, 2210the specified program is run to get the list of 2211.Xr amd 8 2212maps. 2213For example, if the 2214.Xr amd 8 2215maps are stored in NIS, one can set this to 2216run 2217.Xr ypcat 1 2218to get a list of 2219.Xr amd 8 2220maps from the 2221.Pa amd.master 2222NIS map. 2223.It Va update_motd 2224.Pq Vt bool 2225If set to 2226.Dq Li YES , 2227.Pa /etc/motd 2228will be updated at boot time to reflect the kernel release 2229being run. 2230If set to 2231.Dq Li NO , 2232.Pa /etc/motd 2233will not be updated. 2234.It Va nfs_client_enable 2235.Pq Vt bool 2236If set to 2237.Dq Li YES , 2238run the NFS client daemons at boot time. 2239.It Va nfs_access_cache 2240.Pq Vt int 2241If 2242.Va nfs_client_enable 2243is set to 2244.Dq Li YES , 2245this can be set to 2246.Dq Li 0 2247to disable NFS ACCESS RPC caching, or to the number of seconds for which 2248NFS ACCESS 2249results should be cached. 2250A value of 2-10 seconds will substantially reduce network 2251traffic for many NFS operations. 2252.It Va nfs_server_enable 2253.Pq Vt bool 2254If set to 2255.Dq Li YES , 2256run the NFS server daemons at boot time. 2257.It Va nfs_server_flags 2258.Pq Vt str 2259If 2260.Va nfs_server_enable 2261is set to 2262.Dq Li YES , 2263these are the flags to pass to the 2264.Xr nfsd 8 2265daemon. 2266.It Va nfsv4_server_enable 2267.Pq Vt bool 2268If 2269.Va nfs_server_enable 2270is set to 2271.Dq Li YES 2272and 2273.Va nfsv4_server_enable 2274are set to 2275.Dq Li YES , 2276enable the server for NFSv4 as well as NFSv2 and NFSv3. 2277.It Va nfsuserd_enable 2278.Pq Vt bool 2279If 2280.Va nfsuserd_enable 2281is set to 2282.Dq Li YES , 2283run the nfsuserd daemon, which is needed for NFSv4 in order 2284to map between user/group names vs uid/gid numbers. 2285If 2286.Va nfsv4_server_enable 2287is set to 2288.Dq Li YES , 2289this will be forced enabled. 2290.It Va nfsuserd_flags 2291.Pq Vt str 2292If 2293.Va nfsuserd_enable 2294is set to 2295.Dq Li YES , 2296these are the flags to pass to the 2297.Xr nfsuserd 8 2298daemon. 2299.It Va nfscbd_enable 2300.Pq Vt bool 2301If 2302.Va nfscbd_enable 2303is set to 2304.Dq Li YES , 2305run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2306.It Va nfscbd_flags 2307.Pq Vt str 2308If 2309.Va nfscbd_enable 2310is set to 2311.Dq Li YES , 2312these are the flags to pass to the 2313.Xr nfscbd 8 2314daemon. 2315.It Va oldnfs_server_enable 2316.Pq Vt bool 2317If 2318.Va oldnfs_server_enable 2319is set to 2320.Dq Li YES , 2321force the NFS server daemons to run the old NFS server code 2322that does not support NFSv4. 2323.It Va mountd_enable 2324.Pq Vt bool 2325If set to 2326.Dq Li YES , 2327and no 2328.Va nfs_server_enable 2329is set, start 2330.Xr mountd 8 , 2331but not 2332.Xr nfsd 8 2333daemon. 2334It is commonly needed to run CFS without real NFS used. 2335.It Va mountd_flags 2336.Pq Vt str 2337If 2338.Va mountd_enable 2339is set to 2340.Dq Li YES , 2341these are the flags to pass to the 2342.Xr mountd 8 2343daemon. 2344.It Va weak_mountd_authentication 2345.Pq Vt bool 2346If set to 2347.Dq Li YES , 2348allow services like PCNFSD to make non-privileged mount 2349requests. 2350.It Va nfs_reserved_port_only 2351.Pq Vt bool 2352If set to 2353.Dq Li YES , 2354provide NFS services only on a secure port. 2355.It Va nfs_bufpackets 2356.Pq Vt int 2357If set to a number, indicates the number of packets worth of 2358socket buffer space to reserve on an NFS client. 2359The kernel default is typically 4. 2360Using a higher number may be 2361useful on gigabit networks to improve performance. 2362The minimum value is 23632 and the maximum is 64. 2364.It Va rpc_lockd_enable 2365.Pq Vt bool 2366If set to 2367.Dq Li YES 2368and also an NFS server or client, run 2369.Xr rpc.lockd 8 2370at boot time. 2371.It Va rpc_lockd_flags 2372.Pq Vt str 2373If 2374.Va rpc_lockd_enable 2375is set to 2376.Dq Li YES , 2377these are the flags to pass to the 2378.Xr rpc.lockd 8 2379daemon. 2380.It Va rpc_statd_enable 2381.Pq Vt bool 2382If set to 2383.Dq Li YES 2384and also an NFS server or client, run 2385.Xr rpc.statd 8 2386at boot time. 2387.It Va rpc_statd_flags 2388.Pq Vt str 2389If 2390.Va rpc_statd_enable 2391is set to 2392.Dq Li YES , 2393these are the flags to pass to the 2394.Xr rpc.statd 8 2395daemon. 2396.It Va rpcbind_program 2397.Pq Vt str 2398Path to 2399.Xr rpcbind 8 2400(default 2401.Pa /usr/sbin/rpcbind ) . 2402.It Va rpcbind_enable 2403.Pq Vt bool 2404If set to 2405.Dq Li YES , 2406run the 2407.Xr rpcbind 8 2408service at boot time. 2409.It Va rpcbind_flags 2410.Pq Vt str 2411If 2412.Va rpcbind_enable 2413is set to 2414.Dq Li YES , 2415these are the flags to pass to the 2416.Xr rpcbind 8 2417daemon. 2418.It Va keyserv_enable 2419.Pq Vt bool 2420If set to 2421.Dq Li YES , 2422run the 2423.Xr keyserv 8 2424daemon on boot for running Secure RPC. 2425.It Va keyserv_flags 2426.Pq Vt str 2427If 2428.Va keyserv_enable 2429is set to 2430.Dq Li YES , 2431these are the flags to pass to 2432.Xr keyserv 8 2433daemon. 2434.It Va pppoed_enable 2435.Pq Vt bool 2436If set to 2437.Dq Li YES , 2438run the 2439.Xr pppoed 8 2440daemon at boot time to provide PPP over Ethernet services. 2441.It Va pppoed_ Ns Aq Ar provider 2442.Pq Vt str 2443.Xr pppoed 8 2444listens to requests to this 2445.Ar provider 2446and ultimately runs 2447.Xr ppp 8 2448with a 2449.Ar system 2450argument of the same name. 2451.It Va pppoed_flags 2452.Pq Vt str 2453Additional flags to pass to 2454.Xr pppoed 8 . 2455.It Va pppoed_interface 2456.Pq Vt str 2457The network interface to run 2458.Xr pppoed 8 2459on. 2460This is mandatory when 2461.Va pppoed_enable 2462is set to 2463.Dq Li YES . 2464.It Va timed_enable 2465.Pq Vt bool 2466If set to 2467.Dq Li YES , 2468run the 2469.Xr timed 8 2470service at boot time. 2471This command is intended for networks of 2472machines where a consistent 2473.Dq "network time" 2474for all hosts must be established. 2475This is often useful in large NFS 2476environments where time stamps on files are expected to be consistent 2477network-wide. 2478.It Va timed_flags 2479.Pq Vt str 2480If 2481.Va timed_enable 2482is set to 2483.Dq Li YES , 2484these are the flags to pass to the 2485.Xr timed 8 2486service. 2487.It Va ntpdate_enable 2488.Pq Vt bool 2489If set to 2490.Dq Li YES , 2491run 2492.Xr ntpdate 8 2493at system startup. 2494This command is intended to 2495synchronize the system clock only 2496.Em once 2497from some standard reference. 2498.It Va ntpdate_config 2499.Pq Vt str 2500Configuration file for 2501.Xr ntpdate 8 . 2502Default 2503.Pa /etc/ntp.conf . 2504.It Va ntpdate_hosts 2505.Pq Vt str 2506A whitespace-separated list of NTP servers to synchronize with at startup. 2507The default is to use the servers listed in 2508.Va ntpdate_config , 2509if that file exists. 2510.It Va ntpdate_program 2511.Pq Vt str 2512Path to 2513.Xr ntpdate 8 2514(default 2515.Pa /usr/sbin/ntpdate ) . 2516.It Va ntpdate_flags 2517.Pq Vt str 2518If 2519.Va ntpdate_enable 2520is set to 2521.Dq Li YES , 2522these are the flags to pass to the 2523.Xr ntpdate 8 2524command (typically a hostname). 2525.It Va ntpd_enable 2526.Pq Vt bool 2527If set to 2528.Dq Li YES , 2529run the 2530.Xr ntpd 8 2531command at boot time. 2532.It Va ntpd_program 2533.Pq Vt str 2534Path to 2535.Xr ntpd 8 2536(default 2537.Pa /usr/sbin/ntpd ) . 2538.It Va ntpd_config 2539.Pq Vt str 2540Path to 2541.Xr ntpd 8 2542configuration file. 2543Default 2544.Pa /etc/ntp.conf . 2545.It Va ntpd_flags 2546.Pq Vt str 2547If 2548.Va ntpd_enable 2549is set to 2550.Dq Li YES , 2551these are the flags to pass to the 2552.Xr ntpd 8 2553daemon. 2554.It Va ntpd_sync_on_start 2555.Pq Vt bool 2556If set to 2557.Dq Li YES , 2558.Xr ntpd 8 2559is run with the 2560.Fl g 2561flag, which syncs the system's clock on startup. 2562See 2563.Xr ntpd 8 2564for more information regarding the 2565.Fl g 2566option. 2567This is a preferred alternative to using 2568.Xr ntpdate 8 2569or specifying the 2570.Va ntpdate_enable 2571variable. 2572.It Va nis_client_enable 2573.Pq Vt bool 2574If set to 2575.Dq Li YES , 2576run the 2577.Xr ypbind 8 2578service at system boot time. 2579.It Va nis_client_flags 2580.Pq Vt str 2581If 2582.Va nis_client_enable 2583is set to 2584.Dq Li YES , 2585these are the flags to pass to the 2586.Xr ypbind 8 2587service. 2588.It Va nis_ypset_enable 2589.Pq Vt bool 2590If set to 2591.Dq Li YES , 2592run the 2593.Xr ypset 8 2594daemon at system boot time. 2595.It Va nis_ypset_flags 2596.Pq Vt str 2597If 2598.Va nis_ypset_enable 2599is set to 2600.Dq Li YES , 2601these are the flags to pass to the 2602.Xr ypset 8 2603daemon. 2604.It Va nis_server_enable 2605.Pq Vt bool 2606If set to 2607.Dq Li YES , 2608run the 2609.Xr ypserv 8 2610daemon at system boot time. 2611.It Va nis_server_flags 2612.Pq Vt str 2613If 2614.Va nis_server_enable 2615is set to 2616.Dq Li YES , 2617these are the flags to pass to the 2618.Xr ypserv 8 2619daemon. 2620.It Va nis_ypxfrd_enable 2621.Pq Vt bool 2622If set to 2623.Dq Li YES , 2624run the 2625.Xr rpc.ypxfrd 8 2626daemon at system boot time. 2627.It Va nis_ypxfrd_flags 2628.Pq Vt str 2629If 2630.Va nis_ypxfrd_enable 2631is set to 2632.Dq Li YES , 2633these are the flags to pass to the 2634.Xr rpc.ypxfrd 8 2635daemon. 2636.It Va nis_yppasswdd_enable 2637.Pq Vt bool 2638If set to 2639.Dq Li YES , 2640run the 2641.Xr rpc.yppasswdd 8 2642daemon at system boot time. 2643.It Va nis_yppasswdd_flags 2644.Pq Vt str 2645If 2646.Va nis_yppasswdd_enable 2647is set to 2648.Dq Li YES , 2649these are the flags to pass to the 2650.Xr rpc.yppasswdd 8 2651daemon. 2652.It Va rpc_ypupdated_enable 2653.Pq Vt bool 2654If set to 2655.Dq Li YES , 2656run the 2657.Nm rpc.ypupdated 2658daemon at system boot time. 2659.It Va bsnmpd_enable 2660.Pq Vt bool 2661If set to 2662.Dq Li YES , 2663run the 2664.Xr bsnmpd 1 2665daemon at system boot time. 2666Be sure to understand the security implications of running SNMP daemon 2667on your host. 2668.It Va bsnmpd_flags 2669.Pq Vt str 2670If 2671.Va bsnmpd_enable 2672is set to 2673.Dq Li YES , 2674these are the flags to pass to the 2675.Xr bsnmpd 1 2676daemon. 2677.It Va defaultrouter 2678.Pq Vt str 2679If not set to 2680.Dq Li NO , 2681create a default route to this host name or IP address 2682(use an IP address if this router is also required to get to the 2683name server!). 2684.It Va ipv6_defaultrouter 2685.Pq Vt str 2686The IPv6 equivalent of 2687.Va defaultrouter . 2688.It Va static_arp_pairs 2689.Pq Vt str 2690Set to the list of static ARP pairs that are to be added at system 2691boot time. 2692For each whitespace separated 2693.Ar element 2694in the value, a 2695.Va static_arp_ Ns Aq Ar element 2696variable is assumed to exist whose contents will later be passed to a 2697.Dq Nm arp Cm -S 2698operation. 2699For example 2700.Bd -literal 2701static_arp_pairs="gw" 2702static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2703.Ed 2704.It Va static_ndp_pairs 2705.Pq Vt str 2706Set to the list of static NDP pairs that are to be added at system 2707boot time. 2708For each whitespace separated 2709.Ar element 2710in the value, a 2711.Va static_ndp_ Ns Aq Ar element 2712variable is assumed to exist whose contents will later be passed to a 2713.Dq Nm ndp Cm -s 2714operation. 2715For example 2716.Bd -literal 2717static_ndp_pairs="gw" 2718static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2719.Ed 2720.It Va static_routes 2721.Pq Vt str 2722Set to the list of static routes that are to be added at system 2723boot time. 2724If not set to 2725.Dq Li NO 2726then for each whitespace separated 2727.Ar element 2728in the value, a 2729.Va route_ Ns Aq Ar element 2730variable is assumed to exist 2731whose contents will later be passed to a 2732.Dq Nm route Cm add 2733operation. 2734For example: 2735.Bd -literal 2736static_routes="ext mcast:gif0 gif0local:gif0" 2737route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2738route_mcast="-net 224.0.0.0/4 -iface gif0" 2739route_gif0local="-host 169.254.1.1 -iface lo0" 2740.Ed 2741.Pp 2742When an 2743.Ar element 2744is in the form of 2745.Li name:ifname , 2746the route is specific to the interface 2747.Li ifname . 2748.It Va ipv6_static_routes 2749.Pq Vt str 2750The IPv6 equivalent of 2751.Va static_routes . 2752If not set to 2753.Dq Li NO 2754then for each whitespace separated 2755.Ar element 2756in the value, a 2757.Va ipv6_route_ Ns Aq Ar element 2758variable is assumed to exist 2759whose contents will later be passed to a 2760.Dq Nm route Cm add Fl inet6 2761operation. 2762.It Va natm_static_routes 2763.Pq Vt str 2764The 2765.Xr natmip 4 2766equivalent of 2767.Va static_routes . 2768If not empty then for each whitespace separated 2769.Ar element 2770in the value, a 2771.Va route_ Ns Aq Ar element 2772variable is assumed to exist whose contents will later be passed to a 2773.Dq Nm atmconfig Cm natm Cm add 2774operation. 2775.It Va gateway_enable 2776.Pq Vt bool 2777If set to 2778.Dq Li YES , 2779configure host to act as an IP router, e.g.\& to forward packets 2780between interfaces. 2781.It Va ipv6_gateway_enable 2782.Pq Vt bool 2783The IPv6 equivalent of 2784.Va gateway_enable . 2785.It Va routed_enable 2786.Pq Vt bool 2787If set to 2788.Dq Li YES , 2789run a routing daemon of some sort, based on the 2790settings of 2791.Va routed_program 2792and 2793.Va routed_flags . 2794.It Va route6d_enable 2795.Pq Vt bool 2796The IPv6 equivalent of 2797.Va routed_enable . 2798If set to 2799.Dq Li YES , 2800run a routing daemon of some sort, based on the 2801settings of 2802.Va route6d_program 2803and 2804.Va route6d_flags . 2805.It Va routed_program 2806.Pq Vt str 2807If 2808.Va routed_enable 2809is set to 2810.Dq Li YES , 2811this is the name of the routing daemon to use. 2812.It Va route6d_program 2813.Pq Vt str 2814The IPv6 equivalent of 2815.Va routed_program . 2816.It Va routed_flags 2817.Pq Vt str 2818If 2819.Va routed_enable 2820is set to 2821.Dq Li YES , 2822these are the flags to pass to the routing daemon. 2823.It Va route6d_flags 2824.Pq Vt str 2825The IPv6 equivalent of 2826.Va routed_flags . 2827.It Va mrouted_enable 2828.Pq Vt bool 2829If set to 2830.Dq Li YES , 2831run the multicast routing daemon, 2832.Xr mrouted 8 . 2833.It Va mroute6d_enable 2834.Pq Vt bool 2835The IPv6 equivalent of 2836.Va mrouted_enable . 2837If set to 2838.Dq Li YES , 2839run the IPv6 multicast routing daemon. 2840.Pp 2841Note that multicast routing daemons are no longer included in the 2842.Fx 2843base system, however, both 2844.Xr mrouted 8 2845and 2846.Xr pim6dd 8 2847may be installed from the 2848.Fx 2849Ports Collection. 2850.It Va mrouted_flags 2851.Pq Vt str 2852If 2853.Va mrouted_enable 2854is set to 2855.Dq Li YES , 2856these are the flags to pass to the 2857.Xr mrouted 8 2858daemon. 2859.It Va mroute6d_flags 2860.Pq Vt str 2861The IPv6 equivalent of 2862.Va mrouted_flags . 2863If 2864.Va mroute6d_enable 2865is set to 2866.Dq Li YES , 2867these are the flags passed to the IPv6 multicast routing daemon. 2868.It Va mroute6d_program 2869.Pq Vt str 2870If 2871.Va mroute6d_enable 2872is set to 2873.Dq Li YES , 2874this is the path to the IPv6 multicast routing daemon. 2875.It Va rtadvd_enable 2876.Pq Vt bool 2877If set to 2878.Dq Li YES , 2879run the 2880.Xr rtadvd 8 2881daemon at boot time. 2882The 2883.Xr rtadvd 8 2884utility sends ICMPv6 Router Advertisement messages to 2885the interfaces specified in 2886.Va rtadvd_interfaces . 2887This should only be enabled with great care. 2888You may want to fine-tune 2889.Xr rtadvd.conf 5 . 2890.It Va rtadvd_interfaces 2891.Pq Vt str 2892If 2893.Va rtadvd_enable 2894is set to 2895.Dq Li YES 2896this is the list of interfaces to use. 2897.It Va ipxgateway_enable 2898.Pq Vt bool 2899If set to 2900.Dq Li YES , 2901enable the routing of IPX traffic. 2902.It Va ipxrouted_enable 2903.Pq Vt bool 2904If set to 2905.Dq Li YES , 2906run the 2907.Xr IPXrouted 8 2908daemon at system boot time. 2909.It Va ipxrouted_flags 2910.Pq Vt str 2911If 2912.Va ipxrouted_enable 2913is set to 2914.Dq Li YES , 2915these are the flags to pass to the 2916.Xr IPXrouted 8 2917daemon. 2918.It Va arpproxy_all 2919.Pq Vt bool 2920If set to 2921.Dq Li YES , 2922enable global proxy ARP. 2923.It Va forward_sourceroute 2924.Pq Vt bool 2925If set to 2926.Dq Li YES 2927and 2928.Va gateway_enable 2929is also set to 2930.Dq Li YES , 2931source-routed packets are forwarded. 2932.It Va accept_sourceroute 2933.Pq Vt bool 2934If set to 2935.Dq Li YES , 2936the system will accept source-routed packets directed at it. 2937.It Va rarpd_enable 2938.Pq Vt bool 2939If set to 2940.Dq Li YES , 2941run the 2942.Xr rarpd 8 2943daemon at system boot time. 2944.It Va rarpd_flags 2945.Pq Vt str 2946If 2947.Va rarpd_enable 2948is set to 2949.Dq Li YES , 2950these are the flags to pass to the 2951.Xr rarpd 8 2952daemon. 2953.It Va bootparamd_enable 2954.Pq Vt bool 2955If set to 2956.Dq Li YES , 2957run the 2958.Xr bootparamd 8 2959daemon at system boot time. 2960.It Va bootparamd_flags 2961.Pq Vt str 2962If 2963.Va bootparamd_enable 2964is set to 2965.Dq Li YES , 2966these are the flags to pass to the 2967.Xr bootparamd 8 2968daemon. 2969.It Va stf_interface_ipv4addr 2970.Pq Vt str 2971If not set to 2972.Dq Li NO , 2973this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2974interface). 2975Specify this entry to enable the 6to4 interface. 2976.It Va stf_interface_ipv4plen 2977.Pq Vt int 2978Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2979An effective value is 0-31. 2980.It Va stf_interface_ipv6_ifid 2981.Pq Vt str 2982IPv6 interface ID for 2983.Xr stf 4 . 2984This can be set to 2985.Dq Li AUTO . 2986.It Va stf_interface_ipv6_slaid 2987.Pq Vt str 2988IPv6 Site Level Aggregator for 2989.Xr stf 4 . 2990.It Va ipv6_faith_prefix 2991.Pq Vt str 2992If not set to 2993.Dq Li NO , 2994this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2995translator. 2996You also need 2997.Xr faithd 8 2998setup. 2999.It Va ipv6_ipv4mapping 3000.Pq Vt bool 3001If set to 3002.Dq Li YES 3003this enables IPv4 mapped IPv6 address communication (like 3004.Li ::ffff:a.b.c.d ) . 3005.It Va rtsold_enable 3006.Pq Vt bool 3007Set to 3008.Dq Li YES 3009to enable the 3010.Xr rtsold 8 3011daemon to send ICMPv6 Router Solicitation messages. 3012.It Va rtsold_flags 3013.Pq Vt str 3014If 3015.Va rtsold_enable 3016is set to 3017.Dq Li YES , 3018these are the flags to pass to 3019.Xr rtsold 8 . 3020.It Va rtsol_flags 3021.Pq Vt str 3022For interfaces configured with the 3023.Dq Li inet6 accept_rtadv 3024keyword, these are the flags to pass to 3025.Xr rtsol 8 . 3026.Pp 3027Note that 3028.Va rtsold_enable 3029is mutually exclusive to 3030.Va rtsol_flags ; 3031.Va rtsold_enable 3032takes precedence. 3033.It Va atm_enable 3034.Pq Vt bool 3035Set to 3036.Dq Li YES 3037to enable the configuration of ATM interfaces at system boot time. 3038For all of the ATM variables described below, please refer to the 3039.Xr atm 8 3040manual page for further details on the available command parameters. 3041Also refer to the files in 3042.Pa /usr/share/examples/atm 3043for more detailed configuration information. 3044.It Va atm_load 3045.Pq Vt str 3046This is a list of physical ATM interface drivers to load. 3047Typical values are 3048.Dq Li hfa_pci 3049and/or 3050.Dq Li hea_pci . 3051.It Va atm_netif_ Ns Aq Ar intf 3052.Pq Vt str 3053For the ATM physical interface 3054.Ar intf , 3055this variable defines the name prefix and count for the ATM network 3056interfaces to be created. 3057The value will be passed as the parameters of an 3058.Dq Nm atm Cm "set netif" Ar intf 3059command. 3060.It Va atm_sigmgr_ Ns Aq Ar intf 3061.Pq Vt str 3062For the ATM physical interface 3063.Ar intf , 3064this variable defines the ATM signalling manager to be used. 3065The value will be passed as the parameters of an 3066.Dq Nm atm Cm attach Ar intf 3067command. 3068.It Va atm_prefix_ Ns Aq Ar intf 3069.Pq Vt str 3070For the ATM physical interface 3071.Ar intf , 3072this variable defines the NSAP prefix for interfaces using a UNI signalling 3073manager. 3074If set to 3075.Dq Li ILMI , 3076the prefix will automatically be set via the 3077.Xr ilmid 8 3078daemon. 3079Otherwise, the value will be passed as the parameters of an 3080.Dq Nm atm Cm "set prefix" Ar intf 3081command. 3082.It Va atm_macaddr_ Ns Aq Ar intf 3083.Pq Vt str 3084For the ATM physical interface 3085.Ar intf , 3086this variable defines the MAC address for interfaces using a UNI signalling 3087manager. 3088If set to 3089.Dq Li NO , 3090the hardware MAC address contained in the ATM interface card will be used. 3091Otherwise, the value will be passed as the parameters of an 3092.Dq Nm atm Cm "set mac" Ar intf 3093command. 3094.It Va atm_arpserver_ Ns Aq Ar netif 3095.Pq Vt str 3096For the ATM network interface 3097.Ar netif , 3098this variable defines the ATM address for a host which is to provide ATMARP 3099service. 3100This variable is only applicable to interfaces using a UNI signalling 3101manager. 3102If set to 3103.Dq Li local , 3104this host will become an ATMARP server. 3105The value will be passed as the parameters of an 3106.Dq Nm atm Cm "set arpserver" Ar netif 3107command. 3108.It Va atm_scsparp_ Ns Aq Ar netif 3109.Pq Vt bool 3110If set to 3111.Dq Li YES , 3112SCSP/ATMARP service for the network interface 3113.Ar netif 3114will be initiated using the 3115.Xr scspd 8 3116and 3117.Xr atmarpd 8 3118daemons. 3119This variable is only applicable if 3120.Va atm_arpserver_ Ns Aq Ar netif 3121is set to 3122.Dq Li local . 3123.It Va atm_pvcs 3124.Pq Vt str 3125Set to the list of ATM PVCs to be added at system 3126boot time. 3127For each whitespace separated 3128.Ar element 3129in the value, an 3130.Va atm_pvc_ Ns Aq Ar element 3131variable is assumed to exist. 3132The value of each of these variables 3133will be passed as the parameters of an 3134.Dq Nm atm Cm "add pvc" 3135command. 3136.It Va atm_arps 3137.Pq Vt str 3138Set to the list of permanent ATM ARP entries to be added 3139at system boot time. 3140For each whitespace separated 3141.Ar element 3142in the value, an 3143.Va atm_arp_ Ns Aq Ar element 3144variable is assumed to exist. 3145The value of each of these variables 3146will be passed as the parameters of an 3147.Dq Nm atm Cm "add arp" 3148command. 3149.It Va natm_interfaces 3150.Pq Vt str 3151Set to the list of 3152.Xr natm 4 3153interfaces that will also be used for HARP through 3154.Xr harp 4 . 3155If this list is not empty all interfaces in the list will be brought up 3156with 3157.Xr ifconfig 8 3158and 3159.Xr harp 4 3160will be loaded. 3161For this to work the interface drivers must be either compiled into the 3162kernel or must reside on the root partition. 3163.It Va keybell 3164.Pq Vt str 3165The keyboard bell sound. 3166Set to 3167.Dq Li normal , 3168.Dq Li visual , 3169.Dq Li off , 3170or 3171.Dq Li NO 3172if the default behavior is desired. 3173For details, refer to the 3174.Xr kbdcontrol 1 3175manpage. 3176.It Va keyboard 3177.Pq Vt str 3178If set to a non-null string, the virtual console's keyboard input is 3179set to this device. 3180.It Va keymap 3181.Pq Vt str 3182If set to 3183.Dq Li NO , 3184no keymap is installed, otherwise the value is used to install 3185the keymap file in 3186.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3187.It Va keyrate 3188.Pq Vt str 3189The keyboard repeat speed. 3190Set to 3191.Dq Li slow , 3192.Dq Li normal , 3193.Dq Li fast , 3194or 3195.Dq Li NO 3196if the default behavior is desired. 3197.It Va keychange 3198.Pq Vt str 3199If not set to 3200.Dq Li NO , 3201attempt to program the function keys with the value. 3202The value should 3203be a single string of the form: 3204.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3205.It Va cursor 3206.Pq Vt str 3207Can be set to the value of 3208.Dq Li normal , 3209.Dq Li blink , 3210.Dq Li destructive , 3211or 3212.Dq Li NO 3213to set the cursor behavior explicitly or choose the default behavior. 3214.It Va scrnmap 3215.Pq Vt str 3216If set to 3217.Dq Li NO , 3218no screen map is installed, otherwise the value is used to install 3219the screen map file in 3220.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3221.It Va font8x16 3222.Pq Vt str 3223If set to 3224.Dq Li NO , 3225the default 8x16 font value is used for screen size requests, otherwise 3226the value in 3227.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3228is used. 3229.It Va font8x14 3230.Pq Vt str 3231If set to 3232.Dq Li NO , 3233the default 8x14 font value is used for screen size requests, otherwise 3234the value in 3235.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3236is used. 3237.It Va font8x8 3238.Pq Vt str 3239If set to 3240.Dq Li NO , 3241the default 8x8 font value is used for screen size requests, otherwise 3242the value in 3243.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3244is used. 3245.It Va blanktime 3246.Pq Vt int 3247If set to 3248.Dq Li NO , 3249the default screen blanking interval is used, otherwise it is set 3250to 3251.Ar value 3252seconds. 3253.It Va saver 3254.Pq Vt str 3255If not set to 3256.Dq Li NO , 3257this is the actual screen saver to use 3258.Li ( blank , snake , daemon , 3259etc). 3260.It Va moused_nondefault_enable 3261.Pq Vt str 3262If set to 3263.Dq Li NO , 3264the mouse device specified on 3265the command line is not automatically treated as enabled by the 3266.Pa /etc/rc.d/moused 3267script. 3268Having this variable set to 3269.Dq Li YES 3270allows a 3271.Xr usb 4 3272mouse, 3273for example, 3274to be enabled as soon as it is plugged in. 3275.It Va moused_enable 3276.Pq Vt str 3277If set to 3278.Dq Li YES , 3279the 3280.Xr moused 8 3281daemon is started for doing cut/paste selection on the console. 3282.It Va moused_type 3283.Pq Vt str 3284This is the protocol type of the mouse connected to this host. 3285This variable must be set if 3286.Va moused_enable 3287is set to 3288.Dq Li YES . 3289The 3290.Xr moused 8 3291daemon 3292is able to detect the appropriate mouse type automatically in many cases. 3293Set this variable to 3294.Dq Li auto 3295to let the daemon detect it, or 3296select one from the following list if the automatic detection fails. 3297.Pp 3298If the mouse is attached to the PS/2 mouse port, choose 3299.Dq Li auto 3300or 3301.Dq Li ps/2 , 3302regardless of the brand and model of the mouse. 3303Likewise, if the 3304mouse is attached to the bus mouse port, choose 3305.Dq Li auto 3306or 3307.Dq Li busmouse . 3308All other protocols are for serial mice and will not work with 3309the PS/2 and bus mice. 3310If this is a USB mouse, 3311.Dq Li auto 3312is the only protocol type which will work. 3313.Pp 3314.Bl -tag -width ".Li x10mouseremote" -compact 3315.It Li microsoft 3316Microsoft mouse (serial) 3317.It Li intellimouse 3318Microsoft IntelliMouse (serial) 3319.It Li mousesystems 3320Mouse systems Corp.\& mouse (serial) 3321.It Li mmseries 3322MM Series mouse (serial) 3323.It Li logitech 3324Logitech mouse (serial) 3325.It Li busmouse 3326A bus mouse 3327.It Li mouseman 3328Logitech MouseMan and TrackMan (serial) 3329.It Li glidepoint 3330ALPS GlidePoint (serial) 3331.It Li thinkingmouse 3332Kensington ThinkingMouse (serial) 3333.It Li ps/2 3334PS/2 mouse 3335.It Li mmhittab 3336MM HitTablet (serial) 3337.It Li x10mouseremote 3338X10 MouseRemote (serial) 3339.It Li versapad 3340Interlink VersaPad (serial) 3341.El 3342.Pp 3343Even if the mouse is not in the above list, it may be compatible 3344with one in the list. 3345Refer to the manual page for 3346.Xr moused 8 3347for compatibility information. 3348.Pp 3349It should also be noted that while this is enabled, any 3350other client of the mouse (such as an X server) should access 3351the mouse through the virtual mouse device, 3352.Pa /dev/sysmouse , 3353and configure it as a 3354.Dq Li sysmouse 3355type mouse, since all 3356mouse data is converted to this single canonical format when 3357using 3358.Xr moused 8 . 3359If the client program does not support the 3360.Dq Li sysmouse 3361type, 3362specify the 3363.Dq Li mousesystems 3364type. 3365It is the second preferred type. 3366.It Va moused_port 3367.Pq Vt str 3368If 3369.Va moused_enable 3370is set to 3371.Dq Li YES , 3372this is the actual port the mouse is on. 3373It might be 3374.Pa /dev/cuau0 3375for a COM1 serial mouse, 3376.Pa /dev/psm0 3377for a PS/2 mouse or 3378.Pa /dev/mse0 3379for a bus mouse, for example. 3380.It Va moused_flags 3381.Pq Vt str 3382If 3383.Va moused_flags 3384is set, its value is used as an additional set of flags to pass to the 3385.Xr moused 8 3386daemon. 3387.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3388When 3389.Va moused_nondefault_enable 3390is enabled, and a 3391.Xr moused 8 3392daemon is started for a non-default port, the 3393.Va "moused_" Ns Ar XXX Ns Va "_flags" 3394set of options has precedence over and replaces the default 3395.Va moused_flags 3396(where 3397.Ar XXX 3398is the name of the non-default port, i.e.,\& 3399.Ar ums0 ) . 3400By setting 3401.Va "moused_" Ns Ar XXX Ns Va "_flags" 3402it is possible to set up a different set of default flags for each 3403.Xr moused 8 3404instance. 3405For example, you can use 3406.Dq Li "-3" 3407for the default 3408.Va moused_flags 3409to make your laptop's touchpad more comfortable to use, 3410but an empty set of options for 3411.Va moused_ums0_flags 3412when your 3413.Xr usb 4 3414mouse has three or more buttons. 3415.It Va mousechar_start 3416.Pq Vt int 3417If set to 3418.Dq Li NO , 3419the default mouse cursor character range 3420.Li 0xd0 Ns - Ns Li 0xd3 3421is used, 3422otherwise the range start is set 3423to 3424.Ar value 3425character, see 3426.Xr vidcontrol 1 . 3427Use if the default range is occupied in the language code table. 3428.It Va allscreens_flags 3429.Pq Vt str 3430If set, 3431.Xr vidcontrol 1 3432is run with these options for each of the virtual terminals 3433.Pq Pa /dev/ttyv* . 3434For example, 3435.Dq Fl m Cm on 3436will enable the mouse pointer on all virtual terminals 3437if 3438.Va moused_enable 3439is set to 3440.Dq Li YES . 3441.It Va allscreens_kbdflags 3442.Pq Vt str 3443If set, 3444.Xr kbdcontrol 1 3445is run with these options for each of the virtual terminals 3446.Pq Pa /dev/ttyv* . 3447For example, 3448.Dq Fl h Li 200 3449will set the 3450.Xr syscons 4 3451scrollback (history) buffer to 200 lines. 3452.It Va cron_enable 3453.Pq Vt bool 3454If set to 3455.Dq Li YES , 3456run the 3457.Xr cron 8 3458daemon at system boot time. 3459.It Va cron_program 3460.Pq Vt str 3461Path to 3462.Xr cron 8 3463(default 3464.Pa /usr/sbin/cron ) . 3465.It Va cron_flags 3466.Pq Vt str 3467If 3468.Va cron_enable 3469is set to 3470.Dq Li YES , 3471these are the flags to pass to 3472.Xr cron 8 . 3473.It Va cron_dst 3474.Pq Vt bool 3475If set to 3476.Dq Li YES , 3477enable the special handling of transitions to and from the 3478Daylight Saving Time in 3479.Xr cron 8 3480(equivalent to using the flag 3481.Fl s ) . 3482.It Va lpd_program 3483.Pq Vt str 3484Path to 3485.Xr lpd 8 3486(default 3487.Pa /usr/sbin/lpd ) . 3488.It Va lpd_enable 3489.Pq Vt bool 3490If set to 3491.Dq Li YES , 3492run the 3493.Xr lpd 8 3494daemon at system boot time. 3495.It Va lpd_flags 3496.Pq Vt str 3497If 3498.Va lpd_enable 3499is set to 3500.Dq Li YES , 3501these are the flags to pass to the 3502.Xr lpd 8 3503daemon. 3504.It Va chkprintcap_enable 3505.Pq Vt bool 3506If set to 3507.Dq Li YES , 3508run the 3509.Xr chkprintcap 8 3510command before starting the 3511.Xr lpd 8 3512daemon. 3513.It Va chkprintcap_flags 3514.Pq Vt str 3515If 3516.Va lpd_enable 3517and 3518.Va chkprintcap_enable 3519are set to 3520.Dq Li YES , 3521these are the flags to pass to the 3522.Xr chkprintcap 8 3523program. 3524The default is 3525.Dq Li -d , 3526which causes missing directories to be created. 3527.It Va mta_start_script 3528.Pq Vt str 3529This variable specifies the full path to the script to run to start 3530a mail transfer agent. 3531The default is 3532.Pa /etc/rc.sendmail . 3533The 3534.Va sendmail_* 3535variables which 3536.Pa /etc/rc.sendmail 3537uses are documented in the 3538.Xr rc.sendmail 8 3539manual page. 3540.It Va dumpdev 3541.Pq Vt str 3542Indicates the device (usually a swap partition) to which a crash dump 3543should be written in the event of a system crash. 3544If the value of this variable is 3545.Dq Li AUTO , 3546the first suitable swap device listed in 3547.Pa /etc/fstab 3548will be used as dump device. 3549Otherwise, the value of this variable is passed as the argument to 3550.Xr dumpon 8 . 3551To disable crash dumps, set this variable to 3552.Dq Li NO . 3553.It Va dumpdir 3554.Pq Vt str 3555When the system reboots after a crash and a crash dump is found on the 3556device specified by the 3557.Va dumpdev 3558variable, 3559.Xr savecore 8 3560will save that crash dump and a copy of the kernel to the directory 3561specified by the 3562.Va dumpdir 3563variable. 3564The default value is 3565.Pa /var/crash . 3566Set to 3567.Dq Li NO 3568to not run 3569.Xr savecore 8 3570at boot time when 3571.Va dumpdir 3572is set. 3573.It Va savecore_flags 3574.Pq Vt str 3575If crash dumps are enabled, these are the flags to pass to the 3576.Xr savecore 8 3577utility. 3578.It Va quota_enable 3579.Pq Vt bool 3580Set to 3581.Dq Li YES 3582to turn on user and group disk quotas on system startup via the 3583.Xr quotaon 8 3584command for all file systems marked as having quotas enabled in 3585.Pa /etc/fstab . 3586The kernel must be built with 3587.Cd "options QUOTA" 3588for disk quotas to function. 3589.It Va check_quotas 3590.Pq Vt bool 3591Set to 3592.Dq Li YES 3593to enable user and group disk quota checking via the 3594.Xr quotacheck 8 3595command. 3596.It Va quotacheck_flags 3597.Pq Vt str 3598If 3599.Va quota_enable 3600is set to 3601.Dq Li YES , 3602and 3603.Va check_quotas 3604is set to 3605.Dq Li YES , 3606these are the flags to pass to the 3607.Xr quotacheck 8 3608utility. 3609The default is 3610.Dq Li "-a" , 3611which checks quotas for all file systems with quotas enabled in 3612.Pa /etc/fstab . 3613.It Va quotaon_flags 3614.Pq Vt str 3615If 3616.Va quota_enable 3617is set to 3618.Dq Li YES , 3619these are the flags to pass to the 3620.Xr quotaon 8 3621utility. 3622The default is 3623.Dq Li "-a" , 3624which enables quotas for all file systems with quotas enabled in 3625.Pa /etc/fstab . 3626.It Va quotaoff_flags 3627.Pq Vt str 3628If 3629.Va quota_enable 3630is set to 3631.Dq Li YES , 3632these are the flags to pass to the 3633.Xr quotaoff 8 3634utility when shutting down the quota system. 3635The default is 3636.Dq Li "-a" , 3637which disables quotas for all file systems with quotas enabled in 3638.Pa /etc/fstab . 3639.It Va accounting_enable 3640.Pq Vt bool 3641Set to 3642.Dq Li YES 3643to enable system accounting through the 3644.Xr accton 8 3645facility. 3646.It Va ibcs2_enable 3647.Pq Vt bool 3648Set to 3649.Dq Li YES 3650to enable iBCS2 (SCO) binary emulation at system initial boot 3651time. 3652.It Va ibcs2_loaders 3653.Pq Vt str 3654If not set to 3655.Dq Li NO 3656and if 3657.Va ibcs2_enable 3658is set to 3659.Dq Li YES , 3660this specifies a list of additional iBCS2 loaders to enable. 3661.It Va linux_enable 3662.Pq Vt bool 3663Set to 3664.Dq Li YES 3665to enable Linux/ELF binary emulation at system initial 3666boot time. 3667.It Va svr4_enable 3668.Pq Vt bool 3669If set to 3670.Dq Li YES , 3671enable SysVR4 emulation at boot time. 3672.It Va sysvipc_enable 3673.Pq Vt bool 3674If set to 3675.Dq Li YES , 3676load System V IPC primitives at boot time. 3677.It Va clear_tmp_enable 3678.Pq Vt bool 3679Set to 3680.Dq Li YES 3681to have 3682.Pa /tmp 3683cleaned at startup. 3684.It Va clear_tmp_X 3685.Pq Vt bool 3686Set to 3687.Dq Li NO 3688to disable removing of X11 lock files, 3689and the removal and (secure) recreation 3690of the various socket directories for X11 3691related programs. 3692.It Va ldconfig_paths 3693.Pq Vt str 3694Set to the list of shared library paths to use with 3695.Xr ldconfig 8 . 3696NOTE: 3697.Pa /usr/lib 3698will always be added first, so it need not appear in this list. 3699.It Va ldconfig32_paths 3700.Pq Vt str 3701Set to the list of 32-bit compatibility shared library paths to 3702use with 3703.Xr ldconfig 8 . 3704.It Va ldconfig_paths_aout 3705.Pq Vt str 3706Set to the list of shared library paths to use with 3707.Xr ldconfig 8 3708legacy 3709.Xr a.out 5 3710support. 3711.It Va ldconfig_insecure 3712.Pq Vt bool 3713The 3714.Xr ldconfig 8 3715utility normally refuses to use directories 3716which are writable by anyone except root. 3717Set this variable to 3718.Dq Li YES 3719to disable that security check during system startup. 3720.It Va ldconfig_local_dirs 3721.Pq Vt str 3722Set to the list of local 3723.Xr ldconfig 8 3724directories. 3725The names of all files in the directories listed will be 3726passed as arguments to 3727.Xr ldconfig 8 . 3728.It Va ldconfig_local32_dirs 3729.Pq Vt str 3730Set to the list of local 32-bit compatibility 3731.Xr ldconfig 8 3732directories. 3733The names of all files in the directories listed will be 3734passed as arguments to 3735.Dq Nm ldconfig Fl 32 . 3736.It Va kern_securelevel_enable 3737.Pq Vt bool 3738Set to 3739.Dq Li YES 3740to set the kernel security level at system startup. 3741.It Va kern_securelevel 3742.Pq Vt int 3743The kernel security level to set at startup. 3744The allowed range of 3745.Ar value 3746ranges from \-1 (the compile time default) to 3 (the 3747most secure). 3748See 3749.Xr security 7 3750for the list of possible security levels and their effect 3751on system operation. 3752.It Va sshd_program 3753.Pq Vt str 3754Path to the SSH server program 3755.Pa ( /usr/sbin/sshd 3756is the default). 3757.It Va sshd_enable 3758.Pq Vt bool 3759Set to 3760.Dq Li YES 3761to start 3762.Xr sshd 8 3763at system boot time. 3764.It Va sshd_flags 3765.Pq Vt str 3766If 3767.Va sshd_enable 3768is set to 3769.Dq Li YES , 3770these are the flags to pass to the 3771.Xr sshd 8 3772daemon. 3773.It Va ftpd_program 3774.Pq Vt str 3775Path to the FTP server program 3776.Pa ( /usr/libexec/ftpd 3777is the default). 3778.It Va ftpd_enable 3779.Pq Vt bool 3780Set to 3781.Dq Li YES 3782to start 3783.Xr ftpd 8 3784as a stand-alone daemon at system boot time. 3785.It Va ftpd_flags 3786.Pq Vt str 3787If 3788.Va ftpd_enable 3789is set to 3790.Dq Li YES , 3791these are the additional flags to pass to the 3792.Xr ftpd 8 3793daemon. 3794.It Va watchdogd_enable 3795.Pq Vt bool 3796If set to 3797.Dq Li YES , 3798start the 3799.Xr watchdogd 8 3800daemon at boot time. 3801This requires that the kernel have been compiled with a 3802.Xr watchdog 4 3803compatible device. 3804.It Va watchdogd_flags 3805.Pq Vt str 3806If 3807.Va watchdogd_enable 3808is set to 3809.Dq Li YES , 3810these are the flags passed to the 3811.Xr watchdogd 8 3812daemon. 3813.It Va devfs_rulesets 3814.Pq Vt str 3815List of files containing sets of rules for 3816.Xr devfs 8 . 3817.It Va devfs_system_ruleset 3818.Pq Vt str 3819Rule name(s) to apply to the system 3820.Pa /dev 3821itself. 3822.It Va devfs_set_rulesets 3823.Pq Vt str 3824Pairs of already-mounted 3825.Pa dev 3826directories and rulesets that should be applied to them. 3827For example: /mount/dev=ruleset_name 3828.It Va devfs_load_rulesets 3829.Pq Vt bool 3830If set, always load the default rulesets listed in 3831.Va devfs_rulesets . 3832.It Va performance_cx_lowest 3833.Pq Vt str 3834CPU idle state to use while on AC power. 3835The string 3836.Dq Li LOW 3837indicates that 3838.Xr acpi 4 3839should use the lowest power state available while 3840.Dq Li HIGH 3841indicates that the lowest latency state (less power savings) should be used. 3842.It Va performance_cpu_freq 3843.Pq Vt str 3844CPU clock frequency to use while on AC power. 3845The string 3846.Dq Li LOW 3847indicates that 3848.Xr cpufreq 4 3849should use the lowest frequency available while 3850.Dq Li HIGH 3851indicates that the highest frequency (less power savings) should be used. 3852.It Va economy_cx_lowest 3853.Pq Vt str 3854CPU idle state to use when off AC power. 3855The string 3856.Dq Li LOW 3857indicates that 3858.Xr acpi 4 3859should use the lowest power state available while 3860.Dq Li HIGH 3861indicates that the lowest latency state (less power savings) should be used. 3862.It Va economy_cpu_freq 3863.Pq Vt str 3864CPU clock frequency to use when off AC power. 3865The string 3866.Dq Li LOW 3867indicates that 3868.Xr cpufreq 4 3869should use the lowest frequency available while 3870.Dq Li HIGH 3871indicates that the highest frequency (less power savings) should be used. 3872.It Va jail_enable 3873.Pq Vt bool 3874If set to 3875.Dq Li NO , 3876any configured jails will not be started. 3877.It Va jail_parallel_start 3878.Pq Vt bool 3879If set to 3880.Dq Li YES , 3881all configured jails will be started in the background (in parallel). 3882.It Va jail_list 3883.Pq Vt str 3884A space separated list of names for jails. 3885This is purely a configuration aid to help identify and 3886configure multiple jails. 3887The names specified in this list will be used to 3888identify settings common to an instance of a jail, 3889and should contain alphanumeric characters only. 3890Assuming that the jail in question was named 3891.Li vjail , 3892you would have the following dependent variables: 3893.Bd -literal 3894jail_vjail_hostname="jail.example.com" 3895jail_vjail_ip="192.0.2.100" 3896jail_vjail_rootdir="/var/jails/vjail/root" 3897.Ed 3898.Pp 3899.It Va jail_flags 3900.Pq Vt str 3901Unset by default. 3902When set, use as default value for 3903.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3904for every jail in 3905.Va jail_list . 3906.It Va jail_interface 3907.Pq Vt str 3908Unset by default. 3909When set, use as default value for 3910.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3911for every jail in 3912.Va jail_list . 3913.It Va jail_fstab 3914.Pq Vt str 3915Unset by default. 3916When set, use as default value for 3917.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3918for every jail in 3919.Va jail_list . 3920.It Va jail_mount_enable 3921.Pq Vt bool 3922Set to 3923.Dq Li NO 3924by default. 3925When set to 3926.Dq Li YES , 3927sets 3928.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3929to 3930.Dq Li YES 3931by default for every jail in 3932.Va jail_list . 3933.It Va jail_devfs_ruleset 3934.Pq Vt str 3935Unset by default. 3936When set, sets 3937.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3938to given value for every jail in 3939.Va jail_list . 3940.It Va jail_devfs_enable 3941.Pq Vt bool 3942Set to 3943.Dq Li NO 3944by default. 3945When set to 3946.Dq Li YES , 3947sets 3948.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3949to 3950.Dq Li YES 3951by default for every jail in 3952.Va jail_list . 3953.It Va jail_fdescfs_enable 3954.Pq Vt bool 3955Set to 3956.Dq Li NO 3957by default. 3958When set to 3959.Dq Li YES , 3960sets 3961.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3962to 3963.Dq Li YES 3964by default for every jail in 3965.Va jail_list . 3966.It Va jail_procfs_enable 3967.Pq Vt bool 3968Set to 3969.Dq Li NO 3970by default. 3971When set to 3972.Dq Li YES , 3973sets 3974.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3975to 3976.Dq Li YES 3977by default for every jail in 3978.Va jail_list . 3979.It Va jail_exec_prestart Ns Aq Ar N 3980.Pq Vt str 3981Unset by default. 3982When set, use as default value for 3983.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 3984for every jail in 3985.Va jail_list . 3986.It Va jail_exec_start 3987.Pq Vt str 3988Unset by default. 3989When set, use as default value for 3990.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3991for every jail in 3992.Va jail_list . 3993.It Va jail_exec_afterstart Ns Aq Ar N 3994.Pq Vt str 3995Unset by default. 3996When set, use as default value for 3997.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3998for every jail in 3999.Va jail_list . 4000.It Va jail_exec_poststart Ns Aq Ar N 4001.Pq Vt str 4002Unset by default. 4003When set, use as default value for 4004.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 4005for every jail in 4006.Va jail_list . 4007.It Va jail_exec_prestop Ns Aq Ar N 4008.Pq Vt str 4009Unset by default. 4010When set, use as default value for 4011.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4012for every jail in 4013.Va jail_list . 4014.It Va jail_exec_stop 4015Unset by default. 4016When set, use as default value for 4017.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4018for every jail in 4019.Va jail_list . 4020.It Va jail_exec_poststop Ns Aq Ar N 4021.Pq Vt str 4022Unset by default. 4023When set, use as default value for 4024.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4025for every jail in 4026.Va jail_list . 4027.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4028.Pq Vt str 4029Unset by default. 4030Set to the root directory used by jail 4031.Va jname . 4032.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4033.Pq Vt str 4034Unset by default. 4035Set to the fully qualified domain name (FQDN) assigned to jail 4036.Va jname . 4037.It Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4038.Pq Vt str 4039Unset by default. 4040Set extra parameters for jail 4041.Va jname , 4042such as 4043.Dq Li allow.chflags 4044or 4045.Dq Li children.max . 4046See 4047.Xr jail 8 4048for a list of available parameters. 4049Note that the following parameters are already defined by 4050.Pa rc.d/jail 4051script out of their corresponding 4052.Nm 4053variables: 4054.Bl -tag -width "host.hostname" -offset indent 4055.It Li path 4056set from 4057.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4058.It Li host.hostname 4059set from 4060.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4061.It Li command 4062set from 4063.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4064.It Li ip4.addr 4065set if 4066.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4067contains IPv4 addresses 4068.It Li ip6.addr 4069set if 4070.Va jail_ Ns Ao Ar jname Ac Ns Va _ip6 4071contains IPv6 addresses 4072.El 4073.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4074.Pq Vt str 4075Unset by default. 4076Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. 4077The argument can be a sole address or a comma separated list of addresses. 4078Additionally each address can be prefixed by the name of an interface 4079followed by a pipe to overwrite 4080.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 4081or 4082.Va jail_interface 4083and/or suffixed by a netmask, prefixlen or prefix. 4084In case no netmask, prefixlen or prefix is given, 4085.Sq /32 4086will be used for IPv4 and 4087.Sq /128 4088will be used for an IPv6 address. 4089If no address is given for the jail then the jail will be started with 4090no networking support. 4091.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4092.Pq Vt str 4093Unset by default. 4094Set additional IPv4 and/or IPv6 address(es) assigned to the jail. 4095The sequence starts with 4096.Dq Li _multi0 4097and the numbers have to be strictly ascending. 4098These entries follow the same syntax as their primary 4099.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4100entry. 4101The order of the entries can be important as the first address for 4102each address family found will be the primary address of the jail. 4103See 4104.Va ip-addresses 4105option in 4106.Xr jail 8 4107for more details. 4108.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4109.Pq Vt str 4110Set to 4111.Dq Li -l -U root 4112by default. 4113These are flags to pass to 4114.Xr jail 8 . 4115.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 4116.Pq Vt str 4117Unset by default. 4118When set, sets the interface to use when setting IP address alias. 4119Note that the alias is created at jail startup and removed at jail shutdown. 4120.It Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4121.Pq Vt str 4122Unset by default. 4123When set, the jail is started with the specified forwarding table (sometimes 4124referred to as a routing table) via 4125.Xr setfib 1 . 4126.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4127.Pq Vt str 4128Set to 4129.Pa /etc/fstab. Ns Aq Ar jname 4130by default. 4131This is the file system information file to use for jail 4132.Va jname . 4133.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4134.Pq Vt bool 4135Set to 4136.Dq Li NO 4137by default. 4138When set to 4139.Dq Li YES , 4140mount all file systems from 4141.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4142at jail startup. 4143.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 4144.Pq Vt str 4145Unset by default. 4146When set, defines the device file system ruleset file to use for jail 4147.Va jname . 4148.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4149.Pq Vt bool 4150Set to 4151.Dq Li NO 4152by default. 4153When set to 4154.Dq Li YES , 4155mount the device file system inside jail 4156.Ar jname 4157at jail startup. 4158.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4159.Pq Vt bool 4160Set to 4161.Dq Li NO 4162by default. 4163When set to 4164.Dq Li YES , 4165mount the file-descriptor file system inside jail 4166.Ar jname 4167at jail startup. 4168.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 4169.Pq Vt bool 4170Set to 4171.Dq Li NO 4172by default. 4173When set to 4174.Dq Li YES , 4175mount the process file system inside jail 4176.Ar jname 4177at jail startup. 4178.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 4179.Pq Vt str 4180Unset by default. 4181This is the command run as 4182.Ar N Ns 4183th command 4184before jail startup, where 4185.Ar N 4186is 0, 1, and so on. 4187It is run outside the jail. 4188.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4189.Pq Vt str 4190Set to 4191.Dq Li /bin/sh /etc/rc 4192by default. 4193This is the command executed in a jail at jail startup. 4194.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 4195.Pq Vt str 4196Unset by default. 4197This is the command run as 4198.Ar N Ns 4199th command 4200in a jail 4201after jail startup, where 4202.Ar N 4203is 1, 2, and so on. 4204.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 4205.Pq Vt str 4206Unset by default. 4207This is the command run as 4208.Ar N Ns 4209th command 4210after jail startup, where 4211.Ar N 4212is 0, 1, and so on. 4213It is run outside the jail. 4214.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4215.Pq Vt str 4216Unset by default. 4217This is the command run as 4218.Ar N Ns 4219th command 4220before jail shutdown, where 4221.Ar N 4222is 0, 1, and so on. 4223It is run outside the jail. 4224.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4225.Pq Vt str 4226Set to 4227.Dq Li /bin/sh /etc/rc.shutdown 4228by default. 4229This is the command executed in a jail at jail shutdown. 4230.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4231.Pq Vt str 4232Unset by default. 4233This is the command run as 4234.Ar N Ns 4235th command 4236after jail shutdown, where 4237.Ar N 4238is 0, 1, and so on. 4239It is run outside the jail. 4240.It Va jail_set_hostname_allow 4241.Pq Vt bool 4242If set to 4243.Dq Li NO , 4244do not allow the root user in a jail to set its hostname. 4245.It Va jail_socket_unixiproute_only 4246.Pq Vt bool 4247If set to 4248.Dq Li YES , 4249do not allow any sockets, 4250besides UNIX/IP/route sockets, 4251to be used within a jail. 4252.It Va jail_sysvipc_allow 4253.Pq Vt bool 4254If set to 4255.Dq Li YES , 4256allow applications within a jail to use System V IPC. 4257.\" ----------------------------------------------------- 4258.It Va harvest_interrupt 4259.Pq Vt bool 4260Set to 4261.Dq Li YES 4262to use hardware interrupts as an entropy source. 4263Refer to 4264.Xr random 4 4265for more information. 4266.It Va harvest_ethernet 4267.Pq Vt bool 4268Set to 4269.Dq Li YES 4270to use LAN traffic as an entropy source. 4271Refer to 4272.Xr random 4 4273for more information. 4274.It Va harvest_p_to_p 4275.Pq Vt bool 4276Set to 4277.Dq Li YES 4278to use serial line traffic as an entropy source. 4279Refer to 4280.Xr random 4 4281for more information. 4282.It Va entropy_dir 4283.Pq Vt str 4284Set to 4285.Dq Li NO 4286to disable caching entropy via 4287.Xr cron 8 . 4288Otherwise set to the directory used to store entropy files in. 4289.It Va entropy_file 4290.Pq Vt str 4291Set to 4292.Dq Li NO 4293to disable caching entropy through reboots. 4294Otherwise set to the filename used to store cached entropy through 4295reboots. 4296This file should be located on the root file system to seed the 4297.Xr random 4 4298device as early as possible in the boot process. 4299.It Va entropy_save_sz 4300.Pq Vt int 4301Size of the entropy cache files saved by 4302.Nm save-entropy 4303periodically. 4304.It Va entropy_save_num 4305.Pq Vt int 4306Number of entropy cache files to save by 4307.Nm save-entropy 4308periodically. 4309.It Va ipsec_enable 4310.Pq Vt bool 4311Set to 4312.Dq Li YES 4313to run 4314.Xr setkey 8 4315on 4316.Va ipsec_file 4317at boot time. 4318.It Va ipsec_file 4319.Pq Vt str 4320Configuration file for 4321.Xr setkey 8 . 4322.It Va dmesg_enable 4323.Pq Vt bool 4324Set to 4325.Dq Li YES 4326to save 4327.Xr dmesg 8 4328to 4329.Pa /var/run/dmesg.boot 4330on boot. 4331.It Va rcshutdown_timeout 4332.Pq Vt int 4333If set, start a watchdog timer in the background which will terminate 4334.Pa rc.shutdown 4335if 4336.Xr shutdown 8 4337has not completed within the specified time (in seconds). 4338Notice that in addition to this soft timeout, 4339.Xr init 8 4340also applies a hard timeout for the execution of 4341.Pa rc.shutdown . 4342This is configured via 4343.Xr sysctl 8 4344variable 4345.Va kern.init_shutdown_timeout 4346and defaults to 120 seconds. 4347Setting the value of 4348.Va rcshutdown_timeout 4349to more than 120 seconds will have no effect until the 4350.Xr sysctl 8 4351variable 4352.Va kern.init_shutdown_timeout 4353is also increased. 4354.It Va virecover_enable 4355.Pq Vt bool 4356Set to 4357.Dq Li NO 4358to prevent the system from trying to 4359recover pre-maturely terminated 4360.Xr vi 1 4361sessions. 4362.It Va ugidfw_enable 4363.Pq Vt bool 4364Set to 4365.Dq Li YES 4366to load the 4367.Xr mac_bsdextended 4 4368module upon system initialization and load a default 4369ruleset file. 4370.It Va bsdextended_script 4371.Pq Vt str 4372The default 4373.Xr mac_bsdextended 4 4374ruleset file to load. 4375The default value of this variable is 4376.Pa /etc/rc.bsdextended . 4377.It Va newsyslog_enable 4378.Pq Vt bool 4379If set to 4380.Dq Li YES , 4381run 4382.Xr newsyslog 8 4383command at startup. 4384.It Va newsyslog_flags 4385.Pq Vt str 4386If 4387.Va newsyslog_enable 4388is set to 4389.Dq Li YES , 4390these are the flags to pass to the 4391.Xr newsyslog 8 4392program. 4393The default is 4394.Dq Li -CN , 4395which causes log files flagged with a 4396.Cm C 4397to be created. 4398.It Va mdconfig_md Ns Aq Ar X 4399.Pq Vt str 4400Arguments to 4401.Xr mdconfig 8 4402for 4403.Xr md 4 4404device 4405.Ar X . 4406At minimum a 4407.Fl t Ar type 4408must be specified and either a 4409.Fl s Ar size 4410for malloc or swap backed 4411.Xr md 4 4412devices or a 4413.Fl f Ar file 4414for vnode backed 4415.Xr md 4 4416devices. 4417Note that 4418.Va mdconfig_md Ns Aq Ar X 4419variables are evaluated until one variable is unset or null. 4420.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4421.Pq Vt str 4422Optional arguments passed to 4423.Xr newfs 8 4424to initialize 4425.Xr md 4 4426device 4427.Ar X . 4428.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4429.Pq Vt str 4430An ownership specification passed to 4431.Xr chown 8 4432after the specified 4433.Xr md 4 4434device 4435.Ar X 4436has been mounted. 4437Both the 4438.Xr md 4 4439device and the mount point will be changed. 4440.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4441.Pq Vt str 4442A mode string passed to 4443.Xr chmod 1 4444after the specified 4445.Xr md 4 4446device 4447.Ar X 4448has been mounted. 4449Both the 4450.Xr md 4 4451device and the mount point will be changed. 4452.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4453.Pq Vt str 4454Files to be copied to the mount point of the 4455.Xr md 4 4456device 4457.Ar X 4458after it has been mounted. 4459.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4460.Pq Vt str 4461Command to execute after the specified 4462.Xr md 4 4463device 4464.Ar X 4465has been mounted. 4466Note that the command is passed to 4467.Ic eval 4468and that both 4469.Va _dev 4470and 4471.Va _mp 4472variables can be used to reference respectively the 4473.Xr md 4 4474device and the mount point. 4475Assuming that the 4476.Xr md 4 4477device is 4478.Li md0 , 4479one could set the following: 4480.Bd -literal 4481mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4482.Ed 4483.It Va autobridge_interfaces 4484.Pq Vt str 4485Set to the list of bridge interfaces that will have newly arriving interfaces 4486checked against to be automatically added. 4487If not set to 4488.Dq Li NO 4489then for each whitespace separated 4490.Ar element 4491in the value, a 4492.Va autobridge_ Ns Aq Ar element 4493variable is assumed to exist which has a whitespace separated list of interface 4494names to match, these names can use wildcards. 4495For example: 4496.Bd -literal 4497autobridge_interfaces="bridge0" 4498autobridge_bridge0="tap* dc0 vlan[345]" 4499.Ed 4500.It Va mixer_enable 4501.Pq Vt bool 4502If set to 4503.Dq Li YES , 4504enable support for sound mixer. 4505.It Va hcsecd_enable 4506.Pq Vt bool 4507If set to 4508.Dq Li YES , 4509enable Bluetooth security daemon. 4510.It Va hcsecd_config 4511.Pq Vt str 4512Configuration file for 4513.Xr hcsecd 8 . 4514Default 4515.Pa /etc/bluetooth/hcsecd.conf . 4516.It Va sdpd_enable 4517.Pq Vt bool 4518If set to 4519.Dq Li YES , 4520enable Bluetooth Service Discovery Protocol daemon. 4521.It Va sdpd_control 4522.Pq Vt str 4523Path to 4524.Xr sdpd 8 4525control socket. 4526Default 4527.Pa /var/run/sdp . 4528.It Va sdpd_groupname 4529.Pq Vt str 4530Sets 4531.Xr sdpd 8 4532group to run as after it initializes. 4533Default 4534.Dq Li nobody . 4535.It Va sdpd_username 4536.Pq Vt str 4537Sets 4538.Xr sdpd 8 4539user to run as after it initializes. 4540Default 4541.Dq Li nobody . 4542.It Va bthidd_enable 4543.Pq Vt bool 4544If set to 4545.Dq Li YES , 4546enable Bluetooth Human Interface Device daemon. 4547.It Va bthidd_config 4548.Pq Vt str 4549Configuration file for 4550.Xr bthidd 8 . 4551Default 4552.Pa /etc/bluetooth/bthidd.conf . 4553.It Va bthidd_hids 4554.Pq Vt str 4555Path to a file, where 4556.Xr bthidd 8 4557will store information about known HID devices. 4558Default 4559.Pa /var/db/bthidd.hids . 4560.It Va rfcomm_pppd_server_enable 4561.Pq Vt bool 4562If set to 4563.Dq Li YES , 4564enable Bluetooth RFCOMM PPP wrapper daemon. 4565.It Va rfcomm_pppd_server_profile 4566.Pq Vt str 4567The name of the profile to use from 4568.Pa /etc/ppp/ppp.conf . 4569Multiple profiles can be specified here. 4570Also used to specify per-profile overrides. 4571When the profile name contains any of the characters 4572.Dq Li .-/+ 4573they are translated to 4574.Dq Li _ 4575for the proposes of the override variable names. 4576.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4577.Pq Vt str 4578Overrides local address to listen on. 4579By default 4580.Xr rfcomm_pppd 8 4581will listen on 4582.Dq Li ANY 4583address. 4584The address can be specified as BD_ADDR or name. 4585.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4586.Pq Vt str 4587Overrides local RFCOMM channel to listen on. 4588By default 4589.Xr rfcomm_pppd 8 4590will listen on RFCOMM channel 1. 4591Must set properly if multiple profiles used in the same time. 4592.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4593.Pq Vt bool 4594Tells 4595.Xr rfcomm_pppd 8 4596if it should register Serial Port service on the specified RFCOMM channel. 4597Default 4598.Dq Li NO . 4599.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4600.Pq Vt bool 4601Tells 4602.Xr rfcomm_pppd 8 4603if it should register Dial-Up Networking service on the specified 4604RFCOMM channel. 4605Default 4606.Dq Li NO . 4607.It Va ubthidhci_enable 4608.Pq Vt bool 4609If set to 4610.Dq Li YES , 4611change the USB Bluetooth controller from HID mode to HCI mode. 4612You also need to specify the location of USB Bluetooth controller with the 4613.Va ubthidhci_busnum 4614and 4615.Va ubthidhci_addr 4616variables. 4617.It Va ubthidhci_busnum 4618Bus number where the USB Bluetooth controller is located. 4619Check the output of 4620.Xr usbconfig 8 4621on your system to find this information. 4622.It Va ubthidhci_addr 4623Bus address of the USB Bluetooth controller. 4624Check the output of 4625.Xr usbconfig 8 4626on your system to find this information. 4627.It Va netwait_enable 4628.Pq Vt bool 4629If set to 4630.Dq Li YES , 4631delays the start of network-reliant services until 4632.Va netwait_if 4633is up and ICMP packets to a destination defined in 4634.Va netwait_ip 4635are flowing. 4636Link state is examined first, followed by 4637.Dq Li pinging 4638an IP address to verify network usability. 4639If no destination can be reached or timeouts are exceeded, 4640network services are started anyway with no guarantee that 4641the network is usable. 4642Use of this variable requires both 4643.Va netwait_ip 4644and 4645.Va netwait_if 4646to be set. 4647.It Va netwait_ip 4648.Pq Vt str 4649Empty by default. 4650This variable contains a space-delimited list of IP addresses to 4651.Xr ping 8 . 4652DNS hostnames should not be used as resolution is not guaranteed 4653to be functional at this point. 4654If multiple IP addresses are specified, 4655each will be tried until one is successful or the list is exhausted. 4656.It Va netwait_timeout 4657.Pq Vt int 4658Indicates the total number of seconds to perform a 4659.Dq Li ping 4660against each IP address in 4661.Va netwait_ip , 4662at a rate of one ping per second. 4663If any of the pings are successful, 4664full network connectivity is considered reliable. 4665The default is 60. 4666.It Va netwait_if 4667.Pq Vt str 4668Empty by default. 4669Defines the name of the network interface on which watch for link. 4670.Xr ifconfig 8 4671is used to monitor the interface, looking for 4672.Dq Li status: no carrier . 4673Once gone, the link is considered up. 4674This can be a 4675.Xr vlan 4 4676interface if desired. 4677.It Va netwait_if_timeout 4678.Pq Vt int 4679Defines the total number of seconds to wait for link to become usable, 4680polled at a 1-second interval. 4681The default is 30. 4682.El 4683.Sh FILES 4684.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4685.It Pa /etc/defaults/rc.conf 4686.It Pa /etc/rc.conf 4687.It Pa /etc/rc.conf.local 4688.El 4689.Sh SEE ALSO 4690.Xr catman 1 , 4691.Xr chmod 1 , 4692.Xr gdb 1 , 4693.Xr info 1 , 4694.Xr kbdcontrol 1 , 4695.Xr makewhatis 1 , 4696.Xr sh 1 , 4697.Xr vi 1 , 4698.Xr vidcontrol 1 , 4699.Xr bridge 4 , 4700.Xr dummynet 4 , 4701.Xr ip 4 , 4702.Xr ipf 4 , 4703.Xr ipfw 4 , 4704.Xr ipnat 4 , 4705.Xr kld 4 , 4706.Xr pf 4 , 4707.Xr pflog 4 , 4708.Xr pfsync 4 , 4709.Xr tcp 4 , 4710.Xr udp 4 , 4711.Xr exports 5 , 4712.Xr fstab 5 , 4713.Xr ipf 5 , 4714.Xr ipnat 5 , 4715.Xr motd 5 , 4716.Xr newsyslog.conf 5 , 4717.Xr pf.conf 5 , 4718.Xr security 7 , 4719.Xr accton 8 , 4720.Xr amd 8 , 4721.Xr apm 8 , 4722.Xr atm 8 , 4723.Xr bthidd 8 , 4724.Xr chkprintcap 8 , 4725.Xr chown 8 , 4726.Xr cron 8 , 4727.Xr devfs 8 , 4728.Xr dhclient 8 , 4729.Xr ftpd 8 , 4730.Xr geli 8 , 4731.Xr hcsecd 8 , 4732.Xr ifconfig 8 , 4733.Xr inetd 8 , 4734.Xr ipf 8 , 4735.Xr ipfw 8 , 4736.Xr ipnat 8 , 4737.Xr jail 8 , 4738.Xr kldxref 8 , 4739.Xr lpd 8 , 4740.Xr mdconfig 8 , 4741.Xr mdmfs 8 , 4742.Xr mixer 8 , 4743.Xr mountd 8 , 4744.Xr moused 8 , 4745.Xr mrouted 8 , 4746.Xr named 8 , 4747.Xr newfs 8 , 4748.Xr newsyslog 8 , 4749.Xr nfsd 8 , 4750.Xr ntpd 8 , 4751.Xr ntpdate 8 , 4752.Xr pfctl 8 , 4753.Xr pflogd 8 , 4754.Xr ping 8 , 4755.Xr powerd 8 , 4756.Xr quotacheck 8 , 4757.Xr quotaon 8 , 4758.Xr rc 8 , 4759.Xr rc.sendmail 8 , 4760.Xr rfcomm_pppd 8 , 4761.Xr route 8 , 4762.Xr routed 8 , 4763.Xr rpcbind 8 , 4764.Xr rpc.lockd 8 , 4765.Xr rpc.statd 8 , 4766.Xr rwhod 8 , 4767.Xr savecore 8 , 4768.Xr sdpd 8 , 4769.Xr sshd 8 , 4770.Xr swapon 8 , 4771.Xr sysctl 8 , 4772.Xr syslogd 8 , 4773.Xr timed 8 , 4774.Xr usbconfig 8 , 4775.Xr wlandebug 8 , 4776.Xr yp 8 , 4777.Xr ypbind 8 , 4778.Xr ypserv 8 , 4779.Xr ypset 8 4780.Sh HISTORY 4781The 4782.Nm 4783file appeared in 4784.Fx 2.2.2 . 4785.Sh AUTHORS 4786.An Jordan K. Hubbard . 4787