1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd April 4, 2007 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67See the 68.Va rc_conf_files 69variable below. 70.Pp 71Options are set with 72.Dq Ar name Ns Li = Ns Ar value 73assignments that use 74.Xr sh 1 75syntax. 76The following list provides a name and short description for each 77variable that can be set in the 78.Nm 79file: 80.Bl -tag -width indent-two 81.It Va rc_debug 82.Pq Vt bool 83If set to 84.Dq Li YES , 85enable output of debug messages from rc scripts. 86This variable can be helpful in diagnosing mistakes when 87editing or integrating new scripts. 88Beware that this produces copious output to the terminal and 89.Xr syslog 3 . 90.It Va rc_info 91.Pq Vt bool 92If set to 93.Dq Li NO , 94disable informational messages from the rc scripts. 95Informational messages are displayed when 96a condition that is not serious enough to warrant a warning or 97an error occurs. 98.It Va early_late_divider 99.Pq Vt str 100The name of the script that should be used as the 101delimiter between the 102.Dq early 103and 104.Dq late 105stages of the boot process. 106The early stage should contain all the services needed to 107get the disks (local or remote) mounted so that the late 108stage can include scripts contained in the directories 109listed in the 110.Va local_startup 111variable (see below). 112Thus, the two likely candidates for this value are 113.Pa mountcritlocal 114for the typical system, and 115.Pa mountcritremote 116if the system needs remote file 117systems mounted to get access to the 118.Va local_startup 119directories; for example when 120.Pa /usr/local 121is NFS mounted. 122For 123.Pa rc.conf 124within a 125.Xr jail 8 126.Pa NETWORKING 127is likely to be an appropriate value. 128Extreme care should be taken when changing this value, 129and before changing it one should ensure that there are 130adequate provisions to recover from a failed boot 131(such as physical contact with the machine, 132or reliable remote console access). 133.It Va swapfile 134.Pq Vt str 135If set to 136.Dq Li NO , 137no swapfile is installed, otherwise the value is used as the full 138pathname to a file to use for additional swap space. 139.It Va apm_enable 140.Pq Vt bool 141If set to 142.Dq Li YES , 143enable support for Automatic Power Management with 144the 145.Xr apm 8 146command. 147.It Va apmd_enable 148.Pq Vt bool 149Run 150.Xr apmd 8 151to handle APM event from userland. 152This also enables support for APM. 153.It Va apmd_flags 154.Pq Vt str 155If 156.Va apmd_enable 157is set to 158.Dq Li YES , 159these are the flags to pass to the 160.Xr apmd 8 161daemon. 162.It Va devd_enable 163.Pq Vt bool 164Run 165.Xr devd 8 166to handle device added, removed or unknown events from the kernel. 167.It Va kldxref_enable 168.Pq Vt bool 169Set to 170.Dq Li NO 171by default. 172Set to 173.Dq Li YES 174to automatically rebuild 175.Pa linker.hints 176files with 177.Xr kldxref 8 178at boot time. 179.It Va kldxref_clobber 180.Pq Vt bool 181Set to 182.Dq Li NO 183by default. 184If 185.Va kldxref_enable 186is true, 187setting to 188.Dq Li YES 189will overwrite existing 190.Pa linker.hints 191files at boot time. 192Otherwise, 193only missing 194.Pa linker.hints 195files are generated. 196.It Va kldxref_module_path 197.Pq Vt str 198Empty by default. 199A semi-colon 200.Pq Ql \&; 201delimited list of paths containing 202.Xr kld 4 203modules. 204If empty, 205the contents of the 206.Va kern.module_path 207.Xr sysctl 8 208are used. 209.It Va powerd_enable 210.Pq Vt bool 211If set to 212.Dq Li YES , 213enable the system power control facility with the 214.Xr powerd 8 215daemon. 216.It Va powerd_flags 217.Pq Vt str 218If 219.Va powerd_enable 220is set to 221.Dq Li YES , 222these are the flags to pass to the 223.Xr powerd 8 224daemon. 225.It Va tmpmfs 226Controls the creation of a 227.Pa /tmp 228memory file system. 229Always happens if set to 230.Dq Li YES 231and never happens if set to 232.Dq Li NO . 233If set to anything else, a memory file system is created if 234.Pa /tmp 235is not writable. 236.It Va tmpsize 237Controls the size of a created 238.Pa /tmp 239memory file system. 240.It Va tmpmfs_flags 241Extra options passed to the 242.Xr mdmfs 8 243utility when the memory file system for 244.Pa /tmp 245is created. 246The default is 247.Dq Li "-S" , 248which inhibits the use of softupdates on 249.Pa /tmp 250so that file system space is freed without delay 251after file truncation or deletion. 252See 253.Xr mdmfs 8 254for other options you can use in 255.Va tmpmfs_flags . 256.It Va varmfs 257Controls the creation of a 258.Pa /var 259memory file system. 260Always happens if set to 261.Dq Li YES 262and never happens if set to 263.Dq Li NO . 264If set to anything else, a memory file system is created if 265.Pa /var 266is not writable. 267.It Va varsize 268Controls the size of a created 269.Pa /var 270memory file system. 271.It Va varmfs_flags 272Extra options passed to the 273.Xr mdmfs 8 274utility when the memory file system for 275.Pa /var 276is created. 277The default is 278.Dq Li "-S" , 279which inhibits the use of softupdates on 280.Pa /var 281so that file system space is freed without delay 282after file truncation or deletion. 283See 284.Xr mdmfs 8 285for other options you can use in 286.Va varmfs_flags . 287.It Va populate_var 288Controls the automatic population of the 289.Pa /var 290file system. 291Always happens if set to 292.Dq Li YES 293and never happens if set to 294.Dq Li NO . 295If set to anything else, a memory file system is created if 296.Pa /var 297is not writable. 298Note that this process requires access to certain commands in 299.Pa /usr 300before 301.Pa /usr 302is mounted on normal systems. 303.It Va cleanvar_enable 304.Pq Vt bool 305Clean the 306.Pa /var 307directory. 308.It Va local_startup 309.Pq Vt str 310List of directories to search for startup script files. 311.It Va script_name_sep 312.Pq Vt str 313The field separator to use for breaking down the list of startup script files 314into individual filenames. 315The default is a space. 316It is not necessary to change this unless there are startup scripts with names 317containing spaces. 318.It Va hostapd_enable 319.Pq Vt bool 320Set to 321.Dq Li YES 322to start 323.Xr hostapd 8 324at system boot time. 325.It Va hostname 326.Pq Vt str 327The fully qualified domain name (FQDN) of this host on the network. 328This should almost certainly be set to something meaningful, even if 329there is no network connection. 330If 331.Xr dhclient 8 332is used to set the hostname via DHCP, 333this variable should be set to an empty string. 334.It Va ipv6_enable 335.Pq Vt bool 336Enable support for IPv6 networking. 337Note that this requires that the kernel has been compiled with 338.Cd "options INET6" . 339.It Va nisdomainname 340.Pq Vt str 341The NIS domain name of this host, or 342.Dq Li NO 343if NIS is not used. 344.It Va dhclient_program 345.Pq Vt str 346Path to the DHCP client program 347.Pa ( /sbin/dhclient , 348the 349.Ox 350DHCP client, 351is the default). 352.It Va dhclient_flags 353.Pq Vt str 354Additional flags to pass to the DHCP client program. 355For the 356.Ox 357DHCP client, see the 358.Xr dhclient 8 359manpage for a description of the command line options available. 360.It Va dhclient_flags_ Ns Aq Ar iface 361Additional flags to pass to the DHCP client program running on 362.Ar iface 363only. 364When specified, this variable overrides 365.Va dhclient_flags . 366.It Va background_dhclient 367.Pq Vt bool 368Set to 369.Dq Li YES 370to start the DHCP client in background. 371This can cause trouble with applications depending on 372a working network, but it will provide a faster startup 373in many cases. 374.It Va background_dhclient_ Ns Aq Ar iface 375When specified, this variable overrides the 376.Va background_dhclient 377variable for interface 378.Ar iface 379only. 380.It Va synchronous_dhclient 381.Pq Bt bool 382Set to 383.Dq Li NO 384to start 385.Xr dhclient 8 386only in response to interface events and not synchronously at startup. 387This behavior can be overridden on a per-interface basis by replacing 388the 389.Dq Li DHCP 390keyword in the 391.Va ifconfig_ Ns Aq Ar interface 392variable with 393.Dq Li SYNCDHCP 394or 395.Dq Li NOSYNCDHCP . 396.It Va firewall_enable 397.Pq Vt bool 398Set to 399.Dq Li YES 400to load firewall rules at startup. 401If the kernel was not built with 402.Cd "options IPFIREWALL" , 403the 404.Pa ipfw.ko 405kernel module will be loaded. 406See also 407.Va ipfilter_enable . 408.It Va ipv6_firewall_enable 409.Pq Vt bool 410The IPv6 equivalent of 411.Va firewall_enable . 412Set to 413.Dq Li YES 414to load IPv6 firewall rules at startup. 415If the kernel was not built with 416.Cd "options IPV6FIREWALL" , 417the 418.Pa ipfw.ko 419kernel module will be loaded. 420.It Va firewall_script 421.Pq Vt str 422This variable specifies the full path to the firewall script to run. 423The default is 424.Pa /etc/rc.firewall . 425.It Va ipv6_firewall_script 426.Pq Vt str 427The IPv6 equivalent of 428.Va firewall_script . 429.It Va firewall_type 430.Pq Vt str 431Names the firewall type from the selection in 432.Pa /etc/rc.firewall , 433or the file which contains the local firewall ruleset. 434Valid selections from 435.Pa /etc/rc.firewall 436are: 437.Pp 438.Bl -tag -width ".Li simple" -compact 439.It Li open 440unrestricted IP access 441.It Li closed 442all IP services disabled, except via 443.Dq Li lo0 444.It Li client 445basic protection for a workstation 446.It Li simple 447basic protection for a LAN. 448.El 449.Pp 450If a filename is specified, the full path 451must be given. 452.It Va ipv6_firewall_type 453.Pq Vt str 454The IPv6 equivalent of 455.Va firewall_type . 456.It Va firewall_quiet 457.Pq Vt bool 458Set to 459.Dq Li YES 460to disable the display of firewall rules on the console during boot. 461.It Va ipv6_firewall_quiet 462.Pq Vt bool 463The IPv6 equivalent of 464.Va firewall_quiet . 465.It Va firewall_logging 466.Pq Vt bool 467Set to 468.Dq Li YES 469to enable firewall event logging. 470This is equivalent to the 471.Dv IPFIREWALL_VERBOSE 472kernel option. 473.It Va ipv6_firewall_logging 474.Pq Vt bool 475The IPv6 equivalent of 476.Va firewall_logging . 477.It Va firewall_flags 478.Pq Vt str 479Flags passed to 480.Xr ipfw 8 481if 482.Va firewall_type 483specifies a filename. 484.It Va ipv6_firewall_flags 485.Pq Vt str 486The IPv6 equivalent of 487.Va firewall_flags . 488.It Va natd_program 489.Pq Vt str 490Path to 491.Xr natd 8 . 492.It Va natd_enable 493.Pq Vt bool 494Set to 495.Dq Li YES 496to enable 497.Xr natd 8 . 498.Va firewall_enable 499must also be set to 500.Dq Li YES , 501and 502.Xr divert 4 503sockets must be enabled in the kernel. 504If the kernel was not built with 505.Cd "options IPDIVERT" , 506the 507.Pa ipdivert.ko 508kernel module will be loaded. 509.It Va natd_interface 510.Pq Vt str 511This is the name of the public interface on which 512.Xr natd 8 513should run. 514The interface may be given as an interface name or as an IP address. 515.It Va natd_flags 516.Pq Vt str 517Additional 518.Xr natd 8 519flags should be placed here. 520The 521.Fl n 522or 523.Fl a 524flag is automatically added with the above 525.Va natd_interface 526as an argument. 527.\" ----- ipfilter_enable setting -------------------------------- 528.It Va ipfilter_enable 529.Pq Vt bool 530Set to 531.Dq Li NO 532by default. 533Setting this to 534.Dq Li YES 535enables 536.Xr ipf 8 537packet filtering. 538.Pp 539Typical usage will require putting 540.Bd -literal 541ipfilter_enable="YES" 542ipnat_enable="YES" 543ipmon_enable="YES" 544ipfs_enable="YES" 545.Ed 546.Pp 547into 548.Pa /etc/rc.conf 549and editing 550.Pa /etc/ipf.rules 551and 552.Pa /etc/ipnat.rules 553appropriately. 554.Pp 555Note that 556.Va ipfilter_enable 557and 558.Va ipnat_enable 559can be enabled independently. 560.Va ipmon_enable 561and 562.Va ipfs_enable 563both require at least one of 564.Va ipfilter_enable 565and 566.Va ipnat_enable 567to be enabled. 568.Pp 569Having 570.Bd -literal 571options IPFILTER 572options IPFILTER_LOG 573options IPFILTER_DEFAULT_BLOCK 574.Ed 575.Pp 576in the kernel configuration file is a good idea, too. 577.\" ----- ipfilter_program setting ------------------------------ 578.It Va ipfilter_program 579.Pq Vt str 580Path to 581.Xr ipf 8 582(default 583.Pa /sbin/ipf ) . 584.\" ----- ipfilter_rules setting -------------------------------- 585.It Va ipfilter_rules 586.Pq Vt str 587Set to 588.Pa /etc/ipf.rules 589by default. 590This variable contains the name of the filter rule definition file. 591The file is expected to be readable for the 592.Xr ipf 8 593command to execute. 594.\" ----- ipv6_ipfilter_rules setting --------------------------- 595.It Va ipv6_ipfilter_rules 596.Pq Vt str 597Set to 598.Pa /etc/ipf6.rules 599by default. 600This variable contains the IPv6 filter rule definition file. 601The file is expected to be readable for the 602.Xr ipf 8 603command to execute. 604.\" ----- ipfilter_flags setting -------------------------------- 605.It Va ipfilter_flags 606.Pq Vt str 607Empty by default. 608This variable contains flags passed to the 609.Xr ipf 8 610program. 611.\" ----- ipnat_enable setting ---------------------------------- 612.It Va ipnat_enable 613.Pq Vt bool 614Set to 615.Dq Li NO 616by default. 617Set it to 618.Dq Li YES 619to enable 620.Xr ipnat 8 621network address translation. 622See 623.Va ipfilter_enable 624for a detailed discussion. 625.\" ----- ipnat_program setting --------------------------------- 626.It Va ipnat_program 627.Pq Vt str 628Path to 629.Xr ipnat 8 630(default 631.Pa /sbin/ipnat ) . 632.\" ----- ipnat_rules setting ----------------------------------- 633.It Va ipnat_rules 634.Pq Vt str 635Set to 636.Pa /etc/ipnat.rules 637by default. 638This variable contains the name of the file 639holding the network address translation definition. 640This file is expected to be readable for the 641.Xr ipnat 8 642command to execute. 643.\" ----- ipnat_flags setting ----------------------------------- 644.It Va ipnat_flags 645.Pq Vt str 646Empty by default. 647This variable contains flags passed to the 648.Xr ipnat 8 649program. 650.\" ----- ipmon_enable setting ---------------------------------- 651.It Va ipmon_enable 652.Pq Vt bool 653Set to 654.Dq Li NO 655by default. 656Set it to 657.Dq Li YES 658to enable 659.Xr ipmon 8 660monitoring (logging 661.Xr ipf 8 662and 663.Xr ipnat 8 664events). 665Setting this variable needs setting 666.Va ipfilter_enable 667or 668.Va ipnat_enable 669too. 670See 671.Va ipfilter_enable 672for a detailed discussion. 673.\" ----- ipmon_program setting --------------------------------- 674.It Va ipmon_program 675.Pq Vt str 676Path to 677.Xr ipmon 8 678(default 679.Pa /sbin/ipmon ) . 680.\" ----- ipmon_flags setting ----------------------------------- 681.It Va ipmon_flags 682.Pq Vt str 683Set to 684.Dq Li -Ds 685by default. 686This variable contains flags passed to the 687.Xr ipmon 8 688program. 689Another typical example would be 690.Dq Fl D Pa /var/log/ipflog 691to have 692.Xr ipmon 8 693log directly to a file bypassing 694.Xr syslogd 8 . 695Make sure to adjust 696.Pa /etc/newsyslog.conf 697in such case like this: 698.Bd -literal 699/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 700.Ed 701.\" ----- ipfs_enable setting ----------------------------------- 702.It Va ipfs_enable 703.Pq Vt bool 704Set to 705.Dq Li NO 706by default. 707Set it to 708.Dq Li YES 709to enable 710.Xr ipfs 8 711saving the filter and NAT state tables during shutdown 712and reloading them during startup again. 713Setting this variable needs setting 714.Va ipfilter_enable 715or 716.Va ipnat_enable 717to 718.Dq Li YES 719too. 720See 721.Va ipfilter_enable 722for a detailed discussion. 723Note that if 724.Va kern_securelevel 725is set to 3, 726.Va ipfs_enable 727cannot be used 728because the raised securelevel will prevent 729.Xr ipfs 8 730from saving the state tables at shutdown time. 731.\" ----- ipfs_program setting ---------------------------------- 732.It Va ipfs_program 733.Pq Vt str 734Path to 735.Xr ipfs 8 736(default 737.Pa /sbin/ipfs ) . 738.\" ----- ipfs_flags setting ------------------------------------ 739.It Va ipfs_flags 740.Pq Vt str 741Empty by default. 742This variable contains flags passed to the 743.Xr ipfs 8 744program. 745.\" ----- end of added ipf hook --------------------------------- 746.It Va pf_enable 747.Pq Vt bool 748Set to 749.Dq Li NO 750by default. 751Setting this to 752.Dq Li YES 753enables 754.Xr pf 4 755packet filtering. 756.Pp 757Typical usage will require putting 758.Pp 759.Dl pf_enable="YES" 760.Pp 761into 762.Pa /etc/rc.conf 763and editing 764.Pa /etc/pf.conf 765appropriately. 766.Pp 767.Dl "device pf" 768.Pp 769builds 770.Xr pf 4 771into the kernel. 772Otherwise it is loaded from a module. 773.It Va pf_rules 774.Pq Vt str 775Path to 776.Xr pf 4 777ruleset configuration file 778(default 779.Pa /etc/pf.conf ) . 780.It Va pf_program 781.Pq Vt str 782Path to 783.Xr pfctl 8 784(default 785.Pa /sbin/pfctl ) . 786.It Va pf_flags 787.Pq Vt str 788If 789.Va pf_enable 790is set to 791.Dq Li YES , 792these flags are passed to the 793.Xr pfctl 8 794program when loading the ruleset. 795.It Va pflog_enable 796.Pq Vt bool 797Set to 798.Dq Li NO 799by default. 800Setting this to 801.Dq Li YES 802enables 803.Xr pflogd 8 804which logs packets from the 805.Xr pf 4 806packet filter. 807.It Va pflog_logfile 808.Pq Vt str 809If 810.Va pflog_enable 811is set to 812.Dq Li YES 813this controls where 814.Xr pflogd 8 815stores the logfile 816(default 817.Pa /var/log/pflog ) . 818Check 819.Pa /etc/newsyslog.conf 820to adjust logfile rotation for this. 821.It Va pflog_program 822.Pq Vt str 823Path to 824.Xr pflogd 8 825(default 826.Pa /sbin/pflogd ) . 827.It Va pflog_flags 828.Pq Vt str 829Empty by default. 830This variable contains additional flags passed to the 831.Xr pflogd 8 832program. 833.It Va pfsync_enable 834.Pq Vt bool 835Set to 836.Dq Li NO 837by default. 838Setting this to 839.Dq Li YES 840enables exposing 841.Xr pf 4 842state changes to other hosts over the network by means of 843.Xr pfsync 4 . 844The 845.Va pfsync_syncdev 846variable 847must also be set then. 848.It Va pfsync_syncdev 849.Pq Vt str 850Empty by default. 851This variable specifies the name of the network interface 852.Xr pfsync 4 853should operate through. 854It must be set accordingly if 855.Va pfsync_enable 856is set to 857.Dq Li YES . 858.It Va pfsync_ifconfig 859.Pq Vt str 860Empty by default. 861This variable can contain additional options to be passed to the 862.Xr ifconfig 8 863command used to set up 864.Xr pfsync 4 . 865.It Va tcp_extensions 866.Pq Vt bool 867Set to 868.Dq Li YES 869by default. 870Setting this to 871.Dq Li NO 872disables certain TCP options as described by 873.Rs 874.%T "RFC 1323" 875.Re 876Setting this to 877.Dq Li NO 878might help remedy such problems with connections as randomly hanging 879or other weird behavior. 880Some network devices are known 881to be broken with respect to these options. 882.It Va log_in_vain 883.Pq Vt int 884Set to 0 by default. 885The 886.Xr sysctl 8 887variables, 888.Va net.inet.tcp.log_in_vain 889and 890.Va net.inet.udp.log_in_vain , 891as described in 892.Xr tcp 4 893and 894.Xr udp 4 , 895are set to the given value. 896.It Va tcp_keepalive 897.Pq Vt bool 898Set to 899.Dq Li YES 900by default. 901Setting to 902.Dq Li NO 903will disable probing idle TCP connections to verify that the 904peer is still up and reachable. 905.It Va tcp_drop_synfin 906.Pq Vt bool 907Set to 908.Dq Li NO 909by default. 910Setting to 911.Dq Li YES 912will cause the kernel to ignore TCP frames that have both 913the SYN and FIN flags set. 914This prevents OS fingerprinting, but may 915break some legitimate applications. 916This option is only available if the 917kernel was built with the 918.Dv TCP_DROP_SYNFIN 919option. 920.It Va icmp_drop_redirect 921.Pq Vt bool 922Set to 923.Dq Li NO 924by default. 925Setting to 926.Dq Li YES 927will cause the kernel to ignore ICMP REDIRECT packets. 928Refer to 929.Xr icmp 4 930for more information. 931.It Va icmp_log_redirect 932.Pq Vt bool 933Set to 934.Dq Li NO 935by default. 936Setting to 937.Dq Li YES 938will cause the kernel to log ICMP REDIRECT packets. 939Note that 940the log messages are not rate-limited, so this option should only be used 941for troubleshooting networks. 942Refer to 943.Xr icmp 4 944for more information. 945.It Va icmp_bmcastecho 946.Pq Vt bool 947Set to 948.Dq Li YES 949to respond to broadcast or multicast ICMP ping packets. 950Refer to 951.Xr icmp 4 952for more information. 953.It Va ip_portrange_first 954.Pq Vt int 955If not set to 956.Dq Li NO , 957this is the first port in the default portrange. 958Refer to 959.Xr ip 4 960for more information. 961.It Va ip_portrange_last 962.Pq Vt int 963If not set to 964.Dq Li NO , 965this is the last port in the default portrange. 966Refer to 967.Xr ip 4 968for more information. 969.It Va network_interfaces 970.Pq Vt str 971Set to the list of network interfaces to configure on this host or 972.Dq Li AUTO 973(the default) for all current interfaces. 974Setting the 975.Va network_interfaces 976variable to anything other than the default is deprecated. 977Interfaces that the administrator wishes to store configuration for, 978but not start at boot should be configured with the 979.Dq Li NOAUTO 980keyword in their 981.Va ifconfig_ Ns Aq Ar interface 982variables as described below. 983.Pp 984An 985.Va ifconfig_ Ns Aq Ar interface 986variable is also assumed to exist for each value of 987.Ar interface . 988When an interface name contains any of the characters 989.Dq Li .-/+ 990they are translated to 991.Dq Li _ 992before lookup. 993The variable can contain arguments to 994.Xr ifconfig 8 , 995as well as special case-insensitive keywords described below. 996Such keywords are removed before passing the value to 997.Xr ifconfig 8 998while the order of the other arguments is preserved. 999.Pp 1000One can configure more than one IPv4 address with the 1001.Va ipv4_addrs_ Ns Aq Ar interface 1002variable. 1003One or more IP addresses must be provided in Classless Inter-Domain 1004Routing (CIDR) address notation, whose last byte can be a range like 1005192.168.0.5-23/24. 1006In this case the address 192.168.0.5 will be configured with the 1007netmask /24 and the addresses 192.168.0.6 to 192.168.0.23 with 1008the non-conflicting netmask /32 as explained in the 1009.Xr ifconfig 8 1010alias section. 1011With the interface in question being 1012.Li ed0 , 1013an example could look like: 1014.Bd -literal 1015ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28" 1016.Ed 1017.Pp 1018It is also possible to add IP alias entries using 1019.Xr ifconfig 8 1020syntax. 1021Assuming that the interface in question was 1022.Li ed0 , 1023it might look 1024something like this: 1025.Bd -literal 1026ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1027ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1028.Ed 1029.Pp 1030And so on. 1031For each 1032.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1033entry that is found, 1034its contents are passed to 1035.Xr ifconfig 8 . 1036Execution stops at the first unsuccessful access, so if 1037something like this is present: 1038.Bd -literal 1039ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1040ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1041ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1042ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1043.Ed 1044.Pp 1045Then note that alias4 would 1046.Em not 1047be added since the search would 1048stop with the missing 1049.Dq Li alias3 1050entry. 1051Due to this difficult to manage behavior, the 1052.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1053form is deprecated. 1054.Pp 1055If the 1056.Pa /etc/start_if. Ns Aq Ar interface 1057file is present, it is read and executed by the 1058.Xr sh 1 1059interpreter 1060before configuring the interface as specified in the 1061.Va ifconfig_ Ns Aq Ar interface 1062and 1063.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1064variables. 1065.Pp 1066If the 1067.Va ifconfig_ Ns Aq Ar interface 1068contains the keyword 1069.Dq Li NOAUTO 1070then the interface will not be configured 1071at boot or by 1072.Pa /etc/pccard_ether 1073when 1074.Va network_interfaces 1075is set to 1076.Dq Li AUTO . 1077.Pp 1078It is possible to bring up an interface with DHCP by adding 1079.Dq Li DHCP 1080to the 1081.Va ifconfig_ Ns Aq Ar interface 1082variable. 1083For instance, to initialize the 1084.Li ed0 1085device via DHCP, 1086it is possible to use something like: 1087.Bd -literal 1088ifconfig_ed0="DHCP" 1089.Ed 1090.Pp 1091Also, if your interface needs WPA authentication, it is possible to add 1092.Dq Li WPA 1093to the 1094.Va ifconfig_ Ns Aq Ar interface 1095variable. 1096.Pp 1097Finally, you can add 1098.Xr ifconfig 8 1099options in this variable, in addition to the 1100.Pa /etc/start_if. Ns Aq Ar interface 1101file. 1102For instance, to initialize the 1103.Li wi0 1104device via DHCP, using WPA authentication and 802.11b mode, it is 1105possible to use something like: 1106.Bd -literal 1107ifconfig_wi0="DHCP WPA mode 11b" 1108.Ed 1109.Pp 1110In addition to the 1111.Va ifconfig_ Ns Aq Ar interface 1112form, a fallback variable 1113.Va ifconfig_DEFAULT 1114may be configured. 1115It will be used for all interfaces with no 1116.Va ifconfig_ Ns Aq Ar interface 1117variable. 1118This is intended to replace the no longer supported 1119.Va pccard_ifconfig 1120variable. 1121.Pp 1122It is also possible to rename interface by doing: 1123.Bd -literal 1124ifconfig_ed0_name="net0" 1125ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000" 1126.Ed 1127.It Va ipv6_network_interfaces 1128.Pq Vt str 1129This is the IPv6 equivalent of 1130.Va network_interfaces . 1131Instead of setting the ifconfig variables as 1132.Va ifconfig_ Ns Aq Ar interface 1133they should be set as 1134.Va ipv6_ifconfig_ Ns Aq Ar interface . 1135Aliases should be set as 1136.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . 1137.Va ipv6_prefix_ Ns Aq Ar interface 1138does something. 1139Interfaces that do not have a 1140.Va ipv6_ifconfig_ Ns Aq Ar interface 1141setting will be auto configured by 1142.Xr rtsol 8 1143if the 1144.Va ipv6_gateway_enable 1145is set to 1146.Dq Li NO . 1147Note that the IPv6 networking code does not support the 1148.Pa /etc/start_if. Ns Aq Ar interface 1149files. 1150.It Va ipv6_default_interface 1151.Pq Vt str 1152If not set to 1153.Dq Li NO , 1154this is the default output interface for scoped addresses. 1155Now this works only for IPv6 link local multicast addresses. 1156.It Va cloned_interfaces 1157.Pq Vt str 1158Set to the list of clonable network interfaces to create on this host. 1159Entries in 1160.Va cloned_interfaces 1161are automatically appended to 1162.Va network_interfaces 1163for configuration. 1164.It Va fec_interfaces 1165.Pq Vt str 1166Set to the list of 1167.Xr ng_fec 4 1168Fast EtherChannel interfaces to configure on this host. 1169A 1170.Va fecconfig_ Ns Aq Ar interface 1171variable is assumed to exist for each value of 1172.Ar interface . 1173The value of this variable is used to configure link aggregated interfaces 1174according to the syntax of the 1175.Cm NGM_FEC_ADD_IFACE 1176to 1177.Xr ngctl 8 1178msg. 1179Additionally, this option ensures that each listed interface is created 1180via the 1181.Cm mkpeer 1182command to 1183.Xr ngctl 8 1184before attempting to configure it. 1185For example: 1186.Bd -literal 1187fec_interfaces="fec0" 1188fecconfig_fec0="em0 em1" 1189ifconfig_fec0="DHCP" 1190.Ed 1191.It Va gif_interfaces 1192.Pq Vt str 1193Set to the list of 1194.Xr gif 4 1195tunnel interfaces to configure on this host. 1196A 1197.Va gifconfig_ Ns Aq Ar interface 1198variable is assumed to exist for each value of 1199.Ar interface . 1200The value of this variable is used to configure the link layer of the 1201tunnel according to the syntax of the 1202.Cm tunnel 1203option to 1204.Xr ifconfig 8 . 1205Additionally, this option ensures that each listed interface is created 1206via the 1207.Cm create 1208option to 1209.Xr ifconfig 8 1210before attempting to configure it. 1211.It Va sppp_interfaces 1212.Pq Vt str 1213Set to the list of 1214.Xr sppp 4 1215interfaces to configure on this host. 1216A 1217.Va spppconfig_ Ns Aq Ar interface 1218variable is assumed to exist for each value of 1219.Ar interface . 1220Each interface should also be configured by a general 1221.Va ifconfig_ Ns Aq Ar interface 1222setting. 1223Refer to 1224.Xr spppcontrol 8 1225for more information about available options. 1226.It Va ppp_enable 1227.Pq Vt bool 1228If set to 1229.Dq Li YES , 1230run the 1231.Xr ppp 8 1232daemon. 1233.It Va ppp_mode 1234.Pq Vt str 1235Mode in which to run the 1236.Xr ppp 8 1237daemon. 1238Accepted modes are 1239.Dq Li auto , 1240.Dq Li ddial , 1241.Dq Li direct 1242and 1243.Dq Li dedicated . 1244See the manual for a full description. 1245.It Va ppp_nat 1246.Pq Vt bool 1247If set to 1248.Dq Li YES , 1249enables network address translation. 1250Used in conjunction with 1251.Va gateway_enable 1252allows hosts on private network addresses access to the Internet using 1253this host as a network address translating router. 1254.It Va ppp_profile 1255.Pq Vt str 1256The name of the profile to use from 1257.Pa /etc/ppp/ppp.conf . 1258.It Va ppp_user 1259.Pq Vt str 1260The name of the user under which 1261.Xr ppp 8 1262should be started. 1263By 1264default, 1265.Xr ppp 8 1266is started as 1267.Dq Li root . 1268.It Va rc_conf_files 1269.Pq Vt str 1270This option is used to specify a list of files that will override 1271the settings in 1272.Pa /etc/defaults/rc.conf . 1273The files will be read in the order in which they are specified and should 1274include the full path to the file. 1275By default, the files specified are 1276.Pa /etc/rc.conf 1277and 1278.Pa /etc/rc.conf.local 1279.It Va gbde_autoattach_all 1280.Pq Vt bool 1281If set to 1282.Dq Li YES , 1283.Pa /etc/rc.d/gbde 1284will attempt to automatically initialize your .bde devices in 1285.Pa /etc/fstab . 1286.It Va gbde_devices 1287.Pq Vt str 1288List the devices that the script should try to attach, 1289or 1290.Dq Li AUTO . 1291.It Va gbde_lockdir 1292.Pq Vt str 1293The directory where the 1294.Xr gbde 4 1295lockfiles are located. 1296The default lockfile directory is 1297.Pa /etc . 1298.Pp 1299The lockfile for each individual 1300.Xr gbde 4 1301device can be overridden by setting the variable 1302.Va gbde_lock_ Ns Aq Ar device , 1303where 1304.Ar device 1305is the encrypted device without the 1306.Dq Pa /dev/ 1307and 1308.Dq Pa .bde 1309parts. 1310.It Va gbde_attach_attempts 1311.Pq Vt int 1312Number of times to attempt attaching to a 1313.Xr gbde 4 1314device, i.e., how many times the user is asked for the pass-phrase. 1315Default is 3. 1316.It Va geli_devices 1317.Pq Vt str 1318List of devices to automatically attach on boot. 1319Note that .eli devices from 1320.Pa /etc/fstab 1321are automatically appended to this list. 1322.It Va geli_tries 1323.Pq Vt int 1324Number of times user is asked for the pass-phrase. 1325If empty, it will be taken from 1326.Va kern.geom.eli.tries 1327sysctl variable. 1328.It Va geli_default_flags 1329.Pq Vt str 1330Default flags to use by 1331.Xr geli 8 1332when configuring disk encryption. 1333Flags can be configured for every device separately by defining 1334.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1335variable. 1336.It Va geli_autodetach 1337.Pq Vt str 1338Specifies if GELI devices should be marked for detach on last close after 1339file systems are mounted. 1340Default is 1341.Dq Li YES . 1342This can be changed for every device separately by defining 1343.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1344variable. 1345.It Va geli_swap_flags 1346Options passed to the 1347.Xr geli 8 1348utility when encrypted GEOM providers for swap partitions are created. 1349The default is 1350.Dq Li "-a aes -l 256 -s 4096 -d" . 1351.It Va root_rw_mount 1352.Pq Vt bool 1353Set to 1354.Dq Li YES 1355by default. 1356After the file systems are checked at boot time, the root file system 1357is remounted as read-write if this is set to 1358.Dq Li YES . 1359Diskless systems that mount their root file system from a read-only remote 1360NFS share should set this to 1361.Dq Li NO 1362in their 1363.Pa rc.conf . 1364.It Va fsck_y_enable 1365.Pq Vt bool 1366If set to 1367.Dq Li YES , 1368.Xr fsck 8 1369will be run with the 1370.Fl y 1371flag if the initial preen 1372of the file systems fails. 1373.It Va background_fsck 1374.Pq Vt bool 1375If set to 1376.Dq Li YES , 1377the system will attempt to run 1378.Xr fsck 8 1379in the background where possible. 1380.It Va background_fsck_delay 1381.Pq Vt int 1382The amount of time in seconds to sleep before starting a background 1383.Xr fsck 8 . 1384It defaults to sixty seconds to allow large applications such as 1385the X server to start before disk I/O bandwidth is monopolized by 1386.Xr fsck 8 . 1387If set to a negative number, the background file system check will be 1388delayed indefinitely to allow the administrator to run it at a more 1389convenient time. 1390For example it may be run from 1391.Xr cron 8 1392by adding a line like 1393.Pp 1394.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1395.Pp 1396to 1397.Pa /etc/crontab . 1398.It Va netfs_types 1399.Pq Vt str 1400List of file system types that are network-based. 1401This list should generally not be modified by end users. 1402Use 1403.Va extra_netfs_types 1404instead. 1405.It Va extra_netfs_types 1406.Pq Vt str 1407If set to something other than 1408.Dq Li NO 1409(the default), 1410this variable extends the list of file system types 1411for which automatic mounting at startup by 1412.Xr rc 8 1413should be delayed until the network is initialized. 1414It should contain 1415a whitespace-separated list of network file system descriptor pairs, 1416each consisting of a file system type as passed to 1417.Xr mount 8 1418and a human-readable, one-word description, 1419joined with a colon 1420.Pq Ql \&: . 1421Extending the default list in this way is only necessary 1422when third party file system types are used. 1423.It Va syslogd_enable 1424.Pq Vt bool 1425If set to 1426.Dq Li YES , 1427run the 1428.Xr syslogd 8 1429daemon. 1430.It Va syslogd_program 1431.Pq Vt str 1432Path to 1433.Xr syslogd 8 1434(default 1435.Pa /usr/sbin/syslogd ) . 1436.It Va syslogd_flags 1437.Pq Vt str 1438If 1439.Va syslogd_enable 1440is set to 1441.Dq Li YES , 1442these are the flags to pass to 1443.Xr syslogd 8 . 1444.It Va inetd_enable 1445.Pq Vt bool 1446If set to 1447.Dq Li YES , 1448run the 1449.Xr inetd 8 1450daemon. 1451.It Va inetd_program 1452.Pq Vt str 1453Path to 1454.Xr inetd 8 1455(default 1456.Pa /usr/sbin/inetd ) . 1457.It Va inetd_flags 1458.Pq Vt str 1459If 1460.Va inetd_enable 1461is set to 1462.Dq Li YES , 1463these are the flags to pass to 1464.Xr inetd 8 . 1465.It Va named_enable 1466.Pq Vt bool 1467If set to 1468.Dq Li YES , 1469run the 1470.Xr named 8 1471daemon. 1472.It Va named_program 1473.Pq Vt str 1474Path to 1475.Xr named 8 1476(default 1477.Pa /usr/sbin/named ) . 1478.It Va named_flags 1479.Pq Vt str 1480If 1481.Va named_enable 1482is set to 1483.Dq Li YES , 1484these are the flags to pass to 1485.Xr named 8 . 1486.It Va named_pidfile 1487.Pq Vt str 1488This is the default path to the 1489.Xr named 8 1490daemon's PID file. 1491This must match the location in 1492.Xr named.conf 5 . 1493.It Va named_uid 1494.Pq Vt str 1495The user that the 1496.Xr named 8 1497process should be run as. 1498.It Va named_chrootdir 1499.Pq Vt str 1500The root directory for a name server run in a 1501.Xr chroot 8 1502environment (default 1503.Pa /var/named ) . 1504If left empty 1505.Xr named 8 1506will not be run in a 1507.Xr chroot 8 1508environment. 1509.It Va named_chroot_autoupdate 1510.Pq Vt bool 1511Set to 1512.Dq Li NO 1513to disable automatic update of the 1514.Xr chroot 8 1515environment. 1516.It Va named_symlink_enable 1517.Pq Vt bool 1518Set to 1519.Dq Li NO 1520to disable symlinking of 1521daemon's PID file 1522into the 1523.Xr chroot 8 1524environment. 1525.It Va kerberos5_server_enable 1526.Pq Vt bool 1527Set to 1528.Dq Li YES 1529to start a Kerberos 5 authentication server 1530at boot time. 1531.It Va kerberos5_server 1532.Pq Vt str 1533If 1534.Va kerberos5_server_enable 1535is set to 1536.Dq Li YES 1537this is the path to Kerberos 5 Authentication Server. 1538.It Va kerberos5_server_flags 1539.Pq Vt str 1540Empty by default. 1541This variable contains additional flags to be passed to the Kerberos 5 1542authentication server. 1543.It Va kadmind5_server_enable 1544.Pq Vt bool 1545Set to 1546.Dq Li YES 1547to start 1548.Xr kadmind 8 , 1549the Kerberos 5 Administration Daemon; set to 1550.Dq Li NO 1551on a slave server. 1552.It Va kadmind5_server 1553.Pq Vt str 1554If 1555.Va kadmind5_server_enable 1556is set to 1557.Dq Li YES 1558this is the path to Kerberos 5 Administration Daemon. 1559.It Va kpasswdd_server_enable 1560.Pq Vt bool 1561Set to 1562.Dq Li YES 1563to start 1564.Xr kpasswdd 8 , 1565the Kerberos 5 Password-Changing Daemon; set to 1566.Dq Li NO 1567on a slave server. 1568.It Va kpasswdd_server 1569.Pq Vt str 1570If 1571.Va kpasswdd_server_enable 1572is set to 1573.Dq Li YES 1574this is the path to Kerberos 5 Password-Changing Daemon. 1575.It Va rwhod_enable 1576.Pq Vt bool 1577If set to 1578.Dq Li YES , 1579run the 1580.Xr rwhod 8 1581daemon at boot time. 1582.It Va rwhod_flags 1583.Pq Vt str 1584If 1585.Va rwhod_enable 1586is set to 1587.Dq Li YES , 1588these are the flags to pass to it. 1589.It Va amd_enable 1590.Pq Vt bool 1591If set to 1592.Dq Li YES , 1593run the 1594.Xr amd 8 1595daemon at boot time. 1596.It Va amd_flags 1597.Pq Vt str 1598If 1599.Va amd_enable 1600is set to 1601.Dq Li YES , 1602these are the flags to pass to it. 1603See the 1604.Xr amd 8 1605manpage for more information. 1606.It Va amd_map_program 1607.Pq Vt str 1608If set, 1609the specified program is run to get the list of 1610.Xr amd 8 1611maps. 1612For example, if the 1613.Xr amd 8 1614maps are stored in NIS, one can set this to 1615run 1616.Xr ypcat 1 1617to get a list of 1618.Xr amd 8 1619maps from the 1620.Pa amd.master 1621NIS map. 1622.It Va update_motd 1623.Pq Vt bool 1624If set to 1625.Dq Li YES , 1626.Pa /etc/motd 1627will be updated at boot time to reflect the kernel release 1628being run. 1629If set to 1630.Dq Li NO , 1631.Pa /etc/motd 1632will not be updated. 1633.It Va nfs_client_enable 1634.Pq Vt bool 1635If set to 1636.Dq Li YES , 1637run the NFS client daemons at boot time. 1638.It Va nfs_access_cache 1639.Pq Vt int 1640If 1641.Va nfs_client_enable 1642is set to 1643.Dq Li YES , 1644this can be set to 1645.Dq Li 0 1646to disable NFS ACCESS RPC caching, or to the number of seconds for which 1647NFS ACCESS 1648results should be cached. 1649A value of 2-10 seconds will substantially reduce network 1650traffic for many NFS operations. 1651.It Va nfs_server_enable 1652.Pq Vt bool 1653If set to 1654.Dq Li YES , 1655run the NFS server daemons at boot time. 1656.It Va nfs_server_flags 1657.Pq Vt str 1658If 1659.Va nfs_server_enable 1660is set to 1661.Dq Li YES , 1662these are the flags to pass to the 1663.Xr nfsd 8 1664daemon. 1665.It Va idmapd_enable 1666.Pq Vt bool 1667If set to 1668.Dq Li YES , 1669run the ID mapping daemon for NFS version 4. 1670.It Va idmapd_flags 1671.Pq Vt str 1672If 1673.Va idmapd_enable 1674is set to 1675.Dq Li YES , 1676these are the flags to pass to the 1677.Xr idmapd 8 1678daemon. 1679.It Va mountd_enable 1680.Pq Vt bool 1681If set to 1682.Dq Li YES , 1683and no 1684.Va nfs_server_enable 1685is set, start 1686.Xr mountd 8 , 1687but not 1688.Xr nfsd 8 1689daemon. 1690It is commonly needed to run CFS without real NFS used. 1691.It Va mountd_flags 1692.Pq Vt str 1693If 1694.Va mountd_enable 1695is set to 1696.Dq Li YES , 1697these are the flags to pass to the 1698.Xr mountd 8 1699daemon. 1700.It Va weak_mountd_authentication 1701.Pq Vt bool 1702If set to 1703.Dq Li YES , 1704allow services like PCNFSD to make non-privileged mount 1705requests. 1706.It Va nfs_reserved_port_only 1707.Pq Vt bool 1708If set to 1709.Dq Li YES , 1710provide NFS services only on a secure port. 1711.It Va nfs_bufpackets 1712.Pq Vt int 1713If set to a number, indicates the number of packets worth of 1714socket buffer space to reserve on an NFS client. 1715The kernel default is typically 4. 1716Using a higher number may be 1717useful on gigabit networks to improve performance. 1718The minimum value is 17192 and the maximum is 64. 1720.It Va rpc_lockd_enable 1721.Pq Vt bool 1722If set to 1723.Dq Li YES 1724and also an NFS server or client, run 1725.Xr rpc.lockd 8 1726at boot time. 1727.It Va rpc_lockd_flags 1728.Pq Vt str 1729If 1730.Va rpc_lockd_enable 1731is set to 1732.Dq Li YES , 1733these are the flags to pass to the 1734.Xr rpc.lockd 8 1735daemon. 1736.It Va rpc_statd_enable 1737.Pq Vt bool 1738If set to 1739.Dq Li YES 1740and also an NFS server or client, run 1741.Xr rpc.statd 8 1742at boot time. 1743.It Va rpc_statd_flags 1744.Pq Vt str 1745If 1746.Va rpc_statd_enable 1747is set to 1748.Dq Li YES , 1749these are the flags to pass to the 1750.Xr rpc.statd 8 1751daemon. 1752.It Va rpcbind_program 1753.Pq Vt str 1754Path to 1755.Xr rpcbind 8 1756(default 1757.Pa /usr/sbin/rpcbind ) . 1758.It Va rpcbind_enable 1759.Pq Vt bool 1760If set to 1761.Dq Li YES , 1762run the 1763.Xr rpcbind 8 1764service at boot time. 1765.It Va rpcbind_flags 1766.Pq Vt str 1767If 1768.Va rpcbind_enable 1769is set to 1770.Dq Li YES , 1771these are the flags to pass to the 1772.Xr rpcbind 8 1773daemon. 1774.It Va keyserv_enable 1775.Pq Vt bool 1776If set to 1777.Dq Li YES , 1778run the 1779.Xr keyserv 8 1780daemon on boot for running Secure RPC. 1781.It Va keyserv_flags 1782.Pq Vt str 1783If 1784.Va keyserv_enable 1785is set to 1786.Dq Li YES , 1787these are the flags to pass to 1788.Xr keyserv 8 1789daemon. 1790.It Va pppoed_enable 1791.Pq Vt bool 1792If set to 1793.Dq Li YES , 1794run the 1795.Xr pppoed 8 1796daemon at boot time to provide PPP over Ethernet services. 1797.It Va pppoed_ Ns Aq Ar provider 1798.Pq Vt str 1799.Xr pppoed 8 1800listens to requests to this 1801.Ar provider 1802and ultimately runs 1803.Xr ppp 8 1804with a 1805.Ar system 1806argument of the same name. 1807.It Va pppoed_flags 1808.Pq Vt str 1809Additional flags to pass to 1810.Xr pppoed 8 . 1811.It Va pppoed_interface 1812.Pq Vt str 1813The network interface to run 1814.Xr pppoed 8 1815on. 1816This is mandatory when 1817.Va pppoed_enable 1818is set to 1819.Dq Li YES . 1820.It Va timed_enable 1821.Pq Vt bool 1822If set to 1823.Dq Li YES , 1824run the 1825.Xr timed 8 1826service at boot time. 1827This command is intended for networks of 1828machines where a consistent 1829.Dq "network time" 1830for all hosts must be established. 1831This is often useful in large NFS 1832environments where time stamps on files are expected to be consistent 1833network-wide. 1834.It Va timed_flags 1835.Pq Vt str 1836If 1837.Va timed_enable 1838is set to 1839.Dq Li YES , 1840these are the flags to pass to the 1841.Xr timed 8 1842service. 1843.It Va ntpdate_enable 1844.Pq Vt bool 1845If set to 1846.Dq Li YES , 1847run 1848.Xr ntpdate 8 1849at system startup. 1850This command is intended to 1851synchronize the system clock only 1852.Em once 1853from some standard reference. 1854An option to set this up initially 1855(from a list of known servers) is also provided by the 1856.Xr sysinstall 8 1857program when the system is first installed. 1858.It Va ntpdate_config 1859.Pq Vt str 1860Configuration file for 1861.Xr ntpdate 8 . 1862Default 1863.Pa /etc/ntp.conf . 1864.It Va ntpdate_hosts 1865.Pq Vt str 1866A whitespace-separated list of NTP servers to synchronize with at startup. 1867The default is to use the servers listed in 1868.Va ntpdate_config , 1869if that file exists. 1870.It Va ntpdate_program 1871.Pq Vt str 1872Path to 1873.Xr ntpdate 8 1874(default 1875.Pa /usr/sbin/ntpdate ) . 1876.It Va ntpdate_flags 1877.Pq Vt str 1878If 1879.Va ntpdate_enable 1880is set to 1881.Dq Li YES , 1882these are the flags to pass to the 1883.Xr ntpdate 8 1884command (typically a hostname). 1885.It Va ntpd_enable 1886.Pq Vt bool 1887If set to 1888.Dq Li YES , 1889run the 1890.Xr ntpd 8 1891command at boot time. 1892.It Va ntpd_program 1893.Pq Vt str 1894Path to 1895.Xr ntpd 8 1896(default 1897.Pa /usr/sbin/ntpd ) . 1898.It Va ntpd_config 1899.Pq Vt str 1900Path to 1901.Xr ntpd 8 1902configuration file. 1903Default 1904.Pa /etc/ntp.conf . 1905.It Va ntpd_flags 1906.Pq Vt str 1907If 1908.Va ntpd_enable 1909is set to 1910.Dq Li YES , 1911these are the flags to pass to the 1912.Xr ntpd 8 1913daemon. 1914.It Va ntpd_sync_on_start 1915.Pq Vt bool 1916If set to 1917.Dq Li YES , 1918.Xr ntpd 8 1919is run with the 1920.Fl g 1921flag, which syncs the system's clock on startup. 1922See 1923.Xr ntpd 8 1924for more information regarding the 1925.Fl g 1926option. 1927This is a preferred alternative to using 1928.Xr ntpdate 8 1929or specifying the 1930.Va ntpdate_enable 1931variable. 1932.It Va nis_client_enable 1933.Pq Vt bool 1934If set to 1935.Dq Li YES , 1936run the 1937.Xr ypbind 8 1938service at system boot time. 1939.It Va nis_client_flags 1940.Pq Vt str 1941If 1942.Va nis_client_enable 1943is set to 1944.Dq Li YES , 1945these are the flags to pass to the 1946.Xr ypbind 8 1947service. 1948.It Va nis_ypset_enable 1949.Pq Vt bool 1950If set to 1951.Dq Li YES , 1952run the 1953.Xr ypset 8 1954daemon at system boot time. 1955.It Va nis_ypset_flags 1956.Pq Vt str 1957If 1958.Va nis_ypset_enable 1959is set to 1960.Dq Li YES , 1961these are the flags to pass to the 1962.Xr ypset 8 1963daemon. 1964.It Va nis_server_enable 1965.Pq Vt bool 1966If set to 1967.Dq Li YES , 1968run the 1969.Xr ypserv 8 1970daemon at system boot time. 1971.It Va nis_server_flags 1972.Pq Vt str 1973If 1974.Va nis_server_enable 1975is set to 1976.Dq Li YES , 1977these are the flags to pass to the 1978.Xr ypserv 8 1979daemon. 1980.It Va nis_ypxfrd_enable 1981.Pq Vt bool 1982If set to 1983.Dq Li YES , 1984run the 1985.Xr rpc.ypxfrd 8 1986daemon at system boot time. 1987.It Va nis_ypxfrd_flags 1988.Pq Vt str 1989If 1990.Va nis_ypxfrd_enable 1991is set to 1992.Dq Li YES , 1993these are the flags to pass to the 1994.Xr rpc.ypxfrd 8 1995daemon. 1996.It Va nis_yppasswdd_enable 1997.Pq Vt bool 1998If set to 1999.Dq Li YES , 2000run the 2001.Xr rpc.yppasswdd 8 2002daemon at system boot time. 2003.It Va nis_yppasswdd_flags 2004.Pq Vt str 2005If 2006.Va nis_yppasswdd_enable 2007is set to 2008.Dq Li YES , 2009these are the flags to pass to the 2010.Xr rpc.yppasswdd 8 2011daemon. 2012.It Va rpc_ypupdated_enable 2013.Pq Vt bool 2014If set to 2015.Dq Li YES , 2016run the 2017.Nm rpc.ypupdated 2018daemon at system boot time. 2019.It Va bsnmpd_enable 2020.Pq Vt bool 2021If set to 2022.Dq Li YES , 2023run the 2024.Xr bsnmpd 1 2025daemon at system boot time. 2026Be sure to understand the security implications of running SNMP daemon 2027on your host. 2028.It Va bsnmpd_flags 2029.Pq Vt str 2030If 2031.Va bsnmpd_enable 2032is set to 2033.Dq Li YES , 2034these are the flags to pass to the 2035.Xr bsnmpd 1 2036daemon. 2037.It Va defaultrouter 2038.Pq Vt str 2039If not set to 2040.Dq Li NO , 2041create a default route to this host name or IP address 2042(use an IP address if this router is also required to get to the 2043name server!). 2044.It Va ipv6_defaultrouter 2045.Pq Vt str 2046The IPv6 equivalent of 2047.Va defaultrouter . 2048.It Va static_routes 2049.Pq Vt str 2050Set to the list of static routes that are to be added at system 2051boot time. 2052If not set to 2053.Dq Li NO 2054then for each whitespace separated 2055.Ar element 2056in the value, a 2057.Va route_ Ns Aq Ar element 2058variable is assumed to exist 2059whose contents will later be passed to a 2060.Dq Nm route Cm add 2061operation. 2062For example: 2063.Bd -literal 2064static_routes="mcast gif0local" 2065route_mcast="-net 224.0.0.0/4 -iface gif0" 2066route_gif0local="-host 169.254.1.1 -iface lo0" 2067.Ed 2068.It Va ipv6_static_routes 2069.Pq Vt str 2070The IPv6 equivalent of 2071.Va static_routes . 2072If not set to 2073.Dq Li NO 2074then for each whitespace separated 2075.Ar element 2076in the value, a 2077.Va ipv6_route_ Ns Aq Ar element 2078variable is assumed to exist 2079whose contents will later be passed to a 2080.Dq Nm route Cm add Fl inet6 2081operation. 2082.It Va natm_static_routes 2083.Pq Vt str 2084The 2085.Xr natmip 4 2086equivalent of 2087.Va static_routes . 2088If not empty then for each whitespace separated 2089.Ar element 2090in the value, a 2091.Va route_ Ns Aq Ar element 2092variable is assumed to exist whose contents will later be passed to a 2093.Dq Nm atmconfig Cm natm Cm add 2094operation. 2095.It Va gateway_enable 2096.Pq Vt bool 2097If set to 2098.Dq Li YES , 2099configure host to act as an IP router, e.g.\& to forward packets 2100between interfaces. 2101.It Va ipv6_gateway_enable 2102.Pq Vt bool 2103The IPv6 equivalent of 2104.Va gateway_enable . 2105.It Va router_enable 2106.Pq Vt bool 2107If set to 2108.Dq Li YES , 2109run a routing daemon of some sort, based on the 2110settings of 2111.Va router 2112and 2113.Va router_flags . 2114.It Va ipv6_router_enable 2115.Pq Vt bool 2116The IPv6 equivalent of 2117.Va router_enable . 2118If set to 2119.Dq Li YES , 2120run a routing daemon of some sort, based on the 2121settings of 2122.Va ipv6_router 2123and 2124.Va ipv6_router_flags . 2125.It Va router 2126.Pq Vt str 2127If 2128.Va router_enable 2129is set to 2130.Dq Li YES , 2131this is the name of the routing daemon to use. 2132.It Va ipv6_router 2133.Pq Vt str 2134The IPv6 equivalent of 2135.Va router . 2136.It Va router_flags 2137.Pq Vt str 2138If 2139.Va router_enable 2140is set to 2141.Dq Li YES , 2142these are the flags to pass to the routing daemon. 2143.It Va ipv6_router_flags 2144.Pq Vt str 2145The IPv6 equivalent of 2146.Va router_flags . 2147.It Va mrouted_enable 2148.Pq Vt bool 2149If set to 2150.Dq Li YES , 2151run the multicast routing daemon, 2152.Xr mrouted 8 . 2153.It Va mroute6d_enable 2154.Pq Vt bool 2155The IPv6 equivalent of 2156.Va mrouted_enable . 2157If set to 2158.Dq Li YES , 2159run the IPv6 multicast routing daemon. 2160.Pp 2161Note that multicast routing daemons are no longer included in the 2162.Fx 2163base system, however, both 2164.Xr mrouted 8 2165and 2166.Xr pim6dd 8 2167may be installed from the 2168.Fx 2169Ports Collection. 2170.It Va mrouted_flags 2171.Pq Vt str 2172If 2173.Va mrouted_enable 2174is set to 2175.Dq Li YES , 2176these are the flags to pass to the 2177.Xr mrouted 8 2178daemon. 2179.It Va mroute6d_flags 2180.Pq Vt str 2181The IPv6 equivalent of 2182.Va mrouted_flags . 2183If 2184.Va mroute6d_enable 2185is set to 2186.Dq Li YES , 2187these are the flags passed to the IPv6 multicast routing daemon. 2188.It Va mroute6d_program 2189.Pq Vt str 2190If 2191.Va mroute6d_enable 2192is set to 2193.Dq Li YES , 2194this is the path to the IPv6 multicast routing daemon. 2195.It Va rtadvd_enable 2196.Pq Vt bool 2197If set to 2198.Dq Li YES , 2199run the 2200.Xr rtadvd 8 2201daemon at boot time. 2202.Xr rtadvd 8 2203will only run if 2204.Va ipv6_gateway_enable 2205is also set to 2206.Dq Li YES . 2207The 2208.Xr rtadvd 8 2209utility sends router advertisement packets to the interfaces specified in 2210.Va rtadvd_interfaces 2211and should only be enabled with great care. 2212You may want to fine-tune 2213.Xr rtadvd.conf 5 . 2214.It Va rtadvd_interfaces 2215.Pq Vt str 2216If 2217.Va rtadvd_enable 2218is set to 2219.Dq Li YES 2220this is the list of interfaces to use. 2221.It Va ipxgateway_enable 2222.Pq Vt bool 2223If set to 2224.Dq Li YES , 2225enable the routing of IPX traffic. 2226.It Va ipxrouted_enable 2227.Pq Vt bool 2228If set to 2229.Dq Li YES , 2230run the 2231.Xr IPXrouted 8 2232daemon at system boot time. 2233.It Va ipxrouted_flags 2234.Pq Vt str 2235If 2236.Va ipxrouted_enable 2237is set to 2238.Dq Li YES , 2239these are the flags to pass to the 2240.Xr IPXrouted 8 2241daemon. 2242.It Va arpproxy_all 2243.Pq Vt bool 2244If set to 2245.Dq Li YES , 2246enable global proxy ARP. 2247.It Va forward_sourceroute 2248.Pq Vt bool 2249If set to 2250.Dq Li YES 2251and 2252.Va gateway_enable 2253is also set to 2254.Dq Li YES , 2255source-routed packets are forwarded. 2256.It Va accept_sourceroute 2257.Pq Vt bool 2258If set to 2259.Dq Li YES , 2260the system will accept source-routed packets directed at it. 2261.It Va rarpd_enable 2262.Pq Vt bool 2263If set to 2264.Dq Li YES , 2265run the 2266.Xr rarpd 8 2267daemon at system boot time. 2268.It Va rarpd_flags 2269.Pq Vt str 2270If 2271.Va rarpd_enable 2272is set to 2273.Dq Li YES , 2274these are the flags to pass to the 2275.Xr rarpd 8 2276daemon. 2277.It Va bootparamd_enable 2278.Pq Vt bool 2279If set to 2280.Dq Li YES , 2281run the 2282.Xr bootparamd 8 2283daemon at system boot time. 2284.It Va bootparamd_flags 2285.Pq Vt str 2286If 2287.Va bootparamd_enable 2288is set to 2289.Dq Li YES , 2290these are the flags to pass to the 2291.Xr bootparamd 8 2292daemon. 2293.It Va stf_interface_ipv4addr 2294.Pq Vt str 2295If not set to 2296.Dq Li NO , 2297this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2298interface). 2299Specify this entry to enable the 6to4 interface. 2300.It Va stf_interface_ipv4plen 2301.Pq Vt int 2302Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2303An effective value is 0-31. 2304.It Va stf_interface_ipv6_ifid 2305.Pq Vt str 2306IPv6 interface ID for 2307.Xr stf 4 . 2308This can be set to 2309.Dq Li AUTO . 2310.It Va stf_interface_ipv6_slaid 2311.Pq Vt str 2312IPv6 Site Level Aggregator for 2313.Xr stf 4 . 2314.It Va ipv6_faith_prefix 2315.Pq Vt str 2316If not set to 2317.Dq Li NO , 2318this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2319translator. 2320You also need 2321.Xr faithd 8 2322setup. 2323.It Va ipv6_ipv4mapping 2324.Pq Vt bool 2325If set to 2326.Dq Li YES 2327this enables IPv4 mapped IPv6 address communication (like 2328.Li ::ffff:a.b.c.d ) . 2329.It Va atm_enable 2330.Pq Vt bool 2331Set to 2332.Dq Li YES 2333to enable the configuration of ATM interfaces at system boot time. 2334For all of the ATM variables described below, please refer to the 2335.Xr atm 8 2336manual page for further details on the available command parameters. 2337Also refer to the files in 2338.Pa /usr/share/examples/atm 2339for more detailed configuration information. 2340.It Va atm_load 2341.Pq Vt str 2342This is a list of physical ATM interface drivers to load. 2343Typical values are 2344.Dq Li hfa_pci 2345and/or 2346.Dq Li hea_pci . 2347.It Va atm_netif_ Ns Aq Ar intf 2348.Pq Vt str 2349For the ATM physical interface 2350.Ar intf , 2351this variable defines the name prefix and count for the ATM network 2352interfaces to be created. 2353The value will be passed as the parameters of an 2354.Dq Nm atm Cm "set netif" Ar intf 2355command. 2356.It Va atm_sigmgr_ Ns Aq Ar intf 2357.Pq Vt str 2358For the ATM physical interface 2359.Ar intf , 2360this variable defines the ATM signalling manager to be used. 2361The value will be passed as the parameters of an 2362.Dq Nm atm Cm attach Ar intf 2363command. 2364.It Va atm_prefix_ Ns Aq Ar intf 2365.Pq Vt str 2366For the ATM physical interface 2367.Ar intf , 2368this variable defines the NSAP prefix for interfaces using a UNI signalling 2369manager. 2370If set to 2371.Dq Li ILMI , 2372the prefix will automatically be set via the 2373.Xr ilmid 8 2374daemon. 2375Otherwise, the value will be passed as the parameters of an 2376.Dq Nm atm Cm "set prefix" Ar intf 2377command. 2378.It Va atm_macaddr_ Ns Aq Ar intf 2379.Pq Vt str 2380For the ATM physical interface 2381.Ar intf , 2382this variable defines the MAC address for interfaces using a UNI signalling 2383manager. 2384If set to 2385.Dq Li NO , 2386the hardware MAC address contained in the ATM interface card will be used. 2387Otherwise, the value will be passed as the parameters of an 2388.Dq Nm atm Cm "set mac" Ar intf 2389command. 2390.It Va atm_arpserver_ Ns Aq Ar netif 2391.Pq Vt str 2392For the ATM network interface 2393.Ar netif , 2394this variable defines the ATM address for a host which is to provide ATMARP 2395service. 2396This variable is only applicable to interfaces using a UNI signalling 2397manager. 2398If set to 2399.Dq Li local , 2400this host will become an ATMARP server. 2401The value will be passed as the parameters of an 2402.Dq Nm atm Cm "set arpserver" Ar netif 2403command. 2404.It Va atm_scsparp_ Ns Aq Ar netif 2405.Pq Vt bool 2406If set to 2407.Dq Li YES , 2408SCSP/ATMARP service for the network interface 2409.Ar netif 2410will be initiated using the 2411.Xr scspd 8 2412and 2413.Xr atmarpd 8 2414daemons. 2415This variable is only applicable if 2416.Va atm_arpserver_ Ns Aq Ar netif 2417is set to 2418.Dq Li local . 2419.It Va atm_pvcs 2420.Pq Vt str 2421Set to the list of ATM PVCs to be added at system 2422boot time. 2423For each whitespace separated 2424.Ar element 2425in the value, an 2426.Va atm_pvc_ Ns Aq Ar element 2427variable is assumed to exist. 2428The value of each of these variables 2429will be passed as the parameters of an 2430.Dq Nm atm Cm "add pvc" 2431command. 2432.It Va atm_arps 2433.Pq Vt str 2434Set to the list of permanent ATM ARP entries to be added 2435at system boot time. 2436For each whitespace separated 2437.Ar element 2438in the value, an 2439.Va atm_arp_ Ns Aq Ar element 2440variable is assumed to exist. 2441The value of each of these variables 2442will be passed as the parameters of an 2443.Dq Nm atm Cm "add arp" 2444command. 2445.It Va natm_interfaces 2446.Pq Vt str 2447Set to the list of 2448.Xr natm 4 2449interfaces that will also be used for HARP through 2450.Xr harp 4 . 2451If this list is not empty all interfaces in the list will be brought up 2452with 2453.Xr ifconfig 8 2454and 2455.Xr harp 4 2456will be loaded. 2457For this to work the interface drivers must be either compiled into the 2458kernel or must reside on the root partition. 2459.It Va keybell 2460.Pq Vt str 2461The keyboard bell sound. 2462Set to 2463.Dq Li normal , 2464.Dq Li visual , 2465.Dq Li off , 2466or 2467.Dq Li NO 2468if the default behavior is desired. 2469For details, refer to the 2470.Xr kbdcontrol 1 2471manpage. 2472.It Va keyboard 2473.Pq Vt str 2474If set to a non-null string, the virtual console's keyboard input is 2475set to this device. 2476.It Va keymap 2477.Pq Vt str 2478If set to 2479.Dq Li NO , 2480no keymap is installed, otherwise the value is used to install 2481the keymap file in 2482.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 2483.It Va keyrate 2484.Pq Vt str 2485The keyboard repeat speed. 2486Set to 2487.Dq Li slow , 2488.Dq Li normal , 2489.Dq Li fast , 2490or 2491.Dq Li NO 2492if the default behavior is desired. 2493.It Va keychange 2494.Pq Vt str 2495If not set to 2496.Dq Li NO , 2497attempt to program the function keys with the value. 2498The value should 2499be a single string of the form: 2500.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 2501.It Va cursor 2502.Pq Vt str 2503Can be set to the value of 2504.Dq Li normal , 2505.Dq Li blink , 2506.Dq Li destructive , 2507or 2508.Dq Li NO 2509to set the cursor behavior explicitly or choose the default behavior. 2510.It Va scrnmap 2511.Pq Vt str 2512If set to 2513.Dq Li NO , 2514no screen map is installed, otherwise the value is used to install 2515the screen map file in 2516.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 2517.It Va font8x16 2518.Pq Vt str 2519If set to 2520.Dq Li NO , 2521the default 8x16 font value is used for screen size requests, otherwise 2522the value in 2523.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2524is used. 2525.It Va font8x14 2526.Pq Vt str 2527If set to 2528.Dq Li NO , 2529the default 8x14 font value is used for screen size requests, otherwise 2530the value in 2531.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2532is used. 2533.It Va font8x8 2534.Pq Vt str 2535If set to 2536.Dq Li NO , 2537the default 8x8 font value is used for screen size requests, otherwise 2538the value in 2539.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2540is used. 2541.It Va blanktime 2542.Pq Vt int 2543If set to 2544.Dq Li NO , 2545the default screen blanking interval is used, otherwise it is set 2546to 2547.Ar value 2548seconds. 2549.It Va saver 2550.Pq Vt str 2551If not set to 2552.Dq Li NO , 2553this is the actual screen saver to use 2554.Li ( blank , snake , daemon , 2555etc). 2556.It Va moused_nondefault_enable 2557.Pq Vt str 2558If set to 2559.Dq Li NO , 2560the mouse device specified on 2561the command line is not automatically treated as enabled by the 2562.Pa /etc/rc.d/moused 2563script. 2564Having this variable set to 2565.Dq Li YES 2566allows a 2567.Xr usb 4 2568mouse, 2569for example, 2570to be enabled as soon as it is plugged in. 2571.It Va moused_enable 2572.Pq Vt str 2573If set to 2574.Dq Li YES , 2575the 2576.Xr moused 8 2577daemon is started for doing cut/paste selection on the console. 2578.It Va moused_type 2579.Pq Vt str 2580This is the protocol type of the mouse connected to this host. 2581This variable must be set if 2582.Va moused_enable 2583is set to 2584.Dq Li YES . 2585The 2586.Xr moused 8 2587daemon 2588is able to detect the appropriate mouse type automatically in many cases. 2589Set this variable to 2590.Dq Li auto 2591to let the daemon detect it, or 2592select one from the following list if the automatic detection fails. 2593.Pp 2594If the mouse is attached to the PS/2 mouse port, choose 2595.Dq Li auto 2596or 2597.Dq Li ps/2 , 2598regardless of the brand and model of the mouse. 2599Likewise, if the 2600mouse is attached to the bus mouse port, choose 2601.Dq Li auto 2602or 2603.Dq Li busmouse . 2604All other protocols are for serial mice and will not work with 2605the PS/2 and bus mice. 2606If this is a USB mouse, 2607.Dq Li auto 2608is the only protocol type which will work. 2609.Pp 2610.Bl -tag -width ".Li x10mouseremote" -compact 2611.It Li microsoft 2612Microsoft mouse (serial) 2613.It Li intellimouse 2614Microsoft IntelliMouse (serial) 2615.It Li mousesystems 2616Mouse systems Corp.\& mouse (serial) 2617.It Li mmseries 2618MM Series mouse (serial) 2619.It Li logitech 2620Logitech mouse (serial) 2621.It Li busmouse 2622A bus mouse 2623.It Li mouseman 2624Logitech MouseMan and TrackMan (serial) 2625.It Li glidepoint 2626ALPS GlidePoint (serial) 2627.It Li thinkingmouse 2628Kensington ThinkingMouse (serial) 2629.It Li ps/2 2630PS/2 mouse 2631.It Li mmhittab 2632MM HitTablet (serial) 2633.It Li x10mouseremote 2634X10 MouseRemote (serial) 2635.It Li versapad 2636Interlink VersaPad (serial) 2637.El 2638.Pp 2639Even if the mouse is not in the above list, it may be compatible 2640with one in the list. 2641Refer to the manual page for 2642.Xr moused 8 2643for compatibility information. 2644.Pp 2645It should also be noted that while this is enabled, any 2646other client of the mouse (such as an X server) should access 2647the mouse through the virtual mouse device, 2648.Pa /dev/sysmouse , 2649and configure it as a 2650.Dq Li sysmouse 2651type mouse, since all 2652mouse data is converted to this single canonical format when 2653using 2654.Xr moused 8 . 2655If the client program does not support the 2656.Dq Li sysmouse 2657type, 2658specify the 2659.Dq Li mousesystems 2660type. 2661It is the second preferred type. 2662.It Va moused_port 2663.Pq Vt str 2664If 2665.Va moused_enable 2666is set to 2667.Dq Li YES , 2668this is the actual port the mouse is on. 2669It might be 2670.Pa /dev/cuad0 2671for a COM1 serial mouse, 2672.Pa /dev/psm0 2673for a PS/2 mouse or 2674.Pa /dev/mse0 2675for a bus mouse, for example. 2676.It Va moused_flags 2677.Pq Vt str 2678If 2679.Va moused_type 2680is set, these are the additional flags to pass to the 2681.Xr moused 8 2682daemon. 2683.It Va mousechar_start 2684.Pq Vt int 2685If set to 2686.Dq Li NO , 2687the default mouse cursor character range 2688.Li 0xd0 Ns - Ns Li 0xd3 2689is used, 2690otherwise the range start is set 2691to 2692.Ar value 2693character, see 2694.Xr vidcontrol 1 . 2695Use if the default range is occupied in the language code table. 2696.It Va allscreens_flags 2697.Pq Vt str 2698If set, 2699.Xr vidcontrol 1 2700is run with these options for each of the virtual terminals 2701.Pq Pa /dev/ttyv* . 2702For example, 2703.Dq Fl m Cm on 2704will enable the mouse pointer on all virtual terminals 2705if 2706.Va moused_enable 2707is set to 2708.Dq Li YES . 2709.It Va allscreens_kbdflags 2710.Pq Vt str 2711If set, 2712.Xr kbdcontrol 1 2713is run with these options for each of the virtual terminals 2714.Pq Pa /dev/ttyv* . 2715For example, 2716.Dq Fl h Li 200 2717will set the 2718.Xr syscons 4 2719scrollback (history) buffer to 200 lines. 2720.It Va cron_enable 2721.Pq Vt bool 2722If set to 2723.Dq Li YES , 2724run the 2725.Xr cron 8 2726daemon at system boot time. 2727.It Va cron_program 2728.Pq Vt str 2729Path to 2730.Xr cron 8 2731(default 2732.Pa /usr/sbin/cron ) . 2733.It Va cron_flags 2734.Pq Vt str 2735If 2736.Va cron_enable 2737is set to 2738.Dq Li YES , 2739these are the flags to pass to 2740.Xr cron 8 . 2741.It Va cron_dst 2742.Pq Vt bool 2743If set to 2744.Dq Li YES , 2745enable the special handling of transitions to and from the 2746Daylight Saving Time in 2747.Xr cron 8 2748(equivalent to using the flag 2749.Fl s ) . 2750.It Va lpd_program 2751.Pq Vt str 2752Path to 2753.Xr lpd 8 2754(default 2755.Pa /usr/sbin/lpd ) . 2756.It Va lpd_enable 2757.Pq Vt bool 2758If set to 2759.Dq Li YES , 2760run the 2761.Xr lpd 8 2762daemon at system boot time. 2763.It Va lpd_flags 2764.Pq Vt str 2765If 2766.Va lpd_enable 2767is set to 2768.Dq Li YES , 2769these are the flags to pass to the 2770.Xr lpd 8 2771daemon. 2772.It Va chkprintcap_enable 2773.Pq Vt bool 2774If set to 2775.Dq Li YES , 2776run the 2777.Xr chkprintcap 8 2778command before starting the 2779.Xr lpd 8 2780daemon. 2781.It Va chkprintcap_flags 2782.Pq Vt str 2783If 2784.Va lpd_enable 2785and 2786.Va chkprintcap_enable 2787are set to 2788.Dq Li YES , 2789these are the flags to pass to the 2790.Xr chkprintcap 8 2791program. 2792The default is 2793.Dq Li -d , 2794which causes missing directories to be created. 2795.It Va mta_start_script 2796.Pq Vt str 2797This variable specifies the full path to the script to run to start 2798a mail transfer agent. 2799The default is 2800.Pa /etc/rc.sendmail . 2801The 2802.Va sendmail_* 2803variables which 2804.Pa /etc/rc.sendmail 2805uses are documented in the 2806.Xr rc.sendmail 8 2807manual page. 2808.It Va dumpdev 2809.Pq Vt str 2810Indicates the device (usually a swap partition) to which a crash dump 2811should be written in the event of a system crash. 2812If the value of this variable is 2813.Dq Li AUTO , 2814the first suitable swap device listed in 2815.Pa /etc/fstab 2816will be used as dump device. 2817Otherwise, the value of this variable is passed as the argument to 2818.Xr dumpon 8 . 2819To disable crash dumps, set this variable to 2820.Dq Li NO . 2821.It Va dumpdir 2822.Pq Vt str 2823When the system reboots after a crash and a crash dump is found on the 2824device specified by the 2825.Va dumpdev 2826variable, 2827.Xr savecore 8 2828will save that crash dump and a copy of the kernel to the directory 2829specified by the 2830.Va dumpdir 2831variable. 2832The default value is 2833.Pa /var/crash . 2834Set to 2835.Dq Li NO 2836to not run 2837.Xr savecore 8 2838at boot time when 2839.Va dumpdir 2840is set. 2841.It Va savecore_flags 2842.Pq Vt str 2843If crash dumps are enabled, these are the flags to pass to the 2844.Xr savecore 8 2845utility. 2846.It Va enable_quotas 2847.Pq Vt bool 2848Set to 2849.Dq Li YES 2850to turn on user and group disk quotas on system startup via the 2851.Xr quotaon 8 2852command for all file systems marked as having quotas enabled in 2853.Pa /etc/fstab . 2854The kernel must be built with 2855.Cd "options QUOTA" 2856for disk quotas to function. 2857.It Va check_quotas 2858.Pq Vt bool 2859Set to 2860.Dq Li YES 2861to enable user and group disk quota checking via the 2862.Xr quotacheck 8 2863command. 2864.It Va quotacheck_flags 2865.Pq Vt str 2866If 2867.Va enable_quotas 2868is set to 2869.Dq Li YES , 2870and 2871.Va check_quotas 2872is set to 2873.Dq Li YES , 2874these are the flags to pass to the 2875.Xr quotacheck 8 2876utility. 2877The default is 2878.Dq Li "-a" , 2879which checks quotas for all file systems with quotas enabled in 2880.Pa /etc/fstab . 2881.It Va quotaon_flags 2882.Pq Vt str 2883If 2884.Va enable_quotas 2885is set to 2886.Dq Li YES , 2887these are the flags to pass to the 2888.Xr quotaon 8 2889utility. 2890The default is 2891.Dq Li "-a" , 2892which enables quotas for all file systems with quotas enabled in 2893.Pa /etc/fstab . 2894.It Va quotaoff_flags 2895.Pq Vt str 2896If 2897.Va enable_quotas 2898is set to 2899.Dq Li YES , 2900these are the flags to pass to the 2901.Xr quotaoff 8 2902utility when shutting down the quota system. 2903The default is 2904.Dq Li "-a" , 2905which disables quotas for all file systems with quotas enabled in 2906.Pa /etc/fstab . 2907.It Va accounting_enable 2908.Pq Vt bool 2909Set to 2910.Dq Li YES 2911to enable system accounting through the 2912.Xr accton 8 2913facility. 2914.It Va ibcs2_enable 2915.Pq Vt bool 2916Set to 2917.Dq Li YES 2918to enable iBCS2 (SCO) binary emulation at system initial boot 2919time. 2920.It Va ibcs2_loaders 2921.Pq Vt str 2922If not set to 2923.Dq Li NO 2924and if 2925.Va ibcs2_enable 2926is set to 2927.Dq Li YES , 2928this specifies a list of additional iBCS2 loaders to enable. 2929.It Va linux_enable 2930.Pq Vt bool 2931Set to 2932.Dq Li YES 2933to enable Linux/ELF binary emulation at system initial 2934boot time. 2935.It Va svr4_enable 2936.Pq Vt bool 2937If set to 2938.Dq Li YES , 2939enable SysVR4 emulation at boot time. 2940.It Va sysvipc_enable 2941.Pq Vt bool 2942If set to 2943.Dq Li YES , 2944load System V IPC primitives at boot time. 2945.It Va clear_tmp_enable 2946.Pq Vt bool 2947Set to 2948.Dq Li YES 2949to have 2950.Pa /tmp 2951cleaned at startup. 2952.It Va clear_tmp_X 2953.Pq Vt bool 2954Set to 2955.Dq Li NO 2956to disable removing of X11 lock files, 2957and the removal and (secure) recreation 2958of the various socket directories for X11 2959related programs. 2960.It Va ldconfig_paths 2961.Pq Vt str 2962Set to the list of shared library paths to use with 2963.Xr ldconfig 8 . 2964NOTE: 2965.Pa /usr/lib 2966will always be added first, so it need not appear in this list. 2967.It Va ldconfig32_paths 2968.Pq Vt str 2969Set to the list of 32-bit compatibility shared library paths to 2970use with 2971.Xr ldconfig 8 . 2972.It Va ldconfig_paths_aout 2973.Pq Vt str 2974Set to the list of shared library paths to use with 2975.Xr ldconfig 8 2976legacy 2977.Xr a.out 5 2978support. 2979.It Va ldconfig_insecure 2980.Pq Vt bool 2981The 2982.Xr ldconfig 8 2983utility normally refuses to use directories 2984which are writable by anyone except root. 2985Set this variable to 2986.Dq Li YES 2987to disable that security check during system startup. 2988.It Va ldconfig_local_dirs 2989.Pq Vt str 2990Set to the list of local 2991.Xr ldconfig 8 2992directories. 2993The names of all files in the directories listed will be 2994passed as arguments to 2995.Xr ldconfig 8 . 2996.It Va ldconfig_local32_dirs 2997.Pq Vt str 2998Set to the list of local 32-bit compatibility 2999.Xr ldconfig 8 3000directories. 3001The names of all files in the directories listed will be 3002passed as arguments to 3003.Dq Nm ldconfig Fl 32 . 3004.It Va kern_securelevel_enable 3005.Pq Vt bool 3006Set to 3007.Dq Li YES 3008to set the kernel security level at system startup. 3009.It Va kern_securelevel 3010.Pq Vt int 3011The kernel security level to set at startup. 3012The allowed range of 3013.Ar value 3014ranges from \-1 (the compile time default) to 3 (the 3015most secure). 3016See 3017.Xr init 8 3018for the list of possible security levels and their effect 3019on system operation. 3020.It Va sshd_program 3021.Pq Vt str 3022Path to the SSH server program 3023.Pa ( /usr/sbin/sshd 3024is the default). 3025.It Va sshd_enable 3026.Pq Vt bool 3027Set to 3028.Dq Li YES 3029to start 3030.Xr sshd 8 3031at system boot time. 3032.It Va sshd_flags 3033.Pq Vt str 3034If 3035.Va sshd_enable 3036is set to 3037.Dq Li YES , 3038these are the flags to pass to the 3039.Xr sshd 8 3040daemon. 3041.It Va ftpd_program 3042.Pq Vt str 3043Path to the FTP server program 3044.Pa ( /usr/libexec/ftpd 3045is the default). 3046.It Va ftpd_enable 3047.Pq Vt bool 3048Set to 3049.Dq Li YES 3050to start 3051.Xr ftpd 8 3052as a stand-alone daemon at system boot time. 3053.It Va ftpd_flags 3054.Pq Vt str 3055If 3056.Va ftpd_enable 3057is set to 3058.Dq Li YES , 3059these are the additional flags to pass to the 3060.Xr ftpd 8 3061daemon. 3062.It Va watchdogd_enable 3063.Pq Vt bool 3064If set to 3065.Dq Li YES , 3066start the 3067.Xr watchdogd 8 3068daemon at boot time. 3069This requires that the kernel have been compiled with a 3070.Xr watchdog 4 3071compatible device. 3072.It Va watchdogd_flags 3073.Pq Vt str 3074If 3075.Va watchdogd_enable 3076is set to 3077.Dq Li YES , 3078these are the flags passed to the 3079.Xr watchdogd 8 3080daemon. 3081.It Va performance_cx_lowest 3082.Pq Vt str 3083CPU idle state to use while on AC power. 3084The string 3085.Dq Li LOW 3086indicates that 3087.Xr acpi 4 3088should use the lowest power state available while 3089.Dq Li HIGH 3090indicates that the lowest latency state (less power savings) should be used. 3091.It Va performance_cpu_freq 3092.Pq Vt str 3093CPU clock frequency to use while on AC power. 3094The string 3095.Dq Li LOW 3096indicates that 3097.Xr cpufreq 4 3098should use the lowest frequency available while 3099.Dq Li HIGH 3100indicates that the highest frequency (less power savings) should be used. 3101.It Va economy_cx_lowest 3102.Pq Vt str 3103CPU idle state to use when off AC power. 3104The string 3105.Dq Li LOW 3106indicates that 3107.Xr acpi 4 3108should use the lowest power state available while 3109.Dq Li HIGH 3110indicates that the lowest latency state (less power savings) should be used. 3111.It Va economy_cpu_freq 3112.Pq Vt str 3113CPU clock frequency to use when off AC power. 3114The string 3115.Dq Li LOW 3116indicates that 3117.Xr cpufreq 4 3118should use the lowest frequency available while 3119.Dq Li HIGH 3120indicates that the highest frequency (less power savings) should be used. 3121.It Va jail_enable 3122.Pq Vt bool 3123If set to 3124.Dq Li NO , 3125any configured jails will not be started. 3126.It Va jail_list 3127.Pq Vt str 3128A space separated list of names for jails. 3129This is purely a configuration aid to help identify and 3130configure multiple jails. 3131The names specified in this list will be used to 3132identify settings common to an instance of a jail. 3133Assuming that the jail in question was named 3134.Li vjail , 3135you would have the following dependent variables: 3136.Bd -literal 3137jail_vjail_hostname="jail.example.com" 3138jail_vjail_ip="192.168.1.100" 3139jail_vjail_rootdir="/var/jails/vjail/root" 3140.Ed 3141.Pp 3142.It Va jail_flags 3143.Pq Vt str 3144Unset by default. 3145When set, use as default value for 3146.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3147for every jail in 3148.Va jail_list . 3149.It Va jail_interface 3150.Pq Vt str 3151Unset by default. 3152When set, use as default value for 3153.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3154for every jail in 3155.Va jail_list . 3156.It Va jail_fstab 3157.Pq Vt str 3158Unset by default. 3159When set, use as default value for 3160.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3161for every jail in 3162.Va jail_list . 3163.It Va jail_mount_enable 3164.Pq Vt bool 3165Set to 3166.Dq Li NO 3167by default. 3168When set to 3169.Dq Li YES , 3170sets 3171.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3172to 3173.Dq Li YES 3174by default for every jail in 3175.Va jail_list . 3176.It Va jail_devfs_ruleset 3177.Pq Vt str 3178Unset by default. 3179When set, sets 3180.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3181to given value for every jail in 3182.Va jail_list . 3183.It Va jail_devfs_enable 3184.Pq Vt bool 3185Set to 3186.Dq Li NO 3187by default. 3188When set to 3189.Dq Li YES , 3190sets 3191.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3192to 3193.Dq Li YES 3194by default for every jail in 3195.Va jail_list . 3196.It Va jail_fdescfs_enable 3197.Pq Vt bool 3198Set to 3199.Dq Li NO 3200by default. 3201When set to 3202.Dq Li YES , 3203sets 3204.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3205to 3206.Dq Li YES 3207by default for every jail in 3208.Va jail_list . 3209.It Va jail_procfs_enable 3210.Pq Vt bool 3211Set to 3212.Dq Li NO 3213by default. 3214When set to 3215.Dq Li YES , 3216sets 3217.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3218to 3219.Dq Li YES 3220by default for every jail in 3221.Va jail_list . 3222.It Va jail_exec_start 3223.Pq Vt str 3224Unset by default. 3225When set, use as default value for 3226.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3227for every jail in 3228.Va jail_list . 3229.It Va jail_exec_afterstart Ns Aq Ar N 3230.Pq Vt str 3231Unset by default. 3232When set, use as default value for 3233.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3234for every jail in 3235.Va jail_list . 3236.It Va jail_exec_stop 3237Unset by default. 3238When set, use as default value for 3239.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3240for every jail in 3241.Va jail_list . 3242.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3243.Pq Vt str 3244Unset by default. 3245Set to the root directory used by jail 3246.Va jname . 3247.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3248.Pq Vt str 3249Unset by default. 3250Set to the fully qualified domain name (FQDN) assigned to jail 3251.Va jname . 3252.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3253.Pq Vt str 3254Unset by default. 3255Set to the IP address assigned to jail 3256.Va jname . 3257.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3258.Pq Vt str 3259Set to 3260.Dq Li -l -U root 3261by default. 3262These are flags to pass to 3263.Xr jail . 3264.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3265.Pq Vt str 3266Unset by default. 3267When set, sets the interface to use when setting IP address alias. 3268Note that the alias is created at jail startup and removed at jail shutdown. 3269.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3270.Pq Vt str 3271Set to 3272.Pa /etc/fstab. Ns Aq Ar jname 3273by default. 3274This is the file system information file to use for jail 3275.Va jname . 3276.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3277.Pq Vt bool 3278Set to 3279.Dq Li NO 3280by default. 3281When set to 3282.Dq Li YES , 3283mount all file systems from 3284.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3285at jail startup. 3286.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3287.Pq Vt str 3288Unset by default. 3289When set, defines the device file system ruleset file to use for jail 3290.Va jname . 3291.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3292.Pq Vt bool 3293Set to 3294.Dq Li NO 3295by default. 3296When set to 3297.Dq Li YES , 3298mount the device file system inside jail 3299.Ar jname 3300at jail startup. 3301.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3302.Pq Vt bool 3303Set to 3304.Dq Li NO 3305by default. 3306When set to 3307.Dq Li YES , 3308mount the file-descriptor file system inside jail 3309.Ar jname 3310at jail startup. 3311.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 3312.Pq Vt bool 3313Set to 3314.Dq Li NO 3315by default. 3316When set to 3317.Dq Li YES , 3318mount the process file system inside jail 3319.Ar jname 3320at jail startup. 3321.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3322.Pq Vt str 3323Set to 3324.Dq Li /bin/sh /etc/rc 3325by default. 3326This is the command executed at jail startup. 3327.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3328.Pq Vt str 3329Unset by default. 3330This is the command run as 3331.Ar N Ns 3332th command 3333after jail startup, where 3334.Ar N 3335is 1, 2, and so on. 3336.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3337.Pq Vt str 3338Set to 3339.Dq Li /bin/sh /etc/rc.shutdown 3340by default. 3341This is the command executed at jail shutdown. 3342.It Va jail_set_hostname_allow 3343.Pq Vt bool 3344If set to 3345.Dq Li NO , 3346do not allow the root user in a jail to set its hostname. 3347.It Va jail_socket_unixiproute_only 3348.Pq Vt bool 3349If set to 3350.Dq Li YES , 3351do not allow any sockets, 3352besides UNIX/IP/route sockets, 3353to be used within a jail. 3354.It Va jail_sysvipc_allow 3355.Pq Vt bool 3356If set to 3357.Dq Li YES , 3358allow applications within a jail to use System V IPC. 3359.\" ----- ISDN settings --------------------------------- 3360.It Va isdn_enable 3361.Pq Vt bool 3362Set to 3363.Dq Li NO 3364by default. 3365When set to 3366.Dq Li YES , 3367starts the 3368.Xr isdnd 8 3369daemon 3370at system boot time. 3371.It Va isdn_flags 3372.Pq Vt str 3373Set to 3374.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9 3375by default. 3376Additional flags to pass to 3377.Xr isdnd 8 3378(but see 3379.Va isdn_fsdev 3380and 3381.Va isdn_ttype 3382for certain tunable parameters). 3383.It Va isdn_ttype 3384.Pq Vt str 3385Set to 3386.Dq Li cons25 3387by default. 3388The terminal type of the output device when 3389.Xr isdnd 8 3390operates in full-screen mode. 3391.It Va isdn_screenflags 3392.Pq Vt str 3393Set to 3394.Dq Li NO 3395by default. 3396The video mode for full-screen mode (only for 3397.Xr syscons 4 3398console driver, see 3399.Xr vidcontrol 1 3400for valid modes). 3401.It Va isdn_fsdev 3402.Pq Vt str 3403Set to 3404.Dq Li NO 3405by default. 3406The output device for 3407.Xr isdnd 8 3408in full-screen mode (or 3409.Dq Li NO 3410for daemon mode). 3411.It Va isdn_trace 3412.Pq Vt bool 3413Set to 3414.Dq Li NO 3415by default. 3416When set to 3417.Dq Li YES , 3418enables the ISDN protocol trace utility 3419.Xr isdntrace 8 3420at system boot time. 3421.It Va isdn_traceflags 3422.Pq Vt str 3423Set to 3424.Dq Fl f Pa /var/tmp/isdntrace0 3425by default. 3426Flags for 3427.Xr isdntrace 8 . 3428.\" ----------------------------------------------------- 3429.It Va harvest_interrupt 3430.Pq Vt bool 3431Set to 3432.Dq Li YES 3433to use hardware interrupts as an entropy source. 3434Refer to 3435.Xr random 4 3436for more information. 3437.It Va harvest_ethernet 3438.Pq Vt bool 3439Set to 3440.Dq Li YES 3441to use LAN traffic as an entropy source. 3442Refer to 3443.Xr random 4 3444for more information. 3445.It Va harvest_p_to_p 3446.Pq Vt bool 3447Set to 3448.Dq Li YES 3449to use serial line traffic as an entropy source. 3450Refer to 3451.Xr random 4 3452for more information. 3453.It Va entropy_dir 3454.Pq Vt str 3455Set to 3456.Dq Li NO 3457to disable caching entropy via 3458.Xr cron 8 . 3459Otherwise set to the directory used to store entropy files in. 3460.It Va entropy_file 3461.Pq Vt str 3462Set to 3463.Dq Li NO 3464to disable caching entropy through reboots. 3465Otherwise set to the filename used to store cached entropy through 3466reboots. 3467This file should be located on the root file system to seed the 3468.Xr random 4 3469device as early as possible in the boot process. 3470.It Va entropy_save_sz 3471.Pq Vt int 3472Size of the entropy cache files saved by 3473.Nm save-entropy 3474periodically. 3475.It Va entropy_save_num 3476.Pq Vt int 3477Number of entropy cache files to save by 3478.Nm save-entropy 3479periodically. 3480.It Va ipsec_enable 3481.Pq Vt bool 3482Set to 3483.Dq Li YES 3484to run 3485.Xr setkey 8 3486on 3487.Va ipsec_file 3488at boot time. 3489.It Va ipsec_file 3490.Pq Vt str 3491Configuration file for 3492.Xr setkey 8 . 3493.It Va dmesg_enable 3494.Pq Vt bool 3495Set to 3496.Dq Li YES 3497to save 3498.Xr dmesg 8 3499to 3500.Pa /var/run/dmesg.boot 3501on boot. 3502.It Va rcshutdown_timeout 3503.Pq Vt int 3504If set, start a watchdog timer in the background which will terminate 3505.Pa rc.shutdown 3506if 3507.Xr shutdown 8 3508has not completed within the specified time (in seconds). 3509Notice that in addition to this soft timeout, 3510.Xr init 8 3511also applies a hard timeout for the execution of 3512.Pa rc.shutdown . 3513This is configured via 3514.Xr sysctl 8 3515variable 3516.Va kern.init_shutdown_timeout 3517and defaults to 120 seconds. 3518Setting the value of 3519.Va rcshutdown_timeout 3520to more than 120 seconds will have no effect until the 3521.Xr sysctl 8 3522variable 3523.Va kern.init_shutdown_timeout 3524is also increased. 3525.It Va virecover_enable 3526.Pq Vt bool 3527Set to 3528.Dq Li NO 3529to prevent the system from trying to 3530recover pre-maturely terminated 3531.Xr vi 1 3532sessions. 3533.It Va ugidfw_enable 3534.Pq Vt bool 3535Set to 3536.Dq Li YES 3537to load the 3538.Xr mac_bsdextended 4 3539module upon system initialization and load a default 3540ruleset file. 3541.It Va bsdextended_script 3542.Pq Vt str 3543The default 3544.Xr mac_bsdextended 4 3545ruleset file to load. 3546The default value of this variable is 3547.Pa /etc/rc.bsdextended . 3548.It Va newsyslog_enable 3549.Pq Vt bool 3550If set to 3551.Dq Li YES , 3552run 3553.Xr newsyslog 8 3554command at startup. 3555.It Va newsyslog_flags 3556.Pq Vt str 3557If 3558.Va newsyslog_enable 3559is set to 3560.Dq Li YES , 3561these are the flags to pass to the 3562.Xr newsyslog 8 3563program. 3564The default is 3565.Dq Li -CN , 3566which causes log files flagged with a 3567.Cm C 3568to be created. 3569.It Va mdconfig_md Ns Aq Ar X 3570.Pq Vt str 3571Arguments to 3572.Xr mdconfig 8 3573for 3574.Xr md 4 3575device 3576.Ar X . 3577At minimum a 3578.Fl t Ar type 3579must be specified and either a 3580.Fl s Ar size 3581for malloc or swap backed 3582.Xr md 4 3583devices or a 3584.Fl f Ar file 3585for vnode backed 3586.Xr md 4 3587devices. 3588Note that 3589.Va mdconfig_md Ns Aq Ar X 3590variables are evaluated until one variable is unset or null. 3591.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 3592.Pq Vt str 3593Optional arguments passed to 3594.Xr newfs 8 3595to initialize 3596.Xr md 4 3597device 3598.Ar X . 3599.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 3600.Pq Vt str 3601An ownership specification passed to 3602.Xr chown 8 3603after the specified 3604.Xr md 4 3605device 3606.Ar X 3607has been mounted. 3608Both the 3609.Xr md 4 3610device and the mount point will be changed. 3611.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 3612.Pq Vt str 3613A mode string passed to 3614.Xr chmod 1 3615after the specified 3616.Xr md 4 3617device 3618.Ar X 3619has been mounted. 3620Both the 3621.Xr md 4 3622device and the mount point will be changed. 3623.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 3624.Pq Vt str 3625Files to be copied to the mount point of the 3626.Xr md 4 3627device 3628.Ar X 3629after it has been mounted. 3630.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 3631.Pq Vt str 3632Command to execute after the specified 3633.Xr md 4 3634device 3635.Ar X 3636has been mounted. 3637Note that the command is passed to 3638.Ic eval 3639and that both 3640.Va _dev 3641and 3642.Va _mp 3643variables can be used to reference respectively the 3644.Xr md 4 3645device and the mount point. 3646Assuming that the 3647.Xr md 4 3648device is 3649.Li md0 , 3650one could set the following: 3651.Bd -literal 3652mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 3653.Ed 3654.It Va ramdisk_units 3655.Pq Vt str 3656A list of one or more ramdisk units to configure with 3657.Xr mdconfig 8 3658and 3659.Xr newfs 8 3660in time to be mounted from 3661.Xr fstab 5 . 3662Each listed unit 3663.Ar X 3664must specify at least a 3665.Ar type 3666in a 3667.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3668variable. 3669Note that this way to configure ramdisks has been deprecated 3670in favor of new 3671.Va mdconfig_md* 3672variables (see above). 3673.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3674.Pq Vt str 3675Arguments to 3676.Xr mdconfig 8 3677for ramdisk 3678.Ar X . 3679At minimum a 3680.Fl t Ar type 3681must be specified, where 3682.Ar type 3683must be one of 3684.Cm malloc 3685or 3686.Cm swap . 3687.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs 3688.Pq Vt str 3689Optional arguments passed to 3690.Xr newfs 8 3691to initialize ramdisk 3692.Ar X . 3693.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner 3694.Pq Vt str 3695An ownership specification passed to 3696.Xr chown 8 3697after the specified ramdisk unit 3698.Ar X 3699has been mounted. 3700Both the 3701.Xr md 4 3702device and the mount point will be changed. 3703.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms 3704.Pq Vt str 3705A mode string passed to 3706.Xr chmod 1 3707after the specified ramdisk unit 3708.Ar X 3709has been mounted. 3710Both the 3711.Xr md 4 3712device and the mount point will be changed. 3713.It Va autobridge_interfaces 3714.Pq Vt str 3715Set to the list of bridge interfaces that will have newly arriving interfaces 3716checked against to be automatically added. 3717If not set to 3718.Dq Li NO 3719then for each whitespace separated 3720.Ar element 3721in the value, a 3722.Va autobridge_ Ns Aq Ar element 3723variable is assumed to exist which has a whitespace separated list of interface 3724names to match, these names can use wildcards. 3725For example: 3726.Bd -literal 3727autobridge_interfaces="bridge0" 3728autobridge_bridge0="tap* dc0 vlan[345]" 3729.Ed 3730.It Va mixer_enable 3731.Pq Vt bool 3732If set to 3733.Dq Li YES , 3734enable support for sound mixer. 3735.El 3736.Sh FILES 3737.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 3738.It Pa /etc/defaults/rc.conf 3739.It Pa /etc/rc.conf 3740.It Pa /etc/rc.conf.local 3741.El 3742.Sh SEE ALSO 3743.Xr catman 1 , 3744.Xr chmod 1 , 3745.Xr gdb 1 , 3746.Xr info 1 , 3747.Xr kbdcontrol 1 , 3748.Xr makewhatis 1 , 3749.Xr sh 1 , 3750.Xr vi 1 , 3751.Xr vidcontrol 1 , 3752.Xr bridge 4 , 3753.Xr ip 4 , 3754.Xr ipf 4 , 3755.Xr ipfw 4 , 3756.Xr ipnat 4 , 3757.Xr kld 4 , 3758.Xr pf 4 , 3759.Xr pflog 4 , 3760.Xr pfsync 4 , 3761.Xr tcp 4 , 3762.Xr udp 4 , 3763.Xr exports 5 , 3764.Xr fstab 5 , 3765.Xr ipf 5 , 3766.Xr ipnat 5 , 3767.Xr motd 5 , 3768.Xr newsyslog.conf 5 , 3769.Xr pf.conf 5 , 3770.Xr accton 8 , 3771.Xr amd 8 , 3772.Xr apm 8 , 3773.Xr atm 8 , 3774.Xr chkprintcap 8 , 3775.Xr chown 8 , 3776.Xr cron 8 , 3777.Xr dhclient 8 , 3778.Xr ftpd 8 , 3779.Xr geli 8 , 3780.Xr ifconfig 8 , 3781.Xr inetd 8 , 3782.Xr ipf 8 , 3783.Xr ipfw 8 , 3784.Xr ipnat 8 , 3785.Xr isdnd 8 , 3786.Xr isdntrace 8 , 3787.Xr jail 8 , 3788.Xr kldxref 8 , 3789.Xr lpd 8 , 3790.Xr mdconfig 8 , 3791.Xr mdmfs 8 , 3792.Xr mixer 8 , 3793.Xr mountd 8 , 3794.Xr moused 8 , 3795.Xr mrouted 8 , 3796.Xr named 8 , 3797.Xr newfs 8 , 3798.Xr newsyslog 8 , 3799.Xr nfsd 8 , 3800.Xr ntpd 8 , 3801.Xr ntpdate 8 , 3802.Xr pfctl 8 , 3803.Xr pflogd 8 , 3804.Xr powerd 8 , 3805.Xr quotacheck 8 , 3806.Xr quotaon 8 , 3807.Xr rc 8 , 3808.Xr rc.sendmail 8 , 3809.Xr route 8 , 3810.Xr routed 8 , 3811.Xr rpcbind 8 , 3812.Xr rpc.lockd 8 , 3813.Xr rpc.statd 8 , 3814.Xr rwhod 8 , 3815.Xr savecore 8 , 3816.Xr sshd 8 , 3817.Xr swapon 8 , 3818.Xr sysctl 8 , 3819.Xr syslogd 8 , 3820.Xr timed 8 , 3821.Xr yp 8 , 3822.Xr ypbind 8 , 3823.Xr ypserv 8 , 3824.Xr ypset 8 3825.Sh HISTORY 3826The 3827.Nm 3828file appeared in 3829.Fx 2.2.2 . 3830.Sh AUTHORS 3831.An Jordan K. Hubbard . 3832