1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd February 26, 2017 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66.Pp 67In addition to 68.Pa /etc/rc.conf.local 69you can also place smaller configuration files for each 70.Xr rc 8 71script in the 72.Pa /etc/rc.conf.d 73directory or 74.Ao Ar dir Ac Ns Pa /rc.conf.d 75directories specified in 76.Va local_startup , 77which will be included by the 78.Va load_rc_config 79function. 80For jail configurations you could use the file 81.Pa /etc/rc.conf.d/jail 82to store jail specific configuration options. 83If 84.Va local_startup 85contains 86.Pa /usr/local/etc/rc.d 87and 88.Pa /opt/conf , 89.Pa /usr/local/rc.conf.d/jail 90and 91.Pa /opt/conf/rc.conf.d/jail 92will be loaded. 93If 94.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 95is a directory, 96all of files in the directory will be loaded. 97Also see the 98.Va rc_conf_files 99variable below. 100.Pp 101Options are set with 102.Dq Ar name Ns Li = Ns Ar value 103assignments that use 104.Xr sh 1 105syntax. 106The following list provides a name and short description for each 107variable that can be set in the 108.Nm 109file: 110.Bl -tag -width indent-two 111.It Va rc_debug 112.Pq Vt bool 113If set to 114.Dq Li YES , 115enable output of debug messages from rc scripts. 116This variable can be helpful in diagnosing mistakes when 117editing or integrating new scripts. 118Beware that this produces copious output to the terminal and 119.Xr syslog 3 . 120.It Va rc_info 121.Pq Vt bool 122If set to 123.Dq Li NO , 124disable informational messages from the rc scripts. 125Informational messages are displayed when 126a condition that is not serious enough to warrant a warning or 127an error occurs. 128.It Va rc_startmsgs 129.Pq Vt bool 130If set to 131.Dq Li YES , 132show 133.Dq Starting foo: 134when faststart is used (e.g., at boot time). 135.It Va early_late_divider 136.Pq Vt str 137The name of the script that should be used as the 138delimiter between the 139.Dq early 140and 141.Dq late 142stages of the boot process. 143The early stage should contain all the services needed to 144get the disks (local or remote) mounted so that the late 145stage can include scripts contained in the directories 146listed in the 147.Va local_startup 148variable (see below). 149Thus, the two likely candidates for this value are 150.Pa mountcritlocal 151for the typical system, and 152.Pa mountcritremote 153if the system needs remote file 154systems mounted to get access to the 155.Va local_startup 156directories; for example when 157.Pa /usr/local 158is NFS mounted. 159For 160.Pa rc.conf 161within a 162.Xr jail 8 163.Pa NETWORKING 164is likely to be an appropriate value. 165Extreme care should be taken when changing this value, 166and before changing it one should ensure that there are 167adequate provisions to recover from a failed boot 168(such as physical contact with the machine, 169or reliable remote console access). 170.It Va always_force_depends 171.Pq Vt bool 172Various 173.Pa rc.d 174scripts use the force_depend function to check whether required 175services are already running, and to start them if necessary. 176By default during boot time this check is bypassed if the 177required service is enabled in 178.Pa /etc/rc.conf[.local] . 179Setting this option will bypass that check at boot time and 180always test whether or not the service is actually running. 181Enabling this option is likely to increase your boot time if 182services are enabled that utilize the force_depend check. 183.It Ao Ar name Ac Ns Va _chroot 184.Pq Vt str 185.Xr chroot 8 186to this directory before running the service. 187.It Ao Ar name Ac Ns Va _user 188.Pq Vt str 189Run the service under this user account. 190.It Ao Ar name Ac Ns Va _group 191.Pq Vt str 192Run the chrooted service under this system group. 193Unlike the _user 194setting, this setting has no effect if the service is not chrooted. 195.It Ao Ar name Ac Ns Va _fib 196.Pq Vt int 197The 198.Xr setfib 1 199value to run the service under. 200.It Ao Ar name Ac Ns Va _nice 201.Pq Vt int 202The 203.Xr nice 1 204value to run the service under. 205.It Va apm_enable 206.Pq Vt bool 207If set to 208.Dq Li YES , 209enable support for Automatic Power Management with 210the 211.Xr apm 8 212command. 213.It Va apmd_enable 214.Pq Vt bool 215Run 216.Xr apmd 8 217to handle APM event from userland. 218This also enables support for APM. 219.It Va apmd_flags 220.Pq Vt str 221If 222.Va apmd_enable 223is set to 224.Dq Li YES , 225these are the flags to pass to the 226.Xr apmd 8 227daemon. 228.It Va devd_enable 229.Pq Vt bool 230Run 231.Xr devd 8 232to handle device added, removed or unknown events from the kernel. 233.It Va ddb_enable 234.Pq Vt bool 235Run 236.Xr ddb 8 237to install 238.Xr ddb 4 239scripts at boot time. 240.It Va ddb_config 241.Pq Vt str 242Configuration file for 243.Xr ddb 8 . 244Default 245.Pa /etc/ddb.conf . 246.It Va kld_list 247.Pq Vt str 248A list of kernel modules to load right after the local 249disks are mounted. 250Loading modules at this point in the boot process is 251much faster than doing it via 252.Pa /boot/loader.conf 253for those modules not necessary for mounting local disk. 254.It Va kldxref_enable 255.Pq Vt bool 256Set to 257.Dq Li NO 258by default. 259Set to 260.Dq Li YES 261to automatically rebuild 262.Pa linker.hints 263files with 264.Xr kldxref 8 265at boot time. 266.It Va kldxref_clobber 267.Pq Vt bool 268Set to 269.Dq Li NO 270by default. 271If 272.Va kldxref_enable 273is true, 274setting to 275.Dq Li YES 276will overwrite existing 277.Pa linker.hints 278files at boot time. 279Otherwise, 280only missing 281.Pa linker.hints 282files are generated. 283.It Va kldxref_module_path 284.Pq Vt str 285Empty by default. 286A semi-colon 287.Pq Ql \&; 288delimited list of paths containing 289.Xr kld 4 290modules. 291If empty, 292the contents of the 293.Va kern.module_path 294.Xr sysctl 8 295are used. 296.It Va powerd_enable 297.Pq Vt bool 298If set to 299.Dq Li YES , 300enable the system power control facility with the 301.Xr powerd 8 302daemon. 303.It Va powerd_flags 304.Pq Vt str 305If 306.Va powerd_enable 307is set to 308.Dq Li YES , 309these are the flags to pass to the 310.Xr powerd 8 311daemon. 312.It Va tmpmfs 313Controls the creation of a 314.Pa /tmp 315memory file system. 316Always happens if set to 317.Dq Li YES 318and never happens if set to 319.Dq Li NO . 320If set to anything else, a memory file system is created if 321.Pa /tmp 322is not writable. 323.It Va tmpsize 324Controls the size of a created 325.Pa /tmp 326memory file system. 327.It Va tmpmfs_flags 328Extra options passed to the 329.Xr mdmfs 8 330utility when the memory file system for 331.Pa /tmp 332is created. 333The default is 334.Dq Li "-S" , 335which inhibits the use of softupdates on 336.Pa /tmp 337so that file system space is freed without delay 338after file truncation or deletion. 339See 340.Xr mdmfs 8 341for other options you can use in 342.Va tmpmfs_flags . 343.It Va varmfs 344Controls the creation of a 345.Pa /var 346memory file system. 347Always happens if set to 348.Dq Li YES 349and never happens if set to 350.Dq Li NO . 351If set to anything else, a memory file system is created if 352.Pa /var 353is not writable. 354.It Va varsize 355Controls the size of a created 356.Pa /var 357memory file system. 358.It Va varmfs_flags 359Extra options passed to the 360.Xr mdmfs 8 361utility when the memory file system for 362.Pa /var 363is created. 364The default is 365.Dq Li "-S" , 366which inhibits the use of softupdates on 367.Pa /var 368so that file system space is freed without delay 369after file truncation or deletion. 370See 371.Xr mdmfs 8 372for other options you can use in 373.Va varmfs_flags . 374.It Va populate_var 375Controls the automatic population of the 376.Pa /var 377file system. 378Always happens if set to 379.Dq Li YES 380and never happens if set to 381.Dq Li NO . 382If set to anything else, a memory file system is created if 383.Pa /var 384is not writable. 385Note that this process requires access to certain commands in 386.Pa /usr 387before 388.Pa /usr 389is mounted on normal systems. 390.It Va cleanvar_enable 391.Pq Vt bool 392Clean the 393.Pa /var 394directory. 395.It Va local_startup 396.Pq Vt str 397List of directories to search for startup script files. 398.It Va script_name_sep 399.Pq Vt str 400The field separator to use for breaking down the list of startup script files 401into individual filenames. 402The default is a space. 403It is not necessary to change this unless there are startup scripts with names 404containing spaces. 405.It Va hostapd_enable 406.Pq Vt bool 407Set to 408.Dq Li YES 409to start 410.Xr hostapd 8 411at system boot time. 412.It Va hostname 413.Pq Vt str 414The fully qualified domain name (FQDN) of this host on the network. 415This should almost certainly be set to something meaningful, even if 416there is no network connection. 417If 418.Xr dhclient 8 419is used to set the hostname via DHCP, 420this variable should be set to an empty string. 421If this value remains unset when the system is done booting 422your console login will display the default hostname of 423.Dq Amnesiac . 424.It Va nisdomainname 425.Pq Vt str 426The NIS domain name of this host, or 427.Dq Li NO 428if NIS is not used. 429.It Va dhclient_program 430.Pq Vt str 431Path to the DHCP client program 432.Pa ( /sbin/dhclient , 433the 434.Ox 435DHCP client, 436is the default). 437.It Va dhclient_flags 438.Pq Vt str 439Additional flags to pass to the DHCP client program. 440For the 441.Ox 442DHCP client, see the 443.Xr dhclient 8 444manpage for a description of the command line options available. 445.It Va dhclient_flags_ Ns Aq Ar iface 446Additional flags to pass to the DHCP client program running on 447.Ar iface 448only. 449When specified, this variable overrides 450.Va dhclient_flags . 451.It Va background_dhclient 452.Pq Vt bool 453Set to 454.Dq Li YES 455to start the DHCP client in background. 456This can cause trouble with applications depending on 457a working network, but it will provide a faster startup 458in many cases. 459.It Va background_dhclient_ Ns Aq Ar iface 460When specified, this variable overrides the 461.Va background_dhclient 462variable for interface 463.Ar iface 464only. 465.It Va synchronous_dhclient 466.Pq Vt bool 467Set to 468.Dq Li YES 469to start 470.Xr dhclient 8 471synchronously at startup. 472This behavior can be overridden on a per-interface basis by replacing 473the 474.Dq Li DHCP 475keyword in the 476.Va ifconfig_ Ns Aq Ar interface 477variable with 478.Dq Li SYNCDHCP 479or 480.Dq Li NOSYNCDHCP . 481.It Va defaultroute_delay 482.Pq Vt int 483When set to a positive value, wait up to this long after configuring 484DHCP interfaces at startup to give the interfaces time to receive a lease. 485.It Va firewall_enable 486.Pq Vt bool 487Set to 488.Dq Li YES 489to load firewall rules at startup. 490If the kernel was not built with 491.Cd "options IPFIREWALL" , 492the 493.Pa ipfw.ko 494kernel module will be loaded. 495See also 496.Va ipfilter_enable . 497.It Va firewall_script 498.Pq Vt str 499This variable specifies the full path to the firewall script to run. 500The default is 501.Pa /etc/rc.firewall . 502.It Va firewall_type 503.Pq Vt str 504Names the firewall type from the selection in 505.Pa /etc/rc.firewall , 506or the file which contains the local firewall ruleset. 507Valid selections from 508.Pa /etc/rc.firewall 509are: 510.Pp 511.Bl -tag -width ".Li simple" -compact 512.It Li open 513unrestricted IP access 514.It Li closed 515all IP services disabled, except via 516.Dq Li lo0 517.It Li client 518basic protection for a workstation 519.It Li simple 520basic protection for a LAN. 521.El 522.Pp 523If a filename is specified, the full path 524must be given. 525.It Va firewall_quiet 526.Pq Vt bool 527Set to 528.Dq Li YES 529to disable the display of firewall rules on the console during boot. 530.It Va firewall_logging 531.Pq Vt bool 532Set to 533.Dq Li YES 534to enable firewall event logging. 535This is equivalent to the 536.Dv IPFIREWALL_VERBOSE 537kernel option. 538.It Va firewall_logif 539.Pq Vt bool 540Set to 541.Dq Li YES 542to create pseudo interface 543.Li ipfw0 544for logging. 545For more details, see 546.Xr ipfw 8 547manual page. 548.It Va firewall_flags 549.Pq Vt str 550Flags passed to 551.Xr ipfw 8 552if 553.Va firewall_type 554specifies a filename. 555.It Va firewall_coscripts 556.Pq Vt str 557List of executables and/or rc scripts to run after firewall starts/stops. 558Default is empty. 559.\" ----- firewall_nat_enable setting -------------------------------- 560.It Va firewall_nat_enable 561.Pq Vt bool 562The 563.Xr ipfw 8 564equivalent of 565.Va natd_enable . 566Setting this to 567.Dq Li YES 568enables kernel NAT. 569.Va firewall_enable 570must also be set to 571.Dq Li YES . 572.It Va firewall_nat_interface 573.Pq Vt str 574The 575.Xr ipfw 8 576equivalent of 577.Va natd_interface . 578This is the name of the public interface or IP address on which 579kernel NAT should run. 580.It Va firewall_nat_flags 581.Pq Vt str 582Additional configuration parameters for kernel NAT should be placed here. 583.It Va dummynet_enable 584.Pq Vt bool 585Setting this to 586.Dq Li YES 587will automatically load the 588.Xr dummynet 4 589module if 590.Va firewall_enable 591is also set to 592.Dq Li YES . 593.\" ------------------------------------------------------------------- 594.It Va natd_program 595.Pq Vt str 596Path to 597.Xr natd 8 . 598.It Va natd_enable 599.Pq Vt bool 600Set to 601.Dq Li YES 602to enable 603.Xr natd 8 . 604.Va firewall_enable 605must also be set to 606.Dq Li YES , 607and 608.Xr divert 4 609sockets must be enabled in the kernel. 610If the kernel was not built with 611.Cd "options IPDIVERT" , 612the 613.Pa ipdivert.ko 614kernel module will be loaded. 615.It Va natd_interface 616.Pq Vt str 617This is the name of the public interface on which 618.Xr natd 8 619should run. 620The interface may be given as an interface name or as an IP address. 621.It Va natd_flags 622.Pq Vt str 623Additional 624.Xr natd 8 625flags should be placed here. 626The 627.Fl n 628or 629.Fl a 630flag is automatically added with the above 631.Va natd_interface 632as an argument. 633.\" ----- ipfilter_enable setting -------------------------------- 634.It Va ipfilter_enable 635.Pq Vt bool 636Set to 637.Dq Li NO 638by default. 639Setting this to 640.Dq Li YES 641enables 642.Xr ipf 8 643packet filtering. 644.Pp 645Typical usage will require putting 646.Bd -literal 647ipfilter_enable="YES" 648ipnat_enable="YES" 649ipmon_enable="YES" 650ipfs_enable="YES" 651.Ed 652.Pp 653into 654.Pa /etc/rc.conf 655and editing 656.Pa /etc/ipf.rules 657and 658.Pa /etc/ipnat.rules 659appropriately. 660.Pp 661Note that 662.Va ipfilter_enable 663and 664.Va ipnat_enable 665can be enabled independently. 666.Va ipmon_enable 667and 668.Va ipfs_enable 669both require at least one of 670.Va ipfilter_enable 671and 672.Va ipnat_enable 673to be enabled. 674.Pp 675Having 676.Bd -literal 677options IPFILTER 678options IPFILTER_LOG 679options IPFILTER_DEFAULT_BLOCK 680.Ed 681.Pp 682in the kernel configuration file is a good idea, too. 683.\" ----- ipfilter_program setting ------------------------------ 684.It Va ipfilter_program 685.Pq Vt str 686Path to 687.Xr ipf 8 688(default 689.Pa /sbin/ipf ) . 690.\" ----- ipfilter_rules setting -------------------------------- 691.It Va ipfilter_rules 692.Pq Vt str 693Set to 694.Pa /etc/ipf.rules 695by default. 696This variable contains the name of the filter rule definition file. 697The file is expected to be readable for the 698.Xr ipf 8 699command to execute. 700.\" ----- ipv6_ipfilter_rules setting --------------------------- 701.It Va ipv6_ipfilter_rules 702.Pq Vt str 703Set to 704.Pa /etc/ipf6.rules 705by default. 706This variable contains the IPv6 filter rule definition file. 707The file is expected to be readable for the 708.Xr ipf 8 709command to execute. 710.\" ----- ipfilter_flags setting -------------------------------- 711.It Va ipfilter_flags 712.Pq Vt str 713Empty by default. 714This variable contains flags passed to the 715.Xr ipf 8 716program. 717.\" ----- ipnat_enable setting ---------------------------------- 718.It Va ipnat_enable 719.Pq Vt bool 720Set to 721.Dq Li NO 722by default. 723Set it to 724.Dq Li YES 725to enable 726.Xr ipnat 8 727network address translation. 728See 729.Va ipfilter_enable 730for a detailed discussion. 731.\" ----- ipnat_program setting --------------------------------- 732.It Va ipnat_program 733.Pq Vt str 734Path to 735.Xr ipnat 8 736(default 737.Pa /sbin/ipnat ) . 738.\" ----- ipnat_rules setting ----------------------------------- 739.It Va ipnat_rules 740.Pq Vt str 741Set to 742.Pa /etc/ipnat.rules 743by default. 744This variable contains the name of the file 745holding the network address translation definition. 746This file is expected to be readable for the 747.Xr ipnat 8 748command to execute. 749.\" ----- ipnat_flags setting ----------------------------------- 750.It Va ipnat_flags 751.Pq Vt str 752Empty by default. 753This variable contains flags passed to the 754.Xr ipnat 8 755program. 756.\" ----- ipmon_enable setting ---------------------------------- 757.It Va ipmon_enable 758.Pq Vt bool 759Set to 760.Dq Li NO 761by default. 762Set it to 763.Dq Li YES 764to enable 765.Xr ipmon 8 766monitoring (logging 767.Xr ipf 8 768and 769.Xr ipnat 8 770events). 771Setting this variable needs setting 772.Va ipfilter_enable 773or 774.Va ipnat_enable 775too. 776See 777.Va ipfilter_enable 778for a detailed discussion. 779.\" ----- ipmon_program setting --------------------------------- 780.It Va ipmon_program 781.Pq Vt str 782Path to 783.Xr ipmon 8 784(default 785.Pa /sbin/ipmon ) . 786.\" ----- ipmon_flags setting ----------------------------------- 787.It Va ipmon_flags 788.Pq Vt str 789Set to 790.Dq Li -Ds 791by default. 792This variable contains flags passed to the 793.Xr ipmon 8 794program. 795Another typical example would be 796.Dq Fl D Pa /var/log/ipflog 797to have 798.Xr ipmon 8 799log directly to a file bypassing 800.Xr syslogd 8 . 801Make sure to adjust 802.Pa /etc/newsyslog.conf 803in such case like this: 804.Bd -literal 805/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 806.Ed 807.\" ----- ipfs_enable setting ----------------------------------- 808.It Va ipfs_enable 809.Pq Vt bool 810Set to 811.Dq Li NO 812by default. 813Set it to 814.Dq Li YES 815to enable 816.Xr ipfs 8 817saving the filter and NAT state tables during shutdown 818and reloading them during startup again. 819Setting this variable needs setting 820.Va ipfilter_enable 821or 822.Va ipnat_enable 823to 824.Dq Li YES 825too. 826See 827.Va ipfilter_enable 828for a detailed discussion. 829Note that if 830.Va kern_securelevel 831is set to 3, 832.Va ipfs_enable 833cannot be used 834because the raised securelevel will prevent 835.Xr ipfs 8 836from saving the state tables at shutdown time. 837.\" ----- ipfs_program setting ---------------------------------- 838.It Va ipfs_program 839.Pq Vt str 840Path to 841.Xr ipfs 8 842(default 843.Pa /sbin/ipfs ) . 844.\" ----- ipfs_flags setting ------------------------------------ 845.It Va ipfs_flags 846.Pq Vt str 847Empty by default. 848This variable contains flags passed to the 849.Xr ipfs 8 850program. 851.\" ----- end of added ipf hook --------------------------------- 852.It Va pf_enable 853.Pq Vt bool 854Set to 855.Dq Li NO 856by default. 857Setting this to 858.Dq Li YES 859enables 860.Xr pf 4 861packet filtering. 862.Pp 863Typical usage will require putting 864.Pp 865.Dl pf_enable="YES" 866.Pp 867into 868.Pa /etc/rc.conf 869and editing 870.Pa /etc/pf.conf 871appropriately. 872Adding 873.Pp 874.Dl "device pf" 875.Pp 876builds support for 877.Xr pf 4 878into the kernel, otherwise the 879kernel module will be loaded. 880.It Va pf_rules 881.Pq Vt str 882Path to 883.Xr pf 4 884ruleset configuration file 885(default 886.Pa /etc/pf.conf ) . 887.It Va pf_program 888.Pq Vt str 889Path to 890.Xr pfctl 8 891(default 892.Pa /sbin/pfctl ) . 893.It Va pf_flags 894.Pq Vt str 895If 896.Va pf_enable 897is set to 898.Dq Li YES , 899these flags are passed to the 900.Xr pfctl 8 901program when loading the ruleset. 902.It Va pflog_enable 903.Pq Vt bool 904Set to 905.Dq Li NO 906by default. 907Setting this to 908.Dq Li YES 909enables 910.Xr pflogd 8 911which logs packets from the 912.Xr pf 4 913packet filter. 914.It Va pflog_logfile 915.Pq Vt str 916If 917.Va pflog_enable 918is set to 919.Dq Li YES 920this controls where 921.Xr pflogd 8 922stores the logfile 923(default 924.Pa /var/log/pflog ) . 925Check 926.Pa /etc/newsyslog.conf 927to adjust logfile rotation for this. 928.It Va pflog_program 929.Pq Vt str 930Path to 931.Xr pflogd 8 932(default 933.Pa /sbin/pflogd ) . 934.It Va pflog_flags 935.Pq Vt str 936Empty by default. 937This variable contains additional flags passed to the 938.Xr pflogd 8 939program. 940.It Va pflog_instances 941.Pq Vt str 942If logging to more than one 943.Xr pflog 4 944interface is desired, 945.Va pflog_instances 946is set to the list of 947.Xr pflogd 8 948instances that should be started at system boot time. 949If 950.Va pflog_instances 951is set, for each whitespace-seperated 952.Ar element 953in the list, 954.Ao Ar element Ac Ns Va _dev 955and 956.Ao Ar element Ac Ns Va _logfile 957elements are assumed to exist. 958.Ao Ar element Ac Ns Va _dev 959must contain the 960.Xr pflog 4 961interface to be watched by the named 962.Xr pflogd 8 963instance. 964.Ao Ar element Ac Ns Va _logfile 965must contain the name of the logfile that will be used by the 966.Xr pflogd 8 967instance. 968.It Va ftpproxy_enable 969.Pq Vt bool 970Set to 971.Dq Li NO 972by default. 973Setting this to 974.Dq Li YES 975enables 976.Xr ftp-proxy 8 977which supports the 978.Xr pf 4 979packet filter in translating ftp connections. 980.It Va ftpproxy_flags 981.Pq Vt str 982Empty by default. 983This variable contains additional flags passed to the 984.Xr ftp-proxy 8 985program. 986.It Va ftpproxy_instances 987.Pq Vt str 988Empty by default. 989If multiple instances of 990.Xr ftp-proxy 8 991are desired at boot time, 992.Va ftpproxy_instances 993should contain a whitespace-seperated list of instance names. 994For each 995.Ar element 996in the list, a variable named 997.Ao Ar element Ac Ns Va _flags 998should be defined, containing the command-line flags to be passed to the 999.Xr ftp-proxy 8 1000instance. 1001.It Va pfsync_enable 1002.Pq Vt bool 1003Set to 1004.Dq Li NO 1005by default. 1006Setting this to 1007.Dq Li YES 1008enables exposing 1009.Xr pf 4 1010state changes to other hosts over the network by means of 1011.Xr pfsync 4 . 1012The 1013.Va pfsync_syncdev 1014variable 1015must also be set then. 1016.It Va pfsync_syncdev 1017.Pq Vt str 1018Empty by default. 1019This variable specifies the name of the network interface 1020.Xr pfsync 4 1021should operate through. 1022It must be set accordingly if 1023.Va pfsync_enable 1024is set to 1025.Dq Li YES . 1026.It Va pfsync_syncpeer 1027.Pq Vt str 1028Empty by default. 1029This variable is optional. 1030By default, state change messages are sent out on the synchronisation 1031interface using IP multicast packets. 1032The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1033224.0.0.240. 1034When a peer address is specified using the 1035.Va pfsync_syncpeer 1036option, the peer address is used as a destination for the pfsync 1037traffic, and the traffic can then be protected using 1038.Xr ipsec 4 . 1039See the 1040.Xr pfsync 4 1041manpage for more details about using 1042.Xr ipsec 4 1043with 1044.Xr pfsync 4 1045interfaces. 1046.It Va pfsync_ifconfig 1047.Pq Vt str 1048Empty by default. 1049This variable can contain additional options to be passed to the 1050.Xr ifconfig 8 1051command used to set up 1052.Xr pfsync 4 . 1053.It Va tcp_extensions 1054.Pq Vt bool 1055Set to 1056.Dq Li YES 1057by default. 1058Setting this to 1059.Dq Li NO 1060disables certain TCP options as described by 1061.Rs 1062.%T "RFC 1323" 1063.Re 1064Setting this to 1065.Dq Li NO 1066might help remedy such problems with connections as randomly hanging 1067or other weird behavior. 1068Some network devices are known 1069to be broken with respect to these options. 1070.It Va log_in_vain 1071.Pq Vt int 1072Set to 0 by default. 1073The 1074.Xr sysctl 8 1075variables, 1076.Va net.inet.tcp.log_in_vain 1077and 1078.Va net.inet.udp.log_in_vain , 1079as described in 1080.Xr tcp 4 1081and 1082.Xr udp 4 , 1083are set to the given value. 1084.It Va tcp_keepalive 1085.Pq Vt bool 1086Set to 1087.Dq Li YES 1088by default. 1089Setting to 1090.Dq Li NO 1091will disable probing idle TCP connections to verify that the 1092peer is still up and reachable. 1093.It Va tcp_drop_synfin 1094.Pq Vt bool 1095Set to 1096.Dq Li NO 1097by default. 1098Setting to 1099.Dq Li YES 1100will cause the kernel to ignore TCP frames that have both 1101the SYN and FIN flags set. 1102This prevents OS fingerprinting, but may 1103break some legitimate applications. 1104.It Va icmp_drop_redirect 1105.Pq Vt bool 1106Set to 1107.Dq Li NO 1108by default. 1109Setting to 1110.Dq Li YES 1111will cause the kernel to ignore ICMP REDIRECT packets. 1112Refer to 1113.Xr icmp 4 1114for more information. 1115.It Va icmp_log_redirect 1116.Pq Vt bool 1117Set to 1118.Dq Li NO 1119by default. 1120Setting to 1121.Dq Li YES 1122will cause the kernel to log ICMP REDIRECT packets. 1123Note that 1124the log messages are not rate-limited, so this option should only be used 1125for troubleshooting networks. 1126Refer to 1127.Xr icmp 4 1128for more information. 1129.It Va icmp_bmcastecho 1130.Pq Vt bool 1131Set to 1132.Dq Li YES 1133to respond to broadcast or multicast ICMP ping packets. 1134Refer to 1135.Xr icmp 4 1136for more information. 1137.It Va ip_portrange_first 1138.Pq Vt int 1139If not set to 1140.Dq Li NO , 1141this is the first port in the default portrange. 1142Refer to 1143.Xr ip 4 1144for more information. 1145.It Va ip_portrange_last 1146.Pq Vt int 1147If not set to 1148.Dq Li NO , 1149this is the last port in the default portrange. 1150Refer to 1151.Xr ip 4 1152for more information. 1153.It Va network_interfaces 1154.Pq Vt str 1155Set to the list of network interfaces to configure on this host or 1156.Dq Li AUTO 1157(the default) for all current interfaces. 1158Setting the 1159.Va network_interfaces 1160variable to anything other than the default is deprecated. 1161Interfaces that the administrator wishes to store configuration for, 1162but not start at boot should be configured with the 1163.Dq Li NOAUTO 1164keyword in their 1165.Va ifconfig_ Ns Aq Ar interface 1166variables as described below. 1167.Pp 1168An 1169.Va ifconfig_ Ns Aq Ar interface 1170variable is also assumed to exist for each value of 1171.Ar interface . 1172When an interface name contains any of the characters 1173.Dq Li .-/+ 1174they are translated to 1175.Dq Li _ 1176before lookup. 1177The variable can contain arguments to 1178.Xr ifconfig 8 , 1179as well as special case-insensitive keywords described below. 1180Such keywords are removed before passing the value to 1181.Xr ifconfig 8 1182while the order of the other arguments is preserved. 1183.Pp 1184It is possible to add IP alias entries using 1185.Xr ifconfig 8 1186syntax with the address family keyword such as 1187.Li inet . 1188Assuming that the interface in question was 1189.Li ed0 , 1190it might look something like this: 1191.Bd -literal 1192ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1193ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1194.Ed 1195.Pp 1196It also possible to configure multiple IP addresses in Classless 1197Inter-Domain Routing 1198.Pq CIDR 1199address notation, 1200whose each address component can be a range like 1201.Li inet 192.0.2.5-23/24 1202or 1203.Li inet6 2001:db8:1-f::1/64 . 1204This notation allows address and prefix length part only, 1205not the other address modifiers. 1206Note that the maximum number of the generated addresses from a range 1207specification is limited to an integer value specified in 1208.Va netif_ipexpand_max 1209in 1210.Nm 1211because a small typo can unexpectedly generate a large number of addresses. 1212The default value is 1213.Li 2048 . 1214It can be increased by adding the following line into 1215.Nm : 1216.Bd -literal 1217netif_ipexpand_max="4096" 1218.Ed 1219.Pp 1220In the case of 1221.Li 192.0.2.5-23/24 , 1222the address 192.0.2.5 will be configured with the 1223netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1224the non-conflicting netmask /32 as explained in the 1225.Xr ifconfig 8 1226alias section. 1227Note that this special netmask handling is only for 1228.Li inet , 1229not for the other address families such as 1230.Li inet6 . 1231.Pp 1232With the interface in question being 1233.Li ed0 , 1234an example could look like: 1235.Bd -literal 1236ifconfig_ed0_alias2="inet 192.0.2.129/27" 1237ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1238.Ed 1239.Pp 1240and so on. 1241.Pp 1242Note that 1243.Va ipv4_addrs_ Ns Aq Ar interface 1244variable was supported for IPv4 CIDR address notation. 1245It is now deprecated because the functionality was integrated into 1246.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1247though 1248.Va ipv4_addrs_ Ns Aq Ar interface 1249is still supported for backward compatibility. 1250.Pp 1251For each 1252.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1253entry with an address family keyword, 1254its contents are passed to 1255.Xr ifconfig 8 . 1256Execution stops at the first unsuccessful access, so if 1257something like this is present: 1258.Bd -literal 1259ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1260ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1261ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1262ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1263.Ed 1264.Pp 1265Then note that alias4 would 1266.Em not 1267be added since the search would 1268stop with the missing 1269.Dq Li alias3 1270entry. 1271Because of this difficult to manage behavior, 1272there is 1273.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1274variable, which has the same functionality as 1275.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1276and can have all of entries in a variable like the following: 1277.Bd -literal 1278ifconfig_ed0_aliases="\\ 1279 inet 127.0.0.251 netmask 0xffffffff \\ 1280 inet 127.0.0.252 netmask 0xffffffff \\ 1281 inet 127.0.0.253 netmask 0xffffffff \\ 1282 inet 127.0.0.254 netmask 0xffffffff" 1283.Ed 1284.Pp 1285It also supports CIDR notation. 1286.Pp 1287If the 1288.Pa /etc/start_if. Ns Aq Ar interface 1289file is present, it is read and executed by the 1290.Xr sh 1 1291interpreter 1292before configuring the interface as specified in the 1293.Va ifconfig_ Ns Aq Ar interface 1294and 1295.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1296variables. 1297.Pp 1298If a 1299.Va vlans_ Ns Aq Ar interface 1300variable is set, 1301a 1302.Xr vlan 4 1303interface will be created for each item in the list with the 1304.Ar vlandev 1305argument set to 1306.Ar interface . 1307If a vlan interface's name is a number, 1308then that number is used as the vlan tag and the new vlan interface is 1309named 1310.Ar interface . Ns Ar tag . 1311Otherwise, 1312the vlan tag must be specified via a 1313.Va vlan 1314parameter in the 1315.Va create_args_ Ns Aq Ar interface 1316variable. 1317.Pp 1318To create a vlan device named 1319.Li em0.101 1320on 1321.Li em0 1322with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1323.Bd -literal 1324vlans_em0="101" 1325ifconfig_em0_101="inet 192.0.2.1/24" 1326.Ed 1327.Pp 1328To create a vlan device named 1329.Li myvlan 1330on 1331.Li em0 1332with the vlan tag 102: 1333.Bd -literal 1334vlans_em0="myvlan" 1335create_args_myvlan="vlan 102" 1336.Ed 1337.Pp 1338If a 1339.Va wlans_ Ns Aq Ar interface 1340variable is set, 1341an 1342.Xr wlan 4 1343interface will be created for each item in the list with the 1344.Ar wlandev 1345argument set to 1346.Ar interface . 1347Further wlan cloning arguments may be passed to the 1348.Xr ifconfig 8 1349.Cm create 1350command by setting the 1351.Va create_args_ Ns Aq Ar interface 1352variable. 1353One or more 1354.Xr wlan 4 1355devices must be created for each wireless devices as of 1356.Fx 8.0 . 1357Debugging flags for 1358.Xr wlan 4 1359devices as set by 1360.Xr wlandebug 8 1361may be specified with an 1362.Va wlandebug_ Ns Aq Ar interface 1363variable. 1364The contents of this variable will be passed directly to 1365.Xr wlandebug 8 . 1366.Pp 1367If the 1368.Va ifconfig_ Ns Aq Ar interface 1369contains the keyword 1370.Dq Li NOAUTO 1371then the interface will not be configured 1372at boot or by 1373.Pa /etc/pccard_ether 1374when 1375.Va network_interfaces 1376is set to 1377.Dq Li AUTO . 1378.Pp 1379It is possible to bring up an interface with DHCP by adding 1380.Dq Li DHCP 1381to the 1382.Va ifconfig_ Ns Aq Ar interface 1383variable. 1384For instance, to initialize the 1385.Li ed0 1386device via DHCP, 1387it is possible to use something like: 1388.Bd -literal 1389ifconfig_ed0="DHCP" 1390.Ed 1391.Pp 1392If you want to configure your wireless interface with 1393.Xr wpa_supplicant 8 1394for use with WPA, EAP/LEAP or WEP, you need to add 1395.Dq Li WPA 1396to the 1397.Va ifconfig_ Ns Aq Ar interface 1398variable. 1399.Pp 1400On the other hand, if you want to configure your wireless interface with 1401.Xr hostapd 8 , 1402you need to add 1403.Dq Li HOSTAP 1404to the 1405.Va ifconfig_ Ns Aq Ar interface 1406variable. 1407.Xr hostapd 8 1408will use the settings from 1409.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1410.Pp 1411Finally, you can add 1412.Xr ifconfig 8 1413options in this variable, in addition to the 1414.Pa /etc/start_if. Ns Aq Ar interface 1415file. 1416For instance, to configure an 1417.Xr ath 4 1418wireless device in station mode with an address obtained 1419via DHCP, using WPA authentication and 802.11b mode, it is 1420possible to use something like: 1421.Bd -literal 1422wlans_ath0="wlan0" 1423ifconfig_wlan0="DHCP WPA mode 11b" 1424.Ed 1425.Pp 1426In addition to the 1427.Va ifconfig_ Ns Aq Ar interface 1428form, a fallback variable 1429.Va ifconfig_DEFAULT 1430may be configured. 1431It will be used for all interfaces with no 1432.Va ifconfig_ Ns Aq Ar interface 1433variable. 1434This is intended to replace the no longer supported 1435.Va pccard_ifconfig 1436variable. 1437.Pp 1438It is also possible to rename an interface by doing: 1439.Bd -literal 1440ifconfig_ed0_name="net0" 1441ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1442.Ed 1443.It Va ipv6_enable 1444.Pq Vt bool 1445This variable is deprecated. 1446Use 1447.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1448and 1449.Va ipv6_activate_all_interfaces 1450if necessary. 1451.Pp 1452If the variable is 1453.Dq Li YES , 1454.Dq Li inet6 accept_rtadv 1455is added to all of 1456.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1457and the 1458.Va ipv6_activate_all_interfaces 1459is defined as 1460.Dq Li YES . 1461.It Va ipv6_prefer 1462.Pq Vt bool 1463This variable is deprecated. 1464Use 1465.Va ip6addrctl_policy 1466instead. 1467.Pp 1468If the variable is 1469.Dq Li YES , 1470the default address selection policy table set by 1471.Xr ip6addrctl 8 1472will be IPv6-preferred. 1473.Pp 1474If the variable is 1475.Dq Li NO , 1476the default address selection policy table set by 1477.Xr ip6addrctl 8 1478will be IPv4-preferred. 1479.It Va ipv6_activate_all_interfaces 1480.Pq Vt bool 1481This controls initial configuration on IPv6-capable 1482interfaces with no corresponding 1483.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1484variable. 1485Note that it is not always necessary to set this variable to 1486.Dq YES 1487to use IPv6 functionality on 1488.Fx . 1489In most cases, just configuring 1490.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1491variables works. 1492.Pp 1493If the variable is 1494.Dq Li NO , 1495all interfaces which do not have a corresponding 1496.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1497variable will be marked as 1498.Dq Li IFDISABLED 1499at creation. 1500This means that all of IPv6 functionality on that interface 1501is completely disabled to enforce a security policy. 1502If the variable is set to 1503.Dq YES , 1504the flag will be cleared on all of the interfaces. 1505.Pp 1506In most cases, just defining an 1507.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1508for an IPv6-capable interface should be sufficient. 1509However, if an interface is added dynamically 1510.Pq by some tunneling protocols such as PPP, for example , 1511it is often difficult to define the variable in advance. 1512In such a case, configuring the 1513.Dq Li IFDISABLED 1514flag can be disabled by setting this variable to 1515.Dq YES . 1516.Pp 1517For more details of the 1518.Dq Li IFDISABLED 1519flag and keywords 1520.Dq Li inet6 ifdisabled , 1521see 1522.Xr ifconfig 8 . 1523.Pp 1524Default is 1525.Dq Li NO . 1526.It Va ipv6_privacy 1527.Pq Vt bool 1528If the variable is 1529.Dq Li YES 1530privacy addresses will be generated for each IPv6 1531interface as described in RFC 4941. 1532.It Va ipv6_network_interfaces 1533.Pq Vt str 1534This is the IPv6 equivalent of 1535.Va network_interfaces . 1536Normally manual configuration of this variable is not needed. 1537.It Va ipv6_cpe_wanif 1538.Pq Vt str 1539If the variable is set to an interface name, 1540the 1541.Xr ifconfig 8 1542options 1543.Dq inet6 -no_radr accept_rtadv 1544will be added to the specified interface automatically before evaluating 1545.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1546and two 1547.Xr sysctl 8 1548variables 1549.Va net.inet6.ip6.rfc6204w3 1550and 1551.Va net.inet6.ip6.no_radr 1552will be set to 1. 1553.Pp 1554This means the specified interface will accept ICMPv6 Router 1555Advertisement messages on that link and add the discovered 1556routers into the Default Router List. 1557While the other interfaces can still accept RA messages if the 1558.Dq inet6 accept_rtadv 1559option is specified, adding 1560routes into the Default Router List will be disabled by 1561.Dq inet6 no_radr 1562option by default. 1563See 1564.Xr ifconfig 8 1565for more details. 1566.Pp 1567Note that ICMPv6 Router Advertisement messages will be 1568accepted even when 1569.Va net.inet6.ip6.forwarding 1570is 1 1571.Pq packet forwarding is enabled 1572when 1573.Va net.inet6.ip6.rfc6204w3 1574is set to 1. 1575.Pp 1576Default is 1577.Dq Li NO . 1578.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1579.Pq Vt str 1580IPv6 functionality on an interface should be configured by 1581.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1582instead of setting ifconfig parameters in 1583.Va ifconfig_ Ns Aq Ar interface . 1584If this variable is empty, all of IPv6 configurations on the 1585specified interface by other variables such as 1586.Va ipv6_prefix_ Ns Ao Ar interface Ac 1587will be ignored. 1588.Pp 1589Aliases should be set by 1590.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1591with 1592.Dq Li inet6 1593keyword. 1594For example: 1595.Bd -literal 1596ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1597ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1598.Ed 1599.Pp 1600Interfaces that have an 1601.Dq Li inet6 accept_rtadv 1602keyword in 1603.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1604setting will be automatically configured by SLAAC 1605.Pq StateLess Address AutoConfiguration 1606described in 1607.Rs 1608.%T "RFC 4862" 1609.Re 1610.Pp 1611Note that a link-local address will be automatically configured in 1612addition to the configured global-scope addresses because the IPv6 1613specifications require it on each link. 1614The address is calculated from the MAC address by using an algorithm 1615defined in 1616.Rs 1617.%T "RFC 4862" 1618.%O "Section 5.3" 1619.Re 1620.Pp 1621If only a link-local address is needed on the interface, 1622the following configuration can be used: 1623.Bd -literal 1624ifconfig_ed0_ipv6="inet6 auto_linklocal" 1625.Ed 1626.Pp 1627A link-local address can also be configured manually. 1628This is useful for the default router address of an IPv6 router 1629so that it does not change when the network interface 1630card is replaced. 1631For example: 1632.Bd -literal 1633ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1634.Ed 1635.It Va ipv6_prefix_ Ns Aq Ar interface 1636.Pq Vt str 1637If one or more prefixes are defined in 1638.Va ipv6_prefix_ Ns Aq Ar interface 1639addresses based on each prefix and the EUI-64 interface index will be 1640configured on that interface. 1641Note that this variable will be ignored when 1642.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1643is empty. 1644.Pp 1645For example, the following configuration 1646.Bd -literal 1647ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1648.Ed 1649.Pp 1650is equivalent to the following: 1651.Bd -literal 1652ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1653ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1654ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1655ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1656.Ed 1657.Pp 1658These Subnet-Router anycast addresses will be added only when 1659.Va ipv6_gateway_enable 1660is YES. 1661.It Va ipv6_default_interface 1662.Pq Vt str 1663If not set to 1664.Dq Li NO , 1665this is the default output interface for scoped addresses. 1666This works only with ipv6_gateway_enable="NO". 1667.It Va ip6addrctl_enable 1668.Pq Vt bool 1669This variable is to enable configuring default address selection policy table 1670.Pq RFC 3484 . 1671The table can be specified in another variable 1672.Va ip6addrctl_policy . 1673For 1674.Va ip6addrctl_policy 1675the following keywords can be specified: 1676.Dq Li ipv4_prefer , 1677.Dq Li ipv6_prefer , 1678or 1679.Dq Li AUTO . 1680.Pp 1681If 1682.Dq Li ipv4_prefer 1683or 1684.Dq Li ipv6_prefer 1685is specified, 1686.Xr ip6addrctl 8 1687installs a pre-defined policy table described in Section 2.1 1688.Pq IPv6-preferred 1689or 10.3 1690.Pq IPv4-preferred 1691of RFC 3484. 1692.Pp 1693If 1694.Dq Li AUTO 1695is specified, it attempts to read a file 1696.Pa /etc/ip6addrctl.conf 1697first. 1698If this file is found, 1699.Xr ip6addrctl 8 1700reads and installs it. 1701If not found, a policy is automatically set 1702according to 1703.Va ipv6_activate_all_interfaces 1704variable; if the variable is set to 1705.Dq Li YES 1706the IPv6-preferred one is used. 1707Otherwise IPv4-preferred. 1708.Pp 1709The default value of 1710.Va ip6addrctl_enable 1711and 1712.Va ip6addrctl_policy 1713are 1714.Dq Li YES 1715and 1716.Dq Li AUTO , 1717respectively. 1718.It Va cloned_interfaces 1719.Pq Vt str 1720Set to the list of clonable network interfaces to create on this host. 1721Further cloning arguments may be passed to the 1722.Xr ifconfig 8 1723.Cm create 1724command for each interface by setting the 1725.Va create_args_ Ns Aq Ar interface 1726variable. 1727If an interface name is specified with 1728.Dq :sticky 1729keyword, 1730the interface will not be destroyed even when 1731.Pa rc.d/netif 1732script is invoked with 1733.Dq stop 1734argument. 1735This is useful when reconfiguring the interface without destroying it. 1736Entries in 1737.Va cloned_interfaces 1738are automatically appended to 1739.Va network_interfaces 1740for configuration. 1741.It Va cloned_interfaces_sticky 1742.Pq Vt bool 1743This variable is to globally enable functionality of 1744.Dq :sticky 1745keyword in 1746.Va cloned_interfaces 1747for all interfaces. 1748The default value is 1749.Dq NO . 1750Even if this variable is specified to 1751.Dq YES , 1752.Dq :nosticky 1753keyword can be used to override it on per interface basis. 1754.It Va gif_interfaces 1755.Pq Vt str 1756This variable is deprecated in favor of 1757.Va cloned_interfaces . 1758Set to the list of 1759.Xr gif 4 1760tunnel interfaces to configure on this host. 1761A 1762.Va gifconfig_ Ns Aq Ar interface 1763variable is assumed to exist for each value of 1764.Ar interface . 1765The value of this variable is used to configure the link layer of the 1766tunnel according to the syntax of the 1767.Cm tunnel 1768option to 1769.Xr ifconfig 8 . 1770Additionally, this option ensures that each listed interface is created 1771via the 1772.Cm create 1773option to 1774.Xr ifconfig 8 1775before attempting to configure it. 1776.It Va sppp_interfaces 1777.Pq Vt str 1778Set to the list of 1779.Xr sppp 4 1780interfaces to configure on this host. 1781A 1782.Va spppconfig_ Ns Aq Ar interface 1783variable is assumed to exist for each value of 1784.Ar interface . 1785Each interface should also be configured by a general 1786.Va ifconfig_ Ns Aq Ar interface 1787setting. 1788Refer to 1789.Xr spppcontrol 8 1790for more information about available options. 1791.It Va ppp_enable 1792.Pq Vt bool 1793If set to 1794.Dq Li YES , 1795run the 1796.Xr ppp 8 1797daemon. 1798.It Va ppp_profile 1799.Pq Vt str 1800The name of the profile to use from 1801.Pa /etc/ppp/ppp.conf . 1802Also used for per-profile overrides of 1803.Va ppp_mode 1804and 1805.Va ppp_nat , 1806and 1807.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1808When the profile name contains any of the characters 1809.Dq Li .-/+ 1810they are translated to 1811.Dq Li _ 1812for the proposes of the override variable names. 1813.It Va ppp_mode 1814.Pq Vt str 1815Mode in which to run the 1816.Xr ppp 8 1817daemon. 1818.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1819.Pq Vt str 1820Overrides the global 1821.Va ppp_mode 1822for 1823.Ar profile . 1824Accepted modes are 1825.Dq Li auto , 1826.Dq Li ddial , 1827.Dq Li direct 1828and 1829.Dq Li dedicated . 1830See the manual for a full description. 1831.It Va ppp_nat 1832.Pq Vt bool 1833If set to 1834.Dq Li YES , 1835enables network address translation. 1836Used in conjunction with 1837.Va gateway_enable 1838allows hosts on private network addresses access to the Internet using 1839this host as a network address translating router. 1840.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1841.Pq Vt str 1842Overrides the global 1843.Va ppp_nat 1844for 1845.Ar profile . 1846.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1847.Pq Vt int 1848Set the unit number to be used for this profile. 1849See the manual description of 1850.Fl unit Ns Ar N 1851for details. 1852.It Va ppp_user 1853.Pq Vt str 1854The name of the user under which 1855.Xr ppp 8 1856should be started. 1857By 1858default, 1859.Xr ppp 8 1860is started as 1861.Dq Li root . 1862.It Va rc_conf_files 1863.Pq Vt str 1864This option is used to specify a list of files that will override 1865the settings in 1866.Pa /etc/defaults/rc.conf . 1867The files will be read in the order in which they are specified and should 1868include the full path to the file. 1869By default, the files specified are 1870.Pa /etc/rc.conf 1871and 1872.Pa /etc/rc.conf.local 1873.It Va zfs_enable 1874.Pq Vt bool 1875If set to 1876.Dq Li YES , 1877.Pa /etc/rc.d/zfs 1878will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1879(ZVOLs). 1880.It Va gptboot_enable 1881.Pq Vt bool 1882If set to 1883.Dq Li YES , 1884.Pa /etc/rc.d/gptboot 1885will log if the system successfully (or not) booted from a GPT partition, 1886which had the 1887.Ar bootonce 1888attribute set using 1889.Xr gpart 8 1890utility. 1891.It Va gbde_autoattach_all 1892.Pq Vt bool 1893If set to 1894.Dq Li YES , 1895.Pa /etc/rc.d/gbde 1896will attempt to automatically initialize your .bde devices in 1897.Pa /etc/fstab . 1898.It Va gbde_devices 1899.Pq Vt str 1900List the devices that the script should try to attach, 1901or 1902.Dq Li AUTO . 1903.It Va gbde_lockdir 1904.Pq Vt str 1905The directory where the 1906.Xr gbde 4 1907lockfiles are located. 1908The default lockfile directory is 1909.Pa /etc . 1910.Pp 1911The lockfile for each individual 1912.Xr gbde 4 1913device can be overridden by setting the variable 1914.Va gbde_lock_ Ns Aq Ar device , 1915where 1916.Ar device 1917is the encrypted device without the 1918.Dq Pa /dev/ 1919and 1920.Dq Pa .bde 1921parts. 1922.It Va gbde_attach_attempts 1923.Pq Vt int 1924Number of times to attempt attaching to a 1925.Xr gbde 4 1926device, i.e., how many times the user is asked for the pass-phrase. 1927Default is 3. 1928.It Va geli_devices 1929.Pq Vt str 1930List of devices to automatically attach on boot. 1931Note that .eli devices from 1932.Pa /etc/fstab 1933are automatically appended to this list. 1934.It Va geli_tries 1935.Pq Vt int 1936Number of times user is asked for the pass-phrase. 1937If empty, it will be taken from 1938.Va kern.geom.eli.tries 1939sysctl variable. 1940.It Va geli_default_flags 1941.Pq Vt str 1942Default flags to use by 1943.Xr geli 8 1944when configuring disk encryption. 1945Flags can be configured for every device separately by defining 1946.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1947variable. 1948.It Va geli_autodetach 1949.Pq Vt str 1950Specifies if GELI devices should be marked for detach on last close after 1951file systems are mounted. 1952Default is 1953.Dq Li YES . 1954This can be changed for every device separately by defining 1955.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1956variable. 1957.It Va root_rw_mount 1958.Pq Vt bool 1959Set to 1960.Dq Li YES 1961by default. 1962After the file systems are checked at boot time, the root file system 1963is remounted as read-write if this is set to 1964.Dq Li YES . 1965Diskless systems that mount their root file system from a read-only remote 1966NFS share should set this to 1967.Dq Li NO 1968in their 1969.Pa rc.conf . 1970.It Va fsck_y_enable 1971.Pq Vt bool 1972If set to 1973.Dq Li YES , 1974.Xr fsck 8 1975will be run with the 1976.Fl y 1977flag if the initial preen 1978of the file systems fails. 1979.It Va background_fsck 1980.Pq Vt bool 1981If set to 1982.Dq Li YES , 1983the system will attempt to run 1984.Xr fsck 8 1985in the background where possible. 1986.It Va background_fsck_delay 1987.Pq Vt int 1988The amount of time in seconds to sleep before starting a background 1989.Xr fsck 8 . 1990It defaults to sixty seconds to allow large applications such as 1991the X server to start before disk I/O bandwidth is monopolized by 1992.Xr fsck 8 . 1993If set to a negative number, the background file system check will be 1994delayed indefinitely to allow the administrator to run it at a more 1995convenient time. 1996For example it may be run from 1997.Xr cron 8 1998by adding a line like 1999.Pp 2000.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2001.Pp 2002to 2003.Pa /etc/crontab . 2004.It Va netfs_types 2005.Pq Vt str 2006List of file system types that are network-based. 2007This list should generally not be modified by end users. 2008Use 2009.Va extra_netfs_types 2010instead. 2011.It Va extra_netfs_types 2012.Pq Vt str 2013If set to something other than 2014.Dq Li NO 2015(the default), 2016this variable extends the list of file system types 2017for which automatic mounting at startup by 2018.Xr rc 8 2019should be delayed until the network is initialized. 2020It should contain 2021a whitespace-separated list of network file system descriptor pairs, 2022each consisting of a file system type as passed to 2023.Xr mount 8 2024and a human-readable, one-word description, 2025joined with a colon 2026.Pq Ql \&: . 2027Extending the default list in this way is only necessary 2028when third party file system types are used. 2029.It Va syslogd_enable 2030.Pq Vt bool 2031If set to 2032.Dq Li YES , 2033run the 2034.Xr syslogd 8 2035daemon. 2036.It Va syslogd_program 2037.Pq Vt str 2038Path to 2039.Xr syslogd 8 2040(default 2041.Pa /usr/sbin/syslogd ) . 2042.It Va syslogd_flags 2043.Pq Vt str 2044If 2045.Va syslogd_enable 2046is set to 2047.Dq Li YES , 2048these are the flags to pass to 2049.Xr syslogd 8 . 2050.It Va inetd_enable 2051.Pq Vt bool 2052If set to 2053.Dq Li YES , 2054run the 2055.Xr inetd 8 2056daemon. 2057.It Va inetd_program 2058.Pq Vt str 2059Path to 2060.Xr inetd 8 2061(default 2062.Pa /usr/sbin/inetd ) . 2063.It Va inetd_flags 2064.Pq Vt str 2065If 2066.Va inetd_enable 2067is set to 2068.Dq Li YES , 2069these are the flags to pass to 2070.Xr inetd 8 . 2071.It Va hastd_enable 2072.Pq Vt bool 2073If set to 2074.Dq Li YES , 2075run the 2076.Xr hastd 8 2077daemon. 2078.It Va hastd_program 2079.Pq Vt str 2080Path to 2081.Xr hastd 8 2082(default 2083.Pa /sbin/hastd ) . 2084.It Va hastd_flags 2085.Pq Vt str 2086If 2087.Va hastd_enable 2088is set to 2089.Dq Li YES , 2090these are the flags to pass to 2091.Xr hastd 8 . 2092.It Va local_unbound_enable 2093.Pq Vt bool 2094If set to 2095.Dq Li YES , 2096run the 2097.Xr unbound 8 2098daemon as a local caching resolver. 2099.It Va kdc_enable 2100.Pq Vt bool 2101Set to 2102.Dq Li YES 2103to start a Kerberos 5 authentication server 2104at boot time. 2105.It Va kdc_program 2106.Pq Vt str 2107If 2108.Va kdc_enable 2109is set to 2110.Dq Li YES 2111this is the path to Kerberos 5 Authentication Server. 2112.It Va kdc_flags 2113.Pq Vt str 2114Empty by default. 2115This variable contains additional flags to be passed to the Kerberos 5 2116authentication server. 2117.It Va kadmind_enable 2118.Pq Vt bool 2119Set to 2120.Dq Li YES 2121to start 2122.Xr kadmind 8 , 2123the Kerberos 5 Administration Daemon; set to 2124.Dq Li NO 2125on a slave server. 2126.It Va kadmind_program 2127.Pq Vt str 2128If 2129.Va kadmind_enable 2130is set to 2131.Dq Li YES 2132this is the path to Kerberos 5 Administration Daemon. 2133.It Va kpasswdd_enable 2134.Pq Vt bool 2135Set to 2136.Dq Li YES 2137to start 2138.Xr kpasswdd 8 , 2139the Kerberos 5 Password-Changing Daemon; set to 2140.Dq Li NO 2141on a slave server. 2142.It Va kpasswdd_program 2143.Pq Vt str 2144If 2145.Va kpasswdd_enable 2146is set to 2147.Dq Li YES 2148this is the path to Kerberos 5 Password-Changing Daemon. 2149.It Va kfd_enable 2150.Pq Vt bool 2151Set to 2152.Dq Li YES 2153to start 2154.Xr kfd 8 , 2155the Kerberos 5 ticket forwarding daemon, at the boot time. 2156.It Va kfd_program 2157.Pq Vt str 2158Path to 2159.Xr kfd 8 2160(default 2161.Pa /usr/libexec/kfd ) . 2162.It Va rwhod_enable 2163.Pq Vt bool 2164If set to 2165.Dq Li YES , 2166run the 2167.Xr rwhod 8 2168daemon at boot time. 2169.It Va rwhod_flags 2170.Pq Vt str 2171If 2172.Va rwhod_enable 2173is set to 2174.Dq Li YES , 2175these are the flags to pass to it. 2176.It Va amd_enable 2177.Pq Vt bool 2178If set to 2179.Dq Li YES , 2180run the 2181.Xr amd 8 2182daemon at boot time. 2183.It Va amd_flags 2184.Pq Vt str 2185If 2186.Va amd_enable 2187is set to 2188.Dq Li YES , 2189these are the flags to pass to it. 2190See the 2191.Xr amd 8 2192manpage for more information. 2193.It Va amd_map_program 2194.Pq Vt str 2195If set, 2196the specified program is run to get the list of 2197.Xr amd 8 2198maps. 2199For example, if the 2200.Xr amd 8 2201maps are stored in NIS, one can set this to 2202run 2203.Xr ypcat 1 2204to get a list of 2205.Xr amd 8 2206maps from the 2207.Pa amd.master 2208NIS map. 2209.It Va update_motd 2210.Pq Vt bool 2211If set to 2212.Dq Li YES , 2213.Pa /etc/motd 2214will be updated at boot time to reflect the kernel release 2215being run. 2216If set to 2217.Dq Li NO , 2218.Pa /etc/motd 2219will not be updated. 2220.It Va nfs_client_enable 2221.Pq Vt bool 2222If set to 2223.Dq Li YES , 2224run the NFS client daemons at boot time. 2225.It Va nfs_access_cache 2226.Pq Vt int 2227If 2228.Va nfs_client_enable 2229is set to 2230.Dq Li YES , 2231this can be set to 2232.Dq Li 0 2233to disable NFS ACCESS RPC caching, or to the number of seconds for which 2234NFS ACCESS 2235results should be cached. 2236A value of 2-10 seconds will substantially reduce network 2237traffic for many NFS operations. 2238.It Va nfs_server_enable 2239.Pq Vt bool 2240If set to 2241.Dq Li YES , 2242run the NFS server daemons at boot time. 2243.It Va nfs_server_flags 2244.Pq Vt str 2245If 2246.Va nfs_server_enable 2247is set to 2248.Dq Li YES , 2249these are the flags to pass to the 2250.Xr nfsd 8 2251daemon. 2252.It Va nfsv4_server_enable 2253.Pq Vt bool 2254If 2255.Va nfs_server_enable 2256is set to 2257.Dq Li YES 2258and 2259.Va nfsv4_server_enable 2260are set to 2261.Dq Li YES , 2262enable the server for NFSv4 as well as NFSv2 and NFSv3. 2263.It Va nfsuserd_enable 2264.Pq Vt bool 2265If 2266.Va nfsuserd_enable 2267is set to 2268.Dq Li YES , 2269run the nfsuserd daemon, which is needed for NFSv4 in order 2270to map between user/group names vs uid/gid numbers. 2271If 2272.Va nfsv4_server_enable 2273is set to 2274.Dq Li YES , 2275this will be forced enabled. 2276.It Va nfsuserd_flags 2277.Pq Vt str 2278If 2279.Va nfsuserd_enable 2280is set to 2281.Dq Li YES , 2282these are the flags to pass to the 2283.Xr nfsuserd 8 2284daemon. 2285.It Va nfscbd_enable 2286.Pq Vt bool 2287If 2288.Va nfscbd_enable 2289is set to 2290.Dq Li YES , 2291run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2292.It Va nfscbd_flags 2293.Pq Vt str 2294If 2295.Va nfscbd_enable 2296is set to 2297.Dq Li YES , 2298these are the flags to pass to the 2299.Xr nfscbd 8 2300daemon. 2301.It Va mountd_enable 2302.Pq Vt bool 2303If set to 2304.Dq Li YES , 2305and no 2306.Va nfs_server_enable 2307is set, start 2308.Xr mountd 8 , 2309but not 2310.Xr nfsd 8 2311daemon. 2312It is commonly needed to run CFS without real NFS used. 2313.It Va mountd_flags 2314.Pq Vt str 2315If 2316.Va mountd_enable 2317is set to 2318.Dq Li YES , 2319these are the flags to pass to the 2320.Xr mountd 8 2321daemon. 2322.It Va weak_mountd_authentication 2323.Pq Vt bool 2324If set to 2325.Dq Li YES , 2326allow services like PCNFSD to make non-privileged mount 2327requests. 2328.It Va nfs_reserved_port_only 2329.Pq Vt bool 2330If set to 2331.Dq Li YES , 2332provide NFS services only on a secure port. 2333.It Va nfs_bufpackets 2334.Pq Vt int 2335If set to a number, indicates the number of packets worth of 2336socket buffer space to reserve on an NFS client. 2337The kernel default is typically 4. 2338Using a higher number may be 2339useful on gigabit networks to improve performance. 2340The minimum value is 23412 and the maximum is 64. 2342.It Va rpc_lockd_enable 2343.Pq Vt bool 2344If set to 2345.Dq Li YES 2346and also an NFS server or client, run 2347.Xr rpc.lockd 8 2348at boot time. 2349.It Va rpc_lockd_flags 2350.Pq Vt str 2351If 2352.Va rpc_lockd_enable 2353is set to 2354.Dq Li YES , 2355these are the flags to pass to the 2356.Xr rpc.lockd 8 2357daemon. 2358.It Va rpc_statd_enable 2359.Pq Vt bool 2360If set to 2361.Dq Li YES 2362and also an NFS server or client, run 2363.Xr rpc.statd 8 2364at boot time. 2365.It Va rpc_statd_flags 2366.Pq Vt str 2367If 2368.Va rpc_statd_enable 2369is set to 2370.Dq Li YES , 2371these are the flags to pass to the 2372.Xr rpc.statd 8 2373daemon. 2374.It Va rpcbind_program 2375.Pq Vt str 2376Path to 2377.Xr rpcbind 8 2378(default 2379.Pa /usr/sbin/rpcbind ) . 2380.It Va rpcbind_enable 2381.Pq Vt bool 2382If set to 2383.Dq Li YES , 2384run the 2385.Xr rpcbind 8 2386service at boot time. 2387.It Va rpcbind_flags 2388.Pq Vt str 2389If 2390.Va rpcbind_enable 2391is set to 2392.Dq Li YES , 2393these are the flags to pass to the 2394.Xr rpcbind 8 2395daemon. 2396.It Va keyserv_enable 2397.Pq Vt bool 2398If set to 2399.Dq Li YES , 2400run the 2401.Xr keyserv 8 2402daemon on boot for running Secure RPC. 2403.It Va keyserv_flags 2404.Pq Vt str 2405If 2406.Va keyserv_enable 2407is set to 2408.Dq Li YES , 2409these are the flags to pass to 2410.Xr keyserv 8 2411daemon. 2412.It Va pppoed_enable 2413.Pq Vt bool 2414If set to 2415.Dq Li YES , 2416run the 2417.Xr pppoed 8 2418daemon at boot time to provide PPP over Ethernet services. 2419.It Va pppoed_ Ns Aq Ar provider 2420.Pq Vt str 2421.Xr pppoed 8 2422listens to requests to this 2423.Ar provider 2424and ultimately runs 2425.Xr ppp 8 2426with a 2427.Ar system 2428argument of the same name. 2429.It Va pppoed_flags 2430.Pq Vt str 2431Additional flags to pass to 2432.Xr pppoed 8 . 2433.It Va pppoed_interface 2434.Pq Vt str 2435The network interface to run 2436.Xr pppoed 8 2437on. 2438This is mandatory when 2439.Va pppoed_enable 2440is set to 2441.Dq Li YES . 2442.It Va timed_enable 2443.Pq Vt bool 2444If set to 2445.Dq Li YES , 2446run the 2447.Xr timed 8 2448service at boot time. 2449This command is intended for networks of 2450machines where a consistent 2451.Dq "network time" 2452for all hosts must be established. 2453This is often useful in large NFS 2454environments where time stamps on files are expected to be consistent 2455network-wide. 2456.It Va timed_flags 2457.Pq Vt str 2458If 2459.Va timed_enable 2460is set to 2461.Dq Li YES , 2462these are the flags to pass to the 2463.Xr timed 8 2464service. 2465.It Va ntpdate_enable 2466.Pq Vt bool 2467If set to 2468.Dq Li YES , 2469run 2470.Xr ntpdate 8 2471at system startup. 2472This command is intended to 2473synchronize the system clock only 2474.Em once 2475from some standard reference. 2476.It Va ntpdate_config 2477.Pq Vt str 2478Configuration file for 2479.Xr ntpdate 8 . 2480Default 2481.Pa /etc/ntp.conf . 2482.It Va ntpdate_hosts 2483.Pq Vt str 2484A whitespace-separated list of NTP servers to synchronize with at startup. 2485The default is to use the servers listed in 2486.Va ntpdate_config , 2487if that file exists. 2488.It Va ntpdate_program 2489.Pq Vt str 2490Path to 2491.Xr ntpdate 8 2492(default 2493.Pa /usr/sbin/ntpdate ) . 2494.It Va ntpdate_flags 2495.Pq Vt str 2496If 2497.Va ntpdate_enable 2498is set to 2499.Dq Li YES , 2500these are the flags to pass to the 2501.Xr ntpdate 8 2502command (typically a hostname). 2503.It Va ntpd_enable 2504.Pq Vt bool 2505If set to 2506.Dq Li YES , 2507run the 2508.Xr ntpd 8 2509command at boot time. 2510.It Va ntpd_program 2511.Pq Vt str 2512Path to 2513.Xr ntpd 8 2514(default 2515.Pa /usr/sbin/ntpd ) . 2516.It Va ntpd_config 2517.Pq Vt str 2518Path to 2519.Xr ntpd 8 2520configuration file. 2521Default 2522.Pa /etc/ntp.conf . 2523.It Va ntpd_flags 2524.Pq Vt str 2525If 2526.Va ntpd_enable 2527is set to 2528.Dq Li YES , 2529these are the flags to pass to the 2530.Xr ntpd 8 2531daemon. 2532.It Va ntpd_sync_on_start 2533.Pq Vt bool 2534If set to 2535.Dq Li YES , 2536.Xr ntpd 8 2537is run with the 2538.Fl g 2539flag, which syncs the system's clock on startup. 2540See 2541.Xr ntpd 8 2542for more information regarding the 2543.Fl g 2544option. 2545This is a preferred alternative to using 2546.Xr ntpdate 8 2547or specifying the 2548.Va ntpdate_enable 2549variable. 2550.It Va nis_client_enable 2551.Pq Vt bool 2552If set to 2553.Dq Li YES , 2554run the 2555.Xr ypbind 8 2556service at system boot time. 2557.It Va nis_client_flags 2558.Pq Vt str 2559If 2560.Va nis_client_enable 2561is set to 2562.Dq Li YES , 2563these are the flags to pass to the 2564.Xr ypbind 8 2565service. 2566.It Va nis_ypldap_enable 2567.Pq Vt bool 2568If set to 2569.Dq Li YES , 2570run the 2571.Xr ypldap 8 2572daemon at system boot time. 2573.It Va nis_ypldap_flags 2574.Pq Vt str 2575If 2576.Va nis.ypldap_enable 2577is set to 2578.Dq Li YES , 2579these are the flags to pass to the 2580.Xr ypldap 8 2581daemon. 2582.It Va nis_ypset_enable 2583.Pq Vt bool 2584If set to 2585.Dq Li YES , 2586run the 2587.Xr ypset 8 2588daemon at system boot time. 2589.It Va nis_ypset_flags 2590.Pq Vt str 2591If 2592.Va nis_ypset_enable 2593is set to 2594.Dq Li YES , 2595these are the flags to pass to the 2596.Xr ypset 8 2597daemon. 2598.It Va nis_server_enable 2599.Pq Vt bool 2600If set to 2601.Dq Li YES , 2602run the 2603.Xr ypserv 8 2604daemon at system boot time. 2605.It Va nis_server_flags 2606.Pq Vt str 2607If 2608.Va nis_server_enable 2609is set to 2610.Dq Li YES , 2611these are the flags to pass to the 2612.Xr ypserv 8 2613daemon. 2614.It Va nis_ypxfrd_enable 2615.Pq Vt bool 2616If set to 2617.Dq Li YES , 2618run the 2619.Xr rpc.ypxfrd 8 2620daemon at system boot time. 2621.It Va nis_ypxfrd_flags 2622.Pq Vt str 2623If 2624.Va nis_ypxfrd_enable 2625is set to 2626.Dq Li YES , 2627these are the flags to pass to the 2628.Xr rpc.ypxfrd 8 2629daemon. 2630.It Va nis_yppasswdd_enable 2631.Pq Vt bool 2632If set to 2633.Dq Li YES , 2634run the 2635.Xr rpc.yppasswdd 8 2636daemon at system boot time. 2637.It Va nis_yppasswdd_flags 2638.Pq Vt str 2639If 2640.Va nis_yppasswdd_enable 2641is set to 2642.Dq Li YES , 2643these are the flags to pass to the 2644.Xr rpc.yppasswdd 8 2645daemon. 2646.It Va rpc_ypupdated_enable 2647.Pq Vt bool 2648If set to 2649.Dq Li YES , 2650run the 2651.Nm rpc.ypupdated 2652daemon at system boot time. 2653.It Va bsnmpd_enable 2654.Pq Vt bool 2655If set to 2656.Dq Li YES , 2657run the 2658.Xr bsnmpd 1 2659daemon at system boot time. 2660Be sure to understand the security implications of running SNMP daemon 2661on your host. 2662.It Va bsnmpd_flags 2663.Pq Vt str 2664If 2665.Va bsnmpd_enable 2666is set to 2667.Dq Li YES , 2668these are the flags to pass to the 2669.Xr bsnmpd 1 2670daemon. 2671.It Va defaultrouter 2672.Pq Vt str 2673If not set to 2674.Dq Li NO , 2675create a default route to this host name or IP address 2676(use an IP address if this router is also required to get to the 2677name server!). 2678.It Va ipv6_defaultrouter 2679.Pq Vt str 2680The IPv6 equivalent of 2681.Va defaultrouter . 2682.It Va static_arp_pairs 2683.Pq Vt str 2684Set to the list of static ARP pairs that are to be added at system 2685boot time. 2686For each whitespace separated 2687.Ar element 2688in the value, a 2689.Va static_arp_ Ns Aq Ar element 2690variable is assumed to exist whose contents will later be passed to a 2691.Dq Nm arp Cm -S 2692operation. 2693For example 2694.Bd -literal 2695static_arp_pairs="gw" 2696static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2697.Ed 2698.It Va static_ndp_pairs 2699.Pq Vt str 2700Set to the list of static NDP pairs that are to be added at system 2701boot time. 2702For each whitespace separated 2703.Ar element 2704in the value, a 2705.Va static_ndp_ Ns Aq Ar element 2706variable is assumed to exist whose contents will later be passed to a 2707.Dq Nm ndp Cm -s 2708operation. 2709For example 2710.Bd -literal 2711static_ndp_pairs="gw" 2712static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2713.Ed 2714.It Va static_routes 2715.Pq Vt str 2716Set to the list of static routes that are to be added at system 2717boot time. 2718If not set to 2719.Dq Li NO 2720then for each whitespace separated 2721.Ar element 2722in the value, a 2723.Va route_ Ns Aq Ar element 2724variable is assumed to exist 2725whose contents will later be passed to a 2726.Dq Nm route Cm add 2727operation. 2728For example: 2729.Bd -literal 2730static_routes="ext mcast:gif0 gif0local:gif0" 2731route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2732route_mcast="-net 224.0.0.0/4 -iface gif0" 2733route_gif0local="-host 169.254.1.1 -iface lo0" 2734.Ed 2735.Pp 2736When an 2737.Ar element 2738is in the form of 2739.Li name:ifname , 2740the route is specific to the interface 2741.Li ifname . 2742.It Va ipv6_static_routes 2743.Pq Vt str 2744The IPv6 equivalent of 2745.Va static_routes . 2746If not set to 2747.Dq Li NO 2748then for each whitespace separated 2749.Ar element 2750in the value, a 2751.Va ipv6_route_ Ns Aq Ar element 2752variable is assumed to exist 2753whose contents will later be passed to a 2754.Dq Nm route Cm add Fl inet6 2755operation. 2756.It Va gateway_enable 2757.Pq Vt bool 2758If set to 2759.Dq Li YES , 2760configure host to act as an IP router, e.g.\& to forward packets 2761between interfaces. 2762.It Va ipv6_gateway_enable 2763.Pq Vt bool 2764The IPv6 equivalent of 2765.Va gateway_enable . 2766.It Va routed_enable 2767.Pq Vt bool 2768If set to 2769.Dq Li YES , 2770run a routing daemon of some sort, based on the 2771settings of 2772.Va routed_program 2773and 2774.Va routed_flags . 2775.It Va route6d_enable 2776.Pq Vt bool 2777The IPv6 equivalent of 2778.Va routed_enable . 2779If set to 2780.Dq Li YES , 2781run a routing daemon of some sort, based on the 2782settings of 2783.Va route6d_program 2784and 2785.Va route6d_flags . 2786.It Va routed_program 2787.Pq Vt str 2788If 2789.Va routed_enable 2790is set to 2791.Dq Li YES , 2792this is the name of the routing daemon to use. 2793.It Va route6d_program 2794.Pq Vt str 2795The IPv6 equivalent of 2796.Va routed_program . 2797.It Va routed_flags 2798.Pq Vt str 2799If 2800.Va routed_enable 2801is set to 2802.Dq Li YES , 2803these are the flags to pass to the routing daemon. 2804.It Va route6d_flags 2805.Pq Vt str 2806The IPv6 equivalent of 2807.Va routed_flags . 2808.It Va rtadvd_enable 2809.Pq Vt bool 2810If set to 2811.Dq Li YES , 2812run the 2813.Xr rtadvd 8 2814daemon at boot time. 2815The 2816.Xr rtadvd 8 2817utility sends ICMPv6 Router Advertisement messages to 2818the interfaces specified in 2819.Va rtadvd_interfaces . 2820This should only be enabled with great care. 2821You may want to fine-tune 2822.Xr rtadvd.conf 5 . 2823.It Va rtadvd_interfaces 2824.Pq Vt str 2825If 2826.Va rtadvd_enable 2827is set to 2828.Dq Li YES 2829this is the list of interfaces to use. 2830.It Va arpproxy_all 2831.Pq Vt bool 2832If set to 2833.Dq Li YES , 2834enable global proxy ARP. 2835.It Va forward_sourceroute 2836.Pq Vt bool 2837If set to 2838.Dq Li YES 2839and 2840.Va gateway_enable 2841is also set to 2842.Dq Li YES , 2843source-routed packets are forwarded. 2844.It Va accept_sourceroute 2845.Pq Vt bool 2846If set to 2847.Dq Li YES , 2848the system will accept source-routed packets directed at it. 2849.It Va rarpd_enable 2850.Pq Vt bool 2851If set to 2852.Dq Li YES , 2853run the 2854.Xr rarpd 8 2855daemon at system boot time. 2856.It Va rarpd_flags 2857.Pq Vt str 2858If 2859.Va rarpd_enable 2860is set to 2861.Dq Li YES , 2862these are the flags to pass to the 2863.Xr rarpd 8 2864daemon. 2865.It Va bootparamd_enable 2866.Pq Vt bool 2867If set to 2868.Dq Li YES , 2869run the 2870.Xr bootparamd 8 2871daemon at system boot time. 2872.It Va bootparamd_flags 2873.Pq Vt str 2874If 2875.Va bootparamd_enable 2876is set to 2877.Dq Li YES , 2878these are the flags to pass to the 2879.Xr bootparamd 8 2880daemon. 2881.It Va stf_interface_ipv4addr 2882.Pq Vt str 2883If not set to 2884.Dq Li NO , 2885this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2886interface). 2887Specify this entry to enable the 6to4 interface. 2888.It Va stf_interface_ipv4plen 2889.Pq Vt int 2890Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2891An effective value is 0-31. 2892.It Va stf_interface_ipv6_ifid 2893.Pq Vt str 2894IPv6 interface ID for 2895.Xr stf 4 . 2896This can be set to 2897.Dq Li AUTO . 2898.It Va stf_interface_ipv6_slaid 2899.Pq Vt str 2900IPv6 Site Level Aggregator for 2901.Xr stf 4 . 2902.It Va ipv6_ipv4mapping 2903.Pq Vt bool 2904If set to 2905.Dq Li YES 2906this enables IPv4 mapped IPv6 address communication (like 2907.Li ::ffff:a.b.c.d ) . 2908.It Va rtsold_enable 2909.Pq Vt bool 2910Set to 2911.Dq Li YES 2912to enable the 2913.Xr rtsold 8 2914daemon to send ICMPv6 Router Solicitation messages. 2915.It Va rtsold_flags 2916.Pq Vt str 2917If 2918.Va rtsold_enable 2919is set to 2920.Dq Li YES , 2921these are the flags to pass to 2922.Xr rtsold 8 . 2923.It Va rtsol_flags 2924.Pq Vt str 2925For interfaces configured with the 2926.Dq Li inet6 accept_rtadv 2927keyword, these are the flags to pass to 2928.Xr rtsol 8 . 2929.Pp 2930Note that 2931.Va rtsold_enable 2932is mutually exclusive to 2933.Va rtsol_flags ; 2934.Va rtsold_enable 2935takes precedence. 2936.It Va keybell 2937.Pq Vt str 2938The keyboard bell sound. 2939Set to 2940.Dq Li normal , 2941.Dq Li visual , 2942.Dq Li off , 2943or 2944.Dq Li NO 2945if the default behavior is desired. 2946For details, refer to the 2947.Xr kbdcontrol 1 2948manpage. 2949.It Va keyboard 2950.Pq Vt str 2951If set to a non-null string, the virtual console's keyboard input is 2952set to this device. 2953.It Va keymap 2954.Pq Vt str 2955If set to 2956.Dq Li NO , 2957no keymap is installed, otherwise the value is used to install 2958the keymap file found in 2959.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 2960(if using 2961.Xr syscons 4 ) or 2962.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 2963(if using 2964.Xr vt 4 ) . 2965.It Va keyrate 2966.Pq Vt str 2967The keyboard repeat speed. 2968Set to 2969.Dq Li slow , 2970.Dq Li normal , 2971.Dq Li fast , 2972or 2973.Dq Li NO 2974if the default behavior is desired. 2975.It Va keychange 2976.Pq Vt str 2977If not set to 2978.Dq Li NO , 2979attempt to program the function keys with the value. 2980The value should 2981be a single string of the form: 2982.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 2983.It Va cursor 2984.Pq Vt str 2985Can be set to the value of 2986.Dq Li normal , 2987.Dq Li blink , 2988.Dq Li destructive , 2989or 2990.Dq Li NO 2991to set the cursor behavior explicitly or choose the default behavior. 2992.It Va scrnmap 2993.Pq Vt str 2994If set to 2995.Dq Li NO , 2996no screen map is installed, otherwise the value is used to install 2997the screen map file in 2998.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 2999This parameter is ignored when using 3000.Xr vt 4 3001as the console driver. 3002.It Va font8x16 3003.Pq Vt str 3004If set to 3005.Dq Li NO , 3006the default 8x16 font value is used for screen size requests, otherwise 3007the value in 3008.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3009or 3010.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3011is used (depending on the console driver being used). 3012.It Va font8x14 3013.Pq Vt str 3014If set to 3015.Dq Li NO , 3016the default 8x14 font value is used for screen size requests, otherwise 3017the value in 3018.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3019or 3020.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3021is used (depending on the console driver being used). 3022.It Va font8x8 3023.Pq Vt str 3024If set to 3025.Dq Li NO , 3026the default 8x8 font value is used for screen size requests, otherwise 3027the value in 3028.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3029or 3030.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3031is used (depending on the console driver being used). 3032.It Va blanktime 3033.Pq Vt int 3034If set to 3035.Dq Li NO , 3036the default screen blanking interval is used, otherwise it is set 3037to 3038.Ar value 3039seconds. 3040.It Va saver 3041.Pq Vt str 3042If not set to 3043.Dq Li NO , 3044this is the actual screen saver to use 3045.Li ( blank , snake , daemon , 3046etc). 3047.It Va moused_nondefault_enable 3048.Pq Vt str 3049If set to 3050.Dq Li NO , 3051the mouse device specified on 3052the command line is not automatically treated as enabled by the 3053.Pa /etc/rc.d/moused 3054script. 3055Having this variable set to 3056.Dq Li YES 3057allows a 3058.Xr usb 4 3059mouse, 3060for example, 3061to be enabled as soon as it is plugged in. 3062.It Va moused_enable 3063.Pq Vt str 3064If set to 3065.Dq Li YES , 3066the 3067.Xr moused 8 3068daemon is started for doing cut/paste selection on the console. 3069.It Va moused_type 3070.Pq Vt str 3071This is the protocol type of the mouse connected to this host. 3072This variable must be set if 3073.Va moused_enable 3074is set to 3075.Dq Li YES . 3076The 3077.Xr moused 8 3078daemon 3079is able to detect the appropriate mouse type automatically in many cases. 3080Set this variable to 3081.Dq Li auto 3082to let the daemon detect it, or 3083select one from the following list if the automatic detection fails. 3084.Pp 3085If the mouse is attached to the PS/2 mouse port, choose 3086.Dq Li auto 3087or 3088.Dq Li ps/2 , 3089regardless of the brand and model of the mouse. 3090Likewise, if the 3091mouse is attached to the bus mouse port, choose 3092.Dq Li auto 3093or 3094.Dq Li busmouse . 3095All other protocols are for serial mice and will not work with 3096the PS/2 and bus mice. 3097If this is a USB mouse, 3098.Dq Li auto 3099is the only protocol type which will work. 3100.Pp 3101.Bl -tag -width ".Li x10mouseremote" -compact 3102.It Li microsoft 3103Microsoft mouse (serial) 3104.It Li intellimouse 3105Microsoft IntelliMouse (serial) 3106.It Li mousesystems 3107Mouse systems Corp.\& mouse (serial) 3108.It Li mmseries 3109MM Series mouse (serial) 3110.It Li logitech 3111Logitech mouse (serial) 3112.It Li busmouse 3113A bus mouse 3114.It Li mouseman 3115Logitech MouseMan and TrackMan (serial) 3116.It Li glidepoint 3117ALPS GlidePoint (serial) 3118.It Li thinkingmouse 3119Kensington ThinkingMouse (serial) 3120.It Li ps/2 3121PS/2 mouse 3122.It Li mmhittab 3123MM HitTablet (serial) 3124.It Li x10mouseremote 3125X10 MouseRemote (serial) 3126.It Li versapad 3127Interlink VersaPad (serial) 3128.El 3129.Pp 3130Even if the mouse is not in the above list, it may be compatible 3131with one in the list. 3132Refer to the manual page for 3133.Xr moused 8 3134for compatibility information. 3135.Pp 3136It should also be noted that while this is enabled, any 3137other client of the mouse (such as an X server) should access 3138the mouse through the virtual mouse device, 3139.Pa /dev/sysmouse , 3140and configure it as a 3141.Dq Li sysmouse 3142type mouse, since all 3143mouse data is converted to this single canonical format when 3144using 3145.Xr moused 8 . 3146If the client program does not support the 3147.Dq Li sysmouse 3148type, 3149specify the 3150.Dq Li mousesystems 3151type. 3152It is the second preferred type. 3153.It Va moused_port 3154.Pq Vt str 3155If 3156.Va moused_enable 3157is set to 3158.Dq Li YES , 3159this is the actual port the mouse is on. 3160It might be 3161.Pa /dev/cuau0 3162for a COM1 serial mouse, 3163.Pa /dev/psm0 3164for a PS/2 mouse or 3165.Pa /dev/mse0 3166for a bus mouse, for example. 3167.It Va moused_flags 3168.Pq Vt str 3169If 3170.Va moused_flags 3171is set, its value is used as an additional set of flags to pass to the 3172.Xr moused 8 3173daemon. 3174.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3175When 3176.Va moused_nondefault_enable 3177is enabled, and a 3178.Xr moused 8 3179daemon is started for a non-default port, the 3180.Va "moused_" Ns Ar XXX Ns Va "_flags" 3181set of options has precedence over and replaces the default 3182.Va moused_flags 3183(where 3184.Ar XXX 3185is the name of the non-default port, i.e.,\& 3186.Ar ums0 ) . 3187By setting 3188.Va "moused_" Ns Ar XXX Ns Va "_flags" 3189it is possible to set up a different set of default flags for each 3190.Xr moused 8 3191instance. 3192For example, you can use 3193.Dq Li "-3" 3194for the default 3195.Va moused_flags 3196to make your laptop's touchpad more comfortable to use, 3197but an empty set of options for 3198.Va moused_ums0_flags 3199when your 3200.Xr usb 4 3201mouse has three or more buttons. 3202.It Va mousechar_start 3203.Pq Vt int 3204If set to 3205.Dq Li NO , 3206the default mouse cursor character range 3207.Li 0xd0 Ns - Ns Li 0xd3 3208is used, 3209otherwise the range start is set 3210to 3211.Ar value 3212character, see 3213.Xr vidcontrol 1 . 3214Use if the default range is occupied in the language code table. 3215.It Va allscreens_flags 3216.Pq Vt str 3217If set, 3218.Xr vidcontrol 1 3219is run with these options for each of the virtual terminals 3220.Pq Pa /dev/ttyv* . 3221For example, 3222.Dq Fl m Cm on 3223will enable the mouse pointer on all virtual terminals 3224if 3225.Va moused_enable 3226is set to 3227.Dq Li YES . 3228.It Va allscreens_kbdflags 3229.Pq Vt str 3230If set, 3231.Xr kbdcontrol 1 3232is run with these options for each of the virtual terminals 3233.Pq Pa /dev/ttyv* . 3234For example, 3235.Dq Fl h Li 200 3236will set the 3237.Xr syscons 4 3238or 3239.Xr vt 4 3240scrollback (history) buffer to 200 lines. 3241.It Va cron_enable 3242.Pq Vt bool 3243If set to 3244.Dq Li YES , 3245run the 3246.Xr cron 8 3247daemon at system boot time. 3248.It Va cron_program 3249.Pq Vt str 3250Path to 3251.Xr cron 8 3252(default 3253.Pa /usr/sbin/cron ) . 3254.It Va cron_flags 3255.Pq Vt str 3256If 3257.Va cron_enable 3258is set to 3259.Dq Li YES , 3260these are the flags to pass to 3261.Xr cron 8 . 3262.It Va cron_dst 3263.Pq Vt bool 3264If set to 3265.Dq Li YES , 3266enable the special handling of transitions to and from the 3267Daylight Saving Time in 3268.Xr cron 8 3269(equivalent to using the flag 3270.Fl s ) . 3271.It Va lpd_program 3272.Pq Vt str 3273Path to 3274.Xr lpd 8 3275(default 3276.Pa /usr/sbin/lpd ) . 3277.It Va lpd_enable 3278.Pq Vt bool 3279If set to 3280.Dq Li YES , 3281run the 3282.Xr lpd 8 3283daemon at system boot time. 3284.It Va lpd_flags 3285.Pq Vt str 3286If 3287.Va lpd_enable 3288is set to 3289.Dq Li YES , 3290these are the flags to pass to the 3291.Xr lpd 8 3292daemon. 3293.It Va chkprintcap_enable 3294.Pq Vt bool 3295If set to 3296.Dq Li YES , 3297run the 3298.Xr chkprintcap 8 3299command before starting the 3300.Xr lpd 8 3301daemon. 3302.It Va chkprintcap_flags 3303.Pq Vt str 3304If 3305.Va lpd_enable 3306and 3307.Va chkprintcap_enable 3308are set to 3309.Dq Li YES , 3310these are the flags to pass to the 3311.Xr chkprintcap 8 3312program. 3313The default is 3314.Dq Li -d , 3315which causes missing directories to be created. 3316.It Va mta_start_script 3317.Pq Vt str 3318This variable specifies the full path to the script to run to start 3319a mail transfer agent. 3320The default is 3321.Pa /etc/rc.sendmail . 3322The 3323.Va sendmail_* 3324variables which 3325.Pa /etc/rc.sendmail 3326uses are documented in the 3327.Xr rc.sendmail 8 3328manual page. 3329.It Va dumpdev 3330.Pq Vt str 3331Indicates the device (usually a swap partition) to which a crash dump 3332should be written in the event of a system crash. 3333If the value of this variable is 3334.Dq Li AUTO , 3335the first suitable swap device listed in 3336.Pa /etc/fstab 3337will be used as dump device. 3338Otherwise, the value of this variable is passed as the argument to 3339.Xr dumpon 8 . 3340To disable crash dumps, set this variable to 3341.Dq Li NO . 3342.It Va dumpdir 3343.Pq Vt str 3344When the system reboots after a crash and a crash dump is found on the 3345device specified by the 3346.Va dumpdev 3347variable, 3348.Xr savecore 8 3349will save that crash dump and a copy of the kernel to the directory 3350specified by the 3351.Va dumpdir 3352variable. 3353The default value is 3354.Pa /var/crash . 3355Set to 3356.Dq Li NO 3357to not run 3358.Xr savecore 8 3359at boot time when 3360.Va dumpdir 3361is set. 3362.It Va dumppubkey 3363.Pq Vt str 3364Path to a public key. 3365It is used by 3366.Xr dumpon 8 3367to encrypt a one-time key for a crash dump. 3368The public key has to match a private key used by 3369.Xr decryptcore 8 3370to decrypt a crash dump after reboot. 3371See 3372.Xr dumpon 8 3373for more details. 3374.It Va savecore_enable 3375.Pq Vt bool 3376If set to 3377.Dq Li NO , 3378disable automatic extraction of the crash dump from the 3379.Va dumpdev . 3380.It Va savecore_flags 3381.Pq Vt str 3382If crash dumps are enabled, these are the flags to pass to the 3383.Xr savecore 8 3384utility. 3385.It Va quota_enable 3386.Pq Vt bool 3387Set to 3388.Dq Li YES 3389to turn on user and group disk quotas on system startup via the 3390.Xr quotaon 8 3391command for all file systems marked as having quotas enabled in 3392.Pa /etc/fstab . 3393The kernel must be built with 3394.Cd "options QUOTA" 3395for disk quotas to function. 3396.It Va check_quotas 3397.Pq Vt bool 3398Set to 3399.Dq Li YES 3400to enable user and group disk quota checking via the 3401.Xr quotacheck 8 3402command. 3403.It Va quotacheck_flags 3404.Pq Vt str 3405If 3406.Va quota_enable 3407is set to 3408.Dq Li YES , 3409and 3410.Va check_quotas 3411is set to 3412.Dq Li YES , 3413these are the flags to pass to the 3414.Xr quotacheck 8 3415utility. 3416The default is 3417.Dq Li "-a" , 3418which checks quotas for all file systems with quotas enabled in 3419.Pa /etc/fstab . 3420.It Va quotaon_flags 3421.Pq Vt str 3422If 3423.Va quota_enable 3424is set to 3425.Dq Li YES , 3426these are the flags to pass to the 3427.Xr quotaon 8 3428utility. 3429The default is 3430.Dq Li "-a" , 3431which enables quotas for all file systems with quotas enabled in 3432.Pa /etc/fstab . 3433.It Va quotaoff_flags 3434.Pq Vt str 3435If 3436.Va quota_enable 3437is set to 3438.Dq Li YES , 3439these are the flags to pass to the 3440.Xr quotaoff 8 3441utility when shutting down the quota system. 3442The default is 3443.Dq Li "-a" , 3444which disables quotas for all file systems with quotas enabled in 3445.Pa /etc/fstab . 3446.It Va accounting_enable 3447.Pq Vt bool 3448Set to 3449.Dq Li YES 3450to enable system accounting through the 3451.Xr accton 8 3452facility. 3453.It Va ibcs2_enable 3454.Pq Vt bool 3455Set to 3456.Dq Li YES 3457to enable iBCS2 (SCO) binary emulation at system initial boot 3458time. 3459.It Va ibcs2_loaders 3460.Pq Vt str 3461If not set to 3462.Dq Li NO 3463and if 3464.Va ibcs2_enable 3465is set to 3466.Dq Li YES , 3467this specifies a list of additional iBCS2 loaders to enable. 3468.It Va firstboot_sentinel 3469.Pq Vt str 3470This variable specifies the full path to a 3471.Dq first boot 3472sentinel file. 3473If a file exists with this path, 3474.Pa rc.d 3475scripts with the 3476.Dq firstboot 3477keyword will be run on startup and the sentinel file will be deleted 3478after the boot process completes. 3479The sentinel file must be located on a writable file system which is 3480mounted no later than 3481.Va early_late_divider 3482to function properly. 3483The default is 3484.Pa /firstboot . 3485.It Va linux_enable 3486.Pq Vt bool 3487Set to 3488.Dq Li YES 3489to enable Linux/ELF binary emulation at system initial 3490boot time. 3491.It Va sysvipc_enable 3492.Pq Vt bool 3493If set to 3494.Dq Li YES , 3495load System V IPC primitives at boot time. 3496.It Va clear_tmp_enable 3497.Pq Vt bool 3498Set to 3499.Dq Li YES 3500to have 3501.Pa /tmp 3502cleaned at startup. 3503.It Va clear_tmp_X 3504.Pq Vt bool 3505Set to 3506.Dq Li NO 3507to disable removing of X11 lock files, 3508and the removal and (secure) recreation 3509of the various socket directories for X11 3510related programs. 3511.It Va ldconfig_paths 3512.Pq Vt str 3513Set to the list of shared library paths to use with 3514.Xr ldconfig 8 . 3515NOTE: 3516.Pa /usr/lib 3517will always be added first, so it need not appear in this list. 3518.It Va ldconfig32_paths 3519.Pq Vt str 3520Set to the list of 32-bit compatibility shared library paths to 3521use with 3522.Xr ldconfig 8 . 3523.It Va ldconfig_paths_aout 3524.Pq Vt str 3525Set to the list of shared library paths to use with 3526.Xr ldconfig 8 3527legacy 3528.Xr a.out 5 3529support. 3530.It Va ldconfig_insecure 3531.Pq Vt bool 3532The 3533.Xr ldconfig 8 3534utility normally refuses to use directories 3535which are writable by anyone except root. 3536Set this variable to 3537.Dq Li YES 3538to disable that security check during system startup. 3539.It Va ldconfig_local_dirs 3540.Pq Vt str 3541Set to the list of local 3542.Xr ldconfig 8 3543directories. 3544The names of all files in the directories listed will be 3545passed as arguments to 3546.Xr ldconfig 8 . 3547.It Va ldconfig_local32_dirs 3548.Pq Vt str 3549Set to the list of local 32-bit compatibility 3550.Xr ldconfig 8 3551directories. 3552The names of all files in the directories listed will be 3553passed as arguments to 3554.Dq Nm ldconfig Fl 32 . 3555.It Va kern_securelevel_enable 3556.Pq Vt bool 3557Set to 3558.Dq Li YES 3559to set the kernel security level at system startup. 3560.It Va kern_securelevel 3561.Pq Vt int 3562The kernel security level to set at startup. 3563The allowed range of 3564.Ar value 3565ranges from \-1 (the compile time default) to 3 (the 3566most secure). 3567See 3568.Xr security 7 3569for the list of possible security levels and their effect 3570on system operation. 3571.It Va sshd_program 3572.Pq Vt str 3573Path to the SSH server program 3574.Pa ( /usr/sbin/sshd 3575is the default). 3576.It Va sshd_enable 3577.Pq Vt bool 3578Set to 3579.Dq Li YES 3580to start 3581.Xr sshd 8 3582at system boot time. 3583.It Va sshd_flags 3584.Pq Vt str 3585If 3586.Va sshd_enable 3587is set to 3588.Dq Li YES , 3589these are the flags to pass to the 3590.Xr sshd 8 3591daemon. 3592.It Va ftpd_program 3593.Pq Vt str 3594Path to the FTP server program 3595.Pa ( /usr/libexec/ftpd 3596is the default). 3597.It Va ftpd_enable 3598.Pq Vt bool 3599Set to 3600.Dq Li YES 3601to start 3602.Xr ftpd 8 3603as a stand-alone daemon at system boot time. 3604.It Va ftpd_flags 3605.Pq Vt str 3606If 3607.Va ftpd_enable 3608is set to 3609.Dq Li YES , 3610these are the additional flags to pass to the 3611.Xr ftpd 8 3612daemon. 3613.It Va watchdogd_enable 3614.Pq Vt bool 3615If set to 3616.Dq Li YES , 3617start the 3618.Xr watchdogd 8 3619daemon at boot time. 3620This requires that the kernel have been compiled with a 3621.Xr watchdog 4 3622compatible device. 3623.It Va watchdogd_flags 3624.Pq Vt str 3625If 3626.Va watchdogd_enable 3627is set to 3628.Dq Li YES , 3629these are the flags passed to the 3630.Xr watchdogd 8 3631daemon. 3632.It Va devfs_rulesets 3633.Pq Vt str 3634List of files containing sets of rules for 3635.Xr devfs 8 . 3636.It Va devfs_system_ruleset 3637.Pq Vt str 3638Rule name(s) to apply to the system 3639.Pa /dev 3640itself. 3641.It Va devfs_set_rulesets 3642.Pq Vt str 3643Pairs of already-mounted 3644.Pa dev 3645directories and rulesets that should be applied to them. 3646For example: /mount/dev=ruleset_name 3647.It Va devfs_load_rulesets 3648.Pq Vt bool 3649If set, always load the default rulesets listed in 3650.Va devfs_rulesets . 3651.It Va performance_cx_lowest 3652.Pq Vt str 3653CPU idle state to use while on AC power. 3654The string 3655.Dq Li LOW 3656indicates that 3657.Xr acpi 4 3658should use the lowest power state available while 3659.Dq Li HIGH 3660indicates that the lowest latency state (less power savings) should be used. 3661.It Va performance_cpu_freq 3662.Pq Vt str 3663CPU clock frequency to use while on AC power. 3664The string 3665.Dq Li LOW 3666indicates that 3667.Xr cpufreq 4 3668should use the lowest frequency available while 3669.Dq Li HIGH 3670indicates that the highest frequency (less power savings) should be used. 3671.It Va economy_cx_lowest 3672.Pq Vt str 3673CPU idle state to use when off AC power. 3674The string 3675.Dq Li LOW 3676indicates that 3677.Xr acpi 4 3678should use the lowest power state available while 3679.Dq Li HIGH 3680indicates that the lowest latency state (less power savings) should be used. 3681.It Va economy_cpu_freq 3682.Pq Vt str 3683CPU clock frequency to use when off AC power. 3684The string 3685.Dq Li LOW 3686indicates that 3687.Xr cpufreq 4 3688should use the lowest frequency available while 3689.Dq Li HIGH 3690indicates that the highest frequency (less power savings) should be used. 3691.It Va jail_enable 3692.Pq Vt bool 3693If set to 3694.Dq Li NO , 3695any configured jails will not be started. 3696.It Va jail_conf 3697.Pq Vt str 3698The configuration filename used by 3699.Xr jail 8 3700utility. 3701The default value is 3702.Pa /etc/jail.conf . 3703.It Va jail_parallel_start 3704.Pq Vt bool 3705If set to 3706.Dq Li YES , 3707all configured jails will be started in the background (in parallel). 3708.It Va jail_flags 3709.Pq Vt str 3710Unset by default. 3711When set, use as default value for 3712.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3713for every jail in 3714.Va jail_list . 3715.It Va jail_list 3716.Pq Vt str 3717A space-delimited list of jail names. 3718When left empty, all of the 3719.Xr jail 8 3720instances defined in the configuration file are started. 3721The names specified in this list control the jail startup order. 3722.Xr jail 8 3723instances missing from 3724.Va jail_list 3725must be started manually. 3726Note that a jail's 3727.Va depend 3728parameter in the configuration file may override this list. 3729.It Va jail_reverse_stop 3730.Pq Vt bool 3731When set to 3732.Dq Li YES , 3733all configured jails in 3734.Va jail_list 3735are stopped in reverse order. 3736.It Va jail_* variables 3737Note that older releases supported per-jail configuration via 3738.Nm 3739variables. 3740For example, 3741hostname of a jail named 3742.Li vjail 3743was able to be set by 3744.Li jail_vjail_hostname . 3745These per-jail configuration variables are now obsolete in favor of 3746.Xr jail 8 3747configuration file. 3748For backward compatibility, 3749when per-jail configuration variables are defined, 3750.Xr jail 8 3751configuration files are created as 3752.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3753and used. 3754.Pp 3755The following per-jail parameters are handled by 3756.Pa rc.d/jail 3757script out of their corresponding 3758.Nm 3759variables. 3760In addition to them, parameters in 3761.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3762will be added to the configuration file. 3763They must be a semi-colon 3764.Pq Ql \&; 3765delimited list of 3766.Dq key=value . 3767For more details, 3768see 3769.Xr jail 8 3770manual page. 3771.Bl -tag -width "host.hostname" -offset indent 3772.It Li path 3773set from 3774.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3775.It Li host.hostname 3776set from 3777.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3778.It Li exec.consolelog 3779set from 3780.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3781The default value is 3782.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3783.It Li interface 3784set from 3785.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3786.It Li vnet.interface 3787set from 3788.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3789This implies 3790.Li vnet 3791parameter will be enabled and cannot be specified with 3792.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3793.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3794and/or 3795.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3796at the same time. 3797.It Li fstab 3798set from 3799.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3800.It Li mount 3801set from 3802.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3803.It Li exec.fib 3804set from 3805.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3806.It Li exec.start 3807set from 3808.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3809The parameter name was 3810.Li command 3811in some older releases. 3812.It Li exec.prestart 3813set from 3814.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3815.It Li exec.poststart 3816set from 3817.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3818.It Li exec.stop 3819set from 3820.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3821.It Li exec.prestop 3822set from 3823.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3824.It Li exec.poststop 3825set from 3826.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3827.It Li ip4.addr 3828set if 3829.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3830or 3831.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3832contain IPv4 addresses 3833.It Li ip6.addr 3834set if 3835.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3836or 3837.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3838contain IPv6 addresses 3839.It Li allow.mount 3840set from 3841.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3842.It Li mount.devfs 3843set from 3844.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3845.It Li devfs_ruleset 3846set from 3847.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3848This must be an integer, 3849not a string. 3850.It Li mount.fdescfs 3851set from 3852.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3853.It Li allow.set_hostname 3854set from 3855.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 3856.It Li allow.rawsocket 3857set from 3858.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 3859.It Li allow.sysvipc 3860set from 3861.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 3862.El 3863.\" ----------------------------------------------------- 3864.It Va harvest_mask 3865.Pq Vt int 3866Set to a bit-mask 3867representing the entropy sources 3868you wish to harvest. 3869Refer to 3870.Xr random 4 3871for more information. 3872.It Va entropy_dir 3873.Pq Vt str 3874Set to 3875.Dq Li NO 3876to disable caching entropy via 3877.Xr cron 8 . 3878Otherwise set to the directory 3879in which the entropy files are stored. 3880To be useful, 3881there must be 3882a system cron job 3883that regularly writes and rotates 3884files here. 3885All files found 3886will be used at boot time. 3887The default is 3888.Pa /var/db/entropy . 3889.It Va entropy_file 3890.Pq Vt str 3891Set to 3892.Dq Li NO 3893to disable caching entropy through reboots. 3894Otherwise set to the name 3895of a file used to store cached entropy. 3896This file should be located 3897on a file system that is readable 3898before all the volumes specified in 3899.Xr fstab 5 3900are mounted. 3901By default, 3902.Pa /entropy 3903is used, 3904but if 3905.Pa /var/db/entropy-file 3906is found it will also be used. 3907This will be of some use to 3908.Xr bsdinstall 8 . 3909.It Va entropy_boot_file 3910.Pq Vt str 3911Set to 3912.Dq Li NO 3913to disable 3914very early caching entropy 3915through reboots. 3916Otherwise set to the filename 3917used to read 3918very early reboot cached entropy. 3919This file should be located where 3920.Xr loader 8 3921can read it. 3922See also 3923.Xr loader.conf 5 . 3924The default location is 3925.Pa /boot/entropy . 3926.It Va entropy_save_sz 3927.Pq Vt int 3928Size of the entropy cache files saved by 3929.Nm save-entropy 3930periodically. 3931.It Va entropy_save_num 3932.Pq Vt int 3933Number of entropy cache files to save by 3934.Nm save-entropy 3935periodically. 3936.It Va ipsec_enable 3937.Pq Vt bool 3938Set to 3939.Dq Li YES 3940to run 3941.Xr setkey 8 3942on 3943.Va ipsec_file 3944at boot time. 3945.It Va ipsec_file 3946.Pq Vt str 3947Configuration file for 3948.Xr setkey 8 . 3949.It Va dmesg_enable 3950.Pq Vt bool 3951Set to 3952.Dq Li YES 3953to save 3954.Xr dmesg 8 3955to 3956.Pa /var/run/dmesg.boot 3957on boot. 3958.It Va rcshutdown_timeout 3959.Pq Vt int 3960If set, start a watchdog timer in the background which will terminate 3961.Pa rc.shutdown 3962if 3963.Xr shutdown 8 3964has not completed within the specified time (in seconds). 3965Notice that in addition to this soft timeout, 3966.Xr init 8 3967also applies a hard timeout for the execution of 3968.Pa rc.shutdown . 3969This is configured via 3970.Xr sysctl 8 3971variable 3972.Va kern.init_shutdown_timeout 3973and defaults to 120 seconds. 3974Setting the value of 3975.Va rcshutdown_timeout 3976to more than 120 seconds will have no effect until the 3977.Xr sysctl 8 3978variable 3979.Va kern.init_shutdown_timeout 3980is also increased. 3981.It Va virecover_enable 3982.Pq Vt bool 3983Set to 3984.Dq Li NO 3985to prevent the system from trying to 3986recover pre-maturely terminated 3987.Xr vi 1 3988sessions. 3989.It Va ugidfw_enable 3990.Pq Vt bool 3991Set to 3992.Dq Li YES 3993to load the 3994.Xr mac_bsdextended 4 3995module upon system initialization and load a default 3996ruleset file. 3997.It Va bsdextended_script 3998.Pq Vt str 3999The default 4000.Xr mac_bsdextended 4 4001ruleset file to load. 4002The default value of this variable is 4003.Pa /etc/rc.bsdextended . 4004.It Va newsyslog_enable 4005.Pq Vt bool 4006If set to 4007.Dq Li YES , 4008run 4009.Xr newsyslog 8 4010command at startup. 4011.It Va newsyslog_flags 4012.Pq Vt str 4013If 4014.Va newsyslog_enable 4015is set to 4016.Dq Li YES , 4017these are the flags to pass to the 4018.Xr newsyslog 8 4019program. 4020The default is 4021.Dq Li -CN , 4022which causes log files flagged with a 4023.Cm C 4024to be created. 4025.It Va mdconfig_md Ns Aq Ar X 4026.Pq Vt str 4027Arguments to 4028.Xr mdconfig 8 4029for 4030.Xr md 4 4031device 4032.Ar X . 4033At minimum a 4034.Fl t Ar type 4035must be specified and either a 4036.Fl s Ar size 4037for malloc or swap backed 4038.Xr md 4 4039devices or a 4040.Fl f Ar file 4041for vnode backed 4042.Xr md 4 4043devices. 4044Note that 4045.Va mdconfig_md Ns Aq Ar X 4046variables are evaluated until one variable is unset or null. 4047.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4048.Pq Vt str 4049Optional arguments passed to 4050.Xr newfs 8 4051to initialize 4052.Xr md 4 4053device 4054.Ar X . 4055.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4056.Pq Vt str 4057An ownership specification passed to 4058.Xr chown 8 4059after the specified 4060.Xr md 4 4061device 4062.Ar X 4063has been mounted. 4064Both the 4065.Xr md 4 4066device and the mount point will be changed. 4067.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4068.Pq Vt str 4069A mode string passed to 4070.Xr chmod 1 4071after the specified 4072.Xr md 4 4073device 4074.Ar X 4075has been mounted. 4076Both the 4077.Xr md 4 4078device and the mount point will be changed. 4079.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4080.Pq Vt str 4081Files to be copied to the mount point of the 4082.Xr md 4 4083device 4084.Ar X 4085after it has been mounted. 4086.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4087.Pq Vt str 4088Command to execute after the specified 4089.Xr md 4 4090device 4091.Ar X 4092has been mounted. 4093Note that the command is passed to 4094.Ic eval 4095and that both 4096.Va _dev 4097and 4098.Va _mp 4099variables can be used to reference respectively the 4100.Xr md 4 4101device and the mount point. 4102Assuming that the 4103.Xr md 4 4104device is 4105.Li md0 , 4106one could set the following: 4107.Bd -literal 4108mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4109.Ed 4110.It Va autobridge_interfaces 4111.Pq Vt str 4112Set to the list of bridge interfaces that will have newly arriving interfaces 4113checked against to be automatically added. 4114If not set to 4115.Dq Li NO 4116then for each whitespace separated 4117.Ar element 4118in the value, a 4119.Va autobridge_ Ns Aq Ar element 4120variable is assumed to exist which has a whitespace separated list of interface 4121names to match, these names can use wildcards. 4122For example: 4123.Bd -literal 4124autobridge_interfaces="bridge0" 4125autobridge_bridge0="tap* dc0 vlan[345]" 4126.Ed 4127.It Va mixer_enable 4128.Pq Vt bool 4129If set to 4130.Dq Li YES , 4131enable support for sound mixer. 4132.It Va hcsecd_enable 4133.Pq Vt bool 4134If set to 4135.Dq Li YES , 4136enable Bluetooth security daemon. 4137.It Va hcsecd_config 4138.Pq Vt str 4139Configuration file for 4140.Xr hcsecd 8 . 4141Default 4142.Pa /etc/bluetooth/hcsecd.conf . 4143.It Va sdpd_enable 4144.Pq Vt bool 4145If set to 4146.Dq Li YES , 4147enable Bluetooth Service Discovery Protocol daemon. 4148.It Va sdpd_control 4149.Pq Vt str 4150Path to 4151.Xr sdpd 8 4152control socket. 4153Default 4154.Pa /var/run/sdp . 4155.It Va sdpd_groupname 4156.Pq Vt str 4157Sets 4158.Xr sdpd 8 4159group to run as after it initializes. 4160Default 4161.Dq Li nobody . 4162.It Va sdpd_username 4163.Pq Vt str 4164Sets 4165.Xr sdpd 8 4166user to run as after it initializes. 4167Default 4168.Dq Li nobody . 4169.It Va bthidd_enable 4170.Pq Vt bool 4171If set to 4172.Dq Li YES , 4173enable Bluetooth Human Interface Device daemon. 4174.It Va bthidd_config 4175.Pq Vt str 4176Configuration file for 4177.Xr bthidd 8 . 4178Default 4179.Pa /etc/bluetooth/bthidd.conf . 4180.It Va bthidd_hids 4181.Pq Vt str 4182Path to a file, where 4183.Xr bthidd 8 4184will store information about known HID devices. 4185Default 4186.Pa /var/db/bthidd.hids . 4187.It Va rfcomm_pppd_server_enable 4188.Pq Vt bool 4189If set to 4190.Dq Li YES , 4191enable Bluetooth RFCOMM PPP wrapper daemon. 4192.It Va rfcomm_pppd_server_profile 4193.Pq Vt str 4194The name of the profile to use from 4195.Pa /etc/ppp/ppp.conf . 4196Multiple profiles can be specified here. 4197Also used to specify per-profile overrides. 4198When the profile name contains any of the characters 4199.Dq Li .-/+ 4200they are translated to 4201.Dq Li _ 4202for the proposes of the override variable names. 4203.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4204.Pq Vt str 4205Overrides local address to listen on. 4206By default 4207.Xr rfcomm_pppd 8 4208will listen on 4209.Dq Li ANY 4210address. 4211The address can be specified as BD_ADDR or name. 4212.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4213.Pq Vt str 4214Overrides local RFCOMM channel to listen on. 4215By default 4216.Xr rfcomm_pppd 8 4217will listen on RFCOMM channel 1. 4218Must set properly if multiple profiles used in the same time. 4219.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4220.Pq Vt bool 4221Tells 4222.Xr rfcomm_pppd 8 4223if it should register Serial Port service on the specified RFCOMM channel. 4224Default 4225.Dq Li NO . 4226.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4227.Pq Vt bool 4228Tells 4229.Xr rfcomm_pppd 8 4230if it should register Dial-Up Networking service on the specified 4231RFCOMM channel. 4232Default 4233.Dq Li NO . 4234.It Va ubthidhci_enable 4235.Pq Vt bool 4236If set to 4237.Dq Li YES , 4238change the USB Bluetooth controller from HID mode to HCI mode. 4239You also need to specify the location of USB Bluetooth controller with the 4240.Va ubthidhci_busnum 4241and 4242.Va ubthidhci_addr 4243variables. 4244.It Va ubthidhci_busnum 4245Bus number where the USB Bluetooth controller is located. 4246Check the output of 4247.Xr usbconfig 8 4248on your system to find this information. 4249.It Va ubthidhci_addr 4250Bus address of the USB Bluetooth controller. 4251Check the output of 4252.Xr usbconfig 8 4253on your system to find this information. 4254.It Va netwait_enable 4255.Pq Vt bool 4256If set to 4257.Dq Li YES , 4258delays the start of network-reliant services until 4259.Va netwait_if 4260is up and ICMP packets to a destination defined in 4261.Va netwait_ip 4262are flowing. 4263Link state is examined first, followed by 4264.Dq Li pinging 4265an IP address to verify network usability. 4266If no destination can be reached or timeouts are exceeded, 4267network services are started anyway with no guarantee that 4268the network is usable. 4269Use of this variable requires both 4270.Va netwait_ip 4271and 4272.Va netwait_if 4273to be set. 4274.It Va netwait_ip 4275.Pq Vt str 4276Empty by default. 4277This variable contains a space-delimited list of IP addresses to 4278.Xr ping 8 . 4279DNS hostnames should not be used as resolution is not guaranteed 4280to be functional at this point. 4281If multiple IP addresses are specified, 4282each will be tried until one is successful or the list is exhausted. 4283.It Va netwait_timeout 4284.Pq Vt int 4285Indicates the total number of seconds to perform a 4286.Dq Li ping 4287against each IP address in 4288.Va netwait_ip , 4289at a rate of one ping per second. 4290If any of the pings are successful, 4291full network connectivity is considered reliable. 4292The default is 60. 4293.It Va netwait_if 4294.Pq Vt str 4295Empty by default. 4296Defines the name of the network interface on which watch for link. 4297.Xr ifconfig 8 4298is used to monitor the interface, looking for 4299.Dq Li status: no carrier . 4300Once gone, the link is considered up. 4301This can be a 4302.Xr vlan 4 4303interface if desired. 4304.It Va netwait_if_timeout 4305.Pq Vt int 4306Defines the total number of seconds to wait for link to become usable, 4307polled at a 1-second interval. 4308The default is 30. 4309.It Va rctl_enable 4310.Pq Vt bool 4311If set to 4312.Dq Li YES , 4313load 4314.Xr rctl 8 4315rules from the defined ruleset. 4316The kernel must be built with 4317.Cd "options RACCT" 4318and 4319.Cd "options RCTL" . 4320.It Va rctl_rules 4321.Pq Vt str 4322Set to 4323.Pa /etc/rctl.conf 4324by default. 4325This variables contains the 4326.Xr rctl.conf 5 4327ruleset to load for 4328.Xr rctl 8 . 4329.It Va iovctl_files 4330.Pq Vt str 4331A space-separated list of configuration files used by 4332.Xr iovctl 8 . 4333The default value is an empty string. 4334.It Va autofs_enable 4335.Pq Vt bool 4336If set to 4337.Dq Li YES , 4338start the 4339.Xr automount 8 4340utility and the 4341.Xr automountd 8 4342and 4343.Xr autounmountd 8 4344daemons at boot time. 4345.It Va automount_flags 4346.Pq Vt str 4347If 4348.Va autofs_enable 4349is set to 4350.Dq Li YES , 4351these are the flags to pass to the 4352.Xr automount 8 4353program. 4354By default no flags are passed. 4355.It Va automountd_flags 4356.Pq Vt str 4357If 4358.Va autofs_enable 4359is set to 4360.Dq Li YES , 4361these are the flags to pass to the 4362.Xr automountd 8 4363daemon. 4364By default no flags are passed. 4365.It Va autounmountd_flags 4366.Pq Vt str 4367If 4368.Va autofs_enable 4369is set to 4370.Dq Li YES , 4371these are the flags to pass to the 4372.Xr autounmountd 8 4373daemon. 4374By default no flags are passed. 4375.It Va ctld_enable 4376.Pq Vt bool 4377If set to 4378.Dq Li YES , 4379start the 4380.Xr ctld 8 4381daemon at boot time. 4382.It Va iscsid_enable 4383.Pq Vt bool 4384If set to 4385.Dq Li YES , 4386start the 4387.Xr iscsid 8 4388daemon at boot time. 4389.It Va iscsictl_enable 4390.Pq Vt bool 4391If set to 4392.Dq Li YES , 4393start the 4394.Xr iscsictl 8 4395utility at boot time. 4396.It Va iscsictl_flags 4397.Pq Vt str 4398If 4399.Va iscsictl_enable 4400is set to 4401.Dq Li YES , 4402these are the flags to pass to the 4403.Xr iscsictl 8 4404program. 4405The default is 4406.Dq Li -Aa , 4407which configures sessions based on the 4408.Pa /etc/iscsi.conf 4409configuration file. 4410.El 4411.Sh FILES 4412.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4413.It Pa /etc/defaults/rc.conf 4414.It Pa /etc/rc.conf 4415.It Pa /etc/rc.conf.local 4416.El 4417.Sh SEE ALSO 4418.Xr catman 1 , 4419.Xr chmod 1 , 4420.Xr gdb 1 , 4421.Xr info 1 , 4422.Xr kbdcontrol 1 , 4423.Xr makewhatis 1 , 4424.Xr sh 1 , 4425.Xr vi 1 , 4426.Xr vidcontrol 1 , 4427.Xr bridge 4 , 4428.Xr dummynet 4 , 4429.Xr ip 4 , 4430.Xr ipf 4 , 4431.Xr ipfw 4 , 4432.Xr ipnat 4 , 4433.Xr kld 4 , 4434.Xr pf 4 , 4435.Xr pflog 4 , 4436.Xr pfsync 4 , 4437.Xr tcp 4 , 4438.Xr udp 4 , 4439.Xr exports 5 , 4440.Xr fstab 5 , 4441.Xr ipf 5 , 4442.Xr ipnat 5 , 4443.Xr jail.conf 5 , 4444.Xr loader.conf 5 , 4445.Xr motd 5 , 4446.Xr newsyslog.conf 5 , 4447.Xr pf.conf 5 , 4448.Xr security 7 , 4449.Xr accton 8 , 4450.Xr amd 8 , 4451.Xr apm 8 , 4452.Xr bsdinstall 8 , 4453.Xr bthidd 8 , 4454.Xr chkprintcap 8 , 4455.Xr chown 8 , 4456.Xr cron 8 , 4457.Xr devfs 8 , 4458.Xr dhclient 8 , 4459.Xr ftpd 8 , 4460.Xr geli 8 , 4461.Xr hcsecd 8 , 4462.Xr ifconfig 8 , 4463.Xr inetd 8 , 4464.Xr iovctl 8 , 4465.Xr ipf 8 , 4466.Xr ipfw 8 , 4467.Xr ipnat 8 , 4468.Xr jail 8 , 4469.Xr kldxref 8 , 4470.Xr loader 8 , 4471.Xr lpd 8 , 4472.Xr mdconfig 8 , 4473.Xr mdmfs 8 , 4474.Xr mixer 8 , 4475.Xr mountd 8 , 4476.Xr moused 8 , 4477.Xr newfs 8 , 4478.Xr newsyslog 8 , 4479.Xr nfsd 8 , 4480.Xr ntpd 8 , 4481.Xr ntpdate 8 , 4482.Xr pfctl 8 , 4483.Xr pflogd 8 , 4484.Xr ping 8 , 4485.Xr powerd 8 , 4486.Xr quotacheck 8 , 4487.Xr quotaon 8 , 4488.Xr rc 8 , 4489.Xr rc.sendmail 8 , 4490.Xr rfcomm_pppd 8 , 4491.Xr route 8 , 4492.Xr routed 8 , 4493.Xr rpc.lockd 8 , 4494.Xr rpc.statd 8 , 4495.Xr rpcbind 8 , 4496.Xr rwhod 8 , 4497.Xr savecore 8 , 4498.Xr sdpd 8 , 4499.Xr sshd 8 , 4500.Xr swapon 8 , 4501.Xr sysctl 8 , 4502.Xr syslogd 8 , 4503.Xr timed 8 , 4504.Xr unbound 8 , 4505.Xr usbconfig 8 , 4506.Xr wlandebug 8 , 4507.Xr yp 8 , 4508.Xr ypbind 8 , 4509.Xr ypserv 8 , 4510.Xr ypset 8 4511.Sh HISTORY 4512The 4513.Nm 4514file appeared in 4515.Fx 2.2.2 . 4516.Sh AUTHORS 4517.An Jordan K. Hubbard . 4518