1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.Dd November 13, 2023 26.Dt RC.CONF 5 27.Os 28.Sh NAME 29.Nm rc.conf 30.Nd system configuration information 31.Sh DESCRIPTION 32The file 33.Nm 34contains descriptive information about the local host name, configuration 35details for any potential network interfaces and which services should be 36started up at system initial boot time. 37In new installations, the 38.Nm 39file is generally initialized by the system installation utility. 40.Pp 41The purpose of 42.Nm 43is not to run commands or perform system startup actions 44directly. 45Instead, it is included by the 46various generic startup scripts in 47.Pa /etc 48which conditionalize their 49internal actions according to the settings found there. 50.Pp 51The 52.Pa /etc/rc.conf 53file is included from the file 54.Pa /etc/defaults/rc.conf , 55which specifies the default settings for all the available options. 56Options need only be specified in 57.Pa /etc/rc.conf 58when the system administrator wishes to override these defaults. 59The file 60.Pa /etc/defaults/vendor.conf 61allows vendors to override 62.Fx 63defaults. 64The file 65.Pa /etc/rc.conf.local 66is used to override settings in 67.Pa /etc/rc.conf 68for historical reasons. 69.Pp 70The sysrc(8) command provides a scripting interface to modify system 71config files. 72.Pp 73In addition to 74.Pa /etc/rc.conf.local 75you can also place smaller configuration files for each 76.Xr rc 8 77script in the 78.Pa /etc/rc.conf.d 79directory or 80.Ao Ar dir Ac Ns Pa /rc.conf.d 81directories (where 82.Ao Ar dir Ac 83is each entry specified in 84.Va local_startup , 85but with any trailing 86.Pa /rc.d 87stripped), 88which will be included by the 89.Va load_rc_config 90function. 91For jail configurations you could use the file 92.Pa /etc/rc.conf.d/jail 93to store jail-specific configuration options. 94If 95.Va local_startup 96contains 97.Pa /usr/local/etc/rc.d 98and 99.Pa /opt/conf , 100.Pa /usr/local/etc/rc.conf.d/jail 101and 102.Pa /opt/conf/rc.conf.d/jail 103will be loaded. 104If 105.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 106is a directory, 107all of the files in the directory will be loaded. 108Also see the 109.Va rc_conf_files 110variable below. 111.Pp 112Options are set with 113.Dq Ar name Ns Li = Ns Ar value 114assignments that use 115.Xr sh 1 116syntax. 117The following list provides a name and short description for each 118variable that can be set in the 119.Nm 120file: 121.Bl -tag -width indent-two 122.It Va rc_debug 123.Pq Vt bool 124If set to 125.Dq Li YES , 126enable output of debug messages from rc scripts. 127This variable can be helpful in diagnosing mistakes when 128editing or integrating new scripts. 129Beware that this produces copious output to the terminal and 130.Xr syslog 3 . 131.It Va rc_info 132.Pq Vt bool 133If set to 134.Dq Li NO , 135disable informational messages from the rc scripts. 136Informational messages are displayed when 137a condition that is not serious enough to warrant a warning or 138an error occurs. 139.It Va rc_startmsgs 140.Pq Vt bool 141If set to 142.Dq Li YES , 143show 144.Dq Starting foo: 145when faststart is used (e.g., at boot time). 146.It Va early_late_divider 147.Pq Vt str 148The name of the script that should be used as the 149delimiter between the 150.Dq early 151and 152.Dq late 153stages of the boot process. 154The early stage should contain all the services needed to 155get the disks (local or remote) mounted so that the late 156stage can include scripts contained in the directories 157listed in the 158.Va local_startup 159variable (see below). 160Thus, the two likely candidates for this value are 161.Pa mountcritlocal 162for the typical system, and 163.Pa mountcritremote 164if the system needs remote file 165systems mounted to get access to the 166.Va local_startup 167directories; for example when 168.Pa /usr/local 169is NFS mounted. 170For 171.Pa rc.conf 172within a 173.Xr jail 8 174.Pa NETWORKING 175is likely to be an appropriate value. 176Extreme care should be taken when changing this value, 177and before changing it one should ensure that there are 178adequate provisions to recover from a failed boot 179(such as physical contact with the machine, 180or reliable remote console access). 181.It Va always_force_depends 182.Pq Vt bool 183Various 184.Pa rc.d 185scripts use the force_depend function to check whether required 186services are already running, and to start them if necessary. 187By default during boot time this check is bypassed if the 188required service is enabled in 189.Pa /etc/rc.conf[.local] . 190Setting this option will bypass that check at boot time and 191always test whether or not the service is actually running. 192Enabling this option is likely to increase your boot time if 193services are enabled that utilize the force_depend check. 194.It Ao Ar name Ac Ns Va _chroot 195.Pq Vt str 196.Xr chroot 8 197to this directory before running the service. 198.It Ao Ar name Ac Ns Va _cpuset 199.Pq Vt str 200A list of CPUs to run the service on. 201Passed to 202.Xr cpuset 1 203using the 204.Fl l 205flag. 206.It Ao Ar name Ac Ns Va _fib 207.Pq Vt int 208The 209.Xr setfib 1 210value to run the service under. 211.It Ao Ar name Ac Ns Va _group 212.Pq Vt str 213Run the chrooted service under this system group. 214Unlike the 215.Ao Ar name Ac Ns Va _user 216setting, this setting has no effect if the service is not chrooted. 217.It Ao Ar name Ac Ns Va _limits 218.Pq Vt str 219Resource limits to apply to the service using 220.Xr limits 1 . 221By default, resource limits are based on the login class defined in 222.Ao Ar name Ac Ns Va _login_class . 223.It Ao Ar name Ac Ns Va _login_class 224.Pq Vt str 225Login class to be used with 226.Ao Ar name Ac Ns Va _limits . 227Defaults to 228.Dq Li daemon . 229.It Ao Ar name Ac Ns Va _nice 230.Pq Vt int 231The 232.Xr nice 1 233value to run the service under. 234.It Ao Ar name Ac Ns Va _oomprotect 235.Pq Vt str 236Use 237.Xr protect 1 238to prevent the service from being killed when swap space 239is exhausted. 240Use 241.Dq Li YES 242to protect only the service itself, and 243.Dq Li ALL 244to protect the service and all its child processes. 245.Pp 246Please note that rc scripts which redefine 247.Dl ${argument}_cmd 248.Pq see Xr rc.subr 8 249such as PostgreSQL will not inherit the OOM killer protection. 250.Pp 251This variable has no effect on services running within a 252.Xr jail 8 . 253.It Ao Ar name Ac Ns Va _setup 254.Pq Vt str 255Run the specified setup script right before starting the actual service 256command. 257Useful for automatic configuration file generation. 258.It Ao Ar name Ac Ns Va _umask 259.Pq Vt int 260Run the service using this 261.Xr umask 1 262value. 263.It Ao Ar name Ac Ns Va _user 264.Pq Vt str 265Run the service under this user account. 266.It Va apm_enable 267.Pq Vt bool 268If set to 269.Dq Li YES , 270enable support for Automatic Power Management with 271the 272.Xr apm 8 273command. 274.It Va apmd_enable 275.Pq Vt bool 276Run 277.Xr apmd 8 278to handle APM event from userland. 279This also enables support for APM. 280.It Va apmd_flags 281.Pq Vt str 282If 283.Va apmd_enable 284is set to 285.Dq Li YES , 286these are the flags to pass to the 287.Xr apmd 8 288daemon. 289.It Va devd_enable 290.Pq Vt bool 291Run 292.Xr devd 8 293to handle device added, removed or unknown events from the kernel. 294.It Va ddb_enable 295.Pq Vt bool 296Run 297.Xr ddb 8 298to install 299.Xr ddb 4 300scripts at boot time. 301.It Va ddb_config 302.Pq Vt str 303Configuration file for 304.Xr ddb 8 . 305Default 306.Pa /etc/ddb.conf . 307.It Va devmatch_enable 308.Pq Vt bool 309If set to 310.Dq Li NO , 311disable auto-loading of kernel modules with 312.Xr devmatch 8 . 313.It Va devmatch_blocklist 314.Pq Vt str 315A whitespace-separated list of kernel modules to be ignored by 316.Xr devmatch 8 . 317In addition, the 318.Xr kenv 1 319.Va devmatch_blocklist 320is appended to this variable to allow disabling of 321.Xr devmatch 8 322loaded modules from the boot loader. 323.It Va devmatch_blacklist 324.Pq Vt str 325This variable is deprecated. 326Use 327.Va devmatch_blocklist 328instead. 329A whitespace-separated list of kernel modules to be ignored by 330.Xr devmatch 8 . 331.It Va kld_list 332.Pq Vt str 333A whitespace-separated list of kernel modules to load right after 334the local disks are mounted, without any 335.Pa .ko 336extension or path. 337Loading modules at this point in the boot process is 338much faster than doing it via 339.Pa /boot/loader.conf 340for those modules not necessary for mounting local disks. 341.It Va kldxref_enable 342.Pq Vt bool 343Set to 344.Dq Li NO 345by default. 346Set to 347.Dq Li YES 348to automatically rebuild 349.Pa linker.hints 350files with 351.Xr kldxref 8 352at boot time. 353.It Va kldxref_clobber 354.Pq Vt bool 355Set to 356.Dq Li NO 357by default. 358If 359.Va kldxref_enable 360is true, 361setting to 362.Dq Li YES 363will overwrite existing 364.Pa linker.hints 365files at boot time. 366Otherwise, 367only missing 368.Pa linker.hints 369files are generated. 370.It Va kldxref_module_path 371.Pq Vt str 372Empty by default. 373A semi-colon 374.Pq Ql \&; 375delimited list of paths containing 376.Xr kld 4 377modules. 378If empty, 379the contents of the 380.Va kern.module_path 381.Xr sysctl 8 382are used. 383.It Va powerd_enable 384.Pq Vt bool 385If set to 386.Dq Li YES , 387enable the system power control facility with the 388.Xr powerd 8 389daemon. 390.It Va powerd_flags 391.Pq Vt str 392If 393.Va powerd_enable 394is set to 395.Dq Li YES , 396these are the flags to pass to the 397.Xr powerd 8 398daemon. 399.It Va tmpmfs 400Controls the creation of a 401.Pa /tmp 402memory file system. 403Always happens if set to 404.Dq Li YES 405and never happens if set to 406.Dq Li NO . 407If set to anything else, a memory file system is created if 408.Pa /tmp 409is not writable. 410.It Va tmpsize 411Controls the size of a created 412.Pa /tmp 413memory file system. 414.It Va tmpmfs_flags 415Extra options passed to the 416.Xr mdmfs 8 417utility when the memory file system for 418.Pa /tmp 419is created. 420The default is 421.Dq Li "-S" , 422which inhibits the use of softupdates on 423.Pa /tmp 424so that file system space is freed without delay 425after file truncation or deletion. 426See 427.Xr mdmfs 8 428for other options you can use in 429.Va tmpmfs_flags . 430.It Va varmfs 431Controls the creation of a 432.Pa /var 433memory file system. 434Always happens if set to 435.Dq Li YES 436and never happens if set to 437.Dq Li NO . 438If set to anything else, a memory file system is created if 439.Pa /var 440is not writable. 441.It Va varsize 442Controls the size of a created 443.Pa /var 444memory file system. 445.It Va varmfs_flags 446Extra options passed to the 447.Xr mdmfs 8 448utility when the memory file system for 449.Pa /var 450is created. 451The default is 452.Dq Li "-S" , 453which inhibits the use of softupdates on 454.Pa /var 455so that file system space is freed without delay 456after file truncation or deletion. 457See 458.Xr mdmfs 8 459for other options you can use in 460.Va varmfs_flags . 461.It Va populate_var 462Controls the automatic population of the 463.Pa /var 464file system. 465Always happens if set to 466.Dq Li YES 467and never happens if set to 468.Dq Li NO . 469If set to anything else, a memory file system is created if 470.Pa /var 471is not writable. 472Note that this process requires access to certain commands in 473.Pa /usr 474before 475.Pa /usr 476is mounted on normal systems. 477.It Va cleanvar_enable 478.Pq Vt bool 479Clean the 480.Pa /var 481directory. 482.It Va var_run_enable 483.Pq Vt bool 484Set to "YES" to enable saving of the 485.Pa /var/run 486directory structure into an mtree file at shutdown and the reload of the 487.Pa /var/run 488directory structure at boot. 489.It Va var_run_autosave 490.Pq Vt bool 491In some cases it may be undesirable to save 492.Pa /var/run 493at shutdown. 494When set to "NO" 495.Pa /var/run 496is loaded at reboot but not saved at shutdown. 497Typically in this scenario 498.Ql service var_run save 499would be performed to save a copy of the 500.Pa /var/run 501directory structure once, to be reloaded during all subsequent reboots. 502.It Va var_run_mtree 503.Pq Vt str 504Where to save the 505.Pa /var/run 506mtree. 507The default location is 508.Pa /var/db/mtree/BSD.var-run.mtree . 509.It Va local_startup 510.Pq Vt str 511List of directories to search for startup script files. 512.It Va script_name_sep 513.Pq Vt str 514The field separator to use for breaking down the list of startup script files 515into individual filenames. 516The default is a space. 517It is not necessary to change this unless there are startup scripts with names 518containing spaces. 519.It Va hostapd_enable 520.Pq Vt bool 521Set to 522.Dq Li YES 523to start 524.Xr hostapd 8 525at system boot time. 526.It Va hostname 527.Pq Vt str 528The fully qualified domain name (FQDN) of this host on the network. 529This should almost certainly be set to something meaningful, even if 530there is no network connection. 531If 532.Xr dhclient 8 533is used to set the hostname via DHCP, 534this variable should be set to an empty string. 535Within a 536.Xr jail 8 537the hostname is generally already set and this variable may be absent. 538If this value remains unset when the system is done booting 539your console login will display the default hostname of 540.Dq Amnesiac . 541.It Va nisdomainname 542.Pq Vt str 543The NIS domain name of this host, or 544.Dq Li NO 545if NIS is not used. 546.It Va hostid_enable 547.Pq Vt bool 548If set to 549.Dq Li NO , 550disable the generation or saving of the 551.Pa hostid 552and 553.Pa machine-id 554files at system boot and shutdown. 555.It Va hostid_file 556.Pq Vt str 557Path to the 558.Pa hostid 559file, default 560.Pa /etc/hostid . 561.It Va hostid_uuidgen_flags 562.Pq Vt str 563Flags passed to 564.Xr uuidgen 1 565when generating a software host UUID. 566This is used only if the system cannot determine a hardware UUID. 567Set to 568.Dq Li -r 569by default. 570.It Va machine_id_file 571.Pq Vt str 572Path to the 573.Pa machine-id 574file, default 575.Pa /etc/machine-id . 576.It Va dhclient_program 577.Pq Vt str 578Path to the DHCP client program, defaulting to 579.Pa /sbin/dhclient . 580.It Va dhclient_flags 581.Pq Vt str 582Additional flags to pass to the DHCP client program. 583See the 584.Xr dhclient 8 585manpage for a description of the command line options available. 586.It Va dhclient_flags_ Ns Aq Ar iface 587Additional flags to pass to the DHCP client program running on 588.Ar iface 589only. 590When specified, this variable overrides 591.Va dhclient_flags . 592.It Va background_dhclient 593.Pq Vt bool 594Set to 595.Dq Li YES 596to start the DHCP client in background. 597This can cause trouble with applications depending on 598a working network, but it will provide a faster startup 599in many cases. 600.It Va background_dhclient_ Ns Aq Ar iface 601When specified, this variable overrides the 602.Va background_dhclient 603variable for interface 604.Ar iface 605only. 606.It Va synchronous_dhclient 607.Pq Vt bool 608Set to 609.Dq Li YES 610to start 611.Xr dhclient 8 612synchronously at startup. 613This behavior can be overridden on a per-interface basis by replacing 614the 615.Dq Li DHCP 616keyword in the 617.Va ifconfig_ Ns Aq Ar interface 618variable with 619.Dq Li SYNCDHCP 620or 621.Dq Li NOSYNCDHCP . 622.It Va defaultroute_delay 623.Pq Vt int 624When set to a positive value, wait up to this long after configuring 625DHCP interfaces at startup to give the interfaces time to receive a lease. 626.It Va firewall_enable 627.Pq Vt bool 628Set to 629.Dq Li YES 630to load firewall rules at startup. 631If the kernel was not built with 632.Cd "options IPFIREWALL" , 633the 634.Pa ipfw.ko 635kernel module will be loaded. 636See also 637.Va ipfilter_enable . 638.It Va firewall_script 639.Pq Vt str 640This variable specifies the full path to the firewall script to run. 641The default is 642.Pa /etc/rc.firewall . 643.It Va firewall_type 644.Pq Vt str 645Names the firewall type from the selection in 646.Pa /etc/rc.firewall , 647or the file which contains the local firewall ruleset. 648Valid selections from 649.Pa /etc/rc.firewall 650are: 651.Pp 652.Bl -tag -width ".Li workstation" -compact 653.It Li open 654unrestricted IP access 655.It Li closed 656all IP services disabled, except via 657.Dq Li lo0 658.It Li client 659basic protection for a workstation 660.It Li workstation 661basic protection for a workstation using stateful firewalling 662.It Li simple 663basic protection for a LAN. 664.El 665.Pp 666If a filename is specified, the full path 667must be given. 668.Pp 669Most of the predefined rulesets define additional configuration variables. 670These are documented in 671.Pa /etc/rc.firewall . 672.It Va firewall_quiet 673.Pq Vt bool 674Set to 675.Dq Li YES 676to disable the display of firewall rules on the console during boot. 677.It Va firewall_logging 678.Pq Vt bool 679Set to 680.Dq Li YES 681to enable firewall event logging. 682This is equivalent to the 683.Dv IPFIREWALL_VERBOSE 684kernel option. 685.It Va firewall_logif 686.Pq Vt bool 687Set to 688.Dq Li YES 689to create pseudo interface 690.Li ipfw0 691for logging. 692For more details, see 693.Xr ipfw 8 694manual page. 695.It Va firewall_flags 696.Pq Vt str 697Flags passed to 698.Xr ipfw 8 699if 700.Va firewall_type 701specifies a filename. 702.It Va firewall_coscripts 703.Pq Vt str 704List of executables and/or rc scripts to run after firewall starts/stops. 705Default is empty. 706.\" ----- firewall_nat_enable setting -------------------------------- 707.It Va firewall_nat_enable 708.Pq Vt bool 709The 710.Xr ipfw 8 711equivalent of 712.Va natd_enable . 713Setting this to 714.Dq Li YES 715will automatically load the 716.Xr ipfw 8 717NAT kernel module if 718.Va firewall_enable 719is also set to 720.Dq Li YES . 721.It Va firewall_nat_interface 722.Pq Vt str 723The 724.Xr ipfw 8 725equivalent of 726.Va natd_interface . 727This is the name of the public interface or IP address on which 728kernel NAT should run. 729.It Va firewall_nat_flags 730.Pq Vt str 731Additional configuration parameters for kernel NAT should be placed here. 732.It Va firewall_nat64_enable 733.Pq Vt bool 734Setting this to 735.Dq Li YES 736will automatically load the 737.Xr ipfw 8 738NAT64 kernel module if 739.Va firewall_enable 740is also set to 741.Dq Li YES . 742.It Va firewall_nptv6_enable 743.Pq Vt bool 744Setting this to 745.Dq Li YES 746will automatically load the 747.Xr ipfw 8 748NPTv6 kernel module if 749.Va firewall_enable 750is also set to 751.Dq Li YES . 752.It Va firewall_pmod_enable 753.Pq Vt bool 754Setting this to 755.Dq Li YES 756will automatically load the 757.Xr ipfw 8 758pmod kernel module if 759.Va firewall_enable 760is also set to 761.Dq Li YES . 762.It Va dummynet_enable 763.Pq Vt bool 764Setting this to 765.Dq Li YES 766will automatically load the 767.Xr dummynet 4 768module if 769.Va firewall_enable 770is also set to 771.Dq Li YES . 772.\" ------------------------------------------------------------------- 773.It Va ipfw_netflow_enable 774.Pq Vt bool 775Setting this to 776.Dq Li YES 777will enable netflow logging via 778.Xr ng_netflow 4 . 779.Pp 780By default a ipfw rule is inserted and all packets are duplicated with 781the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 782port using protocol version 5. 783.It Va ipfw_netflow_hook 784.Pq Vt int 785netflow hook name, must be numerical 786(default 787.Pa 9995 ) . 788.It Va ipfw_netflow_rule 789.Pq Vt int 790ipfw rule number 791(default 792.Pa 1000 ) . 793.It Va ipfw_netflow_ip 794.Pq Vt str 795Destination server ip for receiving netflow data 796(default 797.Pa 127.0.0.1 ) . 798.It Va ipfw_netflow_port 799.Pq Vt int 800Destination server port for receiving netflow data 801(default 802.Pa 9995 ) . 803.It Va ipfw_netflow_version 804.Pq Vt int 805Do not set for using version 5 of the netflow protocol, set it to 9 for using 806version 9. 807.It Va ipfw_netflow_fib 808.Pq Vt int 809Only match packet in FIB 810.Pa ipfw_netflow_fib 811(default is undefined meaning all FIBs). 812.It Va natd_program 813.Pq Vt str 814Path to 815.Xr natd 8 . 816.It Va natd_enable 817.Pq Vt bool 818Set to 819.Dq Li YES 820to enable 821.Xr natd 8 . 822.Va firewall_enable 823must also be set to 824.Dq Li YES , 825and 826.Xr divert 4 827sockets must be enabled in the kernel. 828If the kernel was not built with 829.Cd "options IPDIVERT" , 830the 831.Pa ipdivert.ko 832kernel module will be loaded. 833.It Va natd_interface 834.Pq Vt str 835This is the name of the public interface on which 836.Xr natd 8 837should run. 838The interface may be given as an interface name or as an IP address. 839.It Va natd_flags 840.Pq Vt str 841Additional 842.Xr natd 8 843flags should be placed here. 844The 845.Fl n 846or 847.Fl a 848flag is automatically added with the above 849.Va natd_interface 850as an argument. 851.\" ----- ipfilter_enable setting -------------------------------- 852.It Va ipfilter_enable 853.Pq Vt bool 854Set to 855.Dq Li NO 856by default. 857Setting this to 858.Dq Li YES 859enables 860.Xr ipf 8 861packet filtering. 862.Pp 863Typical usage will require putting 864.Bd -literal 865ipfilter_enable="YES" 866ipnat_enable="YES" 867ipmon_enable="YES" 868ipfs_enable="YES" 869.Ed 870.Pp 871into 872.Pa /etc/rc.conf 873and editing 874.Pa /etc/ipf.rules 875and 876.Pa /etc/ipnat.rules 877appropriately. 878.Pp 879Note that 880.Va ipfilter_enable 881and 882.Va ipnat_enable 883can be enabled independently. 884.Va ipmon_enable 885and 886.Va ipfs_enable 887both require at least one of 888.Va ipfilter_enable 889and 890.Va ipnat_enable 891to be enabled. 892.Pp 893Having 894.Bd -literal 895options IPFILTER 896options IPFILTER_LOG 897options IPFILTER_DEFAULT_BLOCK 898.Ed 899.Pp 900in the kernel configuration file is a good idea, too. 901.\" ----- ipfilter_program setting ------------------------------ 902.It Va ipfilter_program 903.Pq Vt str 904Path to 905.Xr ipf 8 906(default 907.Pa /sbin/ipf ) . 908.\" ----- ipfilter_rules setting -------------------------------- 909.It Va ipfilter_rules 910.Pq Vt str 911Set to 912.Pa /etc/ipf.rules 913by default. 914This variable contains the name of the filter rule definition file. 915The file is expected to be readable for the 916.Xr ipf 8 917command to execute. 918.\" ----- ipfilter_flags setting -------------------------------- 919.It Va ipfilter_flags 920.Pq Vt str 921Empty by default. 922This variable contains flags passed to the 923.Xr ipf 8 924program. 925.\" ----- ipnat_enable setting ---------------------------------- 926.It Va ipnat_enable 927.Pq Vt bool 928Set to 929.Dq Li NO 930by default. 931Set it to 932.Dq Li YES 933to enable 934.Xr ipnat 8 935network address translation. 936See 937.Va ipfilter_enable 938for a detailed discussion. 939.\" ----- ipnat_program setting --------------------------------- 940.It Va ipnat_program 941.Pq Vt str 942Path to 943.Xr ipnat 8 944(default 945.Pa /sbin/ipnat ) . 946.\" ----- ipnat_rules setting ----------------------------------- 947.It Va ipnat_rules 948.Pq Vt str 949Set to 950.Pa /etc/ipnat.rules 951by default. 952This variable contains the name of the file 953holding the network address translation definition. 954This file is expected to be readable for the 955.Xr ipnat 8 956command to execute. 957.\" ----- ipnat_flags setting ----------------------------------- 958.It Va ipnat_flags 959.Pq Vt str 960Empty by default. 961This variable contains flags passed to the 962.Xr ipnat 8 963program. 964.\" ----- ipmon_enable setting ---------------------------------- 965.It Va ipmon_enable 966.Pq Vt bool 967Set to 968.Dq Li NO 969by default. 970Set it to 971.Dq Li YES 972to enable 973.Xr ipmon 8 974monitoring (logging 975.Xr ipf 8 976and 977.Xr ipnat 8 978events). 979Setting this variable needs setting 980.Va ipfilter_enable 981or 982.Va ipnat_enable 983too. 984See 985.Va ipfilter_enable 986for a detailed discussion. 987.\" ----- ipmon_program setting --------------------------------- 988.It Va ipmon_program 989.Pq Vt str 990Path to 991.Xr ipmon 8 992(default 993.Pa /sbin/ipmon ) . 994.\" ----- ipmon_flags setting ----------------------------------- 995.It Va ipmon_flags 996.Pq Vt str 997Set to 998.Dq Li -Ds 999by default. 1000This variable contains flags passed to the 1001.Xr ipmon 8 1002program. 1003Another typical example would be 1004.Dq Fl D Pa /var/log/ipflog 1005to have 1006.Xr ipmon 8 1007log directly to a file bypassing 1008.Xr syslogd 8 . 1009Make sure to adjust 1010.Pa /etc/newsyslog.conf 1011in such case like this: 1012.Bd -literal 1013/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 1014.Ed 1015.\" ----- ipfs_enable setting ----------------------------------- 1016.It Va ipfs_enable 1017.Pq Vt bool 1018Set to 1019.Dq Li NO 1020by default. 1021Set it to 1022.Dq Li YES 1023to enable 1024.Xr ipfs 8 1025saving the filter and NAT state tables during shutdown 1026and reloading them during startup again. 1027Setting this variable needs setting 1028.Va ipfilter_enable 1029or 1030.Va ipnat_enable 1031to 1032.Dq Li YES 1033too. 1034See 1035.Va ipfilter_enable 1036for a detailed discussion. 1037Note that if 1038.Va kern_securelevel 1039is set to 3, 1040.Va ipfs_enable 1041cannot be used 1042because the raised securelevel will prevent 1043.Xr ipfs 8 1044from saving the state tables at shutdown time. 1045.\" ----- ipfs_program setting ---------------------------------- 1046.It Va ipfs_program 1047.Pq Vt str 1048Path to 1049.Xr ipfs 8 1050(default 1051.Pa /sbin/ipfs ) . 1052.\" ----- ipfs_flags setting ------------------------------------ 1053.It Va ipfs_flags 1054.Pq Vt str 1055Empty by default. 1056This variable contains flags passed to the 1057.Xr ipfs 8 1058program. 1059.\" ----- end of added ipf hook --------------------------------- 1060.It Va pf_enable 1061.Pq Vt bool 1062Set to 1063.Dq Li NO 1064by default. 1065Setting this to 1066.Dq Li YES 1067enables 1068.Xr pf 4 1069packet filtering. 1070.Pp 1071Typical usage will require putting 1072.Pp 1073.Dl pf_enable="YES" 1074.Pp 1075into 1076.Pa /etc/rc.conf 1077and editing 1078.Pa /etc/pf.conf 1079appropriately. 1080Adding 1081.Pp 1082.Dl "device pf" 1083.Pp 1084builds support for 1085.Xr pf 4 1086into the kernel, otherwise the 1087kernel module will be loaded. 1088.It Va pf_rules 1089.Pq Vt str 1090Path to 1091.Xr pf 4 1092ruleset configuration file 1093(default 1094.Pa /etc/pf.conf ) . 1095.It Va pf_program 1096.Pq Vt str 1097Path to 1098.Xr pfctl 8 1099(default 1100.Pa /sbin/pfctl ) . 1101.It Va pf_flags 1102.Pq Vt str 1103If 1104.Va pf_enable 1105is set to 1106.Dq Li YES , 1107these flags are passed to the 1108.Xr pfctl 8 1109program when loading the ruleset. 1110.It Va pf_fallback_rules_enable 1111.Pq Vt bool 1112Set to 1113.Dq Li NO 1114by default. 1115Setting this to 1116.Dq Li YES 1117enables loading 1118.Va pf_fallback_rules_file 1119or 1120.Va pf_fallback_rules 1121in case of a problem when loading the ruleset in 1122.Va pf_rules . 1123.It Va pf_fallback_rules_file 1124.Pq Vt str 1125Path to a pf ruleset to load in case of failure when loading the 1126ruleset in 1127.Va pf_rules 1128(default 1129.Pa /etc/pf-fallback.conf ) . 1130.It Va pf_fallback_rules 1131.Pq Vt str 1132A pf ruleset to load in case of failure when loading the ruleset in 1133.Va pf_rules 1134and 1135.Va pf_fallback_rules_file 1136is not found. 1137Multiple rules can be set as follows: 1138.Bd -literal 1139pf_fallback_rules="\\ 1140 block drop log all\\ 1141 pass in quick on em0" 1142.Pp 1143.Ed 1144The default fallback rule is 1145.Dq block drop log all 1146.It Va pflog_enable 1147.Pq Vt bool 1148Set to 1149.Dq Li NO 1150by default. 1151Setting this to 1152.Dq Li YES 1153enables 1154.Xr pflogd 8 1155which logs packets from the 1156.Xr pf 4 1157packet filter. 1158.It Va pflog_logfile 1159.Pq Vt str 1160If 1161.Va pflog_enable 1162is set to 1163.Dq Li YES 1164this controls where 1165.Xr pflogd 8 1166stores the logfile 1167(default 1168.Pa /var/log/pflog ) . 1169Check 1170.Pa /etc/newsyslog.conf 1171to adjust logfile rotation for this. 1172.It Va pflog_program 1173.Pq Vt str 1174Path to 1175.Xr pflogd 8 1176(default 1177.Pa /sbin/pflogd ) . 1178.It Va pflog_flags 1179.Pq Vt str 1180Empty by default. 1181This variable contains additional flags passed to the 1182.Xr pflogd 8 1183program. 1184.It Va pflog_instances 1185.Pq Vt str 1186If logging to more than one 1187.Xr pflog 4 1188interface is desired, 1189.Va pflog_instances 1190is set to the list of 1191.Xr pflogd 8 1192instances that should be started at system boot time. 1193If 1194.Va pflog_instances 1195is set, for each whitespace-separated 1196.Ar element 1197in the list, 1198.Ao Ar element Ac Ns Va _dev 1199and 1200.Ao Ar element Ac Ns Va _logfile 1201elements are assumed to exist. 1202.Ao Ar element Ac Ns Va _dev 1203must contain the 1204.Xr pflog 4 1205interface to be watched by the named 1206.Xr pflogd 8 1207instance. 1208.Ao Ar element Ac Ns Va _logfile 1209must contain the name of the logfile that will be used by the 1210.Xr pflogd 8 1211instance. 1212.It Va ftpproxy_enable 1213.Pq Vt bool 1214Set to 1215.Dq Li NO 1216by default. 1217Setting this to 1218.Dq Li YES 1219enables 1220.Xr ftp-proxy 8 1221which supports the 1222.Xr pf 4 1223packet filter in translating ftp connections. 1224.It Va ftpproxy_flags 1225.Pq Vt str 1226Empty by default. 1227This variable contains additional flags passed to the 1228.Xr ftp-proxy 8 1229program. 1230.It Va ftpproxy_instances 1231.Pq Vt str 1232Empty by default. 1233If multiple instances of 1234.Xr ftp-proxy 8 1235are desired at boot time, 1236.Va ftpproxy_instances 1237should contain a whitespace-separated list of instance names. 1238For each 1239.Ar element 1240in the list, a variable named 1241.Ao Ar element Ac Ns Va _flags 1242should be defined, containing the command-line flags to be passed to the 1243.Xr ftp-proxy 8 1244instance. 1245.It Va pfsync_enable 1246.Pq Vt bool 1247Set to 1248.Dq Li NO 1249by default. 1250Setting this to 1251.Dq Li YES 1252enables exposing 1253.Xr pf 4 1254state changes to other hosts over the network by means of 1255.Xr pfsync 4 . 1256The 1257.Va pfsync_syncdev 1258variable 1259must also be set then. 1260.It Va pfsync_syncdev 1261.Pq Vt str 1262Empty by default. 1263This variable specifies the name of the network interface 1264.Xr pfsync 4 1265should operate through. 1266It must be set accordingly if 1267.Va pfsync_enable 1268is set to 1269.Dq Li YES . 1270.It Va pfsync_syncpeer 1271.Pq Vt str 1272Empty by default. 1273This variable is optional. 1274By default, state change messages are sent out on the synchronisation 1275interface using IP multicast packets. 1276The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1277224.0.0.240. 1278When a peer address is specified using the 1279.Va pfsync_syncpeer 1280option, the peer address is used as a destination for the pfsync 1281traffic, and the traffic can then be protected using 1282.Xr ipsec 4 . 1283See the 1284.Xr pfsync 4 1285manpage for more details about using 1286.Xr ipsec 4 1287with 1288.Xr pfsync 4 1289interfaces. 1290.It Va pfsync_ifconfig 1291.Pq Vt str 1292Empty by default. 1293This variable can contain additional options to be passed to the 1294.Xr ifconfig 8 1295command used to set up 1296.Xr pfsync 4 . 1297.It Va tcp_extensions 1298.Pq Vt bool 1299Set to 1300.Dq Li YES 1301by default. 1302Setting this to 1303.Dq Li NO 1304disables certain TCP options as described by 1305.Rs 1306.%T "RFC 1323" 1307.Re 1308Setting this to 1309.Dq Li NO 1310might help remedy such problems with connections as randomly hanging 1311or other weird behavior. 1312Some network devices are known 1313to be broken with respect to these options. 1314.It Va log_in_vain 1315.Pq Vt int 1316Set to 0 by default. 1317The 1318.Xr sysctl 8 1319variables, 1320.Va net.inet.tcp.log_in_vain 1321and 1322.Va net.inet.udp.log_in_vain , 1323as described in 1324.Xr tcp 4 1325and 1326.Xr udp 4 , 1327are set to the given value. 1328.It Va tcp_keepalive 1329.Pq Vt bool 1330Set to 1331.Dq Li YES 1332by default. 1333Setting to 1334.Dq Li NO 1335will disable probing idle TCP connections to verify that the 1336peer is still up and reachable. 1337.It Va tcp_drop_synfin 1338.Pq Vt bool 1339Set to 1340.Dq Li NO 1341by default. 1342Setting to 1343.Dq Li YES 1344will cause the kernel to ignore TCP frames that have both 1345the SYN and FIN flags set. 1346This prevents OS fingerprinting, but may 1347break some legitimate applications. 1348.It Va icmp_drop_redirect 1349.Pq Vt bool 1350Set to 1351.Dq Li AUTO 1352by default. 1353This setting will be identical to 1354.Dq Li YES , 1355if a dynamic routing daemon is enabled, because redirect processing may 1356cause performance issues for large routing tables. 1357If no such service is enabled, this setting behaves like a 1358.Dq Li NO . 1359Setting to 1360.Dq Li YES 1361will cause the kernel to ignore ICMP REDIRECT packets. 1362Setting to 1363.Dq Li NO 1364will cause the kernel to process ICMP REDIRECT packets. 1365Refer to 1366.Xr icmp 4 1367for more information. 1368.It Va icmp_log_redirect 1369.Pq Vt bool 1370Set to 1371.Dq Li NO 1372by default. 1373Setting to 1374.Dq Li YES 1375will cause the kernel to log ICMP REDIRECT packets. 1376Note that 1377the log messages are not rate-limited, so this option should only be used 1378for troubleshooting networks. 1379Refer to 1380.Xr icmp 4 1381for more information. 1382.It Va icmp_bmcastecho 1383.Pq Vt bool 1384Set to 1385.Dq Li YES 1386to respond to broadcast or multicast ICMP ping packets. 1387Refer to 1388.Xr icmp 4 1389for more information. 1390.It Va ip_portrange_first 1391.Pq Vt int 1392If not set to 1393.Dq Li NO , 1394this is the first port in the default portrange. 1395Refer to 1396.Xr ip 4 1397for more information. 1398.It Va ip_portrange_last 1399.Pq Vt int 1400If not set to 1401.Dq Li NO , 1402this is the last port in the default portrange. 1403Refer to 1404.Xr ip 4 1405for more information. 1406.It Va network_interfaces 1407.Pq Vt str 1408Set to the list of network interfaces to configure on this host or 1409.Dq Li AUTO 1410(the default) for all current interfaces. 1411Setting the 1412.Va network_interfaces 1413variable to anything other than the default is deprecated. 1414Interfaces that the administrator wishes to store configuration for, 1415but not start at boot should be configured with the 1416.Dq Li NOAUTO 1417keyword in their 1418.Va ifconfig_ Ns Aq Ar interface 1419variables as described below. 1420.Pp 1421An 1422.Va ifconfig_ Ns Aq Ar interface 1423variable is also assumed to exist for each value of 1424.Ar interface . 1425When an interface name contains any of the characters 1426.Dq Li .-/+ 1427they are translated to 1428.Dq Li _ 1429before lookup. 1430The variable can contain arguments to 1431.Xr ifconfig 8 , 1432as well as special case-insensitive keywords described below. 1433Such keywords are removed before passing the value to 1434.Xr ifconfig 8 1435while the order of the other arguments is preserved. 1436.Pp 1437It is possible to add IP alias entries using 1438.Xr ifconfig 8 1439syntax with the address family keyword such as 1440.Li inet . 1441Assuming that the interface in question was 1442.Li em0 , 1443it might look something like this: 1444.Bd -literal 1445ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1446ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1447.Ed 1448.Pp 1449It also possible to configure multiple IP addresses in Classless 1450Inter-Domain Routing 1451.Pq CIDR 1452address notation, 1453whose each address component can be a range like 1454.Li inet 192.0.2.5-23/24 1455or 1456.Li inet6 2001:db8:1-f::1/64 . 1457This notation allows address and prefix length part only, 1458not the other address modifiers. 1459Note that the maximum number of the generated addresses from a range 1460specification is limited to an integer value specified in 1461.Va netif_ipexpand_max 1462in 1463.Nm 1464because a small typo can unexpectedly generate a large number of addresses. 1465The default value is 1466.Li 2048 . 1467It can be increased by adding the following line into 1468.Nm : 1469.Bd -literal 1470netif_ipexpand_max="4096" 1471.Ed 1472.Pp 1473In the case of 1474.Li 192.0.2.5-23/24 , 1475the address 192.0.2.5 will be configured with the 1476netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1477the non-conflicting netmask /32 as explained in the 1478.Xr ifconfig 8 1479alias section. 1480Note that this special netmask handling is only for 1481.Li inet , 1482not for the other address families such as 1483.Li inet6 . 1484.Pp 1485With the interface in question being 1486.Li em0 , 1487an example could look like: 1488.Bd -literal 1489ifconfig_em0_alias2="inet 192.0.2.129/27" 1490ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1491.Ed 1492.Pp 1493and so on. 1494.Pp 1495Note that deprecated 1496.Va ipv4_addrs_ Ns Aq Ar interface 1497variable was supported for IPv4 CIDR address notation. 1498The 1499.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1500variable replaces it, though 1501.Va ipv4_addrs_ Ns Aq Ar interface 1502is still supported for backward compatibility. 1503.Pp 1504For each 1505.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1506entry with an address family keyword, 1507its contents are passed to 1508.Xr ifconfig 8 . 1509Execution stops at the first unsuccessful access, so if 1510something like this is present: 1511.Bd -literal 1512ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1513ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1514ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1515ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1516.Ed 1517.Pp 1518Then note that alias4 would 1519.Em not 1520be added since the search would 1521stop with the missing 1522.Dq Li alias3 1523entry. 1524Because of this difficult to manage behavior, 1525there is 1526.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1527variable, which has the same functionality as 1528.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1529and can have all of the entries in a variable like the following: 1530.Bd -literal 1531ifconfig_em0_aliases="\\ 1532 inet 127.0.0.251 netmask 0xffffffff \\ 1533 inet 127.0.0.252 netmask 0xffffffff \\ 1534 inet 127.0.0.253 netmask 0xffffffff \\ 1535 inet 127.0.0.254 netmask 0xffffffff" 1536.Ed 1537.Pp 1538It also supports CIDR notation. 1539.Pp 1540If the 1541.Pa /etc/start_if . Ns Aq Ar interface 1542file is present, it is read and executed by the 1543.Xr sh 1 1544interpreter 1545before configuring the interface as specified in the 1546.Va ifconfig_ Ns Aq Ar interface 1547and 1548.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1549variables. 1550.Pp 1551If a 1552.Va vlans_ Ns Aq Ar interface 1553variable is set, 1554a 1555.Xr vlan 4 1556interface will be created for each item in the list with the 1557.Ar vlandev 1558argument set to 1559.Ar interface . 1560If a vlan interface's name is a number, 1561then that number is used as the vlan tag and the new vlan interface is 1562named 1563.Ar interface . Ns Ar tag . 1564Otherwise, 1565the vlan tag must be specified via a 1566.Va vlan 1567parameter in the 1568.Va create_args_ Ns Aq Ar interface 1569variable. 1570.Pp 1571To create a vlan device named 1572.Li em0.101 1573on 1574.Li em0 1575with the vlan tag 101 and the optional IPv4 address 192.0.2.1/24: 1576.Bd -literal 1577vlans_em0="101" 1578ifconfig_em0_101="inet 192.0.2.1/24" 1579.Ed 1580.Pp 1581To create a vlan device named 1582.Li myvlan 1583on 1584.Li em0 1585with the vlan tag 102: 1586.Bd -literal 1587vlans_em0="myvlan" 1588create_args_myvlan="vlan 102" 1589.Ed 1590.Pp 1591If a 1592.Va wlans_ Ns Aq Ar interface 1593variable is set, 1594an 1595.Xr wlan 4 1596interface will be created for each item in the list with the 1597.Ar wlandev 1598argument set to 1599.Ar interface . 1600Further wlan cloning arguments may be passed to the 1601.Xr ifconfig 8 1602.Cm create 1603command by setting the 1604.Va create_args_ Ns Aq Ar interface 1605variable. 1606One or more 1607.Xr wlan 4 1608devices must be created for each wireless device as of 1609.Fx 8.0 . 1610Debugging flags for 1611.Xr wlan 4 1612devices as set by 1613.Xr wlandebug 8 1614may be specified with an 1615.Va wlandebug_ Ns Aq Ar interface 1616variable. 1617The contents of this variable will be passed directly to 1618.Xr wlandebug 8 . 1619.Pp 1620If the 1621.Va ifconfig_ Ns Aq Ar interface 1622contains the keyword 1623.Dq Li NOAUTO 1624then the interface will not be configured 1625at boot or by 1626.Pa /etc/pccard_ether 1627when 1628.Va network_interfaces 1629is set to 1630.Dq Li AUTO . 1631.Pp 1632It is possible to bring up an interface with DHCP by adding 1633.Dq Li DHCP 1634to the 1635.Va ifconfig_ Ns Aq Ar interface 1636variable. 1637For instance, to initialize the 1638.Li em0 1639device via DHCP, 1640it is possible to use something like: 1641.Bd -literal 1642ifconfig_em0="DHCP" 1643.Ed 1644.Pp 1645If you want to configure your wireless interface with 1646.Xr wpa_supplicant 8 1647for use with WPA, EAP/LEAP or WEP, you need to add 1648.Dq Li WPA 1649to the 1650.Va ifconfig_ Ns Aq Ar interface 1651variable. 1652.Pp 1653On the other hand, if you want to configure your wireless interface with 1654.Xr hostapd 8 , 1655you need to add 1656.Dq Li HOSTAP 1657to the 1658.Va ifconfig_ Ns Aq Ar interface 1659variable. 1660.Xr hostapd 8 1661will use the settings from 1662.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1663.Pp 1664Finally, you can add 1665.Xr ifconfig 8 1666options in this variable, in addition to the 1667.Pa /etc/start_if . Ns Aq Ar interface 1668file. 1669For instance, to configure an 1670.Xr ath 4 1671wireless device in station mode with an address obtained 1672via DHCP, using WPA authentication and 802.11b mode, it is 1673possible to use something like: 1674.Bd -literal 1675wlans_ath0="wlan0" 1676ifconfig_wlan0="DHCP WPA mode 11b" 1677.Ed 1678.Pp 1679In addition to the 1680.Va ifconfig_ Ns Aq Ar interface 1681form, a fallback variable 1682.Va ifconfig_DEFAULT 1683may be configured. 1684It will be used for all interfaces with no 1685.Va ifconfig_ Ns Aq Ar interface 1686variable. 1687.Pp 1688It is also possible to rename an interface by doing: 1689.Bd -literal 1690ifconfig_em0_name="net0" 1691ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1692.Ed 1693.It Va ipv6_enable 1694.Pq Vt bool 1695This variable is deprecated. 1696Use 1697.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1698and 1699.Va ipv6_activate_all_interfaces 1700if necessary. 1701.Pp 1702If the variable is 1703.Dq Li YES , 1704.Dq Li inet6 accept_rtadv 1705is added to all of 1706.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1707and the 1708.Va ipv6_activate_all_interfaces 1709is defined as 1710.Dq Li YES . 1711.It Va ipv6_prefer 1712.Pq Vt bool 1713This variable is deprecated. 1714Use 1715.Va ip6addrctl_policy 1716instead. 1717.Pp 1718If the variable is 1719.Dq Li YES , 1720the default address selection policy table set by 1721.Xr ip6addrctl 8 1722will be IPv6-preferred. 1723.Pp 1724If the variable is 1725.Dq Li NO , 1726the default address selection policy table set by 1727.Xr ip6addrctl 8 1728will be IPv4-preferred. 1729.It Va ipv6_activate_all_interfaces 1730.Pq Vt bool 1731This controls initial configuration on IPv6-capable 1732interfaces with no corresponding 1733.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1734variable. 1735Note that it is not always necessary to set this variable to 1736.Dq YES 1737to use IPv6 functionality on 1738.Fx . 1739In most cases, just configuring 1740.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1741variables works. 1742.Pp 1743If the variable is 1744.Dq Li NO , 1745all interfaces which do not have a corresponding 1746.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1747variable will be marked as 1748.Dq Li IFDISABLED 1749at creation. 1750This means that all IPv6 functionality on that interface 1751is completely disabled to enforce a security policy. 1752If the variable is set to 1753.Dq YES , 1754the flag will be cleared on all of the interfaces. 1755.Pp 1756In most cases, just defining an 1757.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1758for an IPv6-capable interface should be sufficient. 1759However, if an interface is added dynamically 1760.Pq by some tunneling protocols such as PPP, for example , 1761it is often difficult to define the variable in advance. 1762In such a case, configuring the 1763.Dq Li IFDISABLED 1764flag can be disabled by setting this variable to 1765.Dq YES . 1766.Pp 1767For more details of the 1768.Dq Li IFDISABLED 1769flag and keywords 1770.Dq Li inet6 ifdisabled , 1771see 1772.Xr ifconfig 8 . 1773.Pp 1774Default is 1775.Dq Li NO . 1776.It Va ipv6_privacy 1777.Pq Vt bool 1778If the variable is 1779.Dq Li YES 1780privacy addresses will be generated for each IPv6 1781interface as described in RFC 4941. 1782.It Va ipv6_network_interfaces 1783.Pq Vt str 1784This is the IPv6 equivalent of 1785.Va network_interfaces . 1786Normally manual configuration of this variable is not needed. 1787.It Va ipv6_cpe_wanif 1788.Pq Vt str 1789If the variable is set to an interface name, 1790the 1791.Xr ifconfig 8 1792options 1793.Dq inet6 -no_radr accept_rtadv 1794will be added to the specified interface automatically before evaluating 1795.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1796and two 1797.Xr sysctl 8 1798variables 1799.Va net.inet6.ip6.rfc6204w3 1800and 1801.Va net.inet6.ip6.no_radr 1802will be set to 1. 1803.Pp 1804This means the specified interface will accept ICMPv6 Router 1805Advertisement messages on that link and add the discovered 1806routers into the Default Router List. 1807While the other interfaces can still accept RA messages if the 1808.Dq inet6 accept_rtadv 1809option is specified, adding 1810routes into the Default Router List will be disabled by 1811.Dq inet6 no_radr 1812option by default. 1813See 1814.Xr ifconfig 8 1815for more details. 1816.Pp 1817Note that ICMPv6 Router Advertisement messages will be 1818accepted even when 1819.Va net.inet6.ip6.forwarding 1820is 1 1821.Pq packet forwarding is enabled 1822when 1823.Va net.inet6.ip6.rfc6204w3 1824is set to 1. 1825.Pp 1826Default is 1827.Dq Li NO . 1828.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1829.Pq Vt str 1830This assigns arbitrary description to an interface. 1831The 1832.Xr sysctl 8 1833variable 1834.Va net.ifdescr_maxlen 1835limits its length. 1836This static setting may be overridden by commands 1837started with dynamic interface configuration utilities 1838like 1839.Xr dhclient 8 1840hooks. 1841The description can be seen with 1842.Xr ifconfig 8 1843command and it may be exported with 1844.Xr bsnmpd 1 1845daemon using its MIB-2 module. 1846.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1847.Pq Vt str 1848IPv6 functionality on an interface should be configured by 1849.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1850instead of setting ifconfig parameters in 1851.Va ifconfig_ Ns Aq Ar interface . 1852If this variable is empty, all IPv6 configurations on the 1853specified interface by other variables such as 1854.Va ipv6_prefix_ Ns Ao Ar interface Ac 1855will be ignored. 1856.Pp 1857Aliases should be set by 1858.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1859with 1860.Dq Li inet6 1861keyword. 1862For example: 1863.Bd -literal 1864ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1865ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1866.Ed 1867.Pp 1868Interfaces that have an 1869.Dq Li inet6 accept_rtadv 1870keyword in 1871.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1872setting will be automatically configured by SLAAC 1873.Pq StateLess Address AutoConfiguration 1874described in 1875.Rs 1876.%T "RFC 4862" 1877.Re 1878.Pp 1879Note that a link-local address will be automatically configured in 1880addition to the configured global-scope addresses because the IPv6 1881specifications require it on each link. 1882The address is calculated from the MAC address by using an algorithm 1883defined in 1884.Rs 1885.%T "RFC 4862" 1886.%O "Section 5.3" 1887.Re 1888.Pp 1889If only a link-local address is needed on the interface, 1890the following configuration can be used: 1891.Bd -literal 1892ifconfig_em0_ipv6="inet6 auto_linklocal" 1893.Ed 1894.Pp 1895A link-local address can also be configured manually. 1896This is useful for the default router address of an IPv6 router 1897so that it does not change when the network interface 1898card is replaced. 1899For example: 1900.Bd -literal 1901ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1902.Ed 1903.It Va ipv6_prefix_ Ns Aq Ar interface 1904.Pq Vt str 1905If one or more prefixes are defined in 1906.Va ipv6_prefix_ Ns Aq Ar interface 1907addresses based on each prefix and the EUI-64 interface index will be 1908configured on that interface. 1909Note that this variable will be ignored when 1910.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1911is empty. 1912.Pp 1913For example, the following configuration 1914.Bd -literal 1915ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1916.Ed 1917.Pp 1918is equivalent to the following: 1919.Bd -literal 1920ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1921ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1922ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1923ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1924.Ed 1925.Pp 1926These Subnet-Router anycast addresses will be added only when 1927.Va ipv6_gateway_enable 1928is YES. 1929.It Va ipv6_default_interface 1930.Pq Vt str 1931If not set to 1932.Dq Li NO , 1933this is the default output interface for scoped addresses. 1934This works only with ipv6_gateway_enable="NO". 1935.It Va ip6addrctl_enable 1936.Pq Vt bool 1937This variable is to enable configuring default address selection policy table 1938.Pq RFC 3484 . 1939The table can be specified in another variable 1940.Va ip6addrctl_policy . 1941For 1942.Va ip6addrctl_policy 1943the following keywords can be specified: 1944.Dq Li ipv4_prefer , 1945.Dq Li ipv6_prefer , 1946or 1947.Dq Li AUTO . 1948.Pp 1949If 1950.Dq Li ipv4_prefer 1951or 1952.Dq Li ipv6_prefer 1953is specified, 1954.Xr ip6addrctl 8 1955installs a pre-defined policy table described in Section 10.3 1956.Pq IPv4-preferred 1957or 2.1 1958.Pq IPv6-preferred 1959of RFC 3484. 1960.Pp 1961If 1962.Dq Li AUTO 1963is specified, it attempts to read a file 1964.Pa /etc/ip6addrctl.conf 1965first. 1966If this file is found, 1967.Xr ip6addrctl 8 1968reads and installs it. 1969If not found, a policy is automatically set 1970according to 1971.Va ipv6_activate_all_interfaces 1972variable; if the variable is set to 1973.Dq Li YES 1974the IPv6-preferred one is used. 1975Otherwise IPv4-preferred. 1976.Pp 1977The default value of 1978.Va ip6addrctl_enable 1979and 1980.Va ip6addrctl_policy 1981are 1982.Dq Li YES 1983and 1984.Dq Li AUTO , 1985respectively. 1986.It Va cloned_interfaces 1987.Pq Vt str 1988Set to the list of clonable network interfaces to create on this host. 1989Further cloning arguments may be passed to the 1990.Xr ifconfig 8 1991.Cm create 1992command for each interface by setting the 1993.Va create_args_ Ns Aq Ar interface 1994variable. 1995If an interface name is specified with 1996.Dq :sticky 1997keyword, 1998the interface will not be destroyed even when 1999.Pa rc.d/netif 2000script is invoked with 2001.Dq stop 2002argument. 2003This is useful when reconfiguring the interface without destroying it. 2004Entries in 2005.Va cloned_interfaces 2006are automatically appended to 2007.Va network_interfaces 2008for configuration. 2009.It Va cloned_interfaces_sticky 2010.Pq Vt bool 2011This variable is to globally enable functionality of 2012.Dq :sticky 2013keyword in 2014.Va cloned_interfaces 2015for all interfaces. 2016The default value is 2017.Dq NO . 2018Even if this variable is specified to 2019.Dq YES , 2020.Dq :nosticky 2021keyword can be used to override it on per interface basis. 2022.It Va gif_interfaces 2023Set to the list of 2024.Xr gif 4 2025tunnel interfaces to configure on this host. 2026A 2027.Va gifconfig_ Ns Aq Ar interface 2028variable is assumed to exist for each value of 2029.Ar interface . 2030The value of this variable is used to configure the link layer of the 2031tunnel using the 2032.Cm tunnel 2033option to 2034.Xr ifconfig 8 . 2035Additionally, this option ensures that each listed interface is created 2036via the 2037.Cm create 2038option to 2039.Xr ifconfig 8 2040before attempting to configure it. 2041.Pp 2042For example, configure two 2043.Xr gif 4 2044interfaces with: 2045.Bd -literal 2046gif_interfaces="gif0 gif1" 2047gifconfig_gif0="100.64.0.1 100.64.0.2" 2048ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 2049gifconfig_gif1="inet6 2a00::1 2a01::1" 2050ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 2051.Ed 2052.It Va ppp_enable 2053.Pq Vt bool 2054If set to 2055.Dq Li YES , 2056run the 2057.Xr ppp 8 2058daemon. 2059.It Va ppp_profile 2060.Pq Vt str 2061The name of the profile to use from 2062.Pa /etc/ppp/ppp.conf . 2063Also used for per-profile overrides of 2064.Va ppp_mode 2065and 2066.Va ppp_nat , 2067and 2068.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 2069When the profile name contains any of the characters 2070.Dq Li .-/+ 2071they are translated to 2072.Dq Li _ 2073for the proposes of the override variable names. 2074.It Va ppp_mode 2075.Pq Vt str 2076Mode in which to run the 2077.Xr ppp 8 2078daemon. 2079.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2080.Pq Vt str 2081Overrides the global 2082.Va ppp_mode 2083for 2084.Ar profile . 2085Accepted modes are 2086.Dq Li auto , 2087.Dq Li ddial , 2088.Dq Li direct 2089and 2090.Dq Li dedicated . 2091See the manual for a full description. 2092.It Va ppp_nat 2093.Pq Vt bool 2094If set to 2095.Dq Li YES , 2096enables network address translation. 2097Used in conjunction with 2098.Va gateway_enable 2099allows hosts on private network addresses access to the Internet using 2100this host as a network address translating router. 2101Default is 2102.Dq Li YES . 2103.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2104.Pq Vt str 2105Overrides the global 2106.Va ppp_nat 2107for 2108.Ar profile . 2109.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2110.Pq Vt int 2111Set the unit number to be used for this profile. 2112See the manual description of 2113.Fl unit Ns Ar N 2114for details. 2115.It Va ppp_user 2116.Pq Vt str 2117The name of the user under which 2118.Xr ppp 8 2119should be started. 2120By 2121default, 2122.Xr ppp 8 2123is started as 2124.Dq Li root . 2125.It Va rc_conf_files 2126.Pq Vt str 2127This option is used to specify a list of files that will override 2128the settings in 2129.Pa /etc/defaults/rc.conf . 2130The files will be read in the order in which they are specified and should 2131include the full path to the file. 2132By default, the files specified are 2133.Pa /etc/rc.conf 2134and 2135.Pa /etc/rc.conf.local . 2136.It Va zfs_enable 2137.Pq Vt bool 2138If set to 2139.Dq Li YES , 2140.Pa /etc/rc.d/zfs 2141will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2142(ZVOLs). 2143.It Va zpool_reguid 2144.Pq Vt str 2145A space-separated list of ZFS pool names for which new pool GUIDs should be 2146assigned upon first boot. 2147This is useful when using a ZFS pool copied from a template, such as a virtual 2148machine image. 2149.It Va zpool_upgrade 2150.Pq Vt str 2151A space-separated list of ZFS pool names for which the version should be 2152upgraded upon first boot. 2153This is useful when using a ZFS pool generated by the 2154.Xr makefs 8 2155utility. 2156.It Va gptboot_enable 2157.Pq Vt bool 2158If set to 2159.Dq Li YES , 2160.Pa /etc/rc.d/gptboot 2161will log if the system successfully (or not) booted from a GPT partition, 2162which had the 2163.Ar bootonce 2164attribute set using 2165.Xr gpart 8 2166utility. 2167.It Va gbde_autoattach_all 2168.Pq Vt bool 2169If set to 2170.Dq Li YES , 2171.Pa /etc/rc.d/gbde 2172will attempt to automatically initialize the .bde devices specified in 2173.Pa /etc/fstab . 2174.It Va gbde_devices 2175.Pq Vt str 2176List the devices that the script should try to attach, 2177or 2178.Dq Li AUTO . 2179.It Va gbde_lockdir 2180.Pq Vt str 2181The directory where the 2182.Xr gbde 4 2183lockfiles are located. 2184The default lockfile directory is 2185.Pa /etc . 2186.Pp 2187The lockfile for each individual 2188.Xr gbde 4 2189device can be overridden by setting the variable 2190.Va gbde_lock_ Ns Aq Ar device , 2191where 2192.Ar device 2193is the encrypted device without the 2194.Dq Pa /dev/ 2195and 2196.Dq Pa .bde 2197parts. 2198.It Va gbde_attach_attempts 2199.Pq Vt int 2200Number of times to attempt attaching to a 2201.Xr gbde 4 2202device, i.e., how many times the user is asked for the pass-phrase. 2203Default is 3. 2204.It Va geli_devices 2205.Pq Vt str 2206List of devices to automatically attach on boot. 2207Note that .eli devices from 2208.Pa /etc/fstab 2209are automatically appended to this list. 2210.It Va geli_groups 2211.Pq Vt str 2212List of groups containing devices to automatically attach on boot with the same 2213keyfiles and passphrase. 2214This must be accompanied with a corresponding 2215.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2216variable. 2217.It Va geli_tries 2218.Pq Vt int 2219Number of times user is asked for the pass-phrase. 2220If empty, it will be taken from 2221.Va kern.geom.eli.tries 2222sysctl variable. 2223.It Va geli_default_flags 2224.Pq Vt str 2225Default flags to use by 2226.Xr geli 8 2227when configuring disk encryption. 2228Flags can be configured for every device separately by defining the 2229.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2230variable, and for every group separately by defining the 2231.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2232variable. 2233.It Va geli_autodetach 2234.Pq Vt str 2235Specifies if GELI devices should be marked for detach on last close after 2236file systems are mounted. 2237Default is 2238.Dq Li YES . 2239This can be changed for every device separately by defining the 2240.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2241variable. 2242.It Va root_rw_mount 2243.Pq Vt bool 2244Set to 2245.Dq Li YES 2246by default. 2247After the file systems are checked at boot time, the root file system 2248is remounted as read-write if this is set to 2249.Dq Li YES . 2250Diskless systems that mount their root file system from a read-only remote 2251NFS share should set this to 2252.Dq Li NO 2253in their 2254.Pa rc.conf . 2255.It Va fsck_y_enable 2256.Pq Vt bool 2257If set to 2258.Dq Li YES , 2259.Xr fsck 8 2260will be run with the 2261.Fl y 2262flag if the initial preen 2263of the file systems fails. 2264.It Va background_fsck 2265.Pq Vt bool 2266If set to 2267.Dq Li NO , 2268the system will not attempt to run 2269.Xr fsck 8 2270in the background where possible. 2271.It Va background_fsck_delay 2272.Pq Vt int 2273The amount of time in seconds to sleep before starting a background 2274.Xr fsck 8 . 2275It defaults to sixty seconds to allow large applications such as 2276the X server to start before disk I/O bandwidth is monopolized by 2277.Xr fsck 8 . 2278If set to a negative number, the background file system check will be 2279delayed indefinitely to allow the administrator to run it at a more 2280convenient time. 2281For example it may be run from 2282.Xr cron 8 2283by adding a line like 2284.Pp 2285.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2286.Pp 2287to 2288.Pa /etc/crontab . 2289.It Va netfs_types 2290.Pq Vt str 2291List of file system types that are network-based. 2292This list should generally not be modified by end users. 2293Use 2294.Va extra_netfs_types 2295instead. 2296.It Va extra_netfs_types 2297.Pq Vt str 2298If set to something other than 2299.Dq Li NO 2300(the default), 2301this variable extends the list of file system types 2302for which automatic mounting at startup by 2303.Xr rc 8 2304should be delayed until the network is initialized. 2305It should contain 2306a whitespace-separated list of network file system descriptor pairs, 2307each consisting of a file system type as passed to 2308.Xr mount 8 2309and a human-readable, one-word description, 2310joined with a colon 2311.Pq Ql \&: . 2312Extending the default list in this way is only necessary 2313when third party file system types are used. 2314.It Va syslogd_enable 2315.Pq Vt bool 2316If set to 2317.Dq Li YES , 2318run the 2319.Xr syslogd 8 2320daemon. 2321Note, the 2322.Va syslogd_oomprotect 2323variable is set to 2324.Dq Li YES 2325by default in 2326.Pa /etc/defaults/rc.conf . 2327.It Va syslogd_program 2328.Pq Vt str 2329Path to 2330.Xr syslogd 8 2331(default 2332.Pa /usr/sbin/syslogd ) . 2333.It Va syslogd_flags 2334.Pq Vt str 2335If 2336.Va syslogd_enable 2337is set to 2338.Dq Li YES , 2339these are the flags to pass to 2340.Xr syslogd 8 . 2341.It Va inetd_enable 2342.Pq Vt bool 2343If set to 2344.Dq Li YES , 2345run the 2346.Xr inetd 8 2347daemon. 2348.It Va inetd_program 2349.Pq Vt str 2350Path to 2351.Xr inetd 8 2352(default 2353.Pa /usr/sbin/inetd ) . 2354.It Va inetd_flags 2355.Pq Vt str 2356If 2357.Va inetd_enable 2358is set to 2359.Dq Li YES , 2360these are the flags to pass to 2361.Xr inetd 8 . 2362.It Va hastd_enable 2363.Pq Vt bool 2364If set to 2365.Dq Li YES , 2366run the 2367.Xr hastd 8 2368daemon. 2369.It Va hastd_program 2370.Pq Vt str 2371Path to 2372.Xr hastd 8 2373(default 2374.Pa /sbin/hastd ) . 2375.It Va hastd_flags 2376.Pq Vt str 2377If 2378.Va hastd_enable 2379is set to 2380.Dq Li YES , 2381these are the flags to pass to 2382.Xr hastd 8 . 2383.It Va local_unbound_enable 2384.Pq Vt bool 2385If set to 2386.Dq Li YES , 2387run the 2388.Xr unbound 8 2389daemon as a local caching DNS resolver. 2390Note, the 2391.Va local_unbound_oomprotect 2392variable is set to 2393.Dq Li YES 2394by default in 2395.Pa /etc/defaults/rc.conf . 2396.It Va nscd_enable 2397.Pq Vt bool 2398Set to 2399.Dq Li YES 2400to start the 2401.Xr nscd 8 2402caching daemon for the 2403.Nm nsswitch 2404subsystem. 2405.It Va nscd_flags 2406.Pq Vt str 2407If 2408.Va nscd_enable 2409is set to 2410.Dq Li YES , 2411these flags are passed to 2412.Xr nscd 8 . 2413.It Va kdc_enable 2414.Pq Vt bool 2415Set to 2416.Dq Li YES 2417to start a Kerberos 5 authentication server 2418at boot time. 2419.It Va kdc_program 2420.Pq Vt str 2421If 2422.Va kdc_enable 2423is set to 2424.Dq Li YES 2425this is the path to Kerberos 5 Authentication Server. 2426.It Va kdc_flags 2427.Pq Vt str 2428Empty by default. 2429This variable contains additional flags to be passed to the Kerberos 5 2430authentication server. 2431.It Va kadmind_enable 2432.Pq Vt bool 2433Set to 2434.Dq Li YES 2435to start 2436.Xr kadmind 8 , 2437the Kerberos 5 Administration Daemon; set to 2438.Dq Li NO 2439on a slave server. 2440.It Va kadmind_program 2441.Pq Vt str 2442If 2443.Va kadmind_enable 2444is set to 2445.Dq Li YES 2446this is the path to Kerberos 5 Administration Daemon. 2447.It Va kpasswdd_enable 2448.Pq Vt bool 2449Set to 2450.Dq Li YES 2451to start 2452.Xr kpasswdd 8 , 2453the Kerberos 5 Password-Changing Daemon; set to 2454.Dq Li NO 2455on a slave server. 2456.It Va kpasswdd_program 2457.Pq Vt str 2458If 2459.Va kpasswdd_enable 2460is set to 2461.Dq Li YES 2462this is the path to Kerberos 5 Password-Changing Daemon. 2463.It Va kfd_enable 2464.Pq Vt bool 2465Set to 2466.Dq Li YES 2467to start 2468.Xr kfd 8 , 2469the Kerberos 5 ticket forwarding daemon, at the boot time. 2470.It Va kfd_program 2471.Pq Vt str 2472Path to 2473.Xr kfd 8 2474(default 2475.Pa /usr/libexec/kfd ) . 2476.It Va rwhod_enable 2477.Pq Vt bool 2478If set to 2479.Dq Li YES , 2480run the 2481.Xr rwhod 8 2482daemon at boot time. 2483.It Va rwhod_flags 2484.Pq Vt str 2485If 2486.Va rwhod_enable 2487is set to 2488.Dq Li YES , 2489these are the flags to pass to it. 2490.It Va update_motd 2491.Pq Vt bool 2492If set to 2493.Dq Li YES , 2494.Pa /var/run/motd 2495will be updated at boot time to reflect the kernel release 2496being run. 2497If set to 2498.Dq Li NO , 2499.Pa /var/run/motd 2500will not be updated. 2501.It Va nfs_client_enable 2502.Pq Vt bool 2503If set to 2504.Dq Li YES , 2505run the NFS client daemons at boot time. 2506.It Va nfs_access_cache 2507.Pq Vt int 2508If 2509.Va nfs_client_enable 2510is set to 2511.Dq Li YES , 2512this can be set to 2513.Dq Li 0 2514to disable NFS ACCESS RPC caching, or to the number of seconds for which 2515NFS ACCESS 2516results should be cached. 2517A value of 2-10 seconds will substantially reduce network 2518traffic for many NFS operations. 2519.It Va nfs_server_enable 2520.Pq Vt bool 2521If set to 2522.Dq Li YES , 2523run the NFS server daemons at boot time. 2524.It Va nfs_server_flags 2525.Pq Vt str 2526If 2527.Va nfs_server_enable 2528is set to 2529.Dq Li YES , 2530these are the flags to pass to the 2531.Xr nfsd 8 2532daemon. 2533.It Va nfsv4_server_enable 2534.Pq Vt bool 2535If 2536.Va nfs_server_enable 2537is set to 2538.Dq Li YES 2539and 2540.Va nfsv4_server_enable 2541is set to 2542.Dq Li YES , 2543enable the server for NFSv4 as well as NFSv2 and NFSv3. 2544.It Va nfsv4_server_only 2545.Pq Vt bool 2546If 2547.Va nfs_server_enable 2548is set to 2549.Dq Li YES 2550and 2551.Va nfsv4_server_only 2552is set to 2553.Dq Li YES , 2554enable the NFS server for NFSv4 only. 2555.It Va nfs_server_maxio 2556.Pq Vt int 2557value to set vfs.nfsd.srvmaxio to, which is the 2558maximum I/O size for the NFS server. 2559.It Va tlsclntd_enable 2560.Pq Vt bool 2561If set to 2562.Dq Li YES , 2563run the 2564.Xr rpc.tlsclntd 8 2565daemon, which is needed for NFS-over-TLS NFS mounts. 2566.It Va tlsservd_enable 2567.Pq Vt bool 2568If set to 2569.Dq Li YES , 2570run the 2571.Xr rpc.tlsservd 8 2572daemon, which is needed for the 2573.Xr nfsd 8 2574to support NFS-over-TLS NFS mounts. 2575.It Va nfsuserd_enable 2576.Pq Vt bool 2577If 2578.Va nfsuserd_enable 2579is set to 2580.Dq Li YES , 2581run the nfsuserd daemon, which is needed for NFSv4 in order 2582to map between user/group names vs uid/gid numbers. 2583If 2584.Va nfsv4_server_enable 2585is set to 2586.Dq Li YES , 2587this will be forced enabled. 2588.It Va nfsuserd_flags 2589.Pq Vt str 2590If 2591.Va nfsuserd_enable 2592is set to 2593.Dq Li YES , 2594these are the flags to pass to the 2595.Xr nfsuserd 8 2596daemon. 2597.It Va nfscbd_enable 2598.Pq Vt bool 2599If 2600.Va nfscbd_enable 2601is set to 2602.Dq Li YES , 2603run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2604.It Va nfscbd_flags 2605.Pq Vt str 2606If 2607.Va nfscbd_enable 2608is set to 2609.Dq Li YES , 2610these are the flags to pass to the 2611.Xr nfscbd 8 2612daemon. 2613.It Va mountd_enable 2614.Pq Vt bool 2615If set to 2616.Dq Li YES , 2617and no 2618.Va nfs_server_enable 2619is set, start 2620.Xr mountd 8 , 2621but not 2622.Xr nfsd 8 2623daemon. 2624It is commonly needed to run CFS without real NFS used. 2625.It Va mountd_flags 2626.Pq Vt str 2627If 2628.Va mountd_enable 2629is set to 2630.Dq Li YES , 2631these are the flags to pass to the 2632.Xr mountd 8 2633daemon. 2634.It Va weak_mountd_authentication 2635.Pq Vt bool 2636If set to 2637.Dq Li YES , 2638allow services like PCNFSD to make non-privileged mount 2639requests. 2640.It Va nfs_reserved_port_only 2641.Pq Vt bool 2642If set to 2643.Dq Li YES , 2644provide NFS services only on a secure port. 2645.It Va nfs_bufpackets 2646.Pq Vt int 2647If set to a number, indicates the number of packets worth of 2648socket buffer space to reserve on an NFS client. 2649The kernel default is typically 4. 2650Using a higher number may be 2651useful on gigabit networks to improve performance. 2652The minimum value is 26532 and the maximum is 64. 2654.It Va rpc_lockd_enable 2655.Pq Vt bool 2656If set to 2657.Dq Li YES 2658and also an NFS server or client, run 2659.Xr rpc.lockd 8 2660at boot time. 2661.It Va rpc_lockd_flags 2662.Pq Vt str 2663If 2664.Va rpc_lockd_enable 2665is set to 2666.Dq Li YES , 2667these are the flags to pass to the 2668.Xr rpc.lockd 8 2669daemon. 2670.It Va rpc_statd_enable 2671.Pq Vt bool 2672If set to 2673.Dq Li YES 2674and also an NFS server or client, run 2675.Xr rpc.statd 8 2676at boot time. 2677.It Va rpc_statd_flags 2678.Pq Vt str 2679If 2680.Va rpc_statd_enable 2681is set to 2682.Dq Li YES , 2683these are the flags to pass to the 2684.Xr rpc.statd 8 2685daemon. 2686.It Va rpcbind_program 2687.Pq Vt str 2688Path to 2689.Xr rpcbind 8 2690(default 2691.Pa /usr/sbin/rpcbind ) . 2692.It Va rpcbind_enable 2693.Pq Vt bool 2694If set to 2695.Dq Li YES , 2696run the 2697.Xr rpcbind 8 2698service at boot time. 2699.It Va rpcbind_flags 2700.Pq Vt str 2701If 2702.Va rpcbind_enable 2703is set to 2704.Dq Li YES , 2705these are the flags to pass to the 2706.Xr rpcbind 8 2707daemon. 2708.It Va keyserv_enable 2709.Pq Vt bool 2710If set to 2711.Dq Li YES , 2712run the 2713.Xr keyserv 8 2714daemon on boot for running Secure RPC. 2715.It Va keyserv_flags 2716.Pq Vt str 2717If 2718.Va keyserv_enable 2719is set to 2720.Dq Li YES , 2721these are the flags to pass to 2722.Xr keyserv 8 2723daemon. 2724.It Va pppoed_enable 2725.Pq Vt bool 2726If set to 2727.Dq Li YES , 2728run the 2729.Xr pppoed 8 2730daemon at boot time to provide PPP over Ethernet services. 2731.It Va pppoed_ Ns Aq Ar provider 2732.Pq Vt str 2733.Xr pppoed 8 2734listens to requests to this 2735.Ar provider 2736and ultimately runs 2737.Xr ppp 8 2738with a 2739.Ar system 2740argument of the same name. 2741.It Va pppoed_flags 2742.Pq Vt str 2743Additional flags to pass to 2744.Xr pppoed 8 . 2745.It Va pppoed_interface 2746.Pq Vt str 2747The network interface to run 2748.Xr pppoed 8 2749on. 2750This is mandatory when 2751.Va pppoed_enable 2752is set to 2753.Dq Li YES . 2754.It Va ntpdate_enable 2755.Pq Vt bool 2756If set to 2757.Dq Li YES , 2758run 2759.Xr ntpdate 8 2760at system startup. 2761This command is intended to 2762synchronize the system clock only 2763.Em once 2764from some standard reference. 2765.Pp 2766Note that the use of the 2767.Va ntpd_sync_on_start 2768variable is a preferred alternative to the 2769.Xr ntpdate 8 2770utility as 2771.Xr ntpdate 8 2772is to be retired from the NTP distribution. 2773.It Va ntpdate_config 2774.Pq Vt str 2775Configuration file for 2776.Xr ntpdate 8 . 2777Default 2778.Pa /etc/ntp.conf . 2779.It Va ntpdate_hosts 2780.Pq Vt str 2781A whitespace-separated list of NTP servers to synchronize with at startup. 2782The default is to use the servers listed in 2783.Va ntpdate_config , 2784if that file exists. 2785.It Va ntpdate_program 2786.Pq Vt str 2787Path to 2788.Xr ntpdate 8 2789(default 2790.Pa /usr/sbin/ntpdate ) . 2791.It Va ntpdate_flags 2792.Pq Vt str 2793If 2794.Va ntpdate_enable 2795is set to 2796.Dq Li YES , 2797these are the flags to pass to the 2798.Xr ntpdate 8 2799command (typically a hostname). 2800.It Va ntpd_enable 2801.Pq Vt bool 2802If set to 2803.Dq Li YES , 2804run the 2805.Xr ntpd 8 2806command at boot time. 2807.It Va ntpd_program 2808.Pq Vt str 2809Path to 2810.Xr ntpd 8 2811(default 2812.Pa /usr/sbin/ntpd ) . 2813.It Va ntpd_config 2814.Pq Vt str 2815Path to 2816.Xr ntpd 8 2817configuration file. 2818Default 2819.Pa /etc/ntp.conf . 2820.It Va ntpd_flags 2821.Pq Vt str 2822If 2823.Va ntpd_enable 2824is set to 2825.Dq Li YES , 2826these are the flags to pass to the 2827.Xr ntpd 8 2828daemon. 2829.It Va ntpd_sync_on_start 2830.Pq Vt bool 2831If set to 2832.Dq Li YES , 2833.Xr ntpd 8 2834is run with the 2835.Fl g 2836flag, which syncs the system's clock on startup. 2837See 2838.Xr ntpd 8 2839for more information regarding the 2840.Fl g 2841option. 2842This is a preferred alternative to using 2843.Xr ntpdate 8 2844or specifying the 2845.Va ntpdate_enable 2846variable. 2847.It Va nis_client_enable 2848.Pq Vt bool 2849If set to 2850.Dq Li YES , 2851run the 2852.Xr ypbind 8 2853service at system boot time. 2854.It Va nis_client_flags 2855.Pq Vt str 2856If 2857.Va nis_client_enable 2858is set to 2859.Dq Li YES , 2860these are the flags to pass to the 2861.Xr ypbind 8 2862service. 2863.It Va nis_ypldap_enable 2864.Pq Vt bool 2865If set to 2866.Dq Li YES , 2867run the 2868.Xr ypldap 8 2869daemon at system boot time. 2870.It Va nis_ypldap_flags 2871.Pq Vt str 2872If 2873.Va nis.ypldap_enable 2874is set to 2875.Dq Li YES , 2876these are the flags to pass to the 2877.Xr ypldap 8 2878daemon. 2879.It Va nis_ypset_enable 2880.Pq Vt bool 2881If set to 2882.Dq Li YES , 2883run the 2884.Xr ypset 8 2885daemon at system boot time. 2886.It Va nis_ypset_flags 2887.Pq Vt str 2888If 2889.Va nis_ypset_enable 2890is set to 2891.Dq Li YES , 2892these are the flags to pass to the 2893.Xr ypset 8 2894daemon. 2895.It Va nis_server_enable 2896.Pq Vt bool 2897If set to 2898.Dq Li YES , 2899run the 2900.Xr ypserv 8 2901daemon at system boot time. 2902.It Va nis_server_flags 2903.Pq Vt str 2904If 2905.Va nis_server_enable 2906is set to 2907.Dq Li YES , 2908these are the flags to pass to the 2909.Xr ypserv 8 2910daemon. 2911.It Va nis_ypxfrd_enable 2912.Pq Vt bool 2913If set to 2914.Dq Li YES , 2915run the 2916.Xr rpc.ypxfrd 8 2917daemon at system boot time. 2918.It Va nis_ypxfrd_flags 2919.Pq Vt str 2920If 2921.Va nis_ypxfrd_enable 2922is set to 2923.Dq Li YES , 2924these are the flags to pass to the 2925.Xr rpc.ypxfrd 8 2926daemon. 2927.It Va nis_yppasswdd_enable 2928.Pq Vt bool 2929If set to 2930.Dq Li YES , 2931run the 2932.Xr rpc.yppasswdd 8 2933daemon at system boot time. 2934.It Va nis_yppasswdd_flags 2935.Pq Vt str 2936If 2937.Va nis_yppasswdd_enable 2938is set to 2939.Dq Li YES , 2940these are the flags to pass to the 2941.Xr rpc.yppasswdd 8 2942daemon. 2943.It Va rpc_ypupdated_enable 2944.Pq Vt bool 2945If set to 2946.Dq Li YES , 2947run the 2948.Nm rpc.ypupdated 2949daemon at system boot time. 2950.It Va bsnmpd_enable 2951.Pq Vt bool 2952If set to 2953.Dq Li YES , 2954run the 2955.Xr bsnmpd 1 2956daemon at system boot time. 2957Be sure to understand the security implications of running an SNMP daemon 2958on your host. 2959.It Va bsnmpd_flags 2960.Pq Vt str 2961If 2962.Va bsnmpd_enable 2963is set to 2964.Dq Li YES , 2965these are the flags to pass to the 2966.Xr bsnmpd 1 2967daemon. 2968.It Va defaultrouter 2969.Pq Vt str 2970If not set to 2971.Dq Li NO , 2972create a default route to this host name or IP address 2973(use an IP address if this router is also required to get to the 2974name server!). 2975.It Va defaultrouter_fibN 2976.Pq Vt str 2977If not set to 2978.Dq Li NO , 2979create a default route in FIB N to this host name or IP address. 2980.It Va ipv6_defaultrouter 2981.Pq Vt str 2982The IPv6 equivalent of 2983.Va defaultrouter . 2984.It Va ipv6_defaultrouter_fibN 2985.Pq Vt str 2986The IPv6 equivalent of 2987.Va defaultrouter_fibN . 2988.It Va static_arp_pairs 2989.Pq Vt str 2990Set to the list of static ARP pairs that are to be added at system 2991boot time. 2992For each whitespace separated 2993.Ar element 2994in the value, a 2995.Va static_arp_ Ns Aq Ar element 2996variable is assumed to exist whose contents will later be passed to a 2997.Dq Nm arp Cm -S 2998operation. 2999For example 3000.Bd -literal 3001static_arp_pairs="gw" 3002static_arp_gw="192.168.1.1 00:01:02:03:04:05" 3003.Ed 3004.It Va static_ndp_pairs 3005.Pq Vt str 3006Set to the list of static NDP pairs that are to be added at system 3007boot time. 3008For each whitespace separated 3009.Ar element 3010in the value, a 3011.Va static_ndp_ Ns Aq Ar element 3012variable is assumed to exist whose contents will later be passed to a 3013.Dq Nm ndp Cm -s 3014operation. 3015For example 3016.Bd -literal 3017static_ndp_pairs="gw" 3018static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 3019.Ed 3020.It Va static_routes 3021.Pq Vt str 3022Set to the list of static routes that are to be added at system 3023boot time. 3024If not set to 3025.Dq Li NO 3026then for each whitespace separated 3027.Ar element 3028in the value, a 3029.Va route_ Ns Aq Ar element 3030variable is assumed to exist 3031whose contents will later be passed to a 3032.Dq Nm route Cm add 3033operation. 3034For example: 3035.Bd -literal 3036static_routes="ext mcast:gif0 gif0local:gif0" 3037route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 3038route_mcast="-net 224.0.0.0/4 -iface gif0" 3039route_gif0local="-host 169.254.1.1 -iface lo0" 3040.Ed 3041.Pp 3042When an 3043.Ar element 3044is in the form of 3045.Li name:ifname , 3046the route is specific to the interface 3047.Li ifname . 3048.It Va ipv6_static_routes 3049.Pq Vt str 3050The IPv6 equivalent of 3051.Va static_routes . 3052If not set to 3053.Dq Li NO 3054then for each whitespace separated 3055.Ar element 3056in the value, a 3057.Va ipv6_route_ Ns Aq Ar element 3058variable is assumed to exist 3059whose contents will later be passed to a 3060.Dq Nm route Cm add Fl inet6 3061operation. 3062.It Va gateway_enable 3063.Pq Vt bool 3064If set to 3065.Dq Li YES , 3066configure host to act as an IP router, e.g.\& to forward packets 3067between interfaces. 3068.It Va ipv6_gateway_enable 3069.Pq Vt bool 3070The IPv6 equivalent of 3071.Va gateway_enable . 3072.It Va routed_enable 3073.Pq Vt bool 3074If set to 3075.Dq Li YES , 3076run a routing daemon of some sort, based on the 3077settings of 3078.Va routed_program 3079and 3080.Va routed_flags . 3081.It Va route6d_enable 3082.Pq Vt bool 3083The IPv6 equivalent of 3084.Va routed_enable . 3085If set to 3086.Dq Li YES , 3087run a routing daemon of some sort, based on the 3088settings of 3089.Va route6d_program 3090and 3091.Va route6d_flags . 3092.It Va routed_program 3093.Pq Vt str 3094If 3095.Va routed_enable 3096is set to 3097.Dq Li YES , 3098this is the name of the routing daemon to use. 3099The default is 3100.Xr routed 8 . 3101.It Va route6d_program 3102.Pq Vt str 3103The IPv6 equivalent of 3104.Va routed_program . 3105The default is 3106.Xr route6d 8 . 3107.It Va routed_flags 3108.Pq Vt str 3109If 3110.Va routed_enable 3111is set to 3112.Dq Li YES , 3113these are the flags to pass to the routing daemon. 3114.It Va route6d_flags 3115.Pq Vt str 3116The IPv6 equivalent of 3117.Va routed_flags . 3118.It Va rtadvd_enable 3119.Pq Vt bool 3120If set to 3121.Dq Li YES , 3122run the 3123.Xr rtadvd 8 3124daemon at boot time. 3125The 3126.Xr rtadvd 8 3127utility sends ICMPv6 Router Advertisement messages to 3128the interfaces specified in 3129.Va rtadvd_interfaces . 3130This should only be enabled with great care. 3131You may want to fine-tune 3132.Xr rtadvd.conf 5 . 3133.It Va rtadvd_interfaces 3134.Pq Vt str 3135If 3136.Va rtadvd_enable 3137is set to 3138.Dq Li YES 3139this is the list of interfaces to use. 3140.It Va arpproxy_all 3141.Pq Vt bool 3142If set to 3143.Dq Li YES , 3144enable global proxy ARP. 3145.It Va forward_sourceroute 3146.Pq Vt bool 3147If set to 3148.Dq Li YES 3149and 3150.Va gateway_enable 3151is also set to 3152.Dq Li YES , 3153source-routed packets are forwarded. 3154.It Va accept_sourceroute 3155.Pq Vt bool 3156If set to 3157.Dq Li YES , 3158the system will accept source-routed packets directed at it. 3159.It Va rarpd_enable 3160.Pq Vt bool 3161If set to 3162.Dq Li YES , 3163run the 3164.Xr rarpd 8 3165daemon at system boot time. 3166.It Va rarpd_flags 3167.Pq Vt str 3168If 3169.Va rarpd_enable 3170is set to 3171.Dq Li YES , 3172these are the flags to pass to the 3173.Xr rarpd 8 3174daemon. 3175.It Va bootparamd_enable 3176.Pq Vt bool 3177If set to 3178.Dq Li YES , 3179run the 3180.Xr bootparamd 8 3181daemon at system boot time. 3182.It Va bootparamd_flags 3183.Pq Vt str 3184If 3185.Va bootparamd_enable 3186is set to 3187.Dq Li YES , 3188these are the flags to pass to the 3189.Xr bootparamd 8 3190daemon. 3191.It Va stf_interface_ipv4addr 3192.Pq Vt str 3193If not set to 3194.Dq Li NO , 3195this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3196interface). 3197Specify this entry to enable the 6to4 interface. 3198.It Va stf_interface_ipv4plen 3199.Pq Vt int 3200Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3201An effective value is 0-31. 3202.It Va stf_interface_ipv6_ifid 3203.Pq Vt str 3204IPv6 interface ID for 3205.Xr stf 4 . 3206This can be set to 3207.Dq Li AUTO . 3208.It Va stf_interface_ipv6_slaid 3209.Pq Vt str 3210IPv6 Site Level Aggregator for 3211.Xr stf 4 . 3212.It Va ipv6_ipv4mapping 3213.Pq Vt bool 3214If set to 3215.Dq Li YES 3216this enables IPv4 mapped IPv6 address communication (like 3217.Li ::ffff:a.b.c.d ) . 3218.It Va rtsold_enable 3219.Pq Vt bool 3220Set to 3221.Dq Li YES 3222to enable the 3223.Xr rtsold 8 3224daemon to send ICMPv6 Router Solicitation messages. 3225.It Va rtsold_flags 3226.Pq Vt str 3227If 3228.Va rtsold_enable 3229is set to 3230.Dq Li YES , 3231these are the flags to pass to 3232.Xr rtsold 8 . 3233.It Va rtsol_flags 3234.Pq Vt str 3235For interfaces configured with the 3236.Dq Li inet6 accept_rtadv 3237keyword, these are the flags to pass to 3238.Xr rtsol 8 . 3239.Pp 3240Note that 3241.Va rtsold_enable 3242is mutually exclusive to 3243.Va rtsol_flags ; 3244.Va rtsold_enable 3245takes precedence. 3246.It Va keybell 3247.Pq Vt str 3248The keyboard bell sound. 3249Set to 3250.Dq Li normal , 3251.Dq Li visual , 3252.Dq Li off , 3253or 3254.Dq Li NO 3255if the default behavior is desired. 3256For details, refer to the 3257.Xr kbdcontrol 1 3258manpage. 3259.It Va keyboard 3260.Pq Vt str 3261If set to a non-null string, the virtual console's keyboard input is 3262set to this device. 3263.It Va keymap 3264.Pq Vt str 3265If set to 3266.Dq Li NO , 3267no keymap is installed, otherwise the value is used to install 3268the keymap file found in 3269.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3270(if using 3271.Xr syscons 4 ) or 3272.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3273(if using 3274.Xr vt 4 ) . 3275.It Va keyrate 3276.Pq Vt str 3277The keyboard repeat speed. 3278Set to 3279.Dq Li slow , 3280.Dq Li normal , 3281.Dq Li fast , 3282or 3283.Dq Li NO 3284if the default behavior is desired. 3285.It Va keychange 3286.Pq Vt str 3287If not set to 3288.Dq Li NO , 3289attempt to program the function keys with the value. 3290The value should 3291be a single string of the form: 3292.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3293.It Va cursor 3294.Pq Vt str 3295Can be set to the value of 3296.Dq Li normal , 3297.Dq Li blink , 3298.Dq Li destructive , 3299or 3300.Dq Li NO 3301to set the cursor behavior explicitly or choose the default behavior. 3302.It Va scrnmap 3303.Pq Vt str 3304If set to 3305.Dq Li NO , 3306no screen map is installed, otherwise the value is used to install 3307the screen map file in 3308.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3309This parameter is ignored when using 3310.Xr vt 4 3311as the console driver. 3312.It Va font8x16 3313.Pq Vt str 3314If set to 3315.Dq Li NO , 3316the default 8x16 font value is used for screen size requests, otherwise 3317the value in 3318.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3319or 3320.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3321is used (depending on the console driver being used). 3322.It Va font8x14 3323.Pq Vt str 3324If set to 3325.Dq Li NO , 3326the default 8x14 font value is used for screen size requests, otherwise 3327the value in 3328.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3329or 3330.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3331is used (depending on the console driver being used). 3332.It Va font8x8 3333.Pq Vt str 3334If set to 3335.Dq Li NO , 3336the default 8x8 font value is used for screen size requests, otherwise 3337the value in 3338.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3339or 3340.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3341is used (depending on the console driver being used). 3342.It Va blanktime 3343.Pq Vt int 3344If set to 3345.Dq Li NO , 3346the default screen blanking interval is used, otherwise it is set 3347to 3348.Ar value 3349seconds. 3350.It Va saver 3351.Pq Vt str 3352If not set to 3353.Dq Li NO , 3354this is the actual screen saver to use 3355.Li ( blank , snake , daemon , 3356etc). 3357.It Va moused_nondefault_enable 3358.Pq Vt str 3359If set to 3360.Dq Li NO , 3361the mouse device specified on 3362the command line is not automatically treated as enabled by the 3363.Pa /etc/rc.d/moused 3364script. 3365Having this variable set to 3366.Dq Li YES 3367allows a 3368.Xr usb 4 3369mouse, 3370for example, 3371to be enabled as soon as it is plugged in. 3372.It Va moused_enable 3373.Pq Vt str 3374If set to 3375.Dq Li YES , 3376the 3377.Xr moused 8 3378daemon is started for doing cut/paste selection on the console. 3379.It Va moused_type 3380.Pq Vt str 3381This is the protocol type of the mouse connected to this host. 3382This variable must be set if 3383.Va moused_enable 3384is set to 3385.Dq Li YES , 3386but defaults to 3387.Dq Li auto 3388as the 3389.Xr moused 8 3390daemon 3391is able to detect the appropriate mouse type automatically in many cases. 3392Set this variable to 3393one from the following list if the automatic detection fails. 3394.Pp 3395If the mouse is attached to the PS/2 mouse port, choose 3396.Dq Li auto 3397or 3398.Dq Li ps/2 , 3399regardless of the brand and model of the mouse. 3400Likewise, if the 3401mouse is attached to the bus mouse port, choose 3402.Dq Li auto 3403or 3404.Dq Li busmouse . 3405All other protocols are for serial mice and will not work with 3406the PS/2 and bus mice. 3407If this is a USB mouse, 3408.Dq Li auto 3409is the only protocol type which will work. 3410.Pp 3411.Bl -tag -width ".Li x10mouseremote" -compact 3412.It Li microsoft 3413Microsoft mouse (serial) 3414.It Li intellimouse 3415Microsoft IntelliMouse (serial) 3416.It Li mousesystems 3417Mouse systems Corp.\& mouse (serial) 3418.It Li mmseries 3419MM Series mouse (serial) 3420.It Li logitech 3421Logitech mouse (serial) 3422.It Li busmouse 3423A bus mouse 3424.It Li mouseman 3425Logitech MouseMan and TrackMan (serial) 3426.It Li glidepoint 3427ALPS GlidePoint (serial) 3428.It Li thinkingmouse 3429Kensington ThinkingMouse (serial) 3430.It Li ps/2 3431PS/2 mouse 3432.It Li mmhittab 3433MM HitTablet (serial) 3434.It Li x10mouseremote 3435X10 MouseRemote (serial) 3436.It Li versapad 3437Interlink VersaPad (serial) 3438.El 3439.Pp 3440Even if the mouse is not in the above list, it may be compatible 3441with one in the list. 3442Refer to the manual page for 3443.Xr moused 8 3444for compatibility information. 3445.Pp 3446It should also be noted that while this is enabled, any 3447other client of the mouse (such as an X server) should access 3448the mouse through the virtual mouse device, 3449.Pa /dev/sysmouse , 3450and configure it as a 3451.Dq Li sysmouse 3452type mouse, since all 3453mouse data is converted to this single canonical format when 3454using 3455.Xr moused 8 . 3456If the client program does not support the 3457.Dq Li sysmouse 3458type, 3459specify the 3460.Dq Li mousesystems 3461type. 3462It is the second preferred type. 3463.It Va moused_port 3464.Pq Vt str 3465If 3466.Va moused_enable 3467is set to 3468.Dq Li YES , 3469this is the actual port the mouse is on. 3470It might be 3471.Pa /dev/cuau0 3472for a COM1 serial mouse, or 3473.Pa /dev/psm0 3474for a PS/2 mouse, for example. 3475.It Va moused_flags 3476.Pq Vt str 3477If 3478.Va moused_flags 3479is set, its value is used as an additional set of flags to pass to the 3480.Xr moused 8 3481daemon. 3482.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3483When 3484.Va moused_nondefault_enable 3485is enabled, and a 3486.Xr moused 8 3487daemon is started for a non-default port, the 3488.Va "moused_" Ns Ar XXX Ns Va "_flags" 3489set of options has precedence over and replaces the default 3490.Va moused_flags 3491(where 3492.Ar XXX 3493is the name of the non-default port, i.e.,\& 3494.Ar ums0 ) . 3495By setting 3496.Va "moused_" Ns Ar XXX Ns Va "_flags" 3497it is possible to set up a different set of default flags for each 3498.Xr moused 8 3499instance. 3500For example, you can use 3501.Dq Li "-3" 3502for the default 3503.Va moused_flags 3504to make your laptop's touchpad more comfortable to use, 3505but an empty set of options for 3506.Va moused_ums0_flags 3507when your 3508.Xr usb 4 3509mouse has three or more buttons. 3510.It Va mousechar_start 3511.Pq Vt int 3512If set to 3513.Dq Li NO , 3514the default mouse cursor character range 3515.Li 0xd0 Ns - Ns Li 0xd3 3516is used, 3517otherwise the range start is set 3518to 3519.Ar value 3520character, see 3521.Xr vidcontrol 1 . 3522Use if the default range is occupied in the language code table. 3523.It Va allscreens_flags 3524.Pq Vt str 3525If set, 3526.Xr vidcontrol 1 3527is run with these options for each of the virtual terminals 3528.Pq Pa /dev/ttyv* . 3529For example, 3530.Dq Fl m Cm on 3531will enable the mouse pointer on all virtual terminals 3532if 3533.Va moused_enable 3534is set to 3535.Dq Li YES . 3536.It Va allscreens_kbdflags 3537.Pq Vt str 3538If set, 3539.Xr kbdcontrol 1 3540is run with these options for each of the virtual terminals 3541.Pq Pa /dev/ttyv* . 3542For example, 3543.Dq Fl h Li 200 3544will set the 3545.Xr syscons 4 3546or 3547.Xr vt 4 3548scrollback (history) buffer to 200 lines. 3549.It Va cron_enable 3550.Pq Vt bool 3551If set to 3552.Dq Li YES , 3553run the 3554.Xr cron 8 3555daemon at system boot time. 3556.It Va cron_program 3557.Pq Vt str 3558Path to 3559.Xr cron 8 3560(default 3561.Pa /usr/sbin/cron ) . 3562.It Va cron_flags 3563.Pq Vt str 3564If 3565.Va cron_enable 3566is set to 3567.Dq Li YES , 3568these are the flags to pass to 3569.Xr cron 8 . 3570.It Va cron_dst 3571.Pq Vt bool 3572If set to 3573.Dq Li YES , 3574enable the special handling of transitions to and from the 3575Daylight Saving Time in 3576.Xr cron 8 3577(equivalent to using the flag 3578.Fl s ) . 3579.It Va lpd_program 3580.Pq Vt str 3581Path to 3582.Xr lpd 8 3583(default 3584.Pa /usr/sbin/lpd ) . 3585.It Va lpd_enable 3586.Pq Vt bool 3587If set to 3588.Dq Li YES , 3589run the 3590.Xr lpd 8 3591daemon at system boot time. 3592.It Va lpd_flags 3593.Pq Vt str 3594If 3595.Va lpd_enable 3596is set to 3597.Dq Li YES , 3598these are the flags to pass to the 3599.Xr lpd 8 3600daemon. 3601.It Va chkprintcap_enable 3602.Pq Vt bool 3603If set to 3604.Dq Li YES , 3605run the 3606.Xr chkprintcap 8 3607command before starting the 3608.Xr lpd 8 3609daemon. 3610.It Va chkprintcap_flags 3611.Pq Vt str 3612If 3613.Va lpd_enable 3614and 3615.Va chkprintcap_enable 3616are set to 3617.Dq Li YES , 3618these are the flags to pass to the 3619.Xr chkprintcap 8 3620program. 3621The default is 3622.Dq Li -d , 3623which causes missing directories to be created. 3624.It Va dumpdev 3625.Pq Vt str 3626Indicates the device (usually a swap partition) to which a crash dump 3627should be written in the event of a system crash. 3628If the value of this variable is 3629.Dq Li AUTO , 3630the first suitable swap device listed in 3631.Pa /etc/fstab 3632will be used as dump device. 3633Otherwise, the value of this variable is passed as the argument to 3634.Xr dumpon 8 3635and 3636.Xr savecore 8 . 3637To disable crash dumps, set this variable to 3638.Dq Li NO . 3639.It Va dumpon_flags 3640.Pq Vt str 3641Flags to pass to 3642.Xr dumpon 8 3643when configuring 3644.Va dumpdev 3645as the system dump device. 3646.It Va dumpdir 3647.Pq Vt str 3648When the system reboots after a crash and a crash dump is found on the 3649device specified by the 3650.Va dumpdev 3651variable, 3652.Xr savecore 8 3653will save that crash dump and a copy of the kernel to the directory 3654specified by the 3655.Va dumpdir 3656variable. 3657The default value is 3658.Pa /var/crash . 3659Set to 3660.Dq Li NO 3661to not run 3662.Xr savecore 8 3663at boot time when 3664.Va dumpdir 3665is set. 3666.It Va savecore_enable 3667.Pq Vt bool 3668If set to 3669.Dq Li NO , 3670disable automatic extraction of the crash dump from the 3671.Va dumpdev . 3672.It Va savecore_flags 3673.Pq Vt str 3674If crash dumps are enabled, these are the flags to pass to the 3675.Xr savecore 8 3676utility. 3677.It Va quota_enable 3678.Pq Vt bool 3679Set to 3680.Dq Li YES 3681to turn on user and group disk quotas on system startup via the 3682.Xr quotaon 8 3683command for all file systems marked as having quotas enabled in 3684.Pa /etc/fstab . 3685The kernel must be built with 3686.Cd "options QUOTA" 3687for disk quotas to function. 3688.It Va check_quotas 3689.Pq Vt bool 3690Set to 3691.Dq Li YES 3692to enable user and group disk quota checking via the 3693.Xr quotacheck 8 3694command. 3695.It Va quotacheck_flags 3696.Pq Vt str 3697If 3698.Va quota_enable 3699is set to 3700.Dq Li YES , 3701and 3702.Va check_quotas 3703is set to 3704.Dq Li YES , 3705these are the flags to pass to the 3706.Xr quotacheck 8 3707utility. 3708The default is 3709.Dq Li "-a" , 3710which checks quotas for all file systems with quotas enabled in 3711.Pa /etc/fstab . 3712.It Va quotaon_flags 3713.Pq Vt str 3714If 3715.Va quota_enable 3716is set to 3717.Dq Li YES , 3718these are the flags to pass to the 3719.Xr quotaon 8 3720utility. 3721The default is 3722.Dq Li "-a" , 3723which enables quotas for all file systems with quotas enabled in 3724.Pa /etc/fstab . 3725.It Va quotaoff_flags 3726.Pq Vt str 3727If 3728.Va quota_enable 3729is set to 3730.Dq Li YES , 3731these are the flags to pass to the 3732.Xr quotaoff 8 3733utility when shutting down the quota system. 3734The default is 3735.Dq Li "-a" , 3736which disables quotas for all file systems with quotas enabled in 3737.Pa /etc/fstab . 3738.It Va accounting_enable 3739.Pq Vt bool 3740Set to 3741.Dq Li YES 3742to enable system accounting through the 3743.Xr accton 8 3744facility. 3745.It Va firstboot_sentinel 3746.Pq Vt str 3747This variable specifies the full path to a 3748.Dq first boot 3749sentinel file. 3750If a file exists with this path, 3751.Pa rc.d 3752scripts with the 3753.Dq firstboot 3754keyword will be run on startup and the sentinel file will be deleted 3755after the boot process completes. 3756The sentinel file must be located on a writable file system which is 3757mounted no later than 3758.Va early_late_divider 3759to function properly. 3760The default is 3761.Pa /firstboot . 3762.It Va linux_enable 3763.Pq Vt bool 3764Set to 3765.Dq Li YES 3766to enable Linux/ELF binary emulation at system initial 3767boot time. 3768.It Va sysvipc_enable 3769.Pq Vt bool 3770If set to 3771.Dq Li YES , 3772load System V IPC primitives at boot time. 3773.It Va clear_tmp_enable 3774.Pq Vt bool 3775Set to 3776.Dq Li YES 3777to have 3778.Pa /tmp 3779cleaned at startup. 3780.It Va clear_tmp_X 3781.Pq Vt bool 3782Set to 3783.Dq Li NO 3784to disable removing of X11 lock files, 3785and the removal and (secure) recreation 3786of the various socket directories for X11 3787related programs. 3788.It Va ldconfig_paths 3789.Pq Vt str 3790Set to the list of shared library paths to use with 3791.Xr ldconfig 8 . 3792NOTE: 3793.Pa /lib 3794and 3795.Pa /usr/lib 3796will always be added first, so they need not appear in this list. 3797.It Va ldconfig32_paths 3798.Pq Vt str 3799Set to the list of 32-bit compatibility shared library paths to 3800use with 3801.Xr ldconfig 8 . 3802.It Va ldconfig_insecure 3803.Pq Vt bool 3804The 3805.Xr ldconfig 8 3806utility normally refuses to use directories 3807which are writable by anyone except root. 3808Set this variable to 3809.Dq Li YES 3810to disable that security check during system startup. 3811.It Va ldconfig_local_dirs 3812.Pq Vt str 3813Set to the list of local 3814.Xr ldconfig 8 3815directories. 3816The names of all files in the directories listed will be 3817passed as arguments to 3818.Xr ldconfig 8 . 3819.It Va ldconfig_local32_dirs 3820.Pq Vt str 3821Set to the list of local 32-bit compatibility 3822.Xr ldconfig 8 3823directories. 3824The names of all files in the directories listed will be 3825passed as arguments to 3826.Dq Nm ldconfig Fl 32 . 3827.It Va kern_securelevel_enable 3828.Pq Vt bool 3829Set to 3830.Dq Li YES 3831to set the kernel security level at system startup. 3832.It Va kern_securelevel 3833.Pq Vt int 3834The kernel security level to set at startup. 3835The allowed range of 3836.Ar value 3837ranges from \-1 (the compile time default) to 3 (the 3838most secure). 3839See 3840.Xr security 7 3841for the list of possible security levels and their effect 3842on system operation. 3843.It Va sshd_program 3844.Pq Vt str 3845Path to the SSH server program 3846.Pa ( /usr/sbin/sshd 3847is the default). 3848.It Va sshd_enable 3849.Pq Vt bool 3850Set to 3851.Dq Li YES 3852to start 3853.Xr sshd 8 3854at system boot time. 3855Note, the 3856.Va sshd_oomprotect 3857variable is set to 3858.Dq Li YES 3859by default in 3860.Pa /etc/defaults/rc.conf . 3861.It Va sshd_flags 3862.Pq Vt str 3863If 3864.Va sshd_enable 3865is set to 3866.Dq Li YES , 3867these are the flags to pass to the 3868.Xr sshd 8 3869daemon. 3870.It Va ftpd_program 3871.Pq Vt str 3872Path to the FTP server program 3873.Pa ( /usr/libexec/ftpd 3874is the default). 3875.It Va ftpd_enable 3876.Pq Vt bool 3877Set to 3878.Dq Li YES 3879to start 3880.Xr ftpd 8 3881as a stand-alone daemon at system boot time. 3882.It Va ftpd_flags 3883.Pq Vt str 3884If 3885.Va ftpd_enable 3886is set to 3887.Dq Li YES , 3888these are the additional flags to pass to the 3889.Xr ftpd 8 3890daemon. 3891.It Va watchdogd_enable 3892.Pq Vt bool 3893If set to 3894.Dq Li YES , 3895start the 3896.Xr watchdogd 8 3897daemon at boot time. 3898This requires that the kernel have been compiled with a 3899.Xr watchdog 4 3900compatible device. 3901.It Va watchdogd_flags 3902.Pq Vt str 3903If 3904.Va watchdogd_enable 3905is set to 3906.Dq Li YES , 3907these are the flags passed to the 3908.Xr watchdogd 8 3909daemon. 3910.It Va watchdogd_timeout 3911.Pq Vt int 3912If 3913.Va watchdogd_enable 3914is set to 3915.Dq Li YES , 3916this is a timeout that will be used by the 3917.Xr watchdogd 8 3918daemon. 3919If this option is set, it overrides 3920.Fl t 3921in 3922.Va watchdogd_flags . 3923.It Va watchdogd_shutdown_timeout 3924.Pq Vt int 3925If 3926.Va watchdogd_enable 3927is set to 3928.Dq Li YES , 3929this is a timeout that will be set by the 3930.Xr watchdogd 8 3931daemon when it exits during the system shutdown. 3932This timeout will not be set when returning to the single-user mode 3933or when the watchdogd service is stopped individually using the 3934.Xr service 8 3935command or the rc.d script. 3936Note that the timeout will be applied if 3937.Xr watchdogd 8 3938is stopped outside of 3939.Xr rc 8 3940framework. 3941If this option is set, it overrides 3942.Fl x 3943in 3944.Va watchdogd_flags . 3945.It Va devfs_rulesets 3946.Pq Vt str 3947List of files containing sets of rules for 3948.Xr devfs 8 . 3949.It Va devfs_system_ruleset 3950.Pq Vt str 3951Rule name(s) to apply to the system 3952.Pa /dev 3953itself. 3954.It Va devfs_set_rulesets 3955.Pq Vt str 3956Pairs of already-mounted 3957.Pa dev 3958directories and rulesets that should be applied to them. 3959For example: /mount/dev=ruleset_name 3960.It Va devfs_load_rulesets 3961.Pq Vt bool 3962If set, always load the default rulesets listed in 3963.Va devfs_rulesets . 3964.It Va performance_cx_lowest 3965.Pq Vt str 3966CPU idle state to use while on AC power. 3967The string 3968.Dq Li LOW 3969indicates that 3970.Xr acpi 4 3971should use the lowest power state available while 3972.Dq Li HIGH 3973indicates that the lowest latency state (less power savings) should be used. 3974.It Va performance_cpu_freq 3975.Pq Vt str 3976CPU clock frequency to use while on AC power. 3977The string 3978.Dq Li LOW 3979indicates that 3980.Xr cpufreq 4 3981should use the lowest frequency available while 3982.Dq Li HIGH 3983indicates that the highest frequency (less power savings) should be used. 3984.It Va economy_cx_lowest 3985.Pq Vt str 3986CPU idle state to use when off AC power. 3987The string 3988.Dq Li LOW 3989indicates that 3990.Xr acpi 4 3991should use the lowest power state available while 3992.Dq Li HIGH 3993indicates that the lowest latency state (less power savings) should be used. 3994.It Va economy_cpu_freq 3995.Pq Vt str 3996CPU clock frequency to use when off AC power. 3997The string 3998.Dq Li LOW 3999indicates that 4000.Xr cpufreq 4 4001should use the lowest frequency available while 4002.Dq Li HIGH 4003indicates that the highest frequency (less power savings) should be used. 4004.It Va jail_enable 4005.Pq Vt bool 4006If set to 4007.Dq Li NO , 4008any configured jails will not be started. 4009.It Va jail_conf 4010.Pq Vt str 4011The configuration filename used by 4012.Xr jail 8 4013utility. 4014The default value is 4015.Pa /etc/jail.conf . 4016.Pa /etc/jail\&. Ns Ao Va jname Ac Ns Pa .conf 4017and 4018.Pa /etc/jail.conf.d/ Ns Ao Va jname Ac Ns Pa .conf 4019will also be used if 4020.Ao Va jname Ac 4021is set in 4022.Va jail_list . 4023.It Va jail_parallel_start 4024.Pq Vt bool 4025If set to 4026.Dq Li YES , 4027all configured jails will be started in the background (in parallel). 4028.It Va jail_flags 4029.Pq Vt str 4030Unset by default. 4031When set, use as default value for 4032.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4033for every jail in 4034.Va jail_list . 4035.It Va jail_list 4036.Pq Vt str 4037A space-delimited list of jail names. 4038When left empty, all of the 4039.Xr jail 8 4040instances defined in the configuration file are started. 4041The names specified in this list control the jail startup order. 4042.Xr jail 8 4043instances missing from 4044.Va jail_list 4045must be started manually. 4046Note that a jail's 4047.Va depend 4048parameter in the configuration file may override this list. 4049.It Va jail_reverse_stop 4050.Pq Vt bool 4051When set to 4052.Dq Li YES , 4053all configured jails in 4054.Va jail_list 4055are stopped in reverse order. 4056.It Va jail_ Ns * variables 4057Note that older releases supported per-jail configuration via 4058.Nm 4059variables. 4060For example, 4061hostname of a jail named 4062.Li vjail 4063was able to be set by 4064.Li jail_vjail_hostname . 4065These per-jail configuration variables are now obsolete in favor of 4066.Xr jail 8 4067configuration file. 4068For backward compatibility, 4069when per-jail configuration variables are defined, 4070.Xr jail 8 4071configuration files are created as 4072.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 4073and used. 4074.Pp 4075The following per-jail parameters are handled by 4076.Pa rc.d/jail 4077script out of their corresponding 4078.Nm 4079variables. 4080In addition to them, parameters in 4081.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4082will be added to the configuration file. 4083They must be a semi-colon 4084.Pq Ql \&; 4085delimited list of 4086.Dq key=value . 4087For more details, 4088see 4089.Xr jail 8 4090manual page. 4091.Bl -tag -width "host.hostname" -offset indent 4092.It Li path 4093set from 4094.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4095.It Li host.hostname 4096set from 4097.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4098.It Li exec.consolelog 4099set from 4100.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 4101The default value is 4102.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 4103.It Li interface 4104set from 4105.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4106.It Li vnet.interface 4107set from 4108.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4109This implies 4110.Li vnet 4111parameter will be enabled and cannot be specified with 4112.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4113.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4114and/or 4115.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4116at the same time. 4117.It Li fstab 4118set from 4119.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4120.It Li mount 4121set from 4122.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4123.It Li exec.fib 4124set from 4125.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4126.It Li exec.start 4127set from 4128.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4129The parameter name was 4130.Li command 4131in some older releases. 4132.It Li exec.prestart 4133set from 4134.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4135.It Li exec.poststart 4136set from 4137.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4138.It Li exec.stop 4139set from 4140.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4141.It Li exec.prestop 4142set from 4143.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4144.It Li exec.poststop 4145set from 4146.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4147.It Li ip4.addr 4148set if 4149.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4150or 4151.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4152contain IPv4 addresses 4153.It Li ip6.addr 4154set if 4155.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4156or 4157.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4158contain IPv6 addresses 4159.It Li allow.mount 4160set from 4161.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4162.It Li mount.devfs 4163set from 4164.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4165.It Li devfs_ruleset 4166set from 4167.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4168This must be an integer, 4169not a string. 4170.It Li mount.fdescfs 4171set from 4172.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4173.It Li allow.set_hostname 4174set from 4175.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4176.It Li allow.rawsocket 4177set from 4178.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4179.It Li allow.sysvipc 4180set from 4181.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4182.El 4183.\" ----------------------------------------------------- 4184.It Va harvest_mask 4185.Pq Vt int 4186Set to a bit-mask 4187representing the entropy sources 4188you wish to harvest. 4189Refer to 4190.Xr random 4 4191for more information. 4192.It Va entropy_dir 4193.Pq Vt str 4194Set to 4195.Dq Li NO 4196to disable caching entropy via 4197.Xr cron 8 . 4198Otherwise set to the directory 4199in which the entropy files are stored. 4200To be useful, 4201there must be 4202a system cron job 4203that regularly writes and rotates 4204files here. 4205All files found 4206will be used at boot time. 4207The default is 4208.Pa /var/db/entropy . 4209.It Va entropy_file 4210.Pq Vt str 4211Set to 4212.Dq Li NO 4213to disable caching entropy through reboots. 4214Otherwise set to the name 4215of a file used to store cached entropy. 4216This file should be located 4217on a file system that is readable 4218before all the volumes specified in 4219.Xr fstab 5 4220are mounted. 4221By default, 4222.Pa /entropy 4223is used, 4224but if 4225.Pa /var/db/entropy-file 4226is found it will also be used. 4227This will be of some use to 4228.Xr bsdinstall 8 . 4229.It Va entropy_boot_file 4230.Pq Vt str 4231Set to 4232.Dq Li NO 4233to disable 4234very early caching entropy 4235through reboots. 4236Otherwise set to the filename 4237used to read 4238very early reboot cached entropy. 4239This file should be located where 4240.Xr loader 8 4241can read it. 4242See also 4243.Xr loader.conf 5 . 4244The default location is 4245.Pa /boot/entropy . 4246.It Va entropy_save_sz 4247.Pq Vt int 4248Size of the entropy cache files saved by 4249.Nm save-entropy 4250periodically. 4251.It Va entropy_save_num 4252.Pq Vt int 4253Number of entropy cache files to save by 4254.Nm save-entropy 4255periodically. 4256.It Va ipsec_enable 4257.Pq Vt bool 4258Set to 4259.Dq Li YES 4260to run 4261.Xr setkey 8 4262on 4263.Va ipsec_file 4264at boot time. 4265.It Va ipsec_file 4266.Pq Vt str 4267Configuration file for 4268.Xr setkey 8 . 4269.It Va dmesg_enable 4270.Pq Vt bool 4271Set to 4272.Dq Li YES 4273to save 4274.Xr dmesg 8 4275to 4276.Pa /var/run/dmesg.boot 4277on boot. 4278.It Va rcshutdown_timeout 4279.Pq Vt int 4280If set, start a watchdog timer in the background which will terminate 4281.Pa rc.shutdown 4282if 4283.Xr shutdown 8 4284has not completed within the specified time (in seconds). 4285Notice that in addition to this soft timeout, 4286.Xr init 8 4287also applies a hard timeout for the execution of 4288.Pa rc.shutdown . 4289This is configured via 4290.Xr sysctl 8 4291variable 4292.Va kern.init_shutdown_timeout 4293and defaults to 120 seconds. 4294Setting the value of 4295.Va rcshutdown_timeout 4296to more than 120 seconds will have no effect until the 4297.Xr sysctl 8 4298variable 4299.Va kern.init_shutdown_timeout 4300is also increased. 4301.It Va virecover_enable 4302.Pq Vt bool 4303Set to 4304.Dq Li NO 4305to prevent the system from trying to 4306recover prematurely terminated 4307.Xr vi 1 4308sessions. 4309.It Va ugidfw_enable 4310.Pq Vt bool 4311Set to 4312.Dq Li YES 4313to load the 4314.Xr mac_bsdextended 4 4315module upon system initialization and load a default 4316ruleset file. 4317.It Va bsdextended_script 4318.Pq Vt str 4319The default 4320.Xr mac_bsdextended 4 4321ruleset file to load. 4322The default value of this variable is 4323.Pa /etc/rc.bsdextended . 4324.It Va newsyslog_enable 4325.Pq Vt bool 4326If set to 4327.Dq Li YES , 4328run 4329.Xr newsyslog 8 4330command at startup. 4331.It Va newsyslog_flags 4332.Pq Vt str 4333If 4334.Va newsyslog_enable 4335is set to 4336.Dq Li YES , 4337these are the flags to pass to the 4338.Xr newsyslog 8 4339program. 4340The default is 4341.Dq Li -CN , 4342which causes log files flagged with a 4343.Cm C 4344to be created. 4345.It Va mdconfig_md Ns Aq Ar X 4346.Pq Vt str 4347Arguments to 4348.Xr mdconfig 8 4349for 4350.Xr md 4 4351device 4352.Ar X . 4353At minimum a 4354.Fl t Ar type 4355must be specified and either a 4356.Fl s Ar size 4357for malloc or swap backed 4358.Xr md 4 4359devices or a 4360.Fl f Ar file 4361for vnode backed 4362.Xr md 4 4363devices. 4364Note that 4365.Va mdconfig_md Ns Aq Ar X 4366variables are evaluated until one variable is unset or null. 4367.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4368.Pq Vt str 4369Optional arguments passed to 4370.Xr newfs 8 4371to initialize 4372.Xr md 4 4373device 4374.Ar X . 4375.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4376.Pq Vt str 4377An ownership specification passed to 4378.Xr chown 8 4379after the specified 4380.Xr md 4 4381device 4382.Ar X 4383has been mounted. 4384Both the 4385.Xr md 4 4386device and the mount point will be changed. 4387.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4388.Pq Vt str 4389A mode string passed to 4390.Xr chmod 1 4391after the specified 4392.Xr md 4 4393device 4394.Ar X 4395has been mounted. 4396Both the 4397.Xr md 4 4398device and the mount point will be changed. 4399.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4400.Pq Vt str 4401Files to be copied to the mount point of the 4402.Xr md 4 4403device 4404.Ar X 4405after it has been mounted. 4406.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4407.Pq Vt str 4408Command to execute after the specified 4409.Xr md 4 4410device 4411.Ar X 4412has been mounted. 4413Note that the command is passed to 4414.Ic eval 4415and that both 4416.Va _dev 4417and 4418.Va _mp 4419variables can be used to reference respectively the 4420.Xr md 4 4421device and the mount point. 4422Assuming that the 4423.Xr md 4 4424device is 4425.Li md0 , 4426one could set the following: 4427.Bd -literal 4428mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4429.Ed 4430.It Va autobridge_interfaces 4431.Pq Vt str 4432Set to the list of bridge interfaces that will have newly arriving interfaces 4433checked against to be automatically added. 4434If not set to 4435.Dq Li NO 4436then for each whitespace separated 4437.Ar element 4438in the value, a 4439.Va autobridge_ Ns Aq Ar element 4440variable is assumed to exist which has a whitespace separated list of interface 4441names to match, these names can use wildcards. 4442For example: 4443.Bd -literal 4444autobridge_interfaces="bridge0" 4445autobridge_bridge0="tap* dc0 vlan[345]" 4446.Ed 4447.It Va mixer_enable 4448.Pq Vt bool 4449If set to 4450.Dq Li YES , 4451enable support for sound mixer. 4452.It Va hcsecd_enable 4453.Pq Vt bool 4454If set to 4455.Dq Li YES , 4456enable Bluetooth security daemon. 4457.It Va hcsecd_config 4458.Pq Vt str 4459Configuration file for 4460.Xr hcsecd 8 . 4461Default 4462.Pa /etc/bluetooth/hcsecd.conf . 4463.It Va sdpd_enable 4464.Pq Vt bool 4465If set to 4466.Dq Li YES , 4467enable Bluetooth Service Discovery Protocol daemon. 4468.It Va sdpd_control 4469.Pq Vt str 4470Path to 4471.Xr sdpd 8 4472control socket. 4473Default 4474.Pa /var/run/sdp . 4475.It Va sdpd_groupname 4476.Pq Vt str 4477Sets 4478.Xr sdpd 8 4479group to run as after it initializes. 4480Default 4481.Dq Li nobody . 4482.It Va sdpd_username 4483.Pq Vt str 4484Sets 4485.Xr sdpd 8 4486user to run as after it initializes. 4487Default 4488.Dq Li nobody . 4489.It Va bthidd_enable 4490.Pq Vt bool 4491If set to 4492.Dq Li YES , 4493enable Bluetooth Human Interface Device daemon. 4494.It Va bthidd_config 4495.Pq Vt str 4496Configuration file for 4497.Xr bthidd 8 . 4498Default 4499.Pa /etc/bluetooth/bthidd.conf . 4500.It Va bthidd_hids 4501.Pq Vt str 4502Path to a file, where 4503.Xr bthidd 8 4504will store information about known HID devices. 4505Default 4506.Pa /var/db/bthidd.hids . 4507.It Va rfcomm_pppd_server_enable 4508.Pq Vt bool 4509If set to 4510.Dq Li YES , 4511enable Bluetooth RFCOMM PPP wrapper daemon. 4512.It Va rfcomm_pppd_server_profile 4513.Pq Vt str 4514The name of the profile to use from 4515.Pa /etc/ppp/ppp.conf . 4516Multiple profiles can be specified here. 4517Also used to specify per-profile overrides. 4518When the profile name contains any of the characters 4519.Dq Li .-/+ 4520they are translated to 4521.Dq Li _ 4522for the proposes of the override variable names. 4523.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4524.Pq Vt str 4525Overrides local address to listen on. 4526By default 4527.Xr rfcomm_pppd 8 4528will listen on 4529.Dq Li ANY 4530address. 4531The address can be specified as BD_ADDR or name. 4532.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4533.Pq Vt str 4534Overrides local RFCOMM channel to listen on. 4535By default 4536.Xr rfcomm_pppd 8 4537will listen on RFCOMM channel 1. 4538Must set properly if multiple profiles used in the same time. 4539.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4540.Pq Vt bool 4541Tells 4542.Xr rfcomm_pppd 8 4543if it should register Serial Port service on the specified RFCOMM channel. 4544Default 4545.Dq Li NO . 4546.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4547.Pq Vt bool 4548Tells 4549.Xr rfcomm_pppd 8 4550if it should register Dial-Up Networking service on the specified 4551RFCOMM channel. 4552Default 4553.Dq Li NO . 4554.It Va ubthidhci_enable 4555.Pq Vt bool 4556If set to 4557.Dq Li YES , 4558change the USB Bluetooth controller from HID mode to HCI mode. 4559You also need to specify the location of USB Bluetooth controller with the 4560.Va ubthidhci_busnum 4561and 4562.Va ubthidhci_addr 4563variables. 4564.It Va ubthidhci_busnum 4565Bus number where the USB Bluetooth controller is located. 4566Check the output of 4567.Xr usbconfig 8 4568on your system to find this information. 4569.It Va ubthidhci_addr 4570Bus address of the USB Bluetooth controller. 4571Check the output of 4572.Xr usbconfig 8 4573on your system to find this information. 4574.It Va utx_enable 4575.Pq Vt bool 4576Set to 4577.Dq Li YES 4578to enable user accounting through the 4579.Xr utx 8 4580facility. 4581.It Va netwait_enable 4582.Pq Vt bool 4583If set to 4584.Dq Li YES , 4585delays the start of network-reliant services until 4586.Va netwait_if 4587is up and ICMP packets to a destination defined in 4588.Va netwait_ip 4589are flowing. 4590Link state is examined first, followed by 4591.Dq Li pinging 4592an IP address to verify network usability. 4593If no destination can be reached or timeouts are exceeded, 4594network services are started anyway with no guarantee that 4595the network is usable. 4596Use of this variable requires both 4597.Va netwait_ip 4598and 4599.Va netwait_if 4600to be set. 4601.It Va netwait_ip 4602.Pq Vt str 4603Empty by default. 4604This variable contains a space-delimited list of IP addresses to 4605.Xr ping 8 . 4606DNS hostnames should not be used as resolution is not guaranteed 4607to be functional at this point. 4608If multiple IP addresses are specified, 4609each will be tried until one is successful or the list is exhausted. 4610.It Va netwait_timeout 4611.Pq Vt int 4612Indicates the total number of seconds to perform a 4613.Dq Li ping 4614against each IP address in 4615.Va netwait_ip , 4616at a rate of one ping per second. 4617If any of the pings are successful, 4618full network connectivity is considered reliable. 4619The default is 60. 4620.It Va netwait_if 4621.Pq Vt str 4622Empty by default. 4623Defines the name of the network interface on which watch for link. 4624.Xr ifconfig 8 4625is used to monitor the interface, looking for 4626.Dq Li status: no carrier . 4627Once gone, the link is considered up. 4628This can be a 4629.Xr vlan 4 4630interface if desired. 4631.It Va netwait_if_timeout 4632.Pq Vt int 4633Defines the total number of seconds to wait for link to become usable, 4634polled at a 1-second interval. 4635The default is 30. 4636.It Va rctl_enable 4637.Pq Vt bool 4638If set to 4639.Dq Li YES , 4640load 4641.Xr rctl 8 4642rules from the defined ruleset. 4643The kernel must be built with 4644.Cd "options RACCT" 4645and 4646.Cd "options RCTL" . 4647.It Va rctl_rules 4648.Pq Vt str 4649Set to 4650.Pa /etc/rctl.conf 4651by default. 4652This variables contains the 4653.Xr rctl.conf 5 4654ruleset to load for 4655.Xr rctl 8 . 4656.It Va iovctl_files 4657.Pq Vt str 4658A space-separated list of configuration files used by 4659.Xr iovctl 8 . 4660The default value is an empty string. 4661.It Va autofs_enable 4662.Pq Vt bool 4663If set to 4664.Dq Li YES , 4665start the 4666.Xr automount 8 4667utility and the 4668.Xr automountd 8 4669and 4670.Xr autounmountd 8 4671daemons at boot time. 4672.It Va automount_flags 4673.Pq Vt str 4674If 4675.Va autofs_enable 4676is set to 4677.Dq Li YES , 4678these are the flags to pass to the 4679.Xr automount 8 4680program. 4681By default no flags are passed. 4682.It Va automountd_flags 4683.Pq Vt str 4684If 4685.Va autofs_enable 4686is set to 4687.Dq Li YES , 4688these are the flags to pass to the 4689.Xr automountd 8 4690daemon. 4691By default no flags are passed. 4692.It Va autounmountd_flags 4693.Pq Vt str 4694If 4695.Va autofs_enable 4696is set to 4697.Dq Li YES , 4698these are the flags to pass to the 4699.Xr autounmountd 8 4700daemon. 4701By default no flags are passed. 4702.It Va ctld_enable 4703.Pq Vt bool 4704If set to 4705.Dq Li YES , 4706start the 4707.Xr ctld 8 4708daemon at boot time. 4709.It Va iscsid_enable 4710.Pq Vt bool 4711If set to 4712.Dq Li YES , 4713start the 4714.Xr iscsid 8 4715daemon at boot time. 4716.It Va iscsictl_enable 4717.Pq Vt bool 4718If set to 4719.Dq Li YES , 4720start the 4721.Xr iscsictl 8 4722utility at boot time. 4723.It Va iscsictl_flags 4724.Pq Vt str 4725If 4726.Va iscsictl_enable 4727is set to 4728.Dq Li YES , 4729these are the flags to pass to the 4730.Xr iscsictl 8 4731program. 4732The default is 4733.Dq Li -Aa , 4734which configures sessions based on the 4735.Pa /etc/iscsi.conf 4736configuration file. 4737.It Va cfumass_enable 4738.Pq Vt bool 4739If set to 4740.Dq Li YES , 4741create and export an USB LUN using 4742.Xr cfumass 4 4743at boot time. 4744.It Va cfumass_dir 4745.Pq Vt str 4746The directory where the files exported by USB LUN are located. 4747The default directory is 4748.Pa /var/cfumass . 4749.It Va service_delete_empty 4750.Pq Vt bool 4751If set to 4752.Dq Li YES , 4753.Ql Li service delete 4754removes empty 4755.Dq Li rc.conf.d 4756files. 4757.It Va zfs_bootonce_activate 4758.Pq Vt bool 4759If set to 4760.Dq Li YES , 4761and a boot environment marked bootonce is successfully booted, 4762it will be made permanently active. 4763.It Va zfskeys_enable 4764.Pq Vt bool 4765If set to 4766.Dq Li YES , 4767enable auto-loading of encryption keys for encrypted ZFS datasets. 4768For every dataset the script will first load the appropriate encryption key 4769and then attempt to unlock the dataset. 4770.Pp 4771The script operates only on datasets which are encrypted with 4772ZFS native encryption 4773and have a ZFS 4774.Dq Li keylocation 4775dataset property beginning with 4776.Dq Li file:// . 4777.It Va zfskeys_datasets 4778.Pq Vt str 4779A whitespace-separated list of ZFS datasets to unlock. 4780The list is empty by default, 4781which means that the script will attempt to unlock all datasets. 4782.It Va zfskeys_timeout 4783.Pq Vt int 4784Define the total number of seconds to wait for the zfskeys script 4785to unlock an encrypted dataset. 4786The default is 10. 4787.It Va sendmail_enable 4788.Pq Vt str 4789If set to 4790.Dq Li YES , 4791run the 4792.Xr sendmail 8 4793daemon at system boot time. 4794If set to 4795.Dq Li NO , 4796do not run a 4797.Xr sendmail 8 4798daemon to listen for incoming network mail. 4799This does not preclude a 4800.Xr sendmail 8 4801daemon listening on the SMTP port of the loopback interface. 4802The 4803.Dq Li NONE 4804option sets each 4805.Va sendmail_enable , 4806.Va sendmail_submit_enable , 4807.Va sendmail_outbound_enable , 4808.Va sendmail_msp_queue_enable 4809to 4810.Dq Li NO . 4811.It Va sendmail_cert_create 4812.Pq Vt str 4813If 4814.Va sendmail_enable 4815is set to 4816.Dq Li YES , 4817create a signed certificate 4818.Pa /etc/mail/certs/host.cert 4819representing 4820.Pa /etc/mail/certs/host.key 4821by the CA certificate in 4822.Pa /etc/mail/certs/cacert.pem . 4823This will enable connecting hosts to negotiate STARTTLS allowing incoming 4824email to be encrypted in transit. 4825.Xr sendmail 8 4826needs to be configured to use these generated files. 4827The default configuration in 4828.Pa /etc/mail/freebsd.mc 4829has the required options in it. 4830.It Va sendmail_cert_cn 4831.Pq Vt str 4832If 4833.Va sendmail_enable 4834is set to 4835.Dq Li YES 4836and 4837.Va sendmail_cert_create 4838is set to 4839.Dq Li YES , 4840this is the Common Name (CN) of the certificate that will be created. 4841If 4842.Va sendmail_cert_cn 4843is not set, the system's hostname will be used. 4844If there is no hostname set, 4845.Dq Li amnesiac 4846will be used. 4847.It Va sendmail_flags 4848.Pq Vt str 4849If 4850.Va sendmail_enable 4851is set to 4852.Dq Li YES , 4853these are the flags to pass to the 4854.Xr sendmail 8 4855daemon. 4856.It Va sendmail_submit_enable 4857.Pq Vt bool 4858If set to 4859.Dq Li YES 4860and 4861.Va sendmail_enable 4862is set to 4863.Dq Li NO , 4864run 4865.Xr sendmail 8 4866using 4867.Va sendmail_submit_flags 4868instead of 4869.Va sendmail_flags . 4870This is intended to allow local mail submission via 4871a localhost-only listening SMTP service required for running 4872.Xr sendmail 8 4873as a non-set-user-ID binary. 4874Note that this does not work inside 4875.Xr jail 2 4876systems, as jails do not allow binding to just the localhost interface. 4877.It Va sendmail_submit_flags 4878.Pq Vt str 4879If 4880.Va sendmail_enable 4881is set to 4882.Dq Li NO 4883and 4884.Va sendmail_submit_enable 4885is set to 4886.Dq Li YES , 4887these are the flags to pass to the 4888.Xr sendmail 8 4889daemon. 4890.It Va sendmail_outbound_enable 4891.Pq Vt bool 4892If set to 4893.Dq Li YES 4894and both 4895.Va sendmail_enable 4896and 4897.Va sendmail_submit_enable 4898are set to 4899.Dq Li NO , 4900run 4901.Xr sendmail 8 4902using 4903.Va sendmail_outbound_flags 4904instead of 4905.Va sendmail_flags . 4906This is intended to allow local mail queue management 4907for systems that do not offer a listening SMTP service. 4908.It Va sendmail_outbound_flags 4909.Pq Vt str 4910If both 4911.Va sendmail_enable 4912and 4913.Va sendmail_submit_enable 4914are set to 4915.Dq Li NO 4916and 4917.Va sendmail_outbound_enable 4918is set to 4919.Dq Li YES , 4920these are the flags to pass to the 4921.Xr sendmail 8 4922daemon. 4923.It Va sendmail_msp_queue_enable 4924.Pq Vt bool 4925If set to 4926.Dq Li YES , 4927start a client (MSP) queue runner 4928.Xr sendmail 8 4929daemon at system boot time. 4930As of sendmail 8.12, a separate queue is used for command line 4931submissions. 4932The client queue runner ensures that nothing is 4933left behind in the submission queue. 4934.It Va sendmail_msp_queue_flags 4935.Pq Vt str 4936If 4937.Va sendmail_msp_queue_enable 4938is set to 4939daemon. 4940.Dq Li YES , 4941these are the flags to pass to the 4942.Xr sendmail 8 4943.El 4944.Sh FILES 4945.Bl -tag -width "/etc/defaults/rc.conf" -compact 4946.It Pa /etc/defaults/rc.conf 4947.It Pa /etc/defaults/vendor.conf 4948.It Pa /etc/rc.conf 4949.It Pa /etc/rc.conf.local 4950.It Pa /etc/rc.conf.d/ 4951.El 4952.Sh SEE ALSO 4953.Xr chmod 1 , 4954.Xr cpuset 1 , 4955.Xr gdb 1 Pq Pa ports/devel/gdb , 4956.Xr kbdcontrol 1 , 4957.Xr limits 1 , 4958.Xr protect 1 , 4959.Xr sh 1 , 4960.Xr umask 1 , 4961.Xr uuidgen 1 , 4962.Xr vi 1 , 4963.Xr vidcontrol 1 , 4964.Xr bridge 4 , 4965.Xr dummynet 4 , 4966.Xr ip 4 , 4967.Xr ipf 4 , 4968.Xr ipfw 4 , 4969.Xr ipnat 4 , 4970.Xr kld 4 , 4971.Xr pf 4 , 4972.Xr pflog 4 , 4973.Xr pfsync 4 , 4974.Xr tcp 4 , 4975.Xr udp 4 , 4976.Xr exports 5 , 4977.Xr fstab 5 , 4978.Xr ipf 5 , 4979.Xr ipnat 5 , 4980.Xr jail.conf 5 , 4981.Xr loader.conf 5 , 4982.Xr login.conf 5 , 4983.Xr motd 5 , 4984.Xr newsyslog.conf 5 , 4985.Xr pf.conf 5 , 4986.Xr firewall 7 , 4987.Xr growfs 7 , 4988.Xr security 7 , 4989.Xr tuning 7 , 4990.Xr accton 8 , 4991.Xr apm 8 , 4992.Xr bsdinstall 8 , 4993.Xr bthidd 8 , 4994.Xr chkprintcap 8 , 4995.Xr chown 8 , 4996.Xr cron 8 , 4997.Xr devfs 8 , 4998.Xr dhclient 8 , 4999.Xr ftpd 8 , 5000.Xr geli 8 , 5001.Xr hcsecd 8 , 5002.Xr ifconfig 8 , 5003.Xr inetd 8 , 5004.Xr iovctl 8 , 5005.Xr ipf 8 , 5006.Xr ipfw 8 , 5007.Xr ipnat 8 , 5008.Xr jail 8 , 5009.Xr kldxref 8 , 5010.Xr loader 8 , 5011.Xr lpd 8 , 5012.Xr makewhatis 8 , 5013.Xr mdconfig 8 , 5014.Xr mdmfs 8 , 5015.Xr mixer 8 , 5016.Xr mountd 8 , 5017.Xr moused 8 , 5018.Xr newfs 8 , 5019.Xr newsyslog 8 , 5020.Xr nfsd 8 , 5021.Xr ntpd 8 , 5022.Xr ntpdate 8 , 5023.Xr pfctl 8 , 5024.Xr pflogd 8 , 5025.Xr ping 8 , 5026.Xr powerd 8 , 5027.Xr quotacheck 8 , 5028.Xr quotaon 8 , 5029.Xr rc 8 , 5030.Xr rc.subr 8 , 5031.Xr rcorder 8 , 5032.Xr rfcomm_pppd 8 , 5033.Xr route 8 , 5034.Xr route6d 8 , 5035.Xr routed 8 , 5036.Xr rpc.lockd 8 , 5037.Xr rpc.statd 8 , 5038.Xr rpc.tlsclntd 8 , 5039.Xr rpc.tlsservd 8 , 5040.Xr rpcbind 8 , 5041.Xr rwhod 8 , 5042.Xr savecore 8 , 5043.Xr sdpd 8 , 5044.Xr sendmail 8 , 5045.Xr service 8 , 5046.Xr sshd 8 , 5047.Xr swapon 8 , 5048.Xr sysctl 8 , 5049.Xr syslogd 8 , 5050.Xr sysrc 8 , 5051.Xr unbound 8 , 5052.Xr usbconfig 8 , 5053.Xr utx 8 , 5054.Xr wlandebug 8 , 5055.Xr yp 8 , 5056.Xr ypbind 8 , 5057.Xr ypserv 8 , 5058.Xr ypset 8 5059.Sh HISTORY 5060The 5061.Nm 5062file appeared in 5063.Fx 2.2.2 . 5064.Sh AUTHORS 5065.An Jordan K. Hubbard . 5066