28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions
46directly.
47Instead, it is included by the
48various generic startup scripts in
49.Pa /etc
50which conditionalize their
51internal actions according to the settings found there.
52.Pp
53The
54.Pa /etc/rc.conf
55file is included from the file
56.Pa /etc/defaults/rc.conf ,
57which specifies the default settings for all the available options.
58Options need only be specified in
59.Pa /etc/rc.conf
60when the system administrator wishes to override these defaults.
61The file
62.Pa /etc/rc.conf.local
63is used to override settings in
64.Pa /etc/rc.conf
65for historical reasons.
66In addition to
67.Pa /etc/rc.conf.local
68you can also place smaller configuration files for each
69.Xr rc 8
70script in the
71.Pa /etc/rc.conf.d
72directory, which will be included by the
73.Va load_rc_config
74function.
75For jail configurations you could use the file
76.Pa /etc/rc.conf.d/jail
77to store jail specific configuration options.
78Also see the
79.Va rc_conf_files
80variable below.
81.Pp
82Options are set with
83.Dq Ar name Ns Li = Ns Ar value
84assignments that use
85.Xr sh 1
86syntax.
87The following list provides a name and short description for each
88variable that can be set in the
89.Nm
90file:
91.Bl -tag -width indent-two
92.It Va rc_debug
93.Pq Vt bool
94If set to
95.Dq Li YES ,
96enable output of debug messages from rc scripts.
97This variable can be helpful in diagnosing mistakes when
98editing or integrating new scripts.
99Beware that this produces copious output to the terminal and
100.Xr syslog 3 .
101.It Va rc_info
102.Pq Vt bool
103If set to
104.Dq Li NO ,
105disable informational messages from the rc scripts.
106Informational messages are displayed when
107a condition that is not serious enough to warrant a warning or
108an error occurs.
109.It Va rc_startmsgs
110.Pq Vt bool
111If set to
112.Dq Li YES ,
113show
114.Dq Starting foo:
115when faststart is used (e.g., at boot time).
116.It Va early_late_divider
117.Pq Vt str
118The name of the script that should be used as the
119delimiter between the
120.Dq early
121and
122.Dq late
123stages of the boot process.
124The early stage should contain all the services needed to
125get the disks (local or remote) mounted so that the late
126stage can include scripts contained in the directories
127listed in the
128.Va local_startup
129variable (see below).
130Thus, the two likely candidates for this value are
131.Pa mountcritlocal
132for the typical system, and
133.Pa mountcritremote
134if the system needs remote file
135systems mounted to get access to the
136.Va local_startup
137directories; for example when
138.Pa /usr/local
139is NFS mounted.
140For
141.Pa rc.conf
142within a
143.Xr jail 8
144.Pa NETWORKING
145is likely to be an appropriate value.
146Extreme care should be taken when changing this value,
147and before changing it one should ensure that there are
148adequate provisions to recover from a failed boot
149(such as physical contact with the machine,
150or reliable remote console access).
151.It Va always_force_depends
152.Pq Vt bool
153Various
154.Pa rc.d
155scripts use the force_depend function to check whether required
156services are already running, and to start them if necessary.
157By default during boot time this check is bypassed if the
158required service is enabled in
159.Pa /etc/rc.conf[.local] .
160Setting this option will bypass that check at boot time and
161always test whether or not the service is actually running.
162Enabling this option is likely to increase your boot time if
163services are enabled that utilize the force_depend check.
164.It Ao Ar name Ac Ns Va _chroot
165.Pq Vt str
166.Xr chroot
167to this directory before running the service.
168.It Ao Ar name Ac Ns Va _user
169.Pq Vt str
170Run the service under this user account.
171.It Ao Ar name Ac Ns Va _group
172.Pq Vt str
173Run the chrooted service under this system group. Unlike the _user
174setting, this setting has no effect if the service is not chrooted.
175.It Ao Ar name Ac Ns Va _fib
176.Pq Vt int
177The
178.Xr setfib 1
179value to run the service under.
180.It Ao Ar name Ac Ns Va _nice
181.Pq Vt int
182The
183.Xr nice 1
184value to run the service under.
185.It Va apm_enable
186.Pq Vt bool
187If set to
188.Dq Li YES ,
189enable support for Automatic Power Management with
190the
191.Xr apm 8
192command.
193.It Va apmd_enable
194.Pq Vt bool
195Run
196.Xr apmd 8
197to handle APM event from userland.
198This also enables support for APM.
199.It Va apmd_flags
200.Pq Vt str
201If
202.Va apmd_enable
203is set to
204.Dq Li YES ,
205these are the flags to pass to the
206.Xr apmd 8
207daemon.
208.It Va devd_enable
209.Pq Vt bool
210Run
211.Xr devd 8
212to handle device added, removed or unknown events from the kernel.
213.It Va ddb_enable
214.Pq Vt bool
215Run
216.Xr ddb 8
217to install
218.Xr ddb 4
219scripts at boot time.
220.It Va ddb_config
221.Pq Vt str
222Configuration file for
223.Xr ddb 8 .
224Default
225.Pa /etc/ddb.conf .
226.It Va kld_list
227.Pq Vt str
228A list of kernel modules to load right after the local
229disks are mounted.
230Loading modules at this point in the boot process is
231much faster than doing it via
232.Pa /boot/loader.conf
233for those modules not necessary for mounting local disk.
234.It Va kldxref_enable
235.Pq Vt bool
236Set to
237.Dq Li NO
238by default.
239Set to
240.Dq Li YES
241to automatically rebuild
242.Pa linker.hints
243files with
244.Xr kldxref 8
245at boot time.
246.It Va kldxref_clobber
247.Pq Vt bool
248Set to
249.Dq Li NO
250by default.
251If
252.Va kldxref_enable
253is true,
254setting to
255.Dq Li YES
256will overwrite existing
257.Pa linker.hints
258files at boot time.
259Otherwise,
260only missing
261.Pa linker.hints
262files are generated.
263.It Va kldxref_module_path
264.Pq Vt str
265Empty by default.
266A semi-colon
267.Pq Ql \&;
268delimited list of paths containing
269.Xr kld 4
270modules.
271If empty,
272the contents of the
273.Va kern.module_path
274.Xr sysctl 8
275are used.
276.It Va powerd_enable
277.Pq Vt bool
278If set to
279.Dq Li YES ,
280enable the system power control facility with the
281.Xr powerd 8
282daemon.
283.It Va powerd_flags
284.Pq Vt str
285If
286.Va powerd_enable
287is set to
288.Dq Li YES ,
289these are the flags to pass to the
290.Xr powerd 8
291daemon.
292.It Va tmpmfs
293Controls the creation of a
294.Pa /tmp
295memory file system.
296Always happens if set to
297.Dq Li YES
298and never happens if set to
299.Dq Li NO .
300If set to anything else, a memory file system is created if
301.Pa /tmp
302is not writable.
303.It Va tmpsize
304Controls the size of a created
305.Pa /tmp
306memory file system.
307.It Va tmpmfs_flags
308Extra options passed to the
309.Xr mdmfs 8
310utility when the memory file system for
311.Pa /tmp
312is created.
313The default is
314.Dq Li "-S" ,
315which inhibits the use of softupdates on
316.Pa /tmp
317so that file system space is freed without delay
318after file truncation or deletion.
319See
320.Xr mdmfs 8
321for other options you can use in
322.Va tmpmfs_flags .
323.It Va varmfs
324Controls the creation of a
325.Pa /var
326memory file system.
327Always happens if set to
328.Dq Li YES
329and never happens if set to
330.Dq Li NO .
331If set to anything else, a memory file system is created if
332.Pa /var
333is not writable.
334.It Va varsize
335Controls the size of a created
336.Pa /var
337memory file system.
338.It Va varmfs_flags
339Extra options passed to the
340.Xr mdmfs 8
341utility when the memory file system for
342.Pa /var
343is created.
344The default is
345.Dq Li "-S" ,
346which inhibits the use of softupdates on
347.Pa /var
348so that file system space is freed without delay
349after file truncation or deletion.
350See
351.Xr mdmfs 8
352for other options you can use in
353.Va varmfs_flags .
354.It Va populate_var
355Controls the automatic population of the
356.Pa /var
357file system.
358Always happens if set to
359.Dq Li YES
360and never happens if set to
361.Dq Li NO .
362If set to anything else, a memory file system is created if
363.Pa /var
364is not writable.
365Note that this process requires access to certain commands in
366.Pa /usr
367before
368.Pa /usr
369is mounted on normal systems.
370.It Va cleanvar_enable
371.Pq Vt bool
372Clean the
373.Pa /var
374directory.
375.It Va local_startup
376.Pq Vt str
377List of directories to search for startup script files.
378.It Va script_name_sep
379.Pq Vt str
380The field separator to use for breaking down the list of startup script files
381into individual filenames.
382The default is a space.
383It is not necessary to change this unless there are startup scripts with names
384containing spaces.
385.It Va hostapd_enable
386.Pq Vt bool
387Set to
388.Dq Li YES
389to start
390.Xr hostapd 8
391at system boot time.
392.It Va hostname
393.Pq Vt str
394The fully qualified domain name (FQDN) of this host on the network.
395This should almost certainly be set to something meaningful, even if
396there is no network connection.
397If
398.Xr dhclient 8
399is used to set the hostname via DHCP,
400this variable should be set to an empty string.
401If this value remains unset when the system is done booting
402your console login will display the default hostname of
403.Dq Amnesiac .
404.It Va nisdomainname
405.Pq Vt str
406The NIS domain name of this host, or
407.Dq Li NO
408if NIS is not used.
409.It Va dhclient_program
410.Pq Vt str
411Path to the DHCP client program
412.Pa ( /sbin/dhclient ,
413the
414.Ox
415DHCP client,
416is the default).
417.It Va dhclient_flags
418.Pq Vt str
419Additional flags to pass to the DHCP client program.
420For the
421.Ox
422DHCP client, see the
423.Xr dhclient 8
424manpage for a description of the command line options available.
425.It Va dhclient_flags_ Ns Aq Ar iface
426Additional flags to pass to the DHCP client program running on
427.Ar iface
428only.
429When specified, this variable overrides
430.Va dhclient_flags .
431.It Va background_dhclient
432.Pq Vt bool
433Set to
434.Dq Li YES
435to start the DHCP client in background.
436This can cause trouble with applications depending on
437a working network, but it will provide a faster startup
438in many cases.
439.It Va background_dhclient_ Ns Aq Ar iface
440When specified, this variable overrides the
441.Va background_dhclient
442variable for interface
443.Ar iface
444only.
445.It Va synchronous_dhclient
446.Pq Vt bool
447Set to
448.Dq Li YES
449to start
450.Xr dhclient 8
451synchronously at startup.
452This behavior can be overridden on a per-interface basis by replacing
453the
454.Dq Li DHCP
455keyword in the
456.Va ifconfig_ Ns Aq Ar interface
457variable with
458.Dq Li SYNCDHCP
459or
460.Dq Li NOSYNCDHCP .
461.It Va defaultroute_delay
462.Pq Vt int
463When set to a positive value, wait up to this long after configuring
464DHCP interfaces at startup to give the interfaces time to receive a lease.
465.It Va firewall_enable
466.Pq Vt bool
467Set to
468.Dq Li YES
469to load firewall rules at startup.
470If the kernel was not built with
471.Cd "options IPFIREWALL" ,
472the
473.Pa ipfw.ko
474kernel module will be loaded.
475See also
476.Va ipfilter_enable .
477.It Va firewall_script
478.Pq Vt str
479This variable specifies the full path to the firewall script to run.
480The default is
481.Pa /etc/rc.firewall .
482.It Va firewall_type
483.Pq Vt str
484Names the firewall type from the selection in
485.Pa /etc/rc.firewall ,
486or the file which contains the local firewall ruleset.
487Valid selections from
488.Pa /etc/rc.firewall
489are:
490.Pp
491.Bl -tag -width ".Li simple" -compact
492.It Li open
493unrestricted IP access
494.It Li closed
495all IP services disabled, except via
496.Dq Li lo0
497.It Li client
498basic protection for a workstation
499.It Li simple
500basic protection for a LAN.
501.El
502.Pp
503If a filename is specified, the full path
504must be given.
505.It Va firewall_quiet
506.Pq Vt bool
507Set to
508.Dq Li YES
509to disable the display of firewall rules on the console during boot.
510.It Va firewall_logging
511.Pq Vt bool
512Set to
513.Dq Li YES
514to enable firewall event logging.
515This is equivalent to the
516.Dv IPFIREWALL_VERBOSE
517kernel option.
518.It Va firewall_logif
519.Pq Vt bool
520Set to
521.Dq Li YES
522to create pseudo interface
523.Li ipfw0
524for logging.
525For more details, see
526.Xr ipfw 8
527manual page.
528.It Va firewall_flags
529.Pq Vt str
530Flags passed to
531.Xr ipfw 8
532if
533.Va firewall_type
534specifies a filename.
535.It Va firewall_coscripts
536.Pq Vt str
537List of executables and/or rc scripts to run after firewall starts/stops.
538Default is empty.
539.\" ----- firewall_nat_enable setting --------------------------------
540.It Va firewall_nat_enable
541.Pq Vt bool
542The
543.Xr ipfw 8
544equivalent of
545.Va natd_enable .
546Setting this to
547.Dq Li YES
548enables kernel NAT.
549.Va firewall_enable
550must also be set to
551.Dq Li YES .
552.It Va firewall_nat_interface
553.Pq Vt str
554The
555.Xr ipfw 8
556equivalent of
557.Va natd_interface .
558This is the name of the public interface or IP address on which
559kernel NAT should run.
560.It Va firewall_nat_flags
561.Pq Vt str
562Additional configuration parameters for kernel NAT should be placed here.
563.It Va dummynet_enable
564.Pq Vt bool
565Setting this to
566.Dq Li YES
567will automatically load the
568.Xr dummynet 4
569module if
570.Va firewall_enable
571is also set to
572.Dq Li YES .
573.\" -------------------------------------------------------------------
574.It Va natd_program
575.Pq Vt str
576Path to
577.Xr natd 8 .
578.It Va natd_enable
579.Pq Vt bool
580Set to
581.Dq Li YES
582to enable
583.Xr natd 8 .
584.Va firewall_enable
585must also be set to
586.Dq Li YES ,
587and
588.Xr divert 4
589sockets must be enabled in the kernel.
590If the kernel was not built with
591.Cd "options IPDIVERT" ,
592the
593.Pa ipdivert.ko
594kernel module will be loaded.
595.It Va natd_interface
596.Pq Vt str
597This is the name of the public interface on which
598.Xr natd 8
599should run.
600The interface may be given as an interface name or as an IP address.
601.It Va natd_flags
602.Pq Vt str
603Additional
604.Xr natd 8
605flags should be placed here.
606The
607.Fl n
608or
609.Fl a
610flag is automatically added with the above
611.Va natd_interface
612as an argument.
613.\" ----- ipfilter_enable setting --------------------------------
614.It Va ipfilter_enable
615.Pq Vt bool
616Set to
617.Dq Li NO
618by default.
619Setting this to
620.Dq Li YES
621enables
622.Xr ipf 8
623packet filtering.
624.Pp
625Typical usage will require putting
626.Bd -literal
627ipfilter_enable="YES"
628ipnat_enable="YES"
629ipmon_enable="YES"
630ipfs_enable="YES"
631.Ed
632.Pp
633into
634.Pa /etc/rc.conf
635and editing
636.Pa /etc/ipf.rules
637and
638.Pa /etc/ipnat.rules
639appropriately.
640.Pp
641Note that
642.Va ipfilter_enable
643and
644.Va ipnat_enable
645can be enabled independently.
646.Va ipmon_enable
647and
648.Va ipfs_enable
649both require at least one of
650.Va ipfilter_enable
651and
652.Va ipnat_enable
653to be enabled.
654.Pp
655Having
656.Bd -literal
657options IPFILTER
658options IPFILTER_LOG
659options IPFILTER_DEFAULT_BLOCK
660.Ed
661.Pp
662in the kernel configuration file is a good idea, too.
663.\" ----- ipfilter_program setting ------------------------------
664.It Va ipfilter_program
665.Pq Vt str
666Path to
667.Xr ipf 8
668(default
669.Pa /sbin/ipf ) .
670.\" ----- ipfilter_rules setting --------------------------------
671.It Va ipfilter_rules
672.Pq Vt str
673Set to
674.Pa /etc/ipf.rules
675by default.
676This variable contains the name of the filter rule definition file.
677The file is expected to be readable for the
678.Xr ipf 8
679command to execute.
680.\" ----- ipv6_ipfilter_rules setting ---------------------------
681.It Va ipv6_ipfilter_rules
682.Pq Vt str
683Set to
684.Pa /etc/ipf6.rules
685by default.
686This variable contains the IPv6 filter rule definition file.
687The file is expected to be readable for the
688.Xr ipf 8
689command to execute.
690.\" ----- ipfilter_flags setting --------------------------------
691.It Va ipfilter_flags
692.Pq Vt str
693Empty by default.
694This variable contains flags passed to the
695.Xr ipf 8
696program.
697.\" ----- ipnat_enable setting ----------------------------------
698.It Va ipnat_enable
699.Pq Vt bool
700Set to
701.Dq Li NO
702by default.
703Set it to
704.Dq Li YES
705to enable
706.Xr ipnat 8
707network address translation.
708See
709.Va ipfilter_enable
710for a detailed discussion.
711.\" ----- ipnat_program setting ---------------------------------
712.It Va ipnat_program
713.Pq Vt str
714Path to
715.Xr ipnat 8
716(default
717.Pa /sbin/ipnat ) .
718.\" ----- ipnat_rules setting -----------------------------------
719.It Va ipnat_rules
720.Pq Vt str
721Set to
722.Pa /etc/ipnat.rules
723by default.
724This variable contains the name of the file
725holding the network address translation definition.
726This file is expected to be readable for the
727.Xr ipnat 8
728command to execute.
729.\" ----- ipnat_flags setting -----------------------------------
730.It Va ipnat_flags
731.Pq Vt str
732Empty by default.
733This variable contains flags passed to the
734.Xr ipnat 8
735program.
736.\" ----- ipmon_enable setting ----------------------------------
737.It Va ipmon_enable
738.Pq Vt bool
739Set to
740.Dq Li NO
741by default.
742Set it to
743.Dq Li YES
744to enable
745.Xr ipmon 8
746monitoring (logging
747.Xr ipf 8
748and
749.Xr ipnat 8
750events).
751Setting this variable needs setting
752.Va ipfilter_enable
753or
754.Va ipnat_enable
755too.
756See
757.Va ipfilter_enable
758for a detailed discussion.
759.\" ----- ipmon_program setting ---------------------------------
760.It Va ipmon_program
761.Pq Vt str
762Path to
763.Xr ipmon 8
764(default
765.Pa /sbin/ipmon ) .
766.\" ----- ipmon_flags setting -----------------------------------
767.It Va ipmon_flags
768.Pq Vt str
769Set to
770.Dq Li -Ds
771by default.
772This variable contains flags passed to the
773.Xr ipmon 8
774program.
775Another typical example would be
776.Dq Fl D Pa /var/log/ipflog
777to have
778.Xr ipmon 8
779log directly to a file bypassing
780.Xr syslogd 8 .
781Make sure to adjust
782.Pa /etc/newsyslog.conf
783in such case like this:
784.Bd -literal
785/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
786.Ed
787.\" ----- ipfs_enable setting -----------------------------------
788.It Va ipfs_enable
789.Pq Vt bool
790Set to
791.Dq Li NO
792by default.
793Set it to
794.Dq Li YES
795to enable
796.Xr ipfs 8
797saving the filter and NAT state tables during shutdown
798and reloading them during startup again.
799Setting this variable needs setting
800.Va ipfilter_enable
801or
802.Va ipnat_enable
803to
804.Dq Li YES
805too.
806See
807.Va ipfilter_enable
808for a detailed discussion.
809Note that if
810.Va kern_securelevel
811is set to 3,
812.Va ipfs_enable
813cannot be used
814because the raised securelevel will prevent
815.Xr ipfs 8
816from saving the state tables at shutdown time.
817.\" ----- ipfs_program setting ----------------------------------
818.It Va ipfs_program
819.Pq Vt str
820Path to
821.Xr ipfs 8
822(default
823.Pa /sbin/ipfs ) .
824.\" ----- ipfs_flags setting ------------------------------------
825.It Va ipfs_flags
826.Pq Vt str
827Empty by default.
828This variable contains flags passed to the
829.Xr ipfs 8
830program.
831.\" ----- end of added ipf hook ---------------------------------
832.It Va pf_enable
833.Pq Vt bool
834Set to
835.Dq Li NO
836by default.
837Setting this to
838.Dq Li YES
839enables
840.Xr pf 4
841packet filtering.
842.Pp
843Typical usage will require putting
844.Pp
845.Dl pf_enable="YES"
846.Pp
847into
848.Pa /etc/rc.conf
849and editing
850.Pa /etc/pf.conf
851appropriately.
852Adding
853.Pp
854.Dl "device pf"
855.Pp
856builds support for
857.Xr pf 4
858into the kernel, otherwise the
859kernel module will be loaded.
860.It Va pf_rules
861.Pq Vt str
862Path to
863.Xr pf 4
864ruleset configuration file
865(default
866.Pa /etc/pf.conf ) .
867.It Va pf_program
868.Pq Vt str
869Path to
870.Xr pfctl 8
871(default
872.Pa /sbin/pfctl ) .
873.It Va pf_flags
874.Pq Vt str
875If
876.Va pf_enable
877is set to
878.Dq Li YES ,
879these flags are passed to the
880.Xr pfctl 8
881program when loading the ruleset.
882.It Va pflog_enable
883.Pq Vt bool
884Set to
885.Dq Li NO
886by default.
887Setting this to
888.Dq Li YES
889enables
890.Xr pflogd 8
891which logs packets from the
892.Xr pf 4
893packet filter.
894.It Va pflog_logfile
895.Pq Vt str
896If
897.Va pflog_enable
898is set to
899.Dq Li YES
900this controls where
901.Xr pflogd 8
902stores the logfile
903(default
904.Pa /var/log/pflog ) .
905Check
906.Pa /etc/newsyslog.conf
907to adjust logfile rotation for this.
908.It Va pflog_program
909.Pq Vt str
910Path to
911.Xr pflogd 8
912(default
913.Pa /sbin/pflogd ) .
914.It Va pflog_flags
915.Pq Vt str
916Empty by default.
917This variable contains additional flags passed to the
918.Xr pflogd 8
919program.
920.It Va ftpproxy_enable
921.Pq Vt bool
922Set to
923.Dq Li NO
924by default.
925Setting this to
926.Dq Li YES
927enables
928.Xr ftp-proxy 8
929which supports the
930.Xr pf 4
931packet filter in translating ftp connections.
932.It Va ftpproxy_flags
933.Pq Vt str
934Empty by default.
935This variable contains additional flags passed to the
936.Xr ftp-proxy 8
937program.
938.It Va pfsync_enable
939.Pq Vt bool
940Set to
941.Dq Li NO
942by default.
943Setting this to
944.Dq Li YES
945enables exposing
946.Xr pf 4
947state changes to other hosts over the network by means of
948.Xr pfsync 4 .
949The
950.Va pfsync_syncdev
951variable
952must also be set then.
953.It Va pfsync_syncdev
954.Pq Vt str
955Empty by default.
956This variable specifies the name of the network interface
957.Xr pfsync 4
958should operate through.
959It must be set accordingly if
960.Va pfsync_enable
961is set to
962.Dq Li YES .
963.It Va pfsync_syncpeer
964.Pq Vt str
965Empty by default.
966This variable is optional.
967By default, state change messages are sent out on the synchronisation
968interface using IP multicast packets.
969The protocol is IP protocol 240, PFSYNC, and the multicast group used is
970224.0.0.240.
971When a peer address is specified using the
972.Va pfsync_syncpeer
973option, the peer address is used as a destination for the pfsync
974traffic, and the traffic can then be protected using
975.Xr ipsec 4 .
976See the
977.Xr pfsync 4
978manpage for more details about using
979.Xr ipsec 4
980with
981.Xr pfsync 4
982interfaces.
983.It Va pfsync_ifconfig
984.Pq Vt str
985Empty by default.
986This variable can contain additional options to be passed to the
987.Xr ifconfig 8
988command used to set up
989.Xr pfsync 4 .
990.It Va tcp_extensions
991.Pq Vt bool
992Set to
993.Dq Li YES
994by default.
995Setting this to
996.Dq Li NO
997disables certain TCP options as described by
998.Rs
999.%T "RFC 1323"
1000.Re
1001Setting this to
1002.Dq Li NO
1003might help remedy such problems with connections as randomly hanging
1004or other weird behavior.
1005Some network devices are known
1006to be broken with respect to these options.
1007.It Va log_in_vain
1008.Pq Vt int
1009Set to 0 by default.
1010The
1011.Xr sysctl 8
1012variables,
1013.Va net.inet.tcp.log_in_vain
1014and
1015.Va net.inet.udp.log_in_vain ,
1016as described in
1017.Xr tcp 4
1018and
1019.Xr udp 4 ,
1020are set to the given value.
1021.It Va tcp_keepalive
1022.Pq Vt bool
1023Set to
1024.Dq Li YES
1025by default.
1026Setting to
1027.Dq Li NO
1028will disable probing idle TCP connections to verify that the
1029peer is still up and reachable.
1030.It Va tcp_drop_synfin
1031.Pq Vt bool
1032Set to
1033.Dq Li NO
1034by default.
1035Setting to
1036.Dq Li YES
1037will cause the kernel to ignore TCP frames that have both
1038the SYN and FIN flags set.
1039This prevents OS fingerprinting, but may
1040break some legitimate applications.
1041.It Va icmp_drop_redirect
1042.Pq Vt bool
1043Set to
1044.Dq Li NO
1045by default.
1046Setting to
1047.Dq Li YES
1048will cause the kernel to ignore ICMP REDIRECT packets.
1049Refer to
1050.Xr icmp 4
1051for more information.
1052.It Va icmp_log_redirect
1053.Pq Vt bool
1054Set to
1055.Dq Li NO
1056by default.
1057Setting to
1058.Dq Li YES
1059will cause the kernel to log ICMP REDIRECT packets.
1060Note that
1061the log messages are not rate-limited, so this option should only be used
1062for troubleshooting networks.
1063Refer to
1064.Xr icmp 4
1065for more information.
1066.It Va icmp_bmcastecho
1067.Pq Vt bool
1068Set to
1069.Dq Li YES
1070to respond to broadcast or multicast ICMP ping packets.
1071Refer to
1072.Xr icmp 4
1073for more information.
1074.It Va ip_portrange_first
1075.Pq Vt int
1076If not set to
1077.Dq Li NO ,
1078this is the first port in the default portrange.
1079Refer to
1080.Xr ip 4
1081for more information.
1082.It Va ip_portrange_last
1083.Pq Vt int
1084If not set to
1085.Dq Li NO ,
1086this is the last port in the default portrange.
1087Refer to
1088.Xr ip 4
1089for more information.
1090.It Va network_interfaces
1091.Pq Vt str
1092Set to the list of network interfaces to configure on this host or
1093.Dq Li AUTO
1094(the default) for all current interfaces.
1095Setting the
1096.Va network_interfaces
1097variable to anything other than the default is deprecated.
1098Interfaces that the administrator wishes to store configuration for,
1099but not start at boot should be configured with the
1100.Dq Li NOAUTO
1101keyword in their
1102.Va ifconfig_ Ns Aq Ar interface
1103variables as described below.
1104.Pp
1105An
1106.Va ifconfig_ Ns Aq Ar interface
1107variable is also assumed to exist for each value of
1108.Ar interface .
1109When an interface name contains any of the characters
1110.Dq Li .-/+
1111they are translated to
1112.Dq Li _
1113before lookup.
1114The variable can contain arguments to
1115.Xr ifconfig 8 ,
1116as well as special case-insensitive keywords described below.
1117Such keywords are removed before passing the value to
1118.Xr ifconfig 8
1119while the order of the other arguments is preserved.
1120.Pp
1121It is possible to add IP alias entries using
1122.Xr ifconfig 8
1123syntax with the address family keyword such as
1124.Li inet .
1125Assuming that the interface in question was
1126.Li ed0 ,
1127it might look something like this:
1128.Bd -literal
1129ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1130ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1131.Ed
1132.Pp
1133It also possible to configure multiple IP addresses in Classless
1134Inter-Domain Routing
1135.Pq CIDR
1136address notation,
1137whose each address component can be a range like
1138.Li inet 192.0.2.5-23/24
1139or
1140.Li inet6 2001:db8:1-f::1/64 .
1141This notation allows address and prefix length part only,
1142not the other address modifiers.
1143.Pp
1144In the case of
1145.Li 192.0.2.5-23/24 ,
1146the address 192.0.2.5 will be configured with the
1147netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1148the non-conflicting netmask /32 as explained in the
1149.Xr ifconfig 8
1150alias section.
1151Note that this special netmask handling is only for
1152.Li inet ,
1153not for the other address families such as
1154.Li inet6 .
1155.Pp
1156With the interface in question being
1157.Li ed0 ,
1158an example could look like:
1159.Bd -literal
1160ifconfig_ed0_alias2="inet 192.0.2.129/27"
1161ifconfig_ed0_alias3="inet 192.0.2.1-5/28"
1162.Ed
1163.Pp
1164and so on.
1165.Pp
1166Note that
1167.Va ipv4_addrs_ Ns Aq Ar interface
1168variable was supported for IPv4 CIDR address notation.
1169It is now deprecated because the functionality was integrated into
1170.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1171though
1172.Va ipv4_addrs_ Ns Aq Ar interface
1173is still supported for backward compatibility.
1174.Pp
1175For each
1176.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1177entry with an address family keyword,
1178its contents are passed to
1179.Xr ifconfig 8 .
1180Execution stops at the first unsuccessful access, so if
1181something like this is present:
1182.Bd -literal
1183ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1184ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1185ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1186ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1187.Ed
1188.Pp
1189Then note that alias4 would
1190.Em not
1191be added since the search would
1192stop with the missing
1193.Dq Li alias3
1194entry.
1195Because of this difficult to manage behavior,
1196there is
1197.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1198variable, which has the same functionality as
1199.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1200and can have all of entries in a variable like the following:
1201.Bd -literal
1202ifconfig_ed0_aliases="\\
1203 inet 127.0.0.251 netmask 0xffffffff \\
1204 inet 127.0.0.252 netmask 0xffffffff \\
1205 inet 127.0.0.253 netmask 0xffffffff \\
1206 inet 127.0.0.254 netmask 0xffffffff"
1207.Ed
1208.Pp
1209It also supports CIDR notation.
1210.Pp
1211If the
1212.Pa /etc/start_if. Ns Aq Ar interface
1213file is present, it is read and executed by the
1214.Xr sh 1
1215interpreter
1216before configuring the interface as specified in the
1217.Va ifconfig_ Ns Aq Ar interface
1218and
1219.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1220variables.
1221.Pp
1222If a
1223.Va vlans_ Ns Aq Ar interface
1224variable is set,
1225a
1226.Xr vlan 4
1227interface will be created for each item in the list with the
1228.Ar vlandev
1229argument set to
1230.Ar interface .
1231If a vlan interface's name is a number,
1232then that number is used as the vlan tag and the new vlan interface is
1233named
1234.Ar interface . Ns Ar tag .
1235Otherwise,
1236the vlan tag must be specified via a
1237.Va vlan
1238parameter in the
1239.Va create_args_ Ns Aq Ar interface
1240variable.
1241.Pp
1242To create a vlan device named
1243.Li em0.101
1244on
1245.Li em0
1246with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1247.Bd -literal
1248vlans_em0="101"
1249ifconfig_em0_101="inet 192.0.2.1/24"
1250.Ed
1251.Pp
1252To create a vlan device named
1253.Li myvlan
1254on
1255.Li em0
1256with the vlan tag 102:
1257.Bd -literal
1258vlans_em0="myvlan"
1259create_args_myvlan="vlan 102"
1260.Ed
1261.Pp
1262If a
1263.Va wlans_ Ns Aq Ar interface
1264variable is set,
1265an
1266.Xr wlan 4
1267interface will be created for each item in the list with the
1268.Ar wlandev
1269argument set to
1270.Ar interface .
1271Further wlan cloning arguments may be passed to the
1272.Xr ifconfig 8
1273.Cm create
1274command by setting the
1275.Va create_args_ Ns Aq Ar interface
1276variable.
1277One or more
1278.Xr wlan 4
1279devices must be created for each wireless devices as of
1280.Fx 8.0 .
1281Debugging flags for
1282.Xr wlan 4
1283devices as set by
1284.Xr wlandebug 8
1285may be specified with an
1286.Va wlandebug_ Ns Aq Ar interface
1287variable.
1288The contents of this variable will be passed directly to
1289.Xr wlandebug 8 .
1290.Pp
1291If the
1292.Va ifconfig_ Ns Aq Ar interface
1293contains the keyword
1294.Dq Li NOAUTO
1295then the interface will not be configured
1296at boot or by
1297.Pa /etc/pccard_ether
1298when
1299.Va network_interfaces
1300is set to
1301.Dq Li AUTO .
1302.Pp
1303It is possible to bring up an interface with DHCP by adding
1304.Dq Li DHCP
1305to the
1306.Va ifconfig_ Ns Aq Ar interface
1307variable.
1308For instance, to initialize the
1309.Li ed0
1310device via DHCP,
1311it is possible to use something like:
1312.Bd -literal
1313ifconfig_ed0="DHCP"
1314.Ed
1315.Pp
1316If you want to configure your wireless interface with
1317.Xr wpa_supplicant 8
1318for use with WPA, EAP/LEAP or WEP, you need to add
1319.Dq Li WPA
1320to the
1321.Va ifconfig_ Ns Aq Ar interface
1322variable.
1323.Pp
1324On the other hand, if you want to configure your wireless interface with
1325.Xr hostapd 8 ,
1326you need to add
1327.Dq Li HOSTAP
1328to the
1329.Va ifconfig_ Ns Aq Ar interface
1330variable.
1331.Xr hostapd 8
1332will use the settings from
1333.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1334.Pp
1335Finally, you can add
1336.Xr ifconfig 8
1337options in this variable, in addition to the
1338.Pa /etc/start_if. Ns Aq Ar interface
1339file.
1340For instance, to configure an
1341.Xr ath 4
1342wireless device in station mode with an address obtained
1343via DHCP, using WPA authentication and 802.11b mode, it is
1344possible to use something like:
1345.Bd -literal
1346wlans_ath0="wlan0"
1347ifconfig_wlan0="DHCP WPA mode 11b"
1348.Ed
1349.Pp
1350In addition to the
1351.Va ifconfig_ Ns Aq Ar interface
1352form, a fallback variable
1353.Va ifconfig_DEFAULT
1354may be configured.
1355It will be used for all interfaces with no
1356.Va ifconfig_ Ns Aq Ar interface
1357variable.
1358This is intended to replace the no longer supported
1359.Va pccard_ifconfig
1360variable.
1361.Pp
1362It is also possible to rename an interface by doing:
1363.Bd -literal
1364ifconfig_ed0_name="net0"
1365ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1366.Ed
1367.It Va ipv6_enable
1368.Pq Vt bool
1369This variable is deprecated.
1370Use
1371.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1372and
1373.Va ipv6_activate_all_interfaces
1374if necessary.
1375.Pp
1376If the variable is
1377.Dq Li YES ,
1378.Dq Li inet6 accept_rtadv
1379is added to all of
1380.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1381and the
1382.Va ipv6_activate_all_interfaces
1383is defined as
1384.Dq Li YES .
1385.It Va ipv6_prefer
1386.Pq Vt bool
1387This variable is deprecated.
1388Use
1389.Va ip6addrctl_policy
1390instead.
1391.Pp
1392If the variable is
1393.Dq Li YES ,
1394the default address selection policy table set by
1395.Xr ip6addrctl 8
1396will be IPv6-preferred.
1397.Pp
1398If the variable is
1399.Dq Li NO ,
1400the default address selection policy table set by
1401.Xr ip6addrctl 8
1402will be IPv4-preferred.
1403.It Va ipv6_activate_all_interfaces
1404.Pq Vt bool
1405This controls initial configuration on IPv6-capable
1406interfaces with no corresponding
1407.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1408variable.
1409Note that it is not always necessary to set this variable to
1410.Dq YES
1411to use IPv6 functionality on
1412.Fx .
1413In most cases, just configuring
1414.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1415variables works.
1416.Pp
1417If the variable is
1418.Dq Li NO ,
1419all interfaces which do not have a corresponding
1420.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1421variable will be marked as
1422.Dq Li IFDISABLED
1423at creation.
1424This means that all of IPv6 functionality on that interface
1425is completely disabled to enforce a security policy.
1426If the variable is set to
1427.Dq YES ,
1428the flag will be cleared on all of the interfaces.
1429.Pp
1430In most cases, just defining an
1431.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1432for an IPv6-capable interface should be sufficient.
1433However, if an interface is added dynamically
1434.Pq by some tunneling protocols such as PPP, for example ,
1435it is often difficult to define the variable in advance.
1436In such a case, configuring the
1437.Dq Li IFDISABLED
1438flag can be disabled by setting this variable to
1439.Dq YES .
1440.Pp
1441For more details of the
1442.Dq Li IFDISABLED
1443flag and keywords
1444.Dq Li inet6 ifdisabled ,
1445see
1446.Xr ifconfig 8 .
1447.Pp
1448Default is
1449.Dq Li NO .
1450.It Va ipv6_privacy
1451.Pq Vt bool
1452If the variable is
1453.Dq Li YES
1454privacy addresses will be generated for each IPv6
1455interface as described in RFC 4941.
1456.It Va ipv6_network_interfaces
1457.Pq Vt str
1458This is the IPv6 equivalent of
1459.Va network_interfaces .
1460Normally manual configuration of this variable is not needed.
1461.Pp
1462.It Va ipv6_cpe_wanif
1463.Pq Vt str
1464If the variable is set to an interface name,
1465the
1466.Xr ifconfig 8
1467options
1468.Dq inet6 -no_radr accept_rtadv
1469will be added to the specified interface automatically before evaluating
1470.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1471and two
1472.Xr sysctl 8
1473variables
1474.Va net.inet6.ip6.rfc6204w3
1475and
1476.Va net.inet6.ip6.no_radr
1477will be set to 1.
1478.Pp
1479This means the specified interface will accept ICMPv6 Router
1480Advertisement messages on that link and add the discovered
1481routers into the Default Router List.
1482While the other interfaces can still accept RA messages if the
1483.Dq inet6 accept_rtadv
1484option is specified, adding
1485routes into the Default Router List will be disabled by
1486.Dq inet6 no_radr
1487option by default.
1488See
1489.Xr ifconfig 8
1490for more details.
1491.Pp
1492Note that ICMPv6 Router Advertisement messages will be
1493accepted even when
1494.Va net.inet6.ip6.forwarding
1495is 1
1496.Pq packet forwarding is enabled
1497when
1498.Va net.inet6.ip6.rfc6204w3
1499is set to 1.
1500.Pp
1501Default is
1502.Dq Li NO .
1503.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1504.Pq Vt str
1505IPv6 functionality on an interface should be configured by
1506.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1507instead of setting ifconfig parameters in
1508.Va ifconfig_ Ns Aq Ar interface .
1509If this variable is empty, all of IPv6 configurations on the
1510specified interface by other variables such as
1511.Va ipv6_prefix_ Ns Ao Ar interface Ac
1512will be ignored.
1513.Pp
1514Aliases should be set by
1515.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1516with
1517.Dq Li inet6
1518keyword.
1519For example:
1520.Bd -literal
1521ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1522ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1523.Ed
1524.Pp
1525Interfaces that have an
1526.Dq Li inet6 accept_rtadv
1527keyword in
1528.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1529setting will be automatically configured by SLAAC
1530.Pq StateLess Address AutoConfiguration
1531described in
1532.Rs
1533.%T "RFC 4862"
1534.Re
1535.Pp
1536Note that a link-local address will be automatically configured in
1537addition to the configured global-scope addresses because the IPv6
1538specifications require it on each link.
1539The address is calculated from the MAC address by using an algorithm
1540defined in
1541.Rs
1542.%T "RFC 4862"
1543.%O "Section 5.3"
1544.Re
1545.Pp
1546If only a link-local address is needed on the interface,
1547the following configuration can be used:
1548.Bd -literal
1549ifconfig_ed0_ipv6="inet6 auto_linklocal"
1550.Ed
1551.Pp
1552A link-local address can also be configured manually.
1553This is useful for the default router address of an IPv6 router
1554so that it does not change when the network interface
1555card is replaced.
1556For example:
1557.Bd -literal
1558ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64"
1559.Ed
1560.It Va ipv6_prefix_ Ns Aq Ar interface
1561.Pq Vt str
1562If one or more prefixes are defined in
1563.Va ipv6_prefix_ Ns Aq Ar interface
1564addresses based on each prefix and the EUI-64 interface index will be
1565configured on that interface.
1566Note that this variable will be ignored when
1567.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1568is empty.
1569.Pp
1570For example, the following configuration
1571.Bd -literal
1572ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0"
1573.Ed
1574.Pp
1575is equivalent to the following:
1576.Bd -literal
1577ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1578ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1579ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1580ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1581.Ed
1582.Pp
1583These Subnet-Router anycast addresses will be added only when
1584.Va ipv6_gateway_enable
1585is YES.
1586.It Va ipv6_default_interface
1587.Pq Vt str
1588If not set to
1589.Dq Li NO ,
1590this is the default output interface for scoped addresses.
1591This works only with ipv6_gateway_enable="NO".
1592.It Va ip6addrctl_enable
1593.Pq Vt bool
1594This variable is to enable configuring default address selection policy table
1595.Pq RFC 3484 .
1596The table can be specified in another variable
1597.Va ip6addrctl_policy .
1598For
1599.Va ip6addrctl_policy
1600the following keywords can be specified:
1601.Dq Li ipv4_prefer ,
1602.Dq Li ipv6_prefer ,
1603or
1604.Dq Li AUTO .
1605.Pp
1606If
1607.Dq Li ipv4_prefer
1608or
1609.Dq Li ipv6_prefer
1610is specified,
1611.Xr ip6addrctl 8
1612installs a pre-defined policy table described in Section 2.1
1613.Pq IPv6-preferred
1614or 10.3
1615.Pq IPv4-preferred
1616of RFC 3484.
1617.Pp
1618If
1619.Dq Li AUTO
1620is specified, it attempts to read a file
1621.Pa /etc/ip6addrctl.conf
1622first.
1623If this file is found,
1624.Xr ip6addrctl 8
1625reads and installs it.
1626If not found, a policy is automatically set
1627according to
1628.Va ipv6_activate_all_interfaces
1629variable; if the variable is set to
1630.Dq Li YES
1631the IPv6-preferred one is used.
1632Otherwise IPv4-preferred.
1633.Pp
1634The default value of
1635.Va ip6addrctl_enable
1636and
1637.Va ip6addrctl_policy
1638are
1639.Dq Li YES
1640and
1641.Dq Li AUTO ,
1642respectively.
1643.It Va cloned_interfaces
1644.Pq Vt str
1645Set to the list of clonable network interfaces to create on this host.
1646Further cloning arguments may be passed to the
1647.Xr ifconfig 8
1648.Cm create
1649command for each interface by setting the
1650.Va create_args_ Ns Aq Ar interface
1651variable.
1652If an interface name is specified with
1653.Dq :sticky
1654keyword,
1655the interface will not be destroyed even when
1656.Pa rc.d/netif
1657script is invoked with
1658.Dq stop
1659argument.
1660This is useful when reconfiguring the interface without destroying it.
1661Entries in
1662.Va cloned_interfaces
1663are automatically appended to
1664.Va network_interfaces
1665for configuration.
1666.It Va cloned_interfaces_sticky
1667.Pq Vt bool
1668This variable is to globally enable functionality of
1669.Dq :sticky
1670keyword in
1671.Va cloned_interfaces
1672for all interfaces.
1673The default value is
1674.Dq NO .
1675Even if this variable is specified to
1676.Dq YES ,
1677.Dq :nosticky
1678keyword can be used to override it on per interface basis.
1679.It Va fec_interfaces
1680.Pq Vt str
1681Set to the list of
1682.Xr ng_fec 4
1683Fast EtherChannel interfaces to configure on this host.
1684A
1685.Va fecconfig_ Ns Aq Ar interface
1686variable is assumed to exist for each value of
1687.Ar interface .
1688The value of this variable is used to configure link aggregated interfaces
1689according to the syntax of the
1690.Cm NGM_FEC_ADD_IFACE
1691to
1692.Xr ngctl 8
1693msg.
1694Additionally, this option ensures that each listed interface is created
1695via the
1696.Cm mkpeer
1697command to
1698.Xr ngctl 8
1699before attempting to configure it.
1700For example:
1701.Bd -literal
1702fec_interfaces="fec0"
1703fecconfig_fec0="em0 em1"
1704ifconfig_fec0="DHCP"
1705.Ed
1706.It Va gif_interfaces
1707.Pq Vt str
1708This variable is deprecated in favor of
1709.Va cloned_interfaces .
1710Set to the list of
1711.Xr gif 4
1712tunnel interfaces to configure on this host.
1713A
1714.Va gifconfig_ Ns Aq Ar interface
1715variable is assumed to exist for each value of
1716.Ar interface .
1717The value of this variable is used to configure the link layer of the
1718tunnel according to the syntax of the
1719.Cm tunnel
1720option to
1721.Xr ifconfig 8 .
1722Additionally, this option ensures that each listed interface is created
1723via the
1724.Cm create
1725option to
1726.Xr ifconfig 8
1727before attempting to configure it.
1728.It Va sppp_interfaces
1729.Pq Vt str
1730Set to the list of
1731.Xr sppp 4
1732interfaces to configure on this host.
1733A
1734.Va spppconfig_ Ns Aq Ar interface
1735variable is assumed to exist for each value of
1736.Ar interface .
1737Each interface should also be configured by a general
1738.Va ifconfig_ Ns Aq Ar interface
1739setting.
1740Refer to
1741.Xr spppcontrol 8
1742for more information about available options.
1743.It Va ppp_enable
1744.Pq Vt bool
1745If set to
1746.Dq Li YES ,
1747run the
1748.Xr ppp 8
1749daemon.
1750.It Va ppp_profile
1751.Pq Vt str
1752The name of the profile to use from
1753.Pa /etc/ppp/ppp.conf .
1754Also used for per-profile overrides of
1755.Va ppp_mode
1756and
1757.Va ppp_nat ,
1758and
1759.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1760When the profile name contains any of the characters
1761.Dq Li .-/+
1762they are translated to
1763.Dq Li _
1764for the proposes of the override variable names.
1765.It Va ppp_mode
1766.Pq Vt str
1767Mode in which to run the
1768.Xr ppp 8
1769daemon.
1770.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1771.Pq Vt str
1772Overrides the global
1773.Va ppp_mode
1774for
1775.Ar profile .
1776Accepted modes are
1777.Dq Li auto ,
1778.Dq Li ddial ,
1779.Dq Li direct
1780and
1781.Dq Li dedicated .
1782See the manual for a full description.
1783.It Va ppp_nat
1784.Pq Vt bool
1785If set to
1786.Dq Li YES ,
1787enables network address translation.
1788Used in conjunction with
1789.Va gateway_enable
1790allows hosts on private network addresses access to the Internet using
1791this host as a network address translating router.
1792.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1793.Pq Vt str
1794Overrides the global
1795.Va ppp_nat
1796for
1797.Ar profile .
1798.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1799.Pq Vt int
1800Set the unit number to be used for this profile.
1801See the manual description of
1802.Fl unit Ns Ar N
1803for details.
1804.It Va ppp_user
1805.Pq Vt str
1806The name of the user under which
1807.Xr ppp 8
1808should be started.
1809By
1810default,
1811.Xr ppp 8
1812is started as
1813.Dq Li root .
1814.It Va rc_conf_files
1815.Pq Vt str
1816This option is used to specify a list of files that will override
1817the settings in
1818.Pa /etc/defaults/rc.conf .
1819The files will be read in the order in which they are specified and should
1820include the full path to the file.
1821By default, the files specified are
1822.Pa /etc/rc.conf
1823and
1824.Pa /etc/rc.conf.local
1825.It Va zfs_enable
1826.Pq Vt bool
1827If set to
1828.Dq Li YES ,
1829.Pa /etc/rc.d/zfs
1830will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1831(ZVOLs).
1832.It Va gptboot_enable
1833.Pq Vt bool
1834If set to
1835.Dq Li YES ,
1836.Pa /etc/rc.d/gptboot
1837will log if the system successfully (or not) booted from a GPT partition,
1838which had the
1839.Ar bootonce
1840attribute set using
1841.Xr gpart 8
1842utility.
1843.It Va gbde_autoattach_all
1844.Pq Vt bool
1845If set to
1846.Dq Li YES ,
1847.Pa /etc/rc.d/gbde
1848will attempt to automatically initialize your .bde devices in
1849.Pa /etc/fstab .
1850.It Va gbde_devices
1851.Pq Vt str
1852List the devices that the script should try to attach,
1853or
1854.Dq Li AUTO .
1855.It Va gbde_lockdir
1856.Pq Vt str
1857The directory where the
1858.Xr gbde 4
1859lockfiles are located.
1860The default lockfile directory is
1861.Pa /etc .
1862.Pp
1863The lockfile for each individual
1864.Xr gbde 4
1865device can be overridden by setting the variable
1866.Va gbde_lock_ Ns Aq Ar device ,
1867where
1868.Ar device
1869is the encrypted device without the
1870.Dq Pa /dev/
1871and
1872.Dq Pa .bde
1873parts.
1874.It Va gbde_attach_attempts
1875.Pq Vt int
1876Number of times to attempt attaching to a
1877.Xr gbde 4
1878device, i.e., how many times the user is asked for the pass-phrase.
1879Default is 3.
1880.It Va geli_devices
1881.Pq Vt str
1882List of devices to automatically attach on boot.
1883Note that .eli devices from
1884.Pa /etc/fstab
1885are automatically appended to this list.
1886.It Va geli_tries
1887.Pq Vt int
1888Number of times user is asked for the pass-phrase.
1889If empty, it will be taken from
1890.Va kern.geom.eli.tries
1891sysctl variable.
1892.It Va geli_default_flags
1893.Pq Vt str
1894Default flags to use by
1895.Xr geli 8
1896when configuring disk encryption.
1897Flags can be configured for every device separately by defining
1898.Va geli_ Ns Ao Ar device Ac Ns Va _flags
1899variable.
1900.It Va geli_autodetach
1901.Pq Vt str
1902Specifies if GELI devices should be marked for detach on last close after
1903file systems are mounted.
1904Default is
1905.Dq Li YES .
1906This can be changed for every device separately by defining
1907.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1908variable.
1909.It Va root_rw_mount
1910.Pq Vt bool
1911Set to
1912.Dq Li YES
1913by default.
1914After the file systems are checked at boot time, the root file system
1915is remounted as read-write if this is set to
1916.Dq Li YES .
1917Diskless systems that mount their root file system from a read-only remote
1918NFS share should set this to
1919.Dq Li NO
1920in their
1921.Pa rc.conf .
1922.It Va fsck_y_enable
1923.Pq Vt bool
1924If set to
1925.Dq Li YES ,
1926.Xr fsck 8
1927will be run with the
1928.Fl y
1929flag if the initial preen
1930of the file systems fails.
1931.It Va background_fsck
1932.Pq Vt bool
1933If set to
1934.Dq Li YES ,
1935the system will attempt to run
1936.Xr fsck 8
1937in the background where possible.
1938.It Va background_fsck_delay
1939.Pq Vt int
1940The amount of time in seconds to sleep before starting a background
1941.Xr fsck 8 .
1942It defaults to sixty seconds to allow large applications such as
1943the X server to start before disk I/O bandwidth is monopolized by
1944.Xr fsck 8 .
1945If set to a negative number, the background file system check will be
1946delayed indefinitely to allow the administrator to run it at a more
1947convenient time.
1948For example it may be run from
1949.Xr cron 8
1950by adding a line like
1951.Pp
1952.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
1953.Pp
1954to
1955.Pa /etc/crontab .
1956.It Va netfs_types
1957.Pq Vt str
1958List of file system types that are network-based.
1959This list should generally not be modified by end users.
1960Use
1961.Va extra_netfs_types
1962instead.
1963.It Va extra_netfs_types
1964.Pq Vt str
1965If set to something other than
1966.Dq Li NO
1967(the default),
1968this variable extends the list of file system types
1969for which automatic mounting at startup by
1970.Xr rc 8
1971should be delayed until the network is initialized.
1972It should contain
1973a whitespace-separated list of network file system descriptor pairs,
1974each consisting of a file system type as passed to
1975.Xr mount 8
1976and a human-readable, one-word description,
1977joined with a colon
1978.Pq Ql \&: .
1979Extending the default list in this way is only necessary
1980when third party file system types are used.
1981.It Va syslogd_enable
1982.Pq Vt bool
1983If set to
1984.Dq Li YES ,
1985run the
1986.Xr syslogd 8
1987daemon.
1988.It Va syslogd_program
1989.Pq Vt str
1990Path to
1991.Xr syslogd 8
1992(default
1993.Pa /usr/sbin/syslogd ) .
1994.It Va syslogd_flags
1995.Pq Vt str
1996If
1997.Va syslogd_enable
1998is set to
1999.Dq Li YES ,
2000these are the flags to pass to
2001.Xr syslogd 8 .
2002.It Va inetd_enable
2003.Pq Vt bool
2004If set to
2005.Dq Li YES ,
2006run the
2007.Xr inetd 8
2008daemon.
2009.It Va inetd_program
2010.Pq Vt str
2011Path to
2012.Xr inetd 8
2013(default
2014.Pa /usr/sbin/inetd ) .
2015.It Va inetd_flags
2016.Pq Vt str
2017If
2018.Va inetd_enable
2019is set to
2020.Dq Li YES ,
2021these are the flags to pass to
2022.Xr inetd 8 .
2023.It Va hastd_enable
2024.Pq Vt bool
2025If set to
2026.Dq Li YES ,
2027run the
2028.Xr hastd 8
2029daemon.
2030.It Va hastd_program
2031.Pq Vt str
2032Path to
2033.Xr hastd 8
2034(default
2035.Pa /sbin/hastd ) .
2036.It Va hastd_flags
2037.Pq Vt str
2038If
2039.Va hastd_enable
2040is set to
2041.Dq Li YES ,
2042these are the flags to pass to
2043.Xr hastd 8 .
2044.It Va local_unbound_enable
2045.Pq Vt bool
2046If set to
2047.Dq Li YES ,
2048run the
2049.Xr unbound 8
2050daemon as a local caching resolver.
2051.It Va named_enable
2052.Pq Vt bool
2053If set to
2054.Dq Li YES ,
2055run the
2056.Xr named 8
2057daemon.
2058.It Va named_program
2059.Pq Vt str
2060Path to
2061.Xr named 8
2062(default
2063.Pa /usr/sbin/named ) .
2064.It Va named_conf
2065.Pq Vt str
2066Path to
2067.Xr named 8
2068configuration file, (default
2069.Pa /etc/namedb/named.conf ) .
2070.It Va named_flags
2071.Pq Vt str
2072If
2073.Va named_enable
2074is set to
2075.Dq Li YES ,
2076these are the flags to pass to
2077.Xr named 8 .
2078.It Va named_uid
2079.Pq Vt str
2080The user that the
2081.Xr named 8
2082process should be run as.
2083.It Va named_chrootdir
2084.Pq Vt str
2085The root directory for a name server run in a
2086.Xr chroot 8
2087environment (default
2088.Pa /var/named ) .
2089If left empty
2090.Xr named 8
2091will not be run in a
2092.Xr chroot 8
2093environment.
2094.It Va named_chroot_autoupdate
2095.Pq Vt bool
2096Set to
2097.Dq Li NO
2098to disable automatic update of the
2099.Xr chroot 8
2100environment.
2101.It Va named_symlink_enable
2102.Pq Vt bool
2103Set to
2104.Dq Li NO
2105to disable symlinking of
2106daemon's PID file
2107into the
2108.Xr chroot 8
2109environment.
2110.It Va named_wait
2111.Pq Vt bool
2112Set to have
2113.Pa /etc/rc.d/named
2114loop until working name service is established.
2115.It Va named_wait_host
2116.Pq Vt str
2117Name of host to lookup for the named_wait option.
2118(Default localhost)
2119.It Va named_auto_forward
2120.Pq Vt bool
2121Set to enable automatic creation of a forwarder
2122configuration file derived from
2123.Pa /etc/resolv.conf .
2124.It Va named_auto_forward_only
2125.Pq Vt bool
2126Set to change the default forwarder configuration from
2127.Dq forward first
2128to
2129.Dq forward only .
2130.It Va kerberos5_server_enable
2131.Pq Vt bool
2132Set to
2133.Dq Li YES
2134to start a Kerberos 5 authentication server
2135at boot time.
2136.It Va kerberos5_server
2137.Pq Vt str
2138If
2139.Va kerberos5_server_enable
2140is set to
2141.Dq Li YES
2142this is the path to Kerberos 5 Authentication Server.
2143.It Va kerberos5_server_flags
2144.Pq Vt str
2145Empty by default.
2146This variable contains additional flags to be passed to the Kerberos 5
2147authentication server.
2148.It Va kadmind5_server_enable
2149.Pq Vt bool
2150Set to
2151.Dq Li YES
2152to start
2153.Xr kadmind 8 ,
2154the Kerberos 5 Administration Daemon; set to
2155.Dq Li NO
2156on a slave server.
2157.It Va kadmind5_server
2158.Pq Vt str
2159If
2160.Va kadmind5_server_enable
2161is set to
2162.Dq Li YES
2163this is the path to Kerberos 5 Administration Daemon.
2164.It Va kpasswdd_server_enable
2165.Pq Vt bool
2166Set to
2167.Dq Li YES
2168to start
2169.Xr kpasswdd 8 ,
2170the Kerberos 5 Password-Changing Daemon; set to
2171.Dq Li NO
2172on a slave server.
2173.It Va kpasswdd_server
2174.Pq Vt str
2175If
2176.Va kpasswdd_server_enable
2177is set to
2178.Dq Li YES
2179this is the path to Kerberos 5 Password-Changing Daemon.
2180.It Va kfd_enable
2181.Pq Vt bool
2182Set to
2183.Dq Li YES
2184to start
2185.Xr kfd 8 ,
2186the Kerberos 5 ticket forwarding daemon, at the boot time.
2187.It Va kfd_program
2188.Pq Vt str
2189Path to
2190.Xr kfd 8
2191(default
2192.Pa /usr/libexec/kfd ) .
2193.It Va rwhod_enable
2194.Pq Vt bool
2195If set to
2196.Dq Li YES ,
2197run the
2198.Xr rwhod 8
2199daemon at boot time.
2200.It Va rwhod_flags
2201.Pq Vt str
2202If
2203.Va rwhod_enable
2204is set to
2205.Dq Li YES ,
2206these are the flags to pass to it.
2207.It Va amd_enable
2208.Pq Vt bool
2209If set to
2210.Dq Li YES ,
2211run the
2212.Xr amd 8
2213daemon at boot time.
2214.It Va amd_flags
2215.Pq Vt str
2216If
2217.Va amd_enable
2218is set to
2219.Dq Li YES ,
2220these are the flags to pass to it.
2221See the
2222.Xr amd 8
2223manpage for more information.
2224.It Va amd_map_program
2225.Pq Vt str
2226If set,
2227the specified program is run to get the list of
2228.Xr amd 8
2229maps.
2230For example, if the
2231.Xr amd 8
2232maps are stored in NIS, one can set this to
2233run
2234.Xr ypcat 1
2235to get a list of
2236.Xr amd 8
2237maps from the
2238.Pa amd.master
2239NIS map.
2240.It Va update_motd
2241.Pq Vt bool
2242If set to
2243.Dq Li YES ,
2244.Pa /etc/motd
2245will be updated at boot time to reflect the kernel release
2246being run.
2247If set to
2248.Dq Li NO ,
2249.Pa /etc/motd
2250will not be updated.
2251.It Va nfs_client_enable
2252.Pq Vt bool
2253If set to
2254.Dq Li YES ,
2255run the NFS client daemons at boot time.
2256.It Va nfs_access_cache
2257.Pq Vt int
2258If
2259.Va nfs_client_enable
2260is set to
2261.Dq Li YES ,
2262this can be set to
2263.Dq Li 0
2264to disable NFS ACCESS RPC caching, or to the number of seconds for which
2265NFS ACCESS
2266results should be cached.
2267A value of 2-10 seconds will substantially reduce network
2268traffic for many NFS operations.
2269.It Va nfs_server_enable
2270.Pq Vt bool
2271If set to
2272.Dq Li YES ,
2273run the NFS server daemons at boot time.
2274.It Va nfs_server_flags
2275.Pq Vt str
2276If
2277.Va nfs_server_enable
2278is set to
2279.Dq Li YES ,
2280these are the flags to pass to the
2281.Xr nfsd 8
2282daemon.
2283.It Va nfsv4_server_enable
2284.Pq Vt bool
2285If
2286.Va nfs_server_enable
2287is set to
2288.Dq Li YES
2289and
2290.Va nfsv4_server_enable
2291are set to
2292.Dq Li YES ,
2293enable the server for NFSv4 as well as NFSv2 and NFSv3.
2294.It Va nfsuserd_enable
2295.Pq Vt bool
2296If
2297.Va nfsuserd_enable
2298is set to
2299.Dq Li YES ,
2300run the nfsuserd daemon, which is needed for NFSv4 in order
2301to map between user/group names vs uid/gid numbers.
2302If
2303.Va nfsv4_server_enable
2304is set to
2305.Dq Li YES ,
2306this will be forced enabled.
2307.It Va nfsuserd_flags
2308.Pq Vt str
2309If
2310.Va nfsuserd_enable
2311is set to
2312.Dq Li YES ,
2313these are the flags to pass to the
2314.Xr nfsuserd 8
2315daemon.
2316.It Va nfscbd_enable
2317.Pq Vt bool
2318If
2319.Va nfscbd_enable
2320is set to
2321.Dq Li YES ,
2322run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2323.It Va nfscbd_flags
2324.Pq Vt str
2325If
2326.Va nfscbd_enable
2327is set to
2328.Dq Li YES ,
2329these are the flags to pass to the
2330.Xr nfscbd 8
2331daemon.
2332.It Va oldnfs_server_enable
2333.Pq Vt bool
2334If
2335.Va oldnfs_server_enable
2336is set to
2337.Dq Li YES ,
2338force the NFS server daemons to run the old NFS server code
2339that does not support NFSv4.
2340.It Va mountd_enable
2341.Pq Vt bool
2342If set to
2343.Dq Li YES ,
2344and no
2345.Va nfs_server_enable
2346is set, start
2347.Xr mountd 8 ,
2348but not
2349.Xr nfsd 8
2350daemon.
2351It is commonly needed to run CFS without real NFS used.
2352.It Va mountd_flags
2353.Pq Vt str
2354If
2355.Va mountd_enable
2356is set to
2357.Dq Li YES ,
2358these are the flags to pass to the
2359.Xr mountd 8
2360daemon.
2361.It Va weak_mountd_authentication
2362.Pq Vt bool
2363If set to
2364.Dq Li YES ,
2365allow services like PCNFSD to make non-privileged mount
2366requests.
2367.It Va nfs_reserved_port_only
2368.Pq Vt bool
2369If set to
2370.Dq Li YES ,
2371provide NFS services only on a secure port.
2372.It Va nfs_bufpackets
2373.Pq Vt int
2374If set to a number, indicates the number of packets worth of
2375socket buffer space to reserve on an NFS client.
2376The kernel default is typically 4.
2377Using a higher number may be
2378useful on gigabit networks to improve performance.
2379The minimum value is
23802 and the maximum is 64.
2381.It Va rpc_lockd_enable
2382.Pq Vt bool
2383If set to
2384.Dq Li YES
2385and also an NFS server or client, run
2386.Xr rpc.lockd 8
2387at boot time.
2388.It Va rpc_lockd_flags
2389.Pq Vt str
2390If
2391.Va rpc_lockd_enable
2392is set to
2393.Dq Li YES ,
2394these are the flags to pass to the
2395.Xr rpc.lockd 8
2396daemon.
2397.It Va rpc_statd_enable
2398.Pq Vt bool
2399If set to
2400.Dq Li YES
2401and also an NFS server or client, run
2402.Xr rpc.statd 8
2403at boot time.
2404.It Va rpc_statd_flags
2405.Pq Vt str
2406If
2407.Va rpc_statd_enable
2408is set to
2409.Dq Li YES ,
2410these are the flags to pass to the
2411.Xr rpc.statd 8
2412daemon.
2413.It Va rpcbind_program
2414.Pq Vt str
2415Path to
2416.Xr rpcbind 8
2417(default
2418.Pa /usr/sbin/rpcbind ) .
2419.It Va rpcbind_enable
2420.Pq Vt bool
2421If set to
2422.Dq Li YES ,
2423run the
2424.Xr rpcbind 8
2425service at boot time.
2426.It Va rpcbind_flags
2427.Pq Vt str
2428If
2429.Va rpcbind_enable
2430is set to
2431.Dq Li YES ,
2432these are the flags to pass to the
2433.Xr rpcbind 8
2434daemon.
2435.It Va keyserv_enable
2436.Pq Vt bool
2437If set to
2438.Dq Li YES ,
2439run the
2440.Xr keyserv 8
2441daemon on boot for running Secure RPC.
2442.It Va keyserv_flags
2443.Pq Vt str
2444If
2445.Va keyserv_enable
2446is set to
2447.Dq Li YES ,
2448these are the flags to pass to
2449.Xr keyserv 8
2450daemon.
2451.It Va pppoed_enable
2452.Pq Vt bool
2453If set to
2454.Dq Li YES ,
2455run the
2456.Xr pppoed 8
2457daemon at boot time to provide PPP over Ethernet services.
2458.It Va pppoed_ Ns Aq Ar provider
2459.Pq Vt str
2460.Xr pppoed 8
2461listens to requests to this
2462.Ar provider
2463and ultimately runs
2464.Xr ppp 8
2465with a
2466.Ar system
2467argument of the same name.
2468.It Va pppoed_flags
2469.Pq Vt str
2470Additional flags to pass to
2471.Xr pppoed 8 .
2472.It Va pppoed_interface
2473.Pq Vt str
2474The network interface to run
2475.Xr pppoed 8
2476on.
2477This is mandatory when
2478.Va pppoed_enable
2479is set to
2480.Dq Li YES .
2481.It Va timed_enable
2482.Pq Vt bool
2483If set to
2484.Dq Li YES ,
2485run the
2486.Xr timed 8
2487service at boot time.
2488This command is intended for networks of
2489machines where a consistent
2490.Dq "network time"
2491for all hosts must be established.
2492This is often useful in large NFS
2493environments where time stamps on files are expected to be consistent
2494network-wide.
2495.It Va timed_flags
2496.Pq Vt str
2497If
2498.Va timed_enable
2499is set to
2500.Dq Li YES ,
2501these are the flags to pass to the
2502.Xr timed 8
2503service.
2504.It Va ntpdate_enable
2505.Pq Vt bool
2506If set to
2507.Dq Li YES ,
2508run
2509.Xr ntpdate 8
2510at system startup.
2511This command is intended to
2512synchronize the system clock only
2513.Em once
2514from some standard reference.
2515.It Va ntpdate_config
2516.Pq Vt str
2517Configuration file for
2518.Xr ntpdate 8 .
2519Default
2520.Pa /etc/ntp.conf .
2521.It Va ntpdate_hosts
2522.Pq Vt str
2523A whitespace-separated list of NTP servers to synchronize with at startup.
2524The default is to use the servers listed in
2525.Va ntpdate_config ,
2526if that file exists.
2527.It Va ntpdate_program
2528.Pq Vt str
2529Path to
2530.Xr ntpdate 8
2531(default
2532.Pa /usr/sbin/ntpdate ) .
2533.It Va ntpdate_flags
2534.Pq Vt str
2535If
2536.Va ntpdate_enable
2537is set to
2538.Dq Li YES ,
2539these are the flags to pass to the
2540.Xr ntpdate 8
2541command (typically a hostname).
2542.It Va ntpd_enable
2543.Pq Vt bool
2544If set to
2545.Dq Li YES ,
2546run the
2547.Xr ntpd 8
2548command at boot time.
2549.It Va ntpd_program
2550.Pq Vt str
2551Path to
2552.Xr ntpd 8
2553(default
2554.Pa /usr/sbin/ntpd ) .
2555.It Va ntpd_config
2556.Pq Vt str
2557Path to
2558.Xr ntpd 8
2559configuration file.
2560Default
2561.Pa /etc/ntp.conf .
2562.It Va ntpd_flags
2563.Pq Vt str
2564If
2565.Va ntpd_enable
2566is set to
2567.Dq Li YES ,
2568these are the flags to pass to the
2569.Xr ntpd 8
2570daemon.
2571.It Va ntpd_sync_on_start
2572.Pq Vt bool
2573If set to
2574.Dq Li YES ,
2575.Xr ntpd 8
2576is run with the
2577.Fl g
2578flag, which syncs the system's clock on startup.
2579See
2580.Xr ntpd 8
2581for more information regarding the
2582.Fl g
2583option.
2584This is a preferred alternative to using
2585.Xr ntpdate 8
2586or specifying the
2587.Va ntpdate_enable
2588variable.
2589.It Va nis_client_enable
2590.Pq Vt bool
2591If set to
2592.Dq Li YES ,
2593run the
2594.Xr ypbind 8
2595service at system boot time.
2596.It Va nis_client_flags
2597.Pq Vt str
2598If
2599.Va nis_client_enable
2600is set to
2601.Dq Li YES ,
2602these are the flags to pass to the
2603.Xr ypbind 8
2604service.
2605.It Va nis_ypset_enable
2606.Pq Vt bool
2607If set to
2608.Dq Li YES ,
2609run the
2610.Xr ypset 8
2611daemon at system boot time.
2612.It Va nis_ypset_flags
2613.Pq Vt str
2614If
2615.Va nis_ypset_enable
2616is set to
2617.Dq Li YES ,
2618these are the flags to pass to the
2619.Xr ypset 8
2620daemon.
2621.It Va nis_server_enable
2622.Pq Vt bool
2623If set to
2624.Dq Li YES ,
2625run the
2626.Xr ypserv 8
2627daemon at system boot time.
2628.It Va nis_server_flags
2629.Pq Vt str
2630If
2631.Va nis_server_enable
2632is set to
2633.Dq Li YES ,
2634these are the flags to pass to the
2635.Xr ypserv 8
2636daemon.
2637.It Va nis_ypxfrd_enable
2638.Pq Vt bool
2639If set to
2640.Dq Li YES ,
2641run the
2642.Xr rpc.ypxfrd 8
2643daemon at system boot time.
2644.It Va nis_ypxfrd_flags
2645.Pq Vt str
2646If
2647.Va nis_ypxfrd_enable
2648is set to
2649.Dq Li YES ,
2650these are the flags to pass to the
2651.Xr rpc.ypxfrd 8
2652daemon.
2653.It Va nis_yppasswdd_enable
2654.Pq Vt bool
2655If set to
2656.Dq Li YES ,
2657run the
2658.Xr rpc.yppasswdd 8
2659daemon at system boot time.
2660.It Va nis_yppasswdd_flags
2661.Pq Vt str
2662If
2663.Va nis_yppasswdd_enable
2664is set to
2665.Dq Li YES ,
2666these are the flags to pass to the
2667.Xr rpc.yppasswdd 8
2668daemon.
2669.It Va rpc_ypupdated_enable
2670.Pq Vt bool
2671If set to
2672.Dq Li YES ,
2673run the
2674.Nm rpc.ypupdated
2675daemon at system boot time.
2676.It Va bsnmpd_enable
2677.Pq Vt bool
2678If set to
2679.Dq Li YES ,
2680run the
2681.Xr bsnmpd 1
2682daemon at system boot time.
2683Be sure to understand the security implications of running SNMP daemon
2684on your host.
2685.It Va bsnmpd_flags
2686.Pq Vt str
2687If
2688.Va bsnmpd_enable
2689is set to
2690.Dq Li YES ,
2691these are the flags to pass to the
2692.Xr bsnmpd 1
2693daemon.
2694.It Va defaultrouter
2695.Pq Vt str
2696If not set to
2697.Dq Li NO ,
2698create a default route to this host name or IP address
2699(use an IP address if this router is also required to get to the
2700name server!).
2701.It Va ipv6_defaultrouter
2702.Pq Vt str
2703The IPv6 equivalent of
2704.Va defaultrouter .
2705.It Va static_arp_pairs
2706.Pq Vt str
2707Set to the list of static ARP pairs that are to be added at system
2708boot time.
2709For each whitespace separated
2710.Ar element
2711in the value, a
2712.Va static_arp_ Ns Aq Ar element
2713variable is assumed to exist whose contents will later be passed to a
2714.Dq Nm arp Cm -S
2715operation.
2716For example
2717.Bd -literal
2718static_arp_pairs="gw"
2719static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2720.Ed
2721.It Va static_ndp_pairs
2722.Pq Vt str
2723Set to the list of static NDP pairs that are to be added at system
2724boot time.
2725For each whitespace separated
2726.Ar element
2727in the value, a
2728.Va static_ndp_ Ns Aq Ar element
2729variable is assumed to exist whose contents will later be passed to a
2730.Dq Nm ndp Cm -s
2731operation.
2732For example
2733.Bd -literal
2734static_ndp_pairs="gw"
2735static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2736.Ed
2737.It Va static_routes
2738.Pq Vt str
2739Set to the list of static routes that are to be added at system
2740boot time.
2741If not set to
2742.Dq Li NO
2743then for each whitespace separated
2744.Ar element
2745in the value, a
2746.Va route_ Ns Aq Ar element
2747variable is assumed to exist
2748whose contents will later be passed to a
2749.Dq Nm route Cm add
2750operation.
2751For example:
2752.Bd -literal
2753static_routes="ext mcast:gif0 gif0local:gif0"
2754route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2755route_mcast="-net 224.0.0.0/4 -iface gif0"
2756route_gif0local="-host 169.254.1.1 -iface lo0"
2757.Ed
2758.Pp
2759When an
2760.Ar element
2761is in the form of
2762.Li name:ifname ,
2763the route is specific to the interface
2764.Li ifname .
2765.It Va ipv6_static_routes
2766.Pq Vt str
2767The IPv6 equivalent of
2768.Va static_routes .
2769If not set to
2770.Dq Li NO
2771then for each whitespace separated
2772.Ar element
2773in the value, a
2774.Va ipv6_route_ Ns Aq Ar element
2775variable is assumed to exist
2776whose contents will later be passed to a
2777.Dq Nm route Cm add Fl inet6
2778operation.
2779.It Va natm_static_routes
2780.Pq Vt str
2781The
2782.Xr natmip 4
2783equivalent of
2784.Va static_routes .
2785If not empty then for each whitespace separated
2786.Ar element
2787in the value, a
2788.Va route_ Ns Aq Ar element
2789variable is assumed to exist whose contents will later be passed to a
2790.Dq Nm atmconfig Cm natm Cm add
2791operation.
2792.It Va gateway_enable
2793.Pq Vt bool
2794If set to
2795.Dq Li YES ,
2796configure host to act as an IP router, e.g.\& to forward packets
2797between interfaces.
2798.It Va ipv6_gateway_enable
2799.Pq Vt bool
2800The IPv6 equivalent of
2801.Va gateway_enable .
2802.It Va routed_enable
2803.Pq Vt bool
2804If set to
2805.Dq Li YES ,
2806run a routing daemon of some sort, based on the
2807settings of
2808.Va routed_program
2809and
2810.Va routed_flags .
2811.It Va route6d_enable
2812.Pq Vt bool
2813The IPv6 equivalent of
2814.Va routed_enable .
2815If set to
2816.Dq Li YES ,
2817run a routing daemon of some sort, based on the
2818settings of
2819.Va route6d_program
2820and
2821.Va route6d_flags .
2822.It Va routed_program
2823.Pq Vt str
2824If
2825.Va routed_enable
2826is set to
2827.Dq Li YES ,
2828this is the name of the routing daemon to use.
2829.It Va route6d_program
2830.Pq Vt str
2831The IPv6 equivalent of
2832.Va routed_program .
2833.It Va routed_flags
2834.Pq Vt str
2835If
2836.Va routed_enable
2837is set to
2838.Dq Li YES ,
2839these are the flags to pass to the routing daemon.
2840.It Va route6d_flags
2841.Pq Vt str
2842The IPv6 equivalent of
2843.Va routed_flags .
2844.It Va mrouted_enable
2845.Pq Vt bool
2846If set to
2847.Dq Li YES ,
2848run the multicast routing daemon,
2849.Xr mrouted 8 .
2850.It Va mroute6d_enable
2851.Pq Vt bool
2852The IPv6 equivalent of
2853.Va mrouted_enable .
2854If set to
2855.Dq Li YES ,
2856run the IPv6 multicast routing daemon.
2857.Pp
2858Note that multicast routing daemons are no longer included in the
2859.Fx
2860base system, however, both
2861.Xr mrouted 8
2862and
2863.Xr pim6dd 8
2864may be installed from the
2865.Fx
2866Ports Collection.
2867.It Va mrouted_flags
2868.Pq Vt str
2869If
2870.Va mrouted_enable
2871is set to
2872.Dq Li YES ,
2873these are the flags to pass to the
2874.Xr mrouted 8
2875daemon.
2876.It Va mroute6d_flags
2877.Pq Vt str
2878The IPv6 equivalent of
2879.Va mrouted_flags .
2880If
2881.Va mroute6d_enable
2882is set to
2883.Dq Li YES ,
2884these are the flags passed to the IPv6 multicast routing daemon.
2885.It Va mroute6d_program
2886.Pq Vt str
2887If
2888.Va mroute6d_enable
2889is set to
2890.Dq Li YES ,
2891this is the path to the IPv6 multicast routing daemon.
2892.It Va rtadvd_enable
2893.Pq Vt bool
2894If set to
2895.Dq Li YES ,
2896run the
2897.Xr rtadvd 8
2898daemon at boot time.
2899The
2900.Xr rtadvd 8
2901utility sends ICMPv6 Router Advertisement messages to
2902the interfaces specified in
2903.Va rtadvd_interfaces .
2904This should only be enabled with great care.
2905You may want to fine-tune
2906.Xr rtadvd.conf 5 .
2907.It Va rtadvd_interfaces
2908.Pq Vt str
2909If
2910.Va rtadvd_enable
2911is set to
2912.Dq Li YES
2913this is the list of interfaces to use.
2914.It Va ipxgateway_enable
2915.Pq Vt bool
2916If set to
2917.Dq Li YES ,
2918enable the routing of IPX traffic.
2919.It Va ipxrouted_enable
2920.Pq Vt bool
2921If set to
2922.Dq Li YES ,
2923run the
2924.Xr IPXrouted 8
2925daemon at system boot time.
2926.It Va ipxrouted_flags
2927.Pq Vt str
2928If
2929.Va ipxrouted_enable
2930is set to
2931.Dq Li YES ,
2932these are the flags to pass to the
2933.Xr IPXrouted 8
2934daemon.
2935.It Va arpproxy_all
2936.Pq Vt bool
2937If set to
2938.Dq Li YES ,
2939enable global proxy ARP.
2940.It Va forward_sourceroute
2941.Pq Vt bool
2942If set to
2943.Dq Li YES
2944and
2945.Va gateway_enable
2946is also set to
2947.Dq Li YES ,
2948source-routed packets are forwarded.
2949.It Va accept_sourceroute
2950.Pq Vt bool
2951If set to
2952.Dq Li YES ,
2953the system will accept source-routed packets directed at it.
2954.It Va rarpd_enable
2955.Pq Vt bool
2956If set to
2957.Dq Li YES ,
2958run the
2959.Xr rarpd 8
2960daemon at system boot time.
2961.It Va rarpd_flags
2962.Pq Vt str
2963If
2964.Va rarpd_enable
2965is set to
2966.Dq Li YES ,
2967these are the flags to pass to the
2968.Xr rarpd 8
2969daemon.
2970.It Va bootparamd_enable
2971.Pq Vt bool
2972If set to
2973.Dq Li YES ,
2974run the
2975.Xr bootparamd 8
2976daemon at system boot time.
2977.It Va bootparamd_flags
2978.Pq Vt str
2979If
2980.Va bootparamd_enable
2981is set to
2982.Dq Li YES ,
2983these are the flags to pass to the
2984.Xr bootparamd 8
2985daemon.
2986.It Va stf_interface_ipv4addr
2987.Pq Vt str
2988If not set to
2989.Dq Li NO ,
2990this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2991interface).
2992Specify this entry to enable the 6to4 interface.
2993.It Va stf_interface_ipv4plen
2994.Pq Vt int
2995Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2996An effective value is 0-31.
2997.It Va stf_interface_ipv6_ifid
2998.Pq Vt str
2999IPv6 interface ID for
3000.Xr stf 4 .
3001This can be set to
3002.Dq Li AUTO .
3003.It Va stf_interface_ipv6_slaid
3004.Pq Vt str
3005IPv6 Site Level Aggregator for
3006.Xr stf 4 .
3007.It Va ipv6_faith_prefix
3008.Pq Vt str
3009If not set to
3010.Dq Li NO ,
3011this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
3012translator.
3013You also need
3014.Xr faithd 8
3015setup.
3016.It Va ipv6_ipv4mapping
3017.Pq Vt bool
3018If set to
3019.Dq Li YES
3020this enables IPv4 mapped IPv6 address communication (like
3021.Li ::ffff:a.b.c.d ) .
3022.It Va rtsold_enable
3023.Pq Vt bool
3024Set to
3025.Dq Li YES
3026to enable the
3027.Xr rtsold 8
3028daemon to send ICMPv6 Router Solicitation messages.
3029.It Va rtsold_flags
3030.Pq Vt str
3031If
3032.Va rtsold_enable
3033is set to
3034.Dq Li YES ,
3035these are the flags to pass to
3036.Xr rtsold 8 .
3037.It Va rtsol_flags
3038.Pq Vt str
3039For interfaces configured with the
3040.Dq Li inet6 accept_rtadv
3041keyword, these are the flags to pass to
3042.Xr rtsol 8 .
3043.Pp
3044Note that
3045.Va rtsold_enable
3046is mutually exclusive to
3047.Va rtsol_flags ;
3048.Va rtsold_enable
3049takes precedence.
3050.It Va atm_enable
3051.Pq Vt bool
3052Set to
3053.Dq Li YES
3054to enable the configuration of ATM interfaces at system boot time.
3055For all of the ATM variables described below, please refer to the
3056.Xr atm 8
3057manual page for further details on the available command parameters.
3058Also refer to the files in
3059.Pa /usr/share/examples/atm
3060for more detailed configuration information.
3061.It Va atm_load
3062.Pq Vt str
3063This is a list of physical ATM interface drivers to load.
3064Typical values are
3065.Dq Li hfa_pci
3066and/or
3067.Dq Li hea_pci .
3068.It Va atm_netif_ Ns Aq Ar intf
3069.Pq Vt str
3070For the ATM physical interface
3071.Ar intf ,
3072this variable defines the name prefix and count for the ATM network
3073interfaces to be created.
3074The value will be passed as the parameters of an
3075.Dq Nm atm Cm "set netif" Ar intf
3076command.
3077.It Va atm_sigmgr_ Ns Aq Ar intf
3078.Pq Vt str
3079For the ATM physical interface
3080.Ar intf ,
3081this variable defines the ATM signalling manager to be used.
3082The value will be passed as the parameters of an
3083.Dq Nm atm Cm attach Ar intf
3084command.
3085.It Va atm_prefix_ Ns Aq Ar intf
3086.Pq Vt str
3087For the ATM physical interface
3088.Ar intf ,
3089this variable defines the NSAP prefix for interfaces using a UNI signalling
3090manager.
3091If set to
3092.Dq Li ILMI ,
3093the prefix will automatically be set via the
3094.Xr ilmid 8
3095daemon.
3096Otherwise, the value will be passed as the parameters of an
3097.Dq Nm atm Cm "set prefix" Ar intf
3098command.
3099.It Va atm_macaddr_ Ns Aq Ar intf
3100.Pq Vt str
3101For the ATM physical interface
3102.Ar intf ,
3103this variable defines the MAC address for interfaces using a UNI signalling
3104manager.
3105If set to
3106.Dq Li NO ,
3107the hardware MAC address contained in the ATM interface card will be used.
3108Otherwise, the value will be passed as the parameters of an
3109.Dq Nm atm Cm "set mac" Ar intf
3110command.
3111.It Va atm_arpserver_ Ns Aq Ar netif
3112.Pq Vt str
3113For the ATM network interface
3114.Ar netif ,
3115this variable defines the ATM address for a host which is to provide ATMARP
3116service.
3117This variable is only applicable to interfaces using a UNI signalling
3118manager.
3119If set to
3120.Dq Li local ,
3121this host will become an ATMARP server.
3122The value will be passed as the parameters of an
3123.Dq Nm atm Cm "set arpserver" Ar netif
3124command.
3125.It Va atm_scsparp_ Ns Aq Ar netif
3126.Pq Vt bool
3127If set to
3128.Dq Li YES ,
3129SCSP/ATMARP service for the network interface
3130.Ar netif
3131will be initiated using the
3132.Xr scspd 8
3133and
3134.Xr atmarpd 8
3135daemons.
3136This variable is only applicable if
3137.Va atm_arpserver_ Ns Aq Ar netif
3138is set to
3139.Dq Li local .
3140.It Va atm_pvcs
3141.Pq Vt str
3142Set to the list of ATM PVCs to be added at system
3143boot time.
3144For each whitespace separated
3145.Ar element
3146in the value, an
3147.Va atm_pvc_ Ns Aq Ar element
3148variable is assumed to exist.
3149The value of each of these variables
3150will be passed as the parameters of an
3151.Dq Nm atm Cm "add pvc"
3152command.
3153.It Va atm_arps
3154.Pq Vt str
3155Set to the list of permanent ATM ARP entries to be added
3156at system boot time.
3157For each whitespace separated
3158.Ar element
3159in the value, an
3160.Va atm_arp_ Ns Aq Ar element
3161variable is assumed to exist.
3162The value of each of these variables
3163will be passed as the parameters of an
3164.Dq Nm atm Cm "add arp"
3165command.
3166.It Va natm_interfaces
3167.Pq Vt str
3168Set to the list of
3169.Xr natm 4
3170interfaces that will also be used for HARP through
3171.Xr harp 4 .
3172If this list is not empty all interfaces in the list will be brought up
3173with
3174.Xr ifconfig 8
3175and
3176.Xr harp 4
3177will be loaded.
3178For this to work the interface drivers must be either compiled into the
3179kernel or must reside on the root partition.
3180.It Va keybell
3181.Pq Vt str
3182The keyboard bell sound.
3183Set to
3184.Dq Li normal ,
3185.Dq Li visual ,
3186.Dq Li off ,
3187or
3188.Dq Li NO
3189if the default behavior is desired.
3190For details, refer to the
3191.Xr kbdcontrol 1
3192manpage.
3193.It Va keyboard
3194.Pq Vt str
3195If set to a non-null string, the virtual console's keyboard input is
3196set to this device.
3197.It Va keymap
3198.Pq Vt str
3199If set to
3200.Dq Li NO ,
3201no keymap is installed, otherwise the value is used to install
3202the keymap file in
3203.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
3204.It Va keyrate
3205.Pq Vt str
3206The keyboard repeat speed.
3207Set to
3208.Dq Li slow ,
3209.Dq Li normal ,
3210.Dq Li fast ,
3211or
3212.Dq Li NO
3213if the default behavior is desired.
3214.It Va keychange
3215.Pq Vt str
3216If not set to
3217.Dq Li NO ,
3218attempt to program the function keys with the value.
3219The value should
3220be a single string of the form:
3221.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3222.It Va cursor
3223.Pq Vt str
3224Can be set to the value of
3225.Dq Li normal ,
3226.Dq Li blink ,
3227.Dq Li destructive ,
3228or
3229.Dq Li NO
3230to set the cursor behavior explicitly or choose the default behavior.
3231.It Va scrnmap
3232.Pq Vt str
3233If set to
3234.Dq Li NO ,
3235no screen map is installed, otherwise the value is used to install
3236the screen map file in
3237.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3238.It Va font8x16
3239.Pq Vt str
3240If set to
3241.Dq Li NO ,
3242the default 8x16 font value is used for screen size requests, otherwise
3243the value in
3244.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3245is used.
3246.It Va font8x14
3247.Pq Vt str
3248If set to
3249.Dq Li NO ,
3250the default 8x14 font value is used for screen size requests, otherwise
3251the value in
3252.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3253is used.
3254.It Va font8x8
3255.Pq Vt str
3256If set to
3257.Dq Li NO ,
3258the default 8x8 font value is used for screen size requests, otherwise
3259the value in
3260.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3261is used.
3262.It Va blanktime
3263.Pq Vt int
3264If set to
3265.Dq Li NO ,
3266the default screen blanking interval is used, otherwise it is set
3267to
3268.Ar value
3269seconds.
3270.It Va saver
3271.Pq Vt str
3272If not set to
3273.Dq Li NO ,
3274this is the actual screen saver to use
3275.Li ( blank , snake , daemon ,
3276etc).
3277.It Va moused_nondefault_enable
3278.Pq Vt str
3279If set to
3280.Dq Li NO ,
3281the mouse device specified on
3282the command line is not automatically treated as enabled by the
3283.Pa /etc/rc.d/moused
3284script.
3285Having this variable set to
3286.Dq Li YES
3287allows a
3288.Xr usb 4
3289mouse,
3290for example,
3291to be enabled as soon as it is plugged in.
3292.It Va moused_enable
3293.Pq Vt str
3294If set to
3295.Dq Li YES ,
3296the
3297.Xr moused 8
3298daemon is started for doing cut/paste selection on the console.
3299.It Va moused_type
3300.Pq Vt str
3301This is the protocol type of the mouse connected to this host.
3302This variable must be set if
3303.Va moused_enable
3304is set to
3305.Dq Li YES .
3306The
3307.Xr moused 8
3308daemon
3309is able to detect the appropriate mouse type automatically in many cases.
3310Set this variable to
3311.Dq Li auto
3312to let the daemon detect it, or
3313select one from the following list if the automatic detection fails.
3314.Pp
3315If the mouse is attached to the PS/2 mouse port, choose
3316.Dq Li auto
3317or
3318.Dq Li ps/2 ,
3319regardless of the brand and model of the mouse.
3320Likewise, if the
3321mouse is attached to the bus mouse port, choose
3322.Dq Li auto
3323or
3324.Dq Li busmouse .
3325All other protocols are for serial mice and will not work with
3326the PS/2 and bus mice.
3327If this is a USB mouse,
3328.Dq Li auto
3329is the only protocol type which will work.
3330.Pp
3331.Bl -tag -width ".Li x10mouseremote" -compact
3332.It Li microsoft
3333Microsoft mouse (serial)
3334.It Li intellimouse
3335Microsoft IntelliMouse (serial)
3336.It Li mousesystems
3337Mouse systems Corp.\& mouse (serial)
3338.It Li mmseries
3339MM Series mouse (serial)
3340.It Li logitech
3341Logitech mouse (serial)
3342.It Li busmouse
3343A bus mouse
3344.It Li mouseman
3345Logitech MouseMan and TrackMan (serial)
3346.It Li glidepoint
3347ALPS GlidePoint (serial)
3348.It Li thinkingmouse
3349Kensington ThinkingMouse (serial)
3350.It Li ps/2
3351PS/2 mouse
3352.It Li mmhittab
3353MM HitTablet (serial)
3354.It Li x10mouseremote
3355X10 MouseRemote (serial)
3356.It Li versapad
3357Interlink VersaPad (serial)
3358.El
3359.Pp
3360Even if the mouse is not in the above list, it may be compatible
3361with one in the list.
3362Refer to the manual page for
3363.Xr moused 8
3364for compatibility information.
3365.Pp
3366It should also be noted that while this is enabled, any
3367other client of the mouse (such as an X server) should access
3368the mouse through the virtual mouse device,
3369.Pa /dev/sysmouse ,
3370and configure it as a
3371.Dq Li sysmouse
3372type mouse, since all
3373mouse data is converted to this single canonical format when
3374using
3375.Xr moused 8 .
3376If the client program does not support the
3377.Dq Li sysmouse
3378type,
3379specify the
3380.Dq Li mousesystems
3381type.
3382It is the second preferred type.
3383.It Va moused_port
3384.Pq Vt str
3385If
3386.Va moused_enable
3387is set to
3388.Dq Li YES ,
3389this is the actual port the mouse is on.
3390It might be
3391.Pa /dev/cuau0
3392for a COM1 serial mouse,
3393.Pa /dev/psm0
3394for a PS/2 mouse or
3395.Pa /dev/mse0
3396for a bus mouse, for example.
3397.It Va moused_flags
3398.Pq Vt str
3399If
3400.Va moused_flags
3401is set, its value is used as an additional set of flags to pass to the
3402.Xr moused 8
3403daemon.
3404.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3405When
3406.Va moused_nondefault_enable
3407is enabled, and a
3408.Xr moused 8
3409daemon is started for a non-default port, the
3410.Va "moused_" Ns Ar XXX Ns Va "_flags"
3411set of options has precedence over and replaces the default
3412.Va moused_flags
3413(where
3414.Ar XXX
3415is the name of the non-default port, i.e.,\&
3416.Ar ums0 ) .
3417By setting
3418.Va "moused_" Ns Ar XXX Ns Va "_flags"
3419it is possible to set up a different set of default flags for each
3420.Xr moused 8
3421instance.
3422For example, you can use
3423.Dq Li "-3"
3424for the default
3425.Va moused_flags
3426to make your laptop's touchpad more comfortable to use,
3427but an empty set of options for
3428.Va moused_ums0_flags
3429when your
3430.Xr usb 4
3431mouse has three or more buttons.
3432.It Va mousechar_start
3433.Pq Vt int
3434If set to
3435.Dq Li NO ,
3436the default mouse cursor character range
3437.Li 0xd0 Ns - Ns Li 0xd3
3438is used,
3439otherwise the range start is set
3440to
3441.Ar value
3442character, see
3443.Xr vidcontrol 1 .
3444Use if the default range is occupied in the language code table.
3445.It Va allscreens_flags
3446.Pq Vt str
3447If set,
3448.Xr vidcontrol 1
3449is run with these options for each of the virtual terminals
3450.Pq Pa /dev/ttyv* .
3451For example,
3452.Dq Fl m Cm on
3453will enable the mouse pointer on all virtual terminals
3454if
3455.Va moused_enable
3456is set to
3457.Dq Li YES .
3458.It Va allscreens_kbdflags
3459.Pq Vt str
3460If set,
3461.Xr kbdcontrol 1
3462is run with these options for each of the virtual terminals
3463.Pq Pa /dev/ttyv* .
3464For example,
3465.Dq Fl h Li 200
3466will set the
3467.Xr syscons 4
3468scrollback (history) buffer to 200 lines.
3469.It Va cron_enable
3470.Pq Vt bool
3471If set to
3472.Dq Li YES ,
3473run the
3474.Xr cron 8
3475daemon at system boot time.
3476.It Va cron_program
3477.Pq Vt str
3478Path to
3479.Xr cron 8
3480(default
3481.Pa /usr/sbin/cron ) .
3482.It Va cron_flags
3483.Pq Vt str
3484If
3485.Va cron_enable
3486is set to
3487.Dq Li YES ,
3488these are the flags to pass to
3489.Xr cron 8 .
3490.It Va cron_dst
3491.Pq Vt bool
3492If set to
3493.Dq Li YES ,
3494enable the special handling of transitions to and from the
3495Daylight Saving Time in
3496.Xr cron 8
3497(equivalent to using the flag
3498.Fl s ) .
3499.It Va lpd_program
3500.Pq Vt str
3501Path to
3502.Xr lpd 8
3503(default
3504.Pa /usr/sbin/lpd ) .
3505.It Va lpd_enable
3506.Pq Vt bool
3507If set to
3508.Dq Li YES ,
3509run the
3510.Xr lpd 8
3511daemon at system boot time.
3512.It Va lpd_flags
3513.Pq Vt str
3514If
3515.Va lpd_enable
3516is set to
3517.Dq Li YES ,
3518these are the flags to pass to the
3519.Xr lpd 8
3520daemon.
3521.It Va chkprintcap_enable
3522.Pq Vt bool
3523If set to
3524.Dq Li YES ,
3525run the
3526.Xr chkprintcap 8
3527command before starting the
3528.Xr lpd 8
3529daemon.
3530.It Va chkprintcap_flags
3531.Pq Vt str
3532If
3533.Va lpd_enable
3534and
3535.Va chkprintcap_enable
3536are set to
3537.Dq Li YES ,
3538these are the flags to pass to the
3539.Xr chkprintcap 8
3540program.
3541The default is
3542.Dq Li -d ,
3543which causes missing directories to be created.
3544.It Va mta_start_script
3545.Pq Vt str
3546This variable specifies the full path to the script to run to start
3547a mail transfer agent.
3548The default is
3549.Pa /etc/rc.sendmail .
3550The
3551.Va sendmail_*
3552variables which
3553.Pa /etc/rc.sendmail
3554uses are documented in the
3555.Xr rc.sendmail 8
3556manual page.
3557.It Va dumpdev
3558.Pq Vt str
3559Indicates the device (usually a swap partition) to which a crash dump
3560should be written in the event of a system crash.
3561If the value of this variable is
3562.Dq Li AUTO ,
3563the first suitable swap device listed in
3564.Pa /etc/fstab
3565will be used as dump device.
3566Otherwise, the value of this variable is passed as the argument to
3567.Xr dumpon 8 .
3568To disable crash dumps, set this variable to
3569.Dq Li NO .
3570.It Va dumpdir
3571.Pq Vt str
3572When the system reboots after a crash and a crash dump is found on the
3573device specified by the
3574.Va dumpdev
3575variable,
3576.Xr savecore 8
3577will save that crash dump and a copy of the kernel to the directory
3578specified by the
3579.Va dumpdir
3580variable.
3581The default value is
3582.Pa /var/crash .
3583Set to
3584.Dq Li NO
3585to not run
3586.Xr savecore 8
3587at boot time when
3588.Va dumpdir
3589is set.
3590.It Va savecore_flags
3591.Pq Vt str
3592If crash dumps are enabled, these are the flags to pass to the
3593.Xr savecore 8
3594utility.
3595.It Va quota_enable
3596.Pq Vt bool
3597Set to
3598.Dq Li YES
3599to turn on user and group disk quotas on system startup via the
3600.Xr quotaon 8
3601command for all file systems marked as having quotas enabled in
3602.Pa /etc/fstab .
3603The kernel must be built with
3604.Cd "options QUOTA"
3605for disk quotas to function.
3606.It Va check_quotas
3607.Pq Vt bool
3608Set to
3609.Dq Li YES
3610to enable user and group disk quota checking via the
3611.Xr quotacheck 8
3612command.
3613.It Va quotacheck_flags
3614.Pq Vt str
3615If
3616.Va quota_enable
3617is set to
3618.Dq Li YES ,
3619and
3620.Va check_quotas
3621is set to
3622.Dq Li YES ,
3623these are the flags to pass to the
3624.Xr quotacheck 8
3625utility.
3626The default is
3627.Dq Li "-a" ,
3628which checks quotas for all file systems with quotas enabled in
3629.Pa /etc/fstab .
3630.It Va quotaon_flags
3631.Pq Vt str
3632If
3633.Va quota_enable
3634is set to
3635.Dq Li YES ,
3636these are the flags to pass to the
3637.Xr quotaon 8
3638utility.
3639The default is
3640.Dq Li "-a" ,
3641which enables quotas for all file systems with quotas enabled in
3642.Pa /etc/fstab .
3643.It Va quotaoff_flags
3644.Pq Vt str
3645If
3646.Va quota_enable
3647is set to
3648.Dq Li YES ,
3649these are the flags to pass to the
3650.Xr quotaoff 8
3651utility when shutting down the quota system.
3652The default is
3653.Dq Li "-a" ,
3654which disables quotas for all file systems with quotas enabled in
3655.Pa /etc/fstab .
3656.It Va accounting_enable
3657.Pq Vt bool
3658Set to
3659.Dq Li YES
3660to enable system accounting through the
3661.Xr accton 8
3662facility.
3663.It Va ibcs2_enable
3664.Pq Vt bool
3665Set to
3666.Dq Li YES
3667to enable iBCS2 (SCO) binary emulation at system initial boot
3668time.
3669.It Va ibcs2_loaders
3670.Pq Vt str
3671If not set to
3672.Dq Li NO
3673and if
3674.Va ibcs2_enable
3675is set to
3676.Dq Li YES ,
3677this specifies a list of additional iBCS2 loaders to enable.
3678.It Va linux_enable
3679.Pq Vt bool
3680Set to
3681.Dq Li YES
3682to enable Linux/ELF binary emulation at system initial
3683boot time.
3684.It Va svr4_enable
3685.Pq Vt bool
3686If set to
3687.Dq Li YES ,
3688enable SysVR4 emulation at boot time.
3689.It Va sysvipc_enable
3690.Pq Vt bool
3691If set to
3692.Dq Li YES ,
3693load System V IPC primitives at boot time.
3694.It Va clear_tmp_enable
3695.Pq Vt bool
3696Set to
3697.Dq Li YES
3698to have
3699.Pa /tmp
3700cleaned at startup.
3701.It Va clear_tmp_X
3702.Pq Vt bool
3703Set to
3704.Dq Li NO
3705to disable removing of X11 lock files,
3706and the removal and (secure) recreation
3707of the various socket directories for X11
3708related programs.
3709.It Va ldconfig_paths
3710.Pq Vt str
3711Set to the list of shared library paths to use with
3712.Xr ldconfig 8 .
3713NOTE:
3714.Pa /usr/lib
3715will always be added first, so it need not appear in this list.
3716.It Va ldconfig32_paths
3717.Pq Vt str
3718Set to the list of 32-bit compatibility shared library paths to
3719use with
3720.Xr ldconfig 8 .
3721.It Va ldconfig_paths_aout
3722.Pq Vt str
3723Set to the list of shared library paths to use with
3724.Xr ldconfig 8
3725legacy
3726.Xr a.out 5
3727support.
3728.It Va ldconfig_insecure
3729.Pq Vt bool
3730The
3731.Xr ldconfig 8
3732utility normally refuses to use directories
3733which are writable by anyone except root.
3734Set this variable to
3735.Dq Li YES
3736to disable that security check during system startup.
3737.It Va ldconfig_local_dirs
3738.Pq Vt str
3739Set to the list of local
3740.Xr ldconfig 8
3741directories.
3742The names of all files in the directories listed will be
3743passed as arguments to
3744.Xr ldconfig 8 .
3745.It Va ldconfig_local32_dirs
3746.Pq Vt str
3747Set to the list of local 32-bit compatibility
3748.Xr ldconfig 8
3749directories.
3750The names of all files in the directories listed will be
3751passed as arguments to
3752.Dq Nm ldconfig Fl 32 .
3753.It Va kern_securelevel_enable
3754.Pq Vt bool
3755Set to
3756.Dq Li YES
3757to set the kernel security level at system startup.
3758.It Va kern_securelevel
3759.Pq Vt int
3760The kernel security level to set at startup.
3761The allowed range of
3762.Ar value
3763ranges from \-1 (the compile time default) to 3 (the
3764most secure).
3765See
3766.Xr security 7
3767for the list of possible security levels and their effect
3768on system operation.
3769.It Va sshd_program
3770.Pq Vt str
3771Path to the SSH server program
3772.Pa ( /usr/sbin/sshd
3773is the default).
3774.It Va sshd_enable
3775.Pq Vt bool
3776Set to
3777.Dq Li YES
3778to start
3779.Xr sshd 8
3780at system boot time.
3781.It Va sshd_flags
3782.Pq Vt str
3783If
3784.Va sshd_enable
3785is set to
3786.Dq Li YES ,
3787these are the flags to pass to the
3788.Xr sshd 8
3789daemon.
3790.It Va ftpd_program
3791.Pq Vt str
3792Path to the FTP server program
3793.Pa ( /usr/libexec/ftpd
3794is the default).
3795.It Va ftpd_enable
3796.Pq Vt bool
3797Set to
3798.Dq Li YES
3799to start
3800.Xr ftpd 8
3801as a stand-alone daemon at system boot time.
3802.It Va ftpd_flags
3803.Pq Vt str
3804If
3805.Va ftpd_enable
3806is set to
3807.Dq Li YES ,
3808these are the additional flags to pass to the
3809.Xr ftpd 8
3810daemon.
3811.It Va watchdogd_enable
3812.Pq Vt bool
3813If set to
3814.Dq Li YES ,
3815start the
3816.Xr watchdogd 8
3817daemon at boot time.
3818This requires that the kernel have been compiled with a
3819.Xr watchdog 4
3820compatible device.
3821.It Va watchdogd_flags
3822.Pq Vt str
3823If
3824.Va watchdogd_enable
3825is set to
3826.Dq Li YES ,
3827these are the flags passed to the
3828.Xr watchdogd 8
3829daemon.
3830.It Va devfs_rulesets
3831.Pq Vt str
3832List of files containing sets of rules for
3833.Xr devfs 8 .
3834.It Va devfs_system_ruleset
3835.Pq Vt str
3836Rule name(s) to apply to the system
3837.Pa /dev
3838itself.
3839.It Va devfs_set_rulesets
3840.Pq Vt str
3841Pairs of already-mounted
3842.Pa dev
3843directories and rulesets that should be applied to them.
3844For example: /mount/dev=ruleset_name
3845.It Va devfs_load_rulesets
3846.Pq Vt bool
3847If set, always load the default rulesets listed in
3848.Va devfs_rulesets .
3849.It Va performance_cx_lowest
3850.Pq Vt str
3851CPU idle state to use while on AC power.
3852The string
3853.Dq Li LOW
3854indicates that
3855.Xr acpi 4
3856should use the lowest power state available while
3857.Dq Li HIGH
3858indicates that the lowest latency state (less power savings) should be used.
3859.It Va performance_cpu_freq
3860.Pq Vt str
3861CPU clock frequency to use while on AC power.
3862The string
3863.Dq Li LOW
3864indicates that
3865.Xr cpufreq 4
3866should use the lowest frequency available while
3867.Dq Li HIGH
3868indicates that the highest frequency (less power savings) should be used.
3869.It Va economy_cx_lowest
3870.Pq Vt str
3871CPU idle state to use when off AC power.
3872The string
3873.Dq Li LOW
3874indicates that
3875.Xr acpi 4
3876should use the lowest power state available while
3877.Dq Li HIGH
3878indicates that the lowest latency state (less power savings) should be used.
3879.It Va economy_cpu_freq
3880.Pq Vt str
3881CPU clock frequency to use when off AC power.
3882The string
3883.Dq Li LOW
3884indicates that
3885.Xr cpufreq 4
3886should use the lowest frequency available while
3887.Dq Li HIGH
3888indicates that the highest frequency (less power savings) should be used.
3889.It Va jail_enable
3890.Pq Vt bool
3891If set to
3892.Dq Li NO ,
3893any configured jails will not be started.
3894.It Va jail_conf
3895.Pq Vt str
3896The configuration filename used by
3897.Xr jail 8
3898utility.
3899The default value is
3900.Pa /etc/jail.conf .
3901.It Va jail_parallel_start
3902.Pq Vt bool
3903If set to
3904.Dq Li YES ,
3905all configured jails will be started in the background (in parallel).
3906.It Va jail_flags
3907.Pq Vt str
3908Unset by default.
3909When set, use as default value for
3910.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3911for every jail in
3912.Va jail_list .
3913.It Va jail_list
3914.Pq Vt str
3915A space separated list of names for jails.
3916If this variable is empty,
3917all of
3918.Xr jail 8
3919instances in the configuration file will be configured.
3920This is purely a configuration aid to help identify and
3921configure multiple jails.
3922The names specified in this list will be used to
3923identify settings common to an instance of a jail,
3924and should contain alphanumeric characters only.
3925The literal jail name of
3926.Dq Li 0
3927.Pq zero
3928is not allowed.
3929.It Va jail_* variables
3930Note that older releases supported per-jail configuration via
3931.Xr rc.conf 5
3932variables.
3933For example,
3934hostname of a jail named
3935.Li vjail
3936was able to be set by
3937.Li jail_vjail_hostname .
3938These per-jail configuration variables are now obsolete in favor of
3939.Xr jail 8
3940configuration file.
3941For backward compatibility,
3942when per-jail configuration variables are defined,
3943.Xr jail 8
3944configuration files are created as
3945.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf
3946and used.
3947.Pp
3948The following per-jail parameters are handled by
3949.Pa rc.d/jail
3950script out of their corresponding
3951.Nm
3952variables.
3953In addition to them, parameters in
3954.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3955will be added to the configuration file.
3956They must be a semi-colon
3957.Pq Ql \&;
3958delimited list of
3959.Dq key=value .
3960For more details,
3961see
3962.Xr jail 8
3963manual page.
3964.Bl -tag -width "host.hostname" -offset indent
3965.It Li path
3966set from
3967.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3968.It Li host.hostname
3969set from
3970.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3971.It Li exec.consolelog
3972set from
3973.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3974The default value is
3975.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3976.It Li interface
3977set from
3978.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
3979.It Li vnet.interface
3980set from
3981.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
3982This implies
3983.Li vnet
3984parameter will be enabled and cannot be specified with
3985.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
3986.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3987and/or
3988.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3989at the same time.
3990.It Li fstab
3991set from
3992.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3993.It Li mount
3994set from
| 28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions
46directly.
47Instead, it is included by the
48various generic startup scripts in
49.Pa /etc
50which conditionalize their
51internal actions according to the settings found there.
52.Pp
53The
54.Pa /etc/rc.conf
55file is included from the file
56.Pa /etc/defaults/rc.conf ,
57which specifies the default settings for all the available options.
58Options need only be specified in
59.Pa /etc/rc.conf
60when the system administrator wishes to override these defaults.
61The file
62.Pa /etc/rc.conf.local
63is used to override settings in
64.Pa /etc/rc.conf
65for historical reasons.
66In addition to
67.Pa /etc/rc.conf.local
68you can also place smaller configuration files for each
69.Xr rc 8
70script in the
71.Pa /etc/rc.conf.d
72directory, which will be included by the
73.Va load_rc_config
74function.
75For jail configurations you could use the file
76.Pa /etc/rc.conf.d/jail
77to store jail specific configuration options.
78Also see the
79.Va rc_conf_files
80variable below.
81.Pp
82Options are set with
83.Dq Ar name Ns Li = Ns Ar value
84assignments that use
85.Xr sh 1
86syntax.
87The following list provides a name and short description for each
88variable that can be set in the
89.Nm
90file:
91.Bl -tag -width indent-two
92.It Va rc_debug
93.Pq Vt bool
94If set to
95.Dq Li YES ,
96enable output of debug messages from rc scripts.
97This variable can be helpful in diagnosing mistakes when
98editing or integrating new scripts.
99Beware that this produces copious output to the terminal and
100.Xr syslog 3 .
101.It Va rc_info
102.Pq Vt bool
103If set to
104.Dq Li NO ,
105disable informational messages from the rc scripts.
106Informational messages are displayed when
107a condition that is not serious enough to warrant a warning or
108an error occurs.
109.It Va rc_startmsgs
110.Pq Vt bool
111If set to
112.Dq Li YES ,
113show
114.Dq Starting foo:
115when faststart is used (e.g., at boot time).
116.It Va early_late_divider
117.Pq Vt str
118The name of the script that should be used as the
119delimiter between the
120.Dq early
121and
122.Dq late
123stages of the boot process.
124The early stage should contain all the services needed to
125get the disks (local or remote) mounted so that the late
126stage can include scripts contained in the directories
127listed in the
128.Va local_startup
129variable (see below).
130Thus, the two likely candidates for this value are
131.Pa mountcritlocal
132for the typical system, and
133.Pa mountcritremote
134if the system needs remote file
135systems mounted to get access to the
136.Va local_startup
137directories; for example when
138.Pa /usr/local
139is NFS mounted.
140For
141.Pa rc.conf
142within a
143.Xr jail 8
144.Pa NETWORKING
145is likely to be an appropriate value.
146Extreme care should be taken when changing this value,
147and before changing it one should ensure that there are
148adequate provisions to recover from a failed boot
149(such as physical contact with the machine,
150or reliable remote console access).
151.It Va always_force_depends
152.Pq Vt bool
153Various
154.Pa rc.d
155scripts use the force_depend function to check whether required
156services are already running, and to start them if necessary.
157By default during boot time this check is bypassed if the
158required service is enabled in
159.Pa /etc/rc.conf[.local] .
160Setting this option will bypass that check at boot time and
161always test whether or not the service is actually running.
162Enabling this option is likely to increase your boot time if
163services are enabled that utilize the force_depend check.
164.It Ao Ar name Ac Ns Va _chroot
165.Pq Vt str
166.Xr chroot
167to this directory before running the service.
168.It Ao Ar name Ac Ns Va _user
169.Pq Vt str
170Run the service under this user account.
171.It Ao Ar name Ac Ns Va _group
172.Pq Vt str
173Run the chrooted service under this system group. Unlike the _user
174setting, this setting has no effect if the service is not chrooted.
175.It Ao Ar name Ac Ns Va _fib
176.Pq Vt int
177The
178.Xr setfib 1
179value to run the service under.
180.It Ao Ar name Ac Ns Va _nice
181.Pq Vt int
182The
183.Xr nice 1
184value to run the service under.
185.It Va apm_enable
186.Pq Vt bool
187If set to
188.Dq Li YES ,
189enable support for Automatic Power Management with
190the
191.Xr apm 8
192command.
193.It Va apmd_enable
194.Pq Vt bool
195Run
196.Xr apmd 8
197to handle APM event from userland.
198This also enables support for APM.
199.It Va apmd_flags
200.Pq Vt str
201If
202.Va apmd_enable
203is set to
204.Dq Li YES ,
205these are the flags to pass to the
206.Xr apmd 8
207daemon.
208.It Va devd_enable
209.Pq Vt bool
210Run
211.Xr devd 8
212to handle device added, removed or unknown events from the kernel.
213.It Va ddb_enable
214.Pq Vt bool
215Run
216.Xr ddb 8
217to install
218.Xr ddb 4
219scripts at boot time.
220.It Va ddb_config
221.Pq Vt str
222Configuration file for
223.Xr ddb 8 .
224Default
225.Pa /etc/ddb.conf .
226.It Va kld_list
227.Pq Vt str
228A list of kernel modules to load right after the local
229disks are mounted.
230Loading modules at this point in the boot process is
231much faster than doing it via
232.Pa /boot/loader.conf
233for those modules not necessary for mounting local disk.
234.It Va kldxref_enable
235.Pq Vt bool
236Set to
237.Dq Li NO
238by default.
239Set to
240.Dq Li YES
241to automatically rebuild
242.Pa linker.hints
243files with
244.Xr kldxref 8
245at boot time.
246.It Va kldxref_clobber
247.Pq Vt bool
248Set to
249.Dq Li NO
250by default.
251If
252.Va kldxref_enable
253is true,
254setting to
255.Dq Li YES
256will overwrite existing
257.Pa linker.hints
258files at boot time.
259Otherwise,
260only missing
261.Pa linker.hints
262files are generated.
263.It Va kldxref_module_path
264.Pq Vt str
265Empty by default.
266A semi-colon
267.Pq Ql \&;
268delimited list of paths containing
269.Xr kld 4
270modules.
271If empty,
272the contents of the
273.Va kern.module_path
274.Xr sysctl 8
275are used.
276.It Va powerd_enable
277.Pq Vt bool
278If set to
279.Dq Li YES ,
280enable the system power control facility with the
281.Xr powerd 8
282daemon.
283.It Va powerd_flags
284.Pq Vt str
285If
286.Va powerd_enable
287is set to
288.Dq Li YES ,
289these are the flags to pass to the
290.Xr powerd 8
291daemon.
292.It Va tmpmfs
293Controls the creation of a
294.Pa /tmp
295memory file system.
296Always happens if set to
297.Dq Li YES
298and never happens if set to
299.Dq Li NO .
300If set to anything else, a memory file system is created if
301.Pa /tmp
302is not writable.
303.It Va tmpsize
304Controls the size of a created
305.Pa /tmp
306memory file system.
307.It Va tmpmfs_flags
308Extra options passed to the
309.Xr mdmfs 8
310utility when the memory file system for
311.Pa /tmp
312is created.
313The default is
314.Dq Li "-S" ,
315which inhibits the use of softupdates on
316.Pa /tmp
317so that file system space is freed without delay
318after file truncation or deletion.
319See
320.Xr mdmfs 8
321for other options you can use in
322.Va tmpmfs_flags .
323.It Va varmfs
324Controls the creation of a
325.Pa /var
326memory file system.
327Always happens if set to
328.Dq Li YES
329and never happens if set to
330.Dq Li NO .
331If set to anything else, a memory file system is created if
332.Pa /var
333is not writable.
334.It Va varsize
335Controls the size of a created
336.Pa /var
337memory file system.
338.It Va varmfs_flags
339Extra options passed to the
340.Xr mdmfs 8
341utility when the memory file system for
342.Pa /var
343is created.
344The default is
345.Dq Li "-S" ,
346which inhibits the use of softupdates on
347.Pa /var
348so that file system space is freed without delay
349after file truncation or deletion.
350See
351.Xr mdmfs 8
352for other options you can use in
353.Va varmfs_flags .
354.It Va populate_var
355Controls the automatic population of the
356.Pa /var
357file system.
358Always happens if set to
359.Dq Li YES
360and never happens if set to
361.Dq Li NO .
362If set to anything else, a memory file system is created if
363.Pa /var
364is not writable.
365Note that this process requires access to certain commands in
366.Pa /usr
367before
368.Pa /usr
369is mounted on normal systems.
370.It Va cleanvar_enable
371.Pq Vt bool
372Clean the
373.Pa /var
374directory.
375.It Va local_startup
376.Pq Vt str
377List of directories to search for startup script files.
378.It Va script_name_sep
379.Pq Vt str
380The field separator to use for breaking down the list of startup script files
381into individual filenames.
382The default is a space.
383It is not necessary to change this unless there are startup scripts with names
384containing spaces.
385.It Va hostapd_enable
386.Pq Vt bool
387Set to
388.Dq Li YES
389to start
390.Xr hostapd 8
391at system boot time.
392.It Va hostname
393.Pq Vt str
394The fully qualified domain name (FQDN) of this host on the network.
395This should almost certainly be set to something meaningful, even if
396there is no network connection.
397If
398.Xr dhclient 8
399is used to set the hostname via DHCP,
400this variable should be set to an empty string.
401If this value remains unset when the system is done booting
402your console login will display the default hostname of
403.Dq Amnesiac .
404.It Va nisdomainname
405.Pq Vt str
406The NIS domain name of this host, or
407.Dq Li NO
408if NIS is not used.
409.It Va dhclient_program
410.Pq Vt str
411Path to the DHCP client program
412.Pa ( /sbin/dhclient ,
413the
414.Ox
415DHCP client,
416is the default).
417.It Va dhclient_flags
418.Pq Vt str
419Additional flags to pass to the DHCP client program.
420For the
421.Ox
422DHCP client, see the
423.Xr dhclient 8
424manpage for a description of the command line options available.
425.It Va dhclient_flags_ Ns Aq Ar iface
426Additional flags to pass to the DHCP client program running on
427.Ar iface
428only.
429When specified, this variable overrides
430.Va dhclient_flags .
431.It Va background_dhclient
432.Pq Vt bool
433Set to
434.Dq Li YES
435to start the DHCP client in background.
436This can cause trouble with applications depending on
437a working network, but it will provide a faster startup
438in many cases.
439.It Va background_dhclient_ Ns Aq Ar iface
440When specified, this variable overrides the
441.Va background_dhclient
442variable for interface
443.Ar iface
444only.
445.It Va synchronous_dhclient
446.Pq Vt bool
447Set to
448.Dq Li YES
449to start
450.Xr dhclient 8
451synchronously at startup.
452This behavior can be overridden on a per-interface basis by replacing
453the
454.Dq Li DHCP
455keyword in the
456.Va ifconfig_ Ns Aq Ar interface
457variable with
458.Dq Li SYNCDHCP
459or
460.Dq Li NOSYNCDHCP .
461.It Va defaultroute_delay
462.Pq Vt int
463When set to a positive value, wait up to this long after configuring
464DHCP interfaces at startup to give the interfaces time to receive a lease.
465.It Va firewall_enable
466.Pq Vt bool
467Set to
468.Dq Li YES
469to load firewall rules at startup.
470If the kernel was not built with
471.Cd "options IPFIREWALL" ,
472the
473.Pa ipfw.ko
474kernel module will be loaded.
475See also
476.Va ipfilter_enable .
477.It Va firewall_script
478.Pq Vt str
479This variable specifies the full path to the firewall script to run.
480The default is
481.Pa /etc/rc.firewall .
482.It Va firewall_type
483.Pq Vt str
484Names the firewall type from the selection in
485.Pa /etc/rc.firewall ,
486or the file which contains the local firewall ruleset.
487Valid selections from
488.Pa /etc/rc.firewall
489are:
490.Pp
491.Bl -tag -width ".Li simple" -compact
492.It Li open
493unrestricted IP access
494.It Li closed
495all IP services disabled, except via
496.Dq Li lo0
497.It Li client
498basic protection for a workstation
499.It Li simple
500basic protection for a LAN.
501.El
502.Pp
503If a filename is specified, the full path
504must be given.
505.It Va firewall_quiet
506.Pq Vt bool
507Set to
508.Dq Li YES
509to disable the display of firewall rules on the console during boot.
510.It Va firewall_logging
511.Pq Vt bool
512Set to
513.Dq Li YES
514to enable firewall event logging.
515This is equivalent to the
516.Dv IPFIREWALL_VERBOSE
517kernel option.
518.It Va firewall_logif
519.Pq Vt bool
520Set to
521.Dq Li YES
522to create pseudo interface
523.Li ipfw0
524for logging.
525For more details, see
526.Xr ipfw 8
527manual page.
528.It Va firewall_flags
529.Pq Vt str
530Flags passed to
531.Xr ipfw 8
532if
533.Va firewall_type
534specifies a filename.
535.It Va firewall_coscripts
536.Pq Vt str
537List of executables and/or rc scripts to run after firewall starts/stops.
538Default is empty.
539.\" ----- firewall_nat_enable setting --------------------------------
540.It Va firewall_nat_enable
541.Pq Vt bool
542The
543.Xr ipfw 8
544equivalent of
545.Va natd_enable .
546Setting this to
547.Dq Li YES
548enables kernel NAT.
549.Va firewall_enable
550must also be set to
551.Dq Li YES .
552.It Va firewall_nat_interface
553.Pq Vt str
554The
555.Xr ipfw 8
556equivalent of
557.Va natd_interface .
558This is the name of the public interface or IP address on which
559kernel NAT should run.
560.It Va firewall_nat_flags
561.Pq Vt str
562Additional configuration parameters for kernel NAT should be placed here.
563.It Va dummynet_enable
564.Pq Vt bool
565Setting this to
566.Dq Li YES
567will automatically load the
568.Xr dummynet 4
569module if
570.Va firewall_enable
571is also set to
572.Dq Li YES .
573.\" -------------------------------------------------------------------
574.It Va natd_program
575.Pq Vt str
576Path to
577.Xr natd 8 .
578.It Va natd_enable
579.Pq Vt bool
580Set to
581.Dq Li YES
582to enable
583.Xr natd 8 .
584.Va firewall_enable
585must also be set to
586.Dq Li YES ,
587and
588.Xr divert 4
589sockets must be enabled in the kernel.
590If the kernel was not built with
591.Cd "options IPDIVERT" ,
592the
593.Pa ipdivert.ko
594kernel module will be loaded.
595.It Va natd_interface
596.Pq Vt str
597This is the name of the public interface on which
598.Xr natd 8
599should run.
600The interface may be given as an interface name or as an IP address.
601.It Va natd_flags
602.Pq Vt str
603Additional
604.Xr natd 8
605flags should be placed here.
606The
607.Fl n
608or
609.Fl a
610flag is automatically added with the above
611.Va natd_interface
612as an argument.
613.\" ----- ipfilter_enable setting --------------------------------
614.It Va ipfilter_enable
615.Pq Vt bool
616Set to
617.Dq Li NO
618by default.
619Setting this to
620.Dq Li YES
621enables
622.Xr ipf 8
623packet filtering.
624.Pp
625Typical usage will require putting
626.Bd -literal
627ipfilter_enable="YES"
628ipnat_enable="YES"
629ipmon_enable="YES"
630ipfs_enable="YES"
631.Ed
632.Pp
633into
634.Pa /etc/rc.conf
635and editing
636.Pa /etc/ipf.rules
637and
638.Pa /etc/ipnat.rules
639appropriately.
640.Pp
641Note that
642.Va ipfilter_enable
643and
644.Va ipnat_enable
645can be enabled independently.
646.Va ipmon_enable
647and
648.Va ipfs_enable
649both require at least one of
650.Va ipfilter_enable
651and
652.Va ipnat_enable
653to be enabled.
654.Pp
655Having
656.Bd -literal
657options IPFILTER
658options IPFILTER_LOG
659options IPFILTER_DEFAULT_BLOCK
660.Ed
661.Pp
662in the kernel configuration file is a good idea, too.
663.\" ----- ipfilter_program setting ------------------------------
664.It Va ipfilter_program
665.Pq Vt str
666Path to
667.Xr ipf 8
668(default
669.Pa /sbin/ipf ) .
670.\" ----- ipfilter_rules setting --------------------------------
671.It Va ipfilter_rules
672.Pq Vt str
673Set to
674.Pa /etc/ipf.rules
675by default.
676This variable contains the name of the filter rule definition file.
677The file is expected to be readable for the
678.Xr ipf 8
679command to execute.
680.\" ----- ipv6_ipfilter_rules setting ---------------------------
681.It Va ipv6_ipfilter_rules
682.Pq Vt str
683Set to
684.Pa /etc/ipf6.rules
685by default.
686This variable contains the IPv6 filter rule definition file.
687The file is expected to be readable for the
688.Xr ipf 8
689command to execute.
690.\" ----- ipfilter_flags setting --------------------------------
691.It Va ipfilter_flags
692.Pq Vt str
693Empty by default.
694This variable contains flags passed to the
695.Xr ipf 8
696program.
697.\" ----- ipnat_enable setting ----------------------------------
698.It Va ipnat_enable
699.Pq Vt bool
700Set to
701.Dq Li NO
702by default.
703Set it to
704.Dq Li YES
705to enable
706.Xr ipnat 8
707network address translation.
708See
709.Va ipfilter_enable
710for a detailed discussion.
711.\" ----- ipnat_program setting ---------------------------------
712.It Va ipnat_program
713.Pq Vt str
714Path to
715.Xr ipnat 8
716(default
717.Pa /sbin/ipnat ) .
718.\" ----- ipnat_rules setting -----------------------------------
719.It Va ipnat_rules
720.Pq Vt str
721Set to
722.Pa /etc/ipnat.rules
723by default.
724This variable contains the name of the file
725holding the network address translation definition.
726This file is expected to be readable for the
727.Xr ipnat 8
728command to execute.
729.\" ----- ipnat_flags setting -----------------------------------
730.It Va ipnat_flags
731.Pq Vt str
732Empty by default.
733This variable contains flags passed to the
734.Xr ipnat 8
735program.
736.\" ----- ipmon_enable setting ----------------------------------
737.It Va ipmon_enable
738.Pq Vt bool
739Set to
740.Dq Li NO
741by default.
742Set it to
743.Dq Li YES
744to enable
745.Xr ipmon 8
746monitoring (logging
747.Xr ipf 8
748and
749.Xr ipnat 8
750events).
751Setting this variable needs setting
752.Va ipfilter_enable
753or
754.Va ipnat_enable
755too.
756See
757.Va ipfilter_enable
758for a detailed discussion.
759.\" ----- ipmon_program setting ---------------------------------
760.It Va ipmon_program
761.Pq Vt str
762Path to
763.Xr ipmon 8
764(default
765.Pa /sbin/ipmon ) .
766.\" ----- ipmon_flags setting -----------------------------------
767.It Va ipmon_flags
768.Pq Vt str
769Set to
770.Dq Li -Ds
771by default.
772This variable contains flags passed to the
773.Xr ipmon 8
774program.
775Another typical example would be
776.Dq Fl D Pa /var/log/ipflog
777to have
778.Xr ipmon 8
779log directly to a file bypassing
780.Xr syslogd 8 .
781Make sure to adjust
782.Pa /etc/newsyslog.conf
783in such case like this:
784.Bd -literal
785/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
786.Ed
787.\" ----- ipfs_enable setting -----------------------------------
788.It Va ipfs_enable
789.Pq Vt bool
790Set to
791.Dq Li NO
792by default.
793Set it to
794.Dq Li YES
795to enable
796.Xr ipfs 8
797saving the filter and NAT state tables during shutdown
798and reloading them during startup again.
799Setting this variable needs setting
800.Va ipfilter_enable
801or
802.Va ipnat_enable
803to
804.Dq Li YES
805too.
806See
807.Va ipfilter_enable
808for a detailed discussion.
809Note that if
810.Va kern_securelevel
811is set to 3,
812.Va ipfs_enable
813cannot be used
814because the raised securelevel will prevent
815.Xr ipfs 8
816from saving the state tables at shutdown time.
817.\" ----- ipfs_program setting ----------------------------------
818.It Va ipfs_program
819.Pq Vt str
820Path to
821.Xr ipfs 8
822(default
823.Pa /sbin/ipfs ) .
824.\" ----- ipfs_flags setting ------------------------------------
825.It Va ipfs_flags
826.Pq Vt str
827Empty by default.
828This variable contains flags passed to the
829.Xr ipfs 8
830program.
831.\" ----- end of added ipf hook ---------------------------------
832.It Va pf_enable
833.Pq Vt bool
834Set to
835.Dq Li NO
836by default.
837Setting this to
838.Dq Li YES
839enables
840.Xr pf 4
841packet filtering.
842.Pp
843Typical usage will require putting
844.Pp
845.Dl pf_enable="YES"
846.Pp
847into
848.Pa /etc/rc.conf
849and editing
850.Pa /etc/pf.conf
851appropriately.
852Adding
853.Pp
854.Dl "device pf"
855.Pp
856builds support for
857.Xr pf 4
858into the kernel, otherwise the
859kernel module will be loaded.
860.It Va pf_rules
861.Pq Vt str
862Path to
863.Xr pf 4
864ruleset configuration file
865(default
866.Pa /etc/pf.conf ) .
867.It Va pf_program
868.Pq Vt str
869Path to
870.Xr pfctl 8
871(default
872.Pa /sbin/pfctl ) .
873.It Va pf_flags
874.Pq Vt str
875If
876.Va pf_enable
877is set to
878.Dq Li YES ,
879these flags are passed to the
880.Xr pfctl 8
881program when loading the ruleset.
882.It Va pflog_enable
883.Pq Vt bool
884Set to
885.Dq Li NO
886by default.
887Setting this to
888.Dq Li YES
889enables
890.Xr pflogd 8
891which logs packets from the
892.Xr pf 4
893packet filter.
894.It Va pflog_logfile
895.Pq Vt str
896If
897.Va pflog_enable
898is set to
899.Dq Li YES
900this controls where
901.Xr pflogd 8
902stores the logfile
903(default
904.Pa /var/log/pflog ) .
905Check
906.Pa /etc/newsyslog.conf
907to adjust logfile rotation for this.
908.It Va pflog_program
909.Pq Vt str
910Path to
911.Xr pflogd 8
912(default
913.Pa /sbin/pflogd ) .
914.It Va pflog_flags
915.Pq Vt str
916Empty by default.
917This variable contains additional flags passed to the
918.Xr pflogd 8
919program.
920.It Va ftpproxy_enable
921.Pq Vt bool
922Set to
923.Dq Li NO
924by default.
925Setting this to
926.Dq Li YES
927enables
928.Xr ftp-proxy 8
929which supports the
930.Xr pf 4
931packet filter in translating ftp connections.
932.It Va ftpproxy_flags
933.Pq Vt str
934Empty by default.
935This variable contains additional flags passed to the
936.Xr ftp-proxy 8
937program.
938.It Va pfsync_enable
939.Pq Vt bool
940Set to
941.Dq Li NO
942by default.
943Setting this to
944.Dq Li YES
945enables exposing
946.Xr pf 4
947state changes to other hosts over the network by means of
948.Xr pfsync 4 .
949The
950.Va pfsync_syncdev
951variable
952must also be set then.
953.It Va pfsync_syncdev
954.Pq Vt str
955Empty by default.
956This variable specifies the name of the network interface
957.Xr pfsync 4
958should operate through.
959It must be set accordingly if
960.Va pfsync_enable
961is set to
962.Dq Li YES .
963.It Va pfsync_syncpeer
964.Pq Vt str
965Empty by default.
966This variable is optional.
967By default, state change messages are sent out on the synchronisation
968interface using IP multicast packets.
969The protocol is IP protocol 240, PFSYNC, and the multicast group used is
970224.0.0.240.
971When a peer address is specified using the
972.Va pfsync_syncpeer
973option, the peer address is used as a destination for the pfsync
974traffic, and the traffic can then be protected using
975.Xr ipsec 4 .
976See the
977.Xr pfsync 4
978manpage for more details about using
979.Xr ipsec 4
980with
981.Xr pfsync 4
982interfaces.
983.It Va pfsync_ifconfig
984.Pq Vt str
985Empty by default.
986This variable can contain additional options to be passed to the
987.Xr ifconfig 8
988command used to set up
989.Xr pfsync 4 .
990.It Va tcp_extensions
991.Pq Vt bool
992Set to
993.Dq Li YES
994by default.
995Setting this to
996.Dq Li NO
997disables certain TCP options as described by
998.Rs
999.%T "RFC 1323"
1000.Re
1001Setting this to
1002.Dq Li NO
1003might help remedy such problems with connections as randomly hanging
1004or other weird behavior.
1005Some network devices are known
1006to be broken with respect to these options.
1007.It Va log_in_vain
1008.Pq Vt int
1009Set to 0 by default.
1010The
1011.Xr sysctl 8
1012variables,
1013.Va net.inet.tcp.log_in_vain
1014and
1015.Va net.inet.udp.log_in_vain ,
1016as described in
1017.Xr tcp 4
1018and
1019.Xr udp 4 ,
1020are set to the given value.
1021.It Va tcp_keepalive
1022.Pq Vt bool
1023Set to
1024.Dq Li YES
1025by default.
1026Setting to
1027.Dq Li NO
1028will disable probing idle TCP connections to verify that the
1029peer is still up and reachable.
1030.It Va tcp_drop_synfin
1031.Pq Vt bool
1032Set to
1033.Dq Li NO
1034by default.
1035Setting to
1036.Dq Li YES
1037will cause the kernel to ignore TCP frames that have both
1038the SYN and FIN flags set.
1039This prevents OS fingerprinting, but may
1040break some legitimate applications.
1041.It Va icmp_drop_redirect
1042.Pq Vt bool
1043Set to
1044.Dq Li NO
1045by default.
1046Setting to
1047.Dq Li YES
1048will cause the kernel to ignore ICMP REDIRECT packets.
1049Refer to
1050.Xr icmp 4
1051for more information.
1052.It Va icmp_log_redirect
1053.Pq Vt bool
1054Set to
1055.Dq Li NO
1056by default.
1057Setting to
1058.Dq Li YES
1059will cause the kernel to log ICMP REDIRECT packets.
1060Note that
1061the log messages are not rate-limited, so this option should only be used
1062for troubleshooting networks.
1063Refer to
1064.Xr icmp 4
1065for more information.
1066.It Va icmp_bmcastecho
1067.Pq Vt bool
1068Set to
1069.Dq Li YES
1070to respond to broadcast or multicast ICMP ping packets.
1071Refer to
1072.Xr icmp 4
1073for more information.
1074.It Va ip_portrange_first
1075.Pq Vt int
1076If not set to
1077.Dq Li NO ,
1078this is the first port in the default portrange.
1079Refer to
1080.Xr ip 4
1081for more information.
1082.It Va ip_portrange_last
1083.Pq Vt int
1084If not set to
1085.Dq Li NO ,
1086this is the last port in the default portrange.
1087Refer to
1088.Xr ip 4
1089for more information.
1090.It Va network_interfaces
1091.Pq Vt str
1092Set to the list of network interfaces to configure on this host or
1093.Dq Li AUTO
1094(the default) for all current interfaces.
1095Setting the
1096.Va network_interfaces
1097variable to anything other than the default is deprecated.
1098Interfaces that the administrator wishes to store configuration for,
1099but not start at boot should be configured with the
1100.Dq Li NOAUTO
1101keyword in their
1102.Va ifconfig_ Ns Aq Ar interface
1103variables as described below.
1104.Pp
1105An
1106.Va ifconfig_ Ns Aq Ar interface
1107variable is also assumed to exist for each value of
1108.Ar interface .
1109When an interface name contains any of the characters
1110.Dq Li .-/+
1111they are translated to
1112.Dq Li _
1113before lookup.
1114The variable can contain arguments to
1115.Xr ifconfig 8 ,
1116as well as special case-insensitive keywords described below.
1117Such keywords are removed before passing the value to
1118.Xr ifconfig 8
1119while the order of the other arguments is preserved.
1120.Pp
1121It is possible to add IP alias entries using
1122.Xr ifconfig 8
1123syntax with the address family keyword such as
1124.Li inet .
1125Assuming that the interface in question was
1126.Li ed0 ,
1127it might look something like this:
1128.Bd -literal
1129ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1130ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1131.Ed
1132.Pp
1133It also possible to configure multiple IP addresses in Classless
1134Inter-Domain Routing
1135.Pq CIDR
1136address notation,
1137whose each address component can be a range like
1138.Li inet 192.0.2.5-23/24
1139or
1140.Li inet6 2001:db8:1-f::1/64 .
1141This notation allows address and prefix length part only,
1142not the other address modifiers.
1143.Pp
1144In the case of
1145.Li 192.0.2.5-23/24 ,
1146the address 192.0.2.5 will be configured with the
1147netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1148the non-conflicting netmask /32 as explained in the
1149.Xr ifconfig 8
1150alias section.
1151Note that this special netmask handling is only for
1152.Li inet ,
1153not for the other address families such as
1154.Li inet6 .
1155.Pp
1156With the interface in question being
1157.Li ed0 ,
1158an example could look like:
1159.Bd -literal
1160ifconfig_ed0_alias2="inet 192.0.2.129/27"
1161ifconfig_ed0_alias3="inet 192.0.2.1-5/28"
1162.Ed
1163.Pp
1164and so on.
1165.Pp
1166Note that
1167.Va ipv4_addrs_ Ns Aq Ar interface
1168variable was supported for IPv4 CIDR address notation.
1169It is now deprecated because the functionality was integrated into
1170.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1171though
1172.Va ipv4_addrs_ Ns Aq Ar interface
1173is still supported for backward compatibility.
1174.Pp
1175For each
1176.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1177entry with an address family keyword,
1178its contents are passed to
1179.Xr ifconfig 8 .
1180Execution stops at the first unsuccessful access, so if
1181something like this is present:
1182.Bd -literal
1183ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1184ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1185ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1186ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1187.Ed
1188.Pp
1189Then note that alias4 would
1190.Em not
1191be added since the search would
1192stop with the missing
1193.Dq Li alias3
1194entry.
1195Because of this difficult to manage behavior,
1196there is
1197.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1198variable, which has the same functionality as
1199.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1200and can have all of entries in a variable like the following:
1201.Bd -literal
1202ifconfig_ed0_aliases="\\
1203 inet 127.0.0.251 netmask 0xffffffff \\
1204 inet 127.0.0.252 netmask 0xffffffff \\
1205 inet 127.0.0.253 netmask 0xffffffff \\
1206 inet 127.0.0.254 netmask 0xffffffff"
1207.Ed
1208.Pp
1209It also supports CIDR notation.
1210.Pp
1211If the
1212.Pa /etc/start_if. Ns Aq Ar interface
1213file is present, it is read and executed by the
1214.Xr sh 1
1215interpreter
1216before configuring the interface as specified in the
1217.Va ifconfig_ Ns Aq Ar interface
1218and
1219.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1220variables.
1221.Pp
1222If a
1223.Va vlans_ Ns Aq Ar interface
1224variable is set,
1225a
1226.Xr vlan 4
1227interface will be created for each item in the list with the
1228.Ar vlandev
1229argument set to
1230.Ar interface .
1231If a vlan interface's name is a number,
1232then that number is used as the vlan tag and the new vlan interface is
1233named
1234.Ar interface . Ns Ar tag .
1235Otherwise,
1236the vlan tag must be specified via a
1237.Va vlan
1238parameter in the
1239.Va create_args_ Ns Aq Ar interface
1240variable.
1241.Pp
1242To create a vlan device named
1243.Li em0.101
1244on
1245.Li em0
1246with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1247.Bd -literal
1248vlans_em0="101"
1249ifconfig_em0_101="inet 192.0.2.1/24"
1250.Ed
1251.Pp
1252To create a vlan device named
1253.Li myvlan
1254on
1255.Li em0
1256with the vlan tag 102:
1257.Bd -literal
1258vlans_em0="myvlan"
1259create_args_myvlan="vlan 102"
1260.Ed
1261.Pp
1262If a
1263.Va wlans_ Ns Aq Ar interface
1264variable is set,
1265an
1266.Xr wlan 4
1267interface will be created for each item in the list with the
1268.Ar wlandev
1269argument set to
1270.Ar interface .
1271Further wlan cloning arguments may be passed to the
1272.Xr ifconfig 8
1273.Cm create
1274command by setting the
1275.Va create_args_ Ns Aq Ar interface
1276variable.
1277One or more
1278.Xr wlan 4
1279devices must be created for each wireless devices as of
1280.Fx 8.0 .
1281Debugging flags for
1282.Xr wlan 4
1283devices as set by
1284.Xr wlandebug 8
1285may be specified with an
1286.Va wlandebug_ Ns Aq Ar interface
1287variable.
1288The contents of this variable will be passed directly to
1289.Xr wlandebug 8 .
1290.Pp
1291If the
1292.Va ifconfig_ Ns Aq Ar interface
1293contains the keyword
1294.Dq Li NOAUTO
1295then the interface will not be configured
1296at boot or by
1297.Pa /etc/pccard_ether
1298when
1299.Va network_interfaces
1300is set to
1301.Dq Li AUTO .
1302.Pp
1303It is possible to bring up an interface with DHCP by adding
1304.Dq Li DHCP
1305to the
1306.Va ifconfig_ Ns Aq Ar interface
1307variable.
1308For instance, to initialize the
1309.Li ed0
1310device via DHCP,
1311it is possible to use something like:
1312.Bd -literal
1313ifconfig_ed0="DHCP"
1314.Ed
1315.Pp
1316If you want to configure your wireless interface with
1317.Xr wpa_supplicant 8
1318for use with WPA, EAP/LEAP or WEP, you need to add
1319.Dq Li WPA
1320to the
1321.Va ifconfig_ Ns Aq Ar interface
1322variable.
1323.Pp
1324On the other hand, if you want to configure your wireless interface with
1325.Xr hostapd 8 ,
1326you need to add
1327.Dq Li HOSTAP
1328to the
1329.Va ifconfig_ Ns Aq Ar interface
1330variable.
1331.Xr hostapd 8
1332will use the settings from
1333.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1334.Pp
1335Finally, you can add
1336.Xr ifconfig 8
1337options in this variable, in addition to the
1338.Pa /etc/start_if. Ns Aq Ar interface
1339file.
1340For instance, to configure an
1341.Xr ath 4
1342wireless device in station mode with an address obtained
1343via DHCP, using WPA authentication and 802.11b mode, it is
1344possible to use something like:
1345.Bd -literal
1346wlans_ath0="wlan0"
1347ifconfig_wlan0="DHCP WPA mode 11b"
1348.Ed
1349.Pp
1350In addition to the
1351.Va ifconfig_ Ns Aq Ar interface
1352form, a fallback variable
1353.Va ifconfig_DEFAULT
1354may be configured.
1355It will be used for all interfaces with no
1356.Va ifconfig_ Ns Aq Ar interface
1357variable.
1358This is intended to replace the no longer supported
1359.Va pccard_ifconfig
1360variable.
1361.Pp
1362It is also possible to rename an interface by doing:
1363.Bd -literal
1364ifconfig_ed0_name="net0"
1365ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1366.Ed
1367.It Va ipv6_enable
1368.Pq Vt bool
1369This variable is deprecated.
1370Use
1371.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1372and
1373.Va ipv6_activate_all_interfaces
1374if necessary.
1375.Pp
1376If the variable is
1377.Dq Li YES ,
1378.Dq Li inet6 accept_rtadv
1379is added to all of
1380.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1381and the
1382.Va ipv6_activate_all_interfaces
1383is defined as
1384.Dq Li YES .
1385.It Va ipv6_prefer
1386.Pq Vt bool
1387This variable is deprecated.
1388Use
1389.Va ip6addrctl_policy
1390instead.
1391.Pp
1392If the variable is
1393.Dq Li YES ,
1394the default address selection policy table set by
1395.Xr ip6addrctl 8
1396will be IPv6-preferred.
1397.Pp
1398If the variable is
1399.Dq Li NO ,
1400the default address selection policy table set by
1401.Xr ip6addrctl 8
1402will be IPv4-preferred.
1403.It Va ipv6_activate_all_interfaces
1404.Pq Vt bool
1405This controls initial configuration on IPv6-capable
1406interfaces with no corresponding
1407.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1408variable.
1409Note that it is not always necessary to set this variable to
1410.Dq YES
1411to use IPv6 functionality on
1412.Fx .
1413In most cases, just configuring
1414.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1415variables works.
1416.Pp
1417If the variable is
1418.Dq Li NO ,
1419all interfaces which do not have a corresponding
1420.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1421variable will be marked as
1422.Dq Li IFDISABLED
1423at creation.
1424This means that all of IPv6 functionality on that interface
1425is completely disabled to enforce a security policy.
1426If the variable is set to
1427.Dq YES ,
1428the flag will be cleared on all of the interfaces.
1429.Pp
1430In most cases, just defining an
1431.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1432for an IPv6-capable interface should be sufficient.
1433However, if an interface is added dynamically
1434.Pq by some tunneling protocols such as PPP, for example ,
1435it is often difficult to define the variable in advance.
1436In such a case, configuring the
1437.Dq Li IFDISABLED
1438flag can be disabled by setting this variable to
1439.Dq YES .
1440.Pp
1441For more details of the
1442.Dq Li IFDISABLED
1443flag and keywords
1444.Dq Li inet6 ifdisabled ,
1445see
1446.Xr ifconfig 8 .
1447.Pp
1448Default is
1449.Dq Li NO .
1450.It Va ipv6_privacy
1451.Pq Vt bool
1452If the variable is
1453.Dq Li YES
1454privacy addresses will be generated for each IPv6
1455interface as described in RFC 4941.
1456.It Va ipv6_network_interfaces
1457.Pq Vt str
1458This is the IPv6 equivalent of
1459.Va network_interfaces .
1460Normally manual configuration of this variable is not needed.
1461.Pp
1462.It Va ipv6_cpe_wanif
1463.Pq Vt str
1464If the variable is set to an interface name,
1465the
1466.Xr ifconfig 8
1467options
1468.Dq inet6 -no_radr accept_rtadv
1469will be added to the specified interface automatically before evaluating
1470.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1471and two
1472.Xr sysctl 8
1473variables
1474.Va net.inet6.ip6.rfc6204w3
1475and
1476.Va net.inet6.ip6.no_radr
1477will be set to 1.
1478.Pp
1479This means the specified interface will accept ICMPv6 Router
1480Advertisement messages on that link and add the discovered
1481routers into the Default Router List.
1482While the other interfaces can still accept RA messages if the
1483.Dq inet6 accept_rtadv
1484option is specified, adding
1485routes into the Default Router List will be disabled by
1486.Dq inet6 no_radr
1487option by default.
1488See
1489.Xr ifconfig 8
1490for more details.
1491.Pp
1492Note that ICMPv6 Router Advertisement messages will be
1493accepted even when
1494.Va net.inet6.ip6.forwarding
1495is 1
1496.Pq packet forwarding is enabled
1497when
1498.Va net.inet6.ip6.rfc6204w3
1499is set to 1.
1500.Pp
1501Default is
1502.Dq Li NO .
1503.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1504.Pq Vt str
1505IPv6 functionality on an interface should be configured by
1506.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1507instead of setting ifconfig parameters in
1508.Va ifconfig_ Ns Aq Ar interface .
1509If this variable is empty, all of IPv6 configurations on the
1510specified interface by other variables such as
1511.Va ipv6_prefix_ Ns Ao Ar interface Ac
1512will be ignored.
1513.Pp
1514Aliases should be set by
1515.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1516with
1517.Dq Li inet6
1518keyword.
1519For example:
1520.Bd -literal
1521ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1522ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1523.Ed
1524.Pp
1525Interfaces that have an
1526.Dq Li inet6 accept_rtadv
1527keyword in
1528.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1529setting will be automatically configured by SLAAC
1530.Pq StateLess Address AutoConfiguration
1531described in
1532.Rs
1533.%T "RFC 4862"
1534.Re
1535.Pp
1536Note that a link-local address will be automatically configured in
1537addition to the configured global-scope addresses because the IPv6
1538specifications require it on each link.
1539The address is calculated from the MAC address by using an algorithm
1540defined in
1541.Rs
1542.%T "RFC 4862"
1543.%O "Section 5.3"
1544.Re
1545.Pp
1546If only a link-local address is needed on the interface,
1547the following configuration can be used:
1548.Bd -literal
1549ifconfig_ed0_ipv6="inet6 auto_linklocal"
1550.Ed
1551.Pp
1552A link-local address can also be configured manually.
1553This is useful for the default router address of an IPv6 router
1554so that it does not change when the network interface
1555card is replaced.
1556For example:
1557.Bd -literal
1558ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64"
1559.Ed
1560.It Va ipv6_prefix_ Ns Aq Ar interface
1561.Pq Vt str
1562If one or more prefixes are defined in
1563.Va ipv6_prefix_ Ns Aq Ar interface
1564addresses based on each prefix and the EUI-64 interface index will be
1565configured on that interface.
1566Note that this variable will be ignored when
1567.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1568is empty.
1569.Pp
1570For example, the following configuration
1571.Bd -literal
1572ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0"
1573.Ed
1574.Pp
1575is equivalent to the following:
1576.Bd -literal
1577ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1578ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1579ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1580ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1581.Ed
1582.Pp
1583These Subnet-Router anycast addresses will be added only when
1584.Va ipv6_gateway_enable
1585is YES.
1586.It Va ipv6_default_interface
1587.Pq Vt str
1588If not set to
1589.Dq Li NO ,
1590this is the default output interface for scoped addresses.
1591This works only with ipv6_gateway_enable="NO".
1592.It Va ip6addrctl_enable
1593.Pq Vt bool
1594This variable is to enable configuring default address selection policy table
1595.Pq RFC 3484 .
1596The table can be specified in another variable
1597.Va ip6addrctl_policy .
1598For
1599.Va ip6addrctl_policy
1600the following keywords can be specified:
1601.Dq Li ipv4_prefer ,
1602.Dq Li ipv6_prefer ,
1603or
1604.Dq Li AUTO .
1605.Pp
1606If
1607.Dq Li ipv4_prefer
1608or
1609.Dq Li ipv6_prefer
1610is specified,
1611.Xr ip6addrctl 8
1612installs a pre-defined policy table described in Section 2.1
1613.Pq IPv6-preferred
1614or 10.3
1615.Pq IPv4-preferred
1616of RFC 3484.
1617.Pp
1618If
1619.Dq Li AUTO
1620is specified, it attempts to read a file
1621.Pa /etc/ip6addrctl.conf
1622first.
1623If this file is found,
1624.Xr ip6addrctl 8
1625reads and installs it.
1626If not found, a policy is automatically set
1627according to
1628.Va ipv6_activate_all_interfaces
1629variable; if the variable is set to
1630.Dq Li YES
1631the IPv6-preferred one is used.
1632Otherwise IPv4-preferred.
1633.Pp
1634The default value of
1635.Va ip6addrctl_enable
1636and
1637.Va ip6addrctl_policy
1638are
1639.Dq Li YES
1640and
1641.Dq Li AUTO ,
1642respectively.
1643.It Va cloned_interfaces
1644.Pq Vt str
1645Set to the list of clonable network interfaces to create on this host.
1646Further cloning arguments may be passed to the
1647.Xr ifconfig 8
1648.Cm create
1649command for each interface by setting the
1650.Va create_args_ Ns Aq Ar interface
1651variable.
1652If an interface name is specified with
1653.Dq :sticky
1654keyword,
1655the interface will not be destroyed even when
1656.Pa rc.d/netif
1657script is invoked with
1658.Dq stop
1659argument.
1660This is useful when reconfiguring the interface without destroying it.
1661Entries in
1662.Va cloned_interfaces
1663are automatically appended to
1664.Va network_interfaces
1665for configuration.
1666.It Va cloned_interfaces_sticky
1667.Pq Vt bool
1668This variable is to globally enable functionality of
1669.Dq :sticky
1670keyword in
1671.Va cloned_interfaces
1672for all interfaces.
1673The default value is
1674.Dq NO .
1675Even if this variable is specified to
1676.Dq YES ,
1677.Dq :nosticky
1678keyword can be used to override it on per interface basis.
1679.It Va fec_interfaces
1680.Pq Vt str
1681Set to the list of
1682.Xr ng_fec 4
1683Fast EtherChannel interfaces to configure on this host.
1684A
1685.Va fecconfig_ Ns Aq Ar interface
1686variable is assumed to exist for each value of
1687.Ar interface .
1688The value of this variable is used to configure link aggregated interfaces
1689according to the syntax of the
1690.Cm NGM_FEC_ADD_IFACE
1691to
1692.Xr ngctl 8
1693msg.
1694Additionally, this option ensures that each listed interface is created
1695via the
1696.Cm mkpeer
1697command to
1698.Xr ngctl 8
1699before attempting to configure it.
1700For example:
1701.Bd -literal
1702fec_interfaces="fec0"
1703fecconfig_fec0="em0 em1"
1704ifconfig_fec0="DHCP"
1705.Ed
1706.It Va gif_interfaces
1707.Pq Vt str
1708This variable is deprecated in favor of
1709.Va cloned_interfaces .
1710Set to the list of
1711.Xr gif 4
1712tunnel interfaces to configure on this host.
1713A
1714.Va gifconfig_ Ns Aq Ar interface
1715variable is assumed to exist for each value of
1716.Ar interface .
1717The value of this variable is used to configure the link layer of the
1718tunnel according to the syntax of the
1719.Cm tunnel
1720option to
1721.Xr ifconfig 8 .
1722Additionally, this option ensures that each listed interface is created
1723via the
1724.Cm create
1725option to
1726.Xr ifconfig 8
1727before attempting to configure it.
1728.It Va sppp_interfaces
1729.Pq Vt str
1730Set to the list of
1731.Xr sppp 4
1732interfaces to configure on this host.
1733A
1734.Va spppconfig_ Ns Aq Ar interface
1735variable is assumed to exist for each value of
1736.Ar interface .
1737Each interface should also be configured by a general
1738.Va ifconfig_ Ns Aq Ar interface
1739setting.
1740Refer to
1741.Xr spppcontrol 8
1742for more information about available options.
1743.It Va ppp_enable
1744.Pq Vt bool
1745If set to
1746.Dq Li YES ,
1747run the
1748.Xr ppp 8
1749daemon.
1750.It Va ppp_profile
1751.Pq Vt str
1752The name of the profile to use from
1753.Pa /etc/ppp/ppp.conf .
1754Also used for per-profile overrides of
1755.Va ppp_mode
1756and
1757.Va ppp_nat ,
1758and
1759.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1760When the profile name contains any of the characters
1761.Dq Li .-/+
1762they are translated to
1763.Dq Li _
1764for the proposes of the override variable names.
1765.It Va ppp_mode
1766.Pq Vt str
1767Mode in which to run the
1768.Xr ppp 8
1769daemon.
1770.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1771.Pq Vt str
1772Overrides the global
1773.Va ppp_mode
1774for
1775.Ar profile .
1776Accepted modes are
1777.Dq Li auto ,
1778.Dq Li ddial ,
1779.Dq Li direct
1780and
1781.Dq Li dedicated .
1782See the manual for a full description.
1783.It Va ppp_nat
1784.Pq Vt bool
1785If set to
1786.Dq Li YES ,
1787enables network address translation.
1788Used in conjunction with
1789.Va gateway_enable
1790allows hosts on private network addresses access to the Internet using
1791this host as a network address translating router.
1792.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1793.Pq Vt str
1794Overrides the global
1795.Va ppp_nat
1796for
1797.Ar profile .
1798.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1799.Pq Vt int
1800Set the unit number to be used for this profile.
1801See the manual description of
1802.Fl unit Ns Ar N
1803for details.
1804.It Va ppp_user
1805.Pq Vt str
1806The name of the user under which
1807.Xr ppp 8
1808should be started.
1809By
1810default,
1811.Xr ppp 8
1812is started as
1813.Dq Li root .
1814.It Va rc_conf_files
1815.Pq Vt str
1816This option is used to specify a list of files that will override
1817the settings in
1818.Pa /etc/defaults/rc.conf .
1819The files will be read in the order in which they are specified and should
1820include the full path to the file.
1821By default, the files specified are
1822.Pa /etc/rc.conf
1823and
1824.Pa /etc/rc.conf.local
1825.It Va zfs_enable
1826.Pq Vt bool
1827If set to
1828.Dq Li YES ,
1829.Pa /etc/rc.d/zfs
1830will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1831(ZVOLs).
1832.It Va gptboot_enable
1833.Pq Vt bool
1834If set to
1835.Dq Li YES ,
1836.Pa /etc/rc.d/gptboot
1837will log if the system successfully (or not) booted from a GPT partition,
1838which had the
1839.Ar bootonce
1840attribute set using
1841.Xr gpart 8
1842utility.
1843.It Va gbde_autoattach_all
1844.Pq Vt bool
1845If set to
1846.Dq Li YES ,
1847.Pa /etc/rc.d/gbde
1848will attempt to automatically initialize your .bde devices in
1849.Pa /etc/fstab .
1850.It Va gbde_devices
1851.Pq Vt str
1852List the devices that the script should try to attach,
1853or
1854.Dq Li AUTO .
1855.It Va gbde_lockdir
1856.Pq Vt str
1857The directory where the
1858.Xr gbde 4
1859lockfiles are located.
1860The default lockfile directory is
1861.Pa /etc .
1862.Pp
1863The lockfile for each individual
1864.Xr gbde 4
1865device can be overridden by setting the variable
1866.Va gbde_lock_ Ns Aq Ar device ,
1867where
1868.Ar device
1869is the encrypted device without the
1870.Dq Pa /dev/
1871and
1872.Dq Pa .bde
1873parts.
1874.It Va gbde_attach_attempts
1875.Pq Vt int
1876Number of times to attempt attaching to a
1877.Xr gbde 4
1878device, i.e., how many times the user is asked for the pass-phrase.
1879Default is 3.
1880.It Va geli_devices
1881.Pq Vt str
1882List of devices to automatically attach on boot.
1883Note that .eli devices from
1884.Pa /etc/fstab
1885are automatically appended to this list.
1886.It Va geli_tries
1887.Pq Vt int
1888Number of times user is asked for the pass-phrase.
1889If empty, it will be taken from
1890.Va kern.geom.eli.tries
1891sysctl variable.
1892.It Va geli_default_flags
1893.Pq Vt str
1894Default flags to use by
1895.Xr geli 8
1896when configuring disk encryption.
1897Flags can be configured for every device separately by defining
1898.Va geli_ Ns Ao Ar device Ac Ns Va _flags
1899variable.
1900.It Va geli_autodetach
1901.Pq Vt str
1902Specifies if GELI devices should be marked for detach on last close after
1903file systems are mounted.
1904Default is
1905.Dq Li YES .
1906This can be changed for every device separately by defining
1907.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1908variable.
1909.It Va root_rw_mount
1910.Pq Vt bool
1911Set to
1912.Dq Li YES
1913by default.
1914After the file systems are checked at boot time, the root file system
1915is remounted as read-write if this is set to
1916.Dq Li YES .
1917Diskless systems that mount their root file system from a read-only remote
1918NFS share should set this to
1919.Dq Li NO
1920in their
1921.Pa rc.conf .
1922.It Va fsck_y_enable
1923.Pq Vt bool
1924If set to
1925.Dq Li YES ,
1926.Xr fsck 8
1927will be run with the
1928.Fl y
1929flag if the initial preen
1930of the file systems fails.
1931.It Va background_fsck
1932.Pq Vt bool
1933If set to
1934.Dq Li YES ,
1935the system will attempt to run
1936.Xr fsck 8
1937in the background where possible.
1938.It Va background_fsck_delay
1939.Pq Vt int
1940The amount of time in seconds to sleep before starting a background
1941.Xr fsck 8 .
1942It defaults to sixty seconds to allow large applications such as
1943the X server to start before disk I/O bandwidth is monopolized by
1944.Xr fsck 8 .
1945If set to a negative number, the background file system check will be
1946delayed indefinitely to allow the administrator to run it at a more
1947convenient time.
1948For example it may be run from
1949.Xr cron 8
1950by adding a line like
1951.Pp
1952.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
1953.Pp
1954to
1955.Pa /etc/crontab .
1956.It Va netfs_types
1957.Pq Vt str
1958List of file system types that are network-based.
1959This list should generally not be modified by end users.
1960Use
1961.Va extra_netfs_types
1962instead.
1963.It Va extra_netfs_types
1964.Pq Vt str
1965If set to something other than
1966.Dq Li NO
1967(the default),
1968this variable extends the list of file system types
1969for which automatic mounting at startup by
1970.Xr rc 8
1971should be delayed until the network is initialized.
1972It should contain
1973a whitespace-separated list of network file system descriptor pairs,
1974each consisting of a file system type as passed to
1975.Xr mount 8
1976and a human-readable, one-word description,
1977joined with a colon
1978.Pq Ql \&: .
1979Extending the default list in this way is only necessary
1980when third party file system types are used.
1981.It Va syslogd_enable
1982.Pq Vt bool
1983If set to
1984.Dq Li YES ,
1985run the
1986.Xr syslogd 8
1987daemon.
1988.It Va syslogd_program
1989.Pq Vt str
1990Path to
1991.Xr syslogd 8
1992(default
1993.Pa /usr/sbin/syslogd ) .
1994.It Va syslogd_flags
1995.Pq Vt str
1996If
1997.Va syslogd_enable
1998is set to
1999.Dq Li YES ,
2000these are the flags to pass to
2001.Xr syslogd 8 .
2002.It Va inetd_enable
2003.Pq Vt bool
2004If set to
2005.Dq Li YES ,
2006run the
2007.Xr inetd 8
2008daemon.
2009.It Va inetd_program
2010.Pq Vt str
2011Path to
2012.Xr inetd 8
2013(default
2014.Pa /usr/sbin/inetd ) .
2015.It Va inetd_flags
2016.Pq Vt str
2017If
2018.Va inetd_enable
2019is set to
2020.Dq Li YES ,
2021these are the flags to pass to
2022.Xr inetd 8 .
2023.It Va hastd_enable
2024.Pq Vt bool
2025If set to
2026.Dq Li YES ,
2027run the
2028.Xr hastd 8
2029daemon.
2030.It Va hastd_program
2031.Pq Vt str
2032Path to
2033.Xr hastd 8
2034(default
2035.Pa /sbin/hastd ) .
2036.It Va hastd_flags
2037.Pq Vt str
2038If
2039.Va hastd_enable
2040is set to
2041.Dq Li YES ,
2042these are the flags to pass to
2043.Xr hastd 8 .
2044.It Va local_unbound_enable
2045.Pq Vt bool
2046If set to
2047.Dq Li YES ,
2048run the
2049.Xr unbound 8
2050daemon as a local caching resolver.
2051.It Va named_enable
2052.Pq Vt bool
2053If set to
2054.Dq Li YES ,
2055run the
2056.Xr named 8
2057daemon.
2058.It Va named_program
2059.Pq Vt str
2060Path to
2061.Xr named 8
2062(default
2063.Pa /usr/sbin/named ) .
2064.It Va named_conf
2065.Pq Vt str
2066Path to
2067.Xr named 8
2068configuration file, (default
2069.Pa /etc/namedb/named.conf ) .
2070.It Va named_flags
2071.Pq Vt str
2072If
2073.Va named_enable
2074is set to
2075.Dq Li YES ,
2076these are the flags to pass to
2077.Xr named 8 .
2078.It Va named_uid
2079.Pq Vt str
2080The user that the
2081.Xr named 8
2082process should be run as.
2083.It Va named_chrootdir
2084.Pq Vt str
2085The root directory for a name server run in a
2086.Xr chroot 8
2087environment (default
2088.Pa /var/named ) .
2089If left empty
2090.Xr named 8
2091will not be run in a
2092.Xr chroot 8
2093environment.
2094.It Va named_chroot_autoupdate
2095.Pq Vt bool
2096Set to
2097.Dq Li NO
2098to disable automatic update of the
2099.Xr chroot 8
2100environment.
2101.It Va named_symlink_enable
2102.Pq Vt bool
2103Set to
2104.Dq Li NO
2105to disable symlinking of
2106daemon's PID file
2107into the
2108.Xr chroot 8
2109environment.
2110.It Va named_wait
2111.Pq Vt bool
2112Set to have
2113.Pa /etc/rc.d/named
2114loop until working name service is established.
2115.It Va named_wait_host
2116.Pq Vt str
2117Name of host to lookup for the named_wait option.
2118(Default localhost)
2119.It Va named_auto_forward
2120.Pq Vt bool
2121Set to enable automatic creation of a forwarder
2122configuration file derived from
2123.Pa /etc/resolv.conf .
2124.It Va named_auto_forward_only
2125.Pq Vt bool
2126Set to change the default forwarder configuration from
2127.Dq forward first
2128to
2129.Dq forward only .
2130.It Va kerberos5_server_enable
2131.Pq Vt bool
2132Set to
2133.Dq Li YES
2134to start a Kerberos 5 authentication server
2135at boot time.
2136.It Va kerberos5_server
2137.Pq Vt str
2138If
2139.Va kerberos5_server_enable
2140is set to
2141.Dq Li YES
2142this is the path to Kerberos 5 Authentication Server.
2143.It Va kerberos5_server_flags
2144.Pq Vt str
2145Empty by default.
2146This variable contains additional flags to be passed to the Kerberos 5
2147authentication server.
2148.It Va kadmind5_server_enable
2149.Pq Vt bool
2150Set to
2151.Dq Li YES
2152to start
2153.Xr kadmind 8 ,
2154the Kerberos 5 Administration Daemon; set to
2155.Dq Li NO
2156on a slave server.
2157.It Va kadmind5_server
2158.Pq Vt str
2159If
2160.Va kadmind5_server_enable
2161is set to
2162.Dq Li YES
2163this is the path to Kerberos 5 Administration Daemon.
2164.It Va kpasswdd_server_enable
2165.Pq Vt bool
2166Set to
2167.Dq Li YES
2168to start
2169.Xr kpasswdd 8 ,
2170the Kerberos 5 Password-Changing Daemon; set to
2171.Dq Li NO
2172on a slave server.
2173.It Va kpasswdd_server
2174.Pq Vt str
2175If
2176.Va kpasswdd_server_enable
2177is set to
2178.Dq Li YES
2179this is the path to Kerberos 5 Password-Changing Daemon.
2180.It Va kfd_enable
2181.Pq Vt bool
2182Set to
2183.Dq Li YES
2184to start
2185.Xr kfd 8 ,
2186the Kerberos 5 ticket forwarding daemon, at the boot time.
2187.It Va kfd_program
2188.Pq Vt str
2189Path to
2190.Xr kfd 8
2191(default
2192.Pa /usr/libexec/kfd ) .
2193.It Va rwhod_enable
2194.Pq Vt bool
2195If set to
2196.Dq Li YES ,
2197run the
2198.Xr rwhod 8
2199daemon at boot time.
2200.It Va rwhod_flags
2201.Pq Vt str
2202If
2203.Va rwhod_enable
2204is set to
2205.Dq Li YES ,
2206these are the flags to pass to it.
2207.It Va amd_enable
2208.Pq Vt bool
2209If set to
2210.Dq Li YES ,
2211run the
2212.Xr amd 8
2213daemon at boot time.
2214.It Va amd_flags
2215.Pq Vt str
2216If
2217.Va amd_enable
2218is set to
2219.Dq Li YES ,
2220these are the flags to pass to it.
2221See the
2222.Xr amd 8
2223manpage for more information.
2224.It Va amd_map_program
2225.Pq Vt str
2226If set,
2227the specified program is run to get the list of
2228.Xr amd 8
2229maps.
2230For example, if the
2231.Xr amd 8
2232maps are stored in NIS, one can set this to
2233run
2234.Xr ypcat 1
2235to get a list of
2236.Xr amd 8
2237maps from the
2238.Pa amd.master
2239NIS map.
2240.It Va update_motd
2241.Pq Vt bool
2242If set to
2243.Dq Li YES ,
2244.Pa /etc/motd
2245will be updated at boot time to reflect the kernel release
2246being run.
2247If set to
2248.Dq Li NO ,
2249.Pa /etc/motd
2250will not be updated.
2251.It Va nfs_client_enable
2252.Pq Vt bool
2253If set to
2254.Dq Li YES ,
2255run the NFS client daemons at boot time.
2256.It Va nfs_access_cache
2257.Pq Vt int
2258If
2259.Va nfs_client_enable
2260is set to
2261.Dq Li YES ,
2262this can be set to
2263.Dq Li 0
2264to disable NFS ACCESS RPC caching, or to the number of seconds for which
2265NFS ACCESS
2266results should be cached.
2267A value of 2-10 seconds will substantially reduce network
2268traffic for many NFS operations.
2269.It Va nfs_server_enable
2270.Pq Vt bool
2271If set to
2272.Dq Li YES ,
2273run the NFS server daemons at boot time.
2274.It Va nfs_server_flags
2275.Pq Vt str
2276If
2277.Va nfs_server_enable
2278is set to
2279.Dq Li YES ,
2280these are the flags to pass to the
2281.Xr nfsd 8
2282daemon.
2283.It Va nfsv4_server_enable
2284.Pq Vt bool
2285If
2286.Va nfs_server_enable
2287is set to
2288.Dq Li YES
2289and
2290.Va nfsv4_server_enable
2291are set to
2292.Dq Li YES ,
2293enable the server for NFSv4 as well as NFSv2 and NFSv3.
2294.It Va nfsuserd_enable
2295.Pq Vt bool
2296If
2297.Va nfsuserd_enable
2298is set to
2299.Dq Li YES ,
2300run the nfsuserd daemon, which is needed for NFSv4 in order
2301to map between user/group names vs uid/gid numbers.
2302If
2303.Va nfsv4_server_enable
2304is set to
2305.Dq Li YES ,
2306this will be forced enabled.
2307.It Va nfsuserd_flags
2308.Pq Vt str
2309If
2310.Va nfsuserd_enable
2311is set to
2312.Dq Li YES ,
2313these are the flags to pass to the
2314.Xr nfsuserd 8
2315daemon.
2316.It Va nfscbd_enable
2317.Pq Vt bool
2318If
2319.Va nfscbd_enable
2320is set to
2321.Dq Li YES ,
2322run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2323.It Va nfscbd_flags
2324.Pq Vt str
2325If
2326.Va nfscbd_enable
2327is set to
2328.Dq Li YES ,
2329these are the flags to pass to the
2330.Xr nfscbd 8
2331daemon.
2332.It Va oldnfs_server_enable
2333.Pq Vt bool
2334If
2335.Va oldnfs_server_enable
2336is set to
2337.Dq Li YES ,
2338force the NFS server daemons to run the old NFS server code
2339that does not support NFSv4.
2340.It Va mountd_enable
2341.Pq Vt bool
2342If set to
2343.Dq Li YES ,
2344and no
2345.Va nfs_server_enable
2346is set, start
2347.Xr mountd 8 ,
2348but not
2349.Xr nfsd 8
2350daemon.
2351It is commonly needed to run CFS without real NFS used.
2352.It Va mountd_flags
2353.Pq Vt str
2354If
2355.Va mountd_enable
2356is set to
2357.Dq Li YES ,
2358these are the flags to pass to the
2359.Xr mountd 8
2360daemon.
2361.It Va weak_mountd_authentication
2362.Pq Vt bool
2363If set to
2364.Dq Li YES ,
2365allow services like PCNFSD to make non-privileged mount
2366requests.
2367.It Va nfs_reserved_port_only
2368.Pq Vt bool
2369If set to
2370.Dq Li YES ,
2371provide NFS services only on a secure port.
2372.It Va nfs_bufpackets
2373.Pq Vt int
2374If set to a number, indicates the number of packets worth of
2375socket buffer space to reserve on an NFS client.
2376The kernel default is typically 4.
2377Using a higher number may be
2378useful on gigabit networks to improve performance.
2379The minimum value is
23802 and the maximum is 64.
2381.It Va rpc_lockd_enable
2382.Pq Vt bool
2383If set to
2384.Dq Li YES
2385and also an NFS server or client, run
2386.Xr rpc.lockd 8
2387at boot time.
2388.It Va rpc_lockd_flags
2389.Pq Vt str
2390If
2391.Va rpc_lockd_enable
2392is set to
2393.Dq Li YES ,
2394these are the flags to pass to the
2395.Xr rpc.lockd 8
2396daemon.
2397.It Va rpc_statd_enable
2398.Pq Vt bool
2399If set to
2400.Dq Li YES
2401and also an NFS server or client, run
2402.Xr rpc.statd 8
2403at boot time.
2404.It Va rpc_statd_flags
2405.Pq Vt str
2406If
2407.Va rpc_statd_enable
2408is set to
2409.Dq Li YES ,
2410these are the flags to pass to the
2411.Xr rpc.statd 8
2412daemon.
2413.It Va rpcbind_program
2414.Pq Vt str
2415Path to
2416.Xr rpcbind 8
2417(default
2418.Pa /usr/sbin/rpcbind ) .
2419.It Va rpcbind_enable
2420.Pq Vt bool
2421If set to
2422.Dq Li YES ,
2423run the
2424.Xr rpcbind 8
2425service at boot time.
2426.It Va rpcbind_flags
2427.Pq Vt str
2428If
2429.Va rpcbind_enable
2430is set to
2431.Dq Li YES ,
2432these are the flags to pass to the
2433.Xr rpcbind 8
2434daemon.
2435.It Va keyserv_enable
2436.Pq Vt bool
2437If set to
2438.Dq Li YES ,
2439run the
2440.Xr keyserv 8
2441daemon on boot for running Secure RPC.
2442.It Va keyserv_flags
2443.Pq Vt str
2444If
2445.Va keyserv_enable
2446is set to
2447.Dq Li YES ,
2448these are the flags to pass to
2449.Xr keyserv 8
2450daemon.
2451.It Va pppoed_enable
2452.Pq Vt bool
2453If set to
2454.Dq Li YES ,
2455run the
2456.Xr pppoed 8
2457daemon at boot time to provide PPP over Ethernet services.
2458.It Va pppoed_ Ns Aq Ar provider
2459.Pq Vt str
2460.Xr pppoed 8
2461listens to requests to this
2462.Ar provider
2463and ultimately runs
2464.Xr ppp 8
2465with a
2466.Ar system
2467argument of the same name.
2468.It Va pppoed_flags
2469.Pq Vt str
2470Additional flags to pass to
2471.Xr pppoed 8 .
2472.It Va pppoed_interface
2473.Pq Vt str
2474The network interface to run
2475.Xr pppoed 8
2476on.
2477This is mandatory when
2478.Va pppoed_enable
2479is set to
2480.Dq Li YES .
2481.It Va timed_enable
2482.Pq Vt bool
2483If set to
2484.Dq Li YES ,
2485run the
2486.Xr timed 8
2487service at boot time.
2488This command is intended for networks of
2489machines where a consistent
2490.Dq "network time"
2491for all hosts must be established.
2492This is often useful in large NFS
2493environments where time stamps on files are expected to be consistent
2494network-wide.
2495.It Va timed_flags
2496.Pq Vt str
2497If
2498.Va timed_enable
2499is set to
2500.Dq Li YES ,
2501these are the flags to pass to the
2502.Xr timed 8
2503service.
2504.It Va ntpdate_enable
2505.Pq Vt bool
2506If set to
2507.Dq Li YES ,
2508run
2509.Xr ntpdate 8
2510at system startup.
2511This command is intended to
2512synchronize the system clock only
2513.Em once
2514from some standard reference.
2515.It Va ntpdate_config
2516.Pq Vt str
2517Configuration file for
2518.Xr ntpdate 8 .
2519Default
2520.Pa /etc/ntp.conf .
2521.It Va ntpdate_hosts
2522.Pq Vt str
2523A whitespace-separated list of NTP servers to synchronize with at startup.
2524The default is to use the servers listed in
2525.Va ntpdate_config ,
2526if that file exists.
2527.It Va ntpdate_program
2528.Pq Vt str
2529Path to
2530.Xr ntpdate 8
2531(default
2532.Pa /usr/sbin/ntpdate ) .
2533.It Va ntpdate_flags
2534.Pq Vt str
2535If
2536.Va ntpdate_enable
2537is set to
2538.Dq Li YES ,
2539these are the flags to pass to the
2540.Xr ntpdate 8
2541command (typically a hostname).
2542.It Va ntpd_enable
2543.Pq Vt bool
2544If set to
2545.Dq Li YES ,
2546run the
2547.Xr ntpd 8
2548command at boot time.
2549.It Va ntpd_program
2550.Pq Vt str
2551Path to
2552.Xr ntpd 8
2553(default
2554.Pa /usr/sbin/ntpd ) .
2555.It Va ntpd_config
2556.Pq Vt str
2557Path to
2558.Xr ntpd 8
2559configuration file.
2560Default
2561.Pa /etc/ntp.conf .
2562.It Va ntpd_flags
2563.Pq Vt str
2564If
2565.Va ntpd_enable
2566is set to
2567.Dq Li YES ,
2568these are the flags to pass to the
2569.Xr ntpd 8
2570daemon.
2571.It Va ntpd_sync_on_start
2572.Pq Vt bool
2573If set to
2574.Dq Li YES ,
2575.Xr ntpd 8
2576is run with the
2577.Fl g
2578flag, which syncs the system's clock on startup.
2579See
2580.Xr ntpd 8
2581for more information regarding the
2582.Fl g
2583option.
2584This is a preferred alternative to using
2585.Xr ntpdate 8
2586or specifying the
2587.Va ntpdate_enable
2588variable.
2589.It Va nis_client_enable
2590.Pq Vt bool
2591If set to
2592.Dq Li YES ,
2593run the
2594.Xr ypbind 8
2595service at system boot time.
2596.It Va nis_client_flags
2597.Pq Vt str
2598If
2599.Va nis_client_enable
2600is set to
2601.Dq Li YES ,
2602these are the flags to pass to the
2603.Xr ypbind 8
2604service.
2605.It Va nis_ypset_enable
2606.Pq Vt bool
2607If set to
2608.Dq Li YES ,
2609run the
2610.Xr ypset 8
2611daemon at system boot time.
2612.It Va nis_ypset_flags
2613.Pq Vt str
2614If
2615.Va nis_ypset_enable
2616is set to
2617.Dq Li YES ,
2618these are the flags to pass to the
2619.Xr ypset 8
2620daemon.
2621.It Va nis_server_enable
2622.Pq Vt bool
2623If set to
2624.Dq Li YES ,
2625run the
2626.Xr ypserv 8
2627daemon at system boot time.
2628.It Va nis_server_flags
2629.Pq Vt str
2630If
2631.Va nis_server_enable
2632is set to
2633.Dq Li YES ,
2634these are the flags to pass to the
2635.Xr ypserv 8
2636daemon.
2637.It Va nis_ypxfrd_enable
2638.Pq Vt bool
2639If set to
2640.Dq Li YES ,
2641run the
2642.Xr rpc.ypxfrd 8
2643daemon at system boot time.
2644.It Va nis_ypxfrd_flags
2645.Pq Vt str
2646If
2647.Va nis_ypxfrd_enable
2648is set to
2649.Dq Li YES ,
2650these are the flags to pass to the
2651.Xr rpc.ypxfrd 8
2652daemon.
2653.It Va nis_yppasswdd_enable
2654.Pq Vt bool
2655If set to
2656.Dq Li YES ,
2657run the
2658.Xr rpc.yppasswdd 8
2659daemon at system boot time.
2660.It Va nis_yppasswdd_flags
2661.Pq Vt str
2662If
2663.Va nis_yppasswdd_enable
2664is set to
2665.Dq Li YES ,
2666these are the flags to pass to the
2667.Xr rpc.yppasswdd 8
2668daemon.
2669.It Va rpc_ypupdated_enable
2670.Pq Vt bool
2671If set to
2672.Dq Li YES ,
2673run the
2674.Nm rpc.ypupdated
2675daemon at system boot time.
2676.It Va bsnmpd_enable
2677.Pq Vt bool
2678If set to
2679.Dq Li YES ,
2680run the
2681.Xr bsnmpd 1
2682daemon at system boot time.
2683Be sure to understand the security implications of running SNMP daemon
2684on your host.
2685.It Va bsnmpd_flags
2686.Pq Vt str
2687If
2688.Va bsnmpd_enable
2689is set to
2690.Dq Li YES ,
2691these are the flags to pass to the
2692.Xr bsnmpd 1
2693daemon.
2694.It Va defaultrouter
2695.Pq Vt str
2696If not set to
2697.Dq Li NO ,
2698create a default route to this host name or IP address
2699(use an IP address if this router is also required to get to the
2700name server!).
2701.It Va ipv6_defaultrouter
2702.Pq Vt str
2703The IPv6 equivalent of
2704.Va defaultrouter .
2705.It Va static_arp_pairs
2706.Pq Vt str
2707Set to the list of static ARP pairs that are to be added at system
2708boot time.
2709For each whitespace separated
2710.Ar element
2711in the value, a
2712.Va static_arp_ Ns Aq Ar element
2713variable is assumed to exist whose contents will later be passed to a
2714.Dq Nm arp Cm -S
2715operation.
2716For example
2717.Bd -literal
2718static_arp_pairs="gw"
2719static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2720.Ed
2721.It Va static_ndp_pairs
2722.Pq Vt str
2723Set to the list of static NDP pairs that are to be added at system
2724boot time.
2725For each whitespace separated
2726.Ar element
2727in the value, a
2728.Va static_ndp_ Ns Aq Ar element
2729variable is assumed to exist whose contents will later be passed to a
2730.Dq Nm ndp Cm -s
2731operation.
2732For example
2733.Bd -literal
2734static_ndp_pairs="gw"
2735static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2736.Ed
2737.It Va static_routes
2738.Pq Vt str
2739Set to the list of static routes that are to be added at system
2740boot time.
2741If not set to
2742.Dq Li NO
2743then for each whitespace separated
2744.Ar element
2745in the value, a
2746.Va route_ Ns Aq Ar element
2747variable is assumed to exist
2748whose contents will later be passed to a
2749.Dq Nm route Cm add
2750operation.
2751For example:
2752.Bd -literal
2753static_routes="ext mcast:gif0 gif0local:gif0"
2754route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2755route_mcast="-net 224.0.0.0/4 -iface gif0"
2756route_gif0local="-host 169.254.1.1 -iface lo0"
2757.Ed
2758.Pp
2759When an
2760.Ar element
2761is in the form of
2762.Li name:ifname ,
2763the route is specific to the interface
2764.Li ifname .
2765.It Va ipv6_static_routes
2766.Pq Vt str
2767The IPv6 equivalent of
2768.Va static_routes .
2769If not set to
2770.Dq Li NO
2771then for each whitespace separated
2772.Ar element
2773in the value, a
2774.Va ipv6_route_ Ns Aq Ar element
2775variable is assumed to exist
2776whose contents will later be passed to a
2777.Dq Nm route Cm add Fl inet6
2778operation.
2779.It Va natm_static_routes
2780.Pq Vt str
2781The
2782.Xr natmip 4
2783equivalent of
2784.Va static_routes .
2785If not empty then for each whitespace separated
2786.Ar element
2787in the value, a
2788.Va route_ Ns Aq Ar element
2789variable is assumed to exist whose contents will later be passed to a
2790.Dq Nm atmconfig Cm natm Cm add
2791operation.
2792.It Va gateway_enable
2793.Pq Vt bool
2794If set to
2795.Dq Li YES ,
2796configure host to act as an IP router, e.g.\& to forward packets
2797between interfaces.
2798.It Va ipv6_gateway_enable
2799.Pq Vt bool
2800The IPv6 equivalent of
2801.Va gateway_enable .
2802.It Va routed_enable
2803.Pq Vt bool
2804If set to
2805.Dq Li YES ,
2806run a routing daemon of some sort, based on the
2807settings of
2808.Va routed_program
2809and
2810.Va routed_flags .
2811.It Va route6d_enable
2812.Pq Vt bool
2813The IPv6 equivalent of
2814.Va routed_enable .
2815If set to
2816.Dq Li YES ,
2817run a routing daemon of some sort, based on the
2818settings of
2819.Va route6d_program
2820and
2821.Va route6d_flags .
2822.It Va routed_program
2823.Pq Vt str
2824If
2825.Va routed_enable
2826is set to
2827.Dq Li YES ,
2828this is the name of the routing daemon to use.
2829.It Va route6d_program
2830.Pq Vt str
2831The IPv6 equivalent of
2832.Va routed_program .
2833.It Va routed_flags
2834.Pq Vt str
2835If
2836.Va routed_enable
2837is set to
2838.Dq Li YES ,
2839these are the flags to pass to the routing daemon.
2840.It Va route6d_flags
2841.Pq Vt str
2842The IPv6 equivalent of
2843.Va routed_flags .
2844.It Va mrouted_enable
2845.Pq Vt bool
2846If set to
2847.Dq Li YES ,
2848run the multicast routing daemon,
2849.Xr mrouted 8 .
2850.It Va mroute6d_enable
2851.Pq Vt bool
2852The IPv6 equivalent of
2853.Va mrouted_enable .
2854If set to
2855.Dq Li YES ,
2856run the IPv6 multicast routing daemon.
2857.Pp
2858Note that multicast routing daemons are no longer included in the
2859.Fx
2860base system, however, both
2861.Xr mrouted 8
2862and
2863.Xr pim6dd 8
2864may be installed from the
2865.Fx
2866Ports Collection.
2867.It Va mrouted_flags
2868.Pq Vt str
2869If
2870.Va mrouted_enable
2871is set to
2872.Dq Li YES ,
2873these are the flags to pass to the
2874.Xr mrouted 8
2875daemon.
2876.It Va mroute6d_flags
2877.Pq Vt str
2878The IPv6 equivalent of
2879.Va mrouted_flags .
2880If
2881.Va mroute6d_enable
2882is set to
2883.Dq Li YES ,
2884these are the flags passed to the IPv6 multicast routing daemon.
2885.It Va mroute6d_program
2886.Pq Vt str
2887If
2888.Va mroute6d_enable
2889is set to
2890.Dq Li YES ,
2891this is the path to the IPv6 multicast routing daemon.
2892.It Va rtadvd_enable
2893.Pq Vt bool
2894If set to
2895.Dq Li YES ,
2896run the
2897.Xr rtadvd 8
2898daemon at boot time.
2899The
2900.Xr rtadvd 8
2901utility sends ICMPv6 Router Advertisement messages to
2902the interfaces specified in
2903.Va rtadvd_interfaces .
2904This should only be enabled with great care.
2905You may want to fine-tune
2906.Xr rtadvd.conf 5 .
2907.It Va rtadvd_interfaces
2908.Pq Vt str
2909If
2910.Va rtadvd_enable
2911is set to
2912.Dq Li YES
2913this is the list of interfaces to use.
2914.It Va ipxgateway_enable
2915.Pq Vt bool
2916If set to
2917.Dq Li YES ,
2918enable the routing of IPX traffic.
2919.It Va ipxrouted_enable
2920.Pq Vt bool
2921If set to
2922.Dq Li YES ,
2923run the
2924.Xr IPXrouted 8
2925daemon at system boot time.
2926.It Va ipxrouted_flags
2927.Pq Vt str
2928If
2929.Va ipxrouted_enable
2930is set to
2931.Dq Li YES ,
2932these are the flags to pass to the
2933.Xr IPXrouted 8
2934daemon.
2935.It Va arpproxy_all
2936.Pq Vt bool
2937If set to
2938.Dq Li YES ,
2939enable global proxy ARP.
2940.It Va forward_sourceroute
2941.Pq Vt bool
2942If set to
2943.Dq Li YES
2944and
2945.Va gateway_enable
2946is also set to
2947.Dq Li YES ,
2948source-routed packets are forwarded.
2949.It Va accept_sourceroute
2950.Pq Vt bool
2951If set to
2952.Dq Li YES ,
2953the system will accept source-routed packets directed at it.
2954.It Va rarpd_enable
2955.Pq Vt bool
2956If set to
2957.Dq Li YES ,
2958run the
2959.Xr rarpd 8
2960daemon at system boot time.
2961.It Va rarpd_flags
2962.Pq Vt str
2963If
2964.Va rarpd_enable
2965is set to
2966.Dq Li YES ,
2967these are the flags to pass to the
2968.Xr rarpd 8
2969daemon.
2970.It Va bootparamd_enable
2971.Pq Vt bool
2972If set to
2973.Dq Li YES ,
2974run the
2975.Xr bootparamd 8
2976daemon at system boot time.
2977.It Va bootparamd_flags
2978.Pq Vt str
2979If
2980.Va bootparamd_enable
2981is set to
2982.Dq Li YES ,
2983these are the flags to pass to the
2984.Xr bootparamd 8
2985daemon.
2986.It Va stf_interface_ipv4addr
2987.Pq Vt str
2988If not set to
2989.Dq Li NO ,
2990this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2991interface).
2992Specify this entry to enable the 6to4 interface.
2993.It Va stf_interface_ipv4plen
2994.Pq Vt int
2995Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2996An effective value is 0-31.
2997.It Va stf_interface_ipv6_ifid
2998.Pq Vt str
2999IPv6 interface ID for
3000.Xr stf 4 .
3001This can be set to
3002.Dq Li AUTO .
3003.It Va stf_interface_ipv6_slaid
3004.Pq Vt str
3005IPv6 Site Level Aggregator for
3006.Xr stf 4 .
3007.It Va ipv6_faith_prefix
3008.Pq Vt str
3009If not set to
3010.Dq Li NO ,
3011this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
3012translator.
3013You also need
3014.Xr faithd 8
3015setup.
3016.It Va ipv6_ipv4mapping
3017.Pq Vt bool
3018If set to
3019.Dq Li YES
3020this enables IPv4 mapped IPv6 address communication (like
3021.Li ::ffff:a.b.c.d ) .
3022.It Va rtsold_enable
3023.Pq Vt bool
3024Set to
3025.Dq Li YES
3026to enable the
3027.Xr rtsold 8
3028daemon to send ICMPv6 Router Solicitation messages.
3029.It Va rtsold_flags
3030.Pq Vt str
3031If
3032.Va rtsold_enable
3033is set to
3034.Dq Li YES ,
3035these are the flags to pass to
3036.Xr rtsold 8 .
3037.It Va rtsol_flags
3038.Pq Vt str
3039For interfaces configured with the
3040.Dq Li inet6 accept_rtadv
3041keyword, these are the flags to pass to
3042.Xr rtsol 8 .
3043.Pp
3044Note that
3045.Va rtsold_enable
3046is mutually exclusive to
3047.Va rtsol_flags ;
3048.Va rtsold_enable
3049takes precedence.
3050.It Va atm_enable
3051.Pq Vt bool
3052Set to
3053.Dq Li YES
3054to enable the configuration of ATM interfaces at system boot time.
3055For all of the ATM variables described below, please refer to the
3056.Xr atm 8
3057manual page for further details on the available command parameters.
3058Also refer to the files in
3059.Pa /usr/share/examples/atm
3060for more detailed configuration information.
3061.It Va atm_load
3062.Pq Vt str
3063This is a list of physical ATM interface drivers to load.
3064Typical values are
3065.Dq Li hfa_pci
3066and/or
3067.Dq Li hea_pci .
3068.It Va atm_netif_ Ns Aq Ar intf
3069.Pq Vt str
3070For the ATM physical interface
3071.Ar intf ,
3072this variable defines the name prefix and count for the ATM network
3073interfaces to be created.
3074The value will be passed as the parameters of an
3075.Dq Nm atm Cm "set netif" Ar intf
3076command.
3077.It Va atm_sigmgr_ Ns Aq Ar intf
3078.Pq Vt str
3079For the ATM physical interface
3080.Ar intf ,
3081this variable defines the ATM signalling manager to be used.
3082The value will be passed as the parameters of an
3083.Dq Nm atm Cm attach Ar intf
3084command.
3085.It Va atm_prefix_ Ns Aq Ar intf
3086.Pq Vt str
3087For the ATM physical interface
3088.Ar intf ,
3089this variable defines the NSAP prefix for interfaces using a UNI signalling
3090manager.
3091If set to
3092.Dq Li ILMI ,
3093the prefix will automatically be set via the
3094.Xr ilmid 8
3095daemon.
3096Otherwise, the value will be passed as the parameters of an
3097.Dq Nm atm Cm "set prefix" Ar intf
3098command.
3099.It Va atm_macaddr_ Ns Aq Ar intf
3100.Pq Vt str
3101For the ATM physical interface
3102.Ar intf ,
3103this variable defines the MAC address for interfaces using a UNI signalling
3104manager.
3105If set to
3106.Dq Li NO ,
3107the hardware MAC address contained in the ATM interface card will be used.
3108Otherwise, the value will be passed as the parameters of an
3109.Dq Nm atm Cm "set mac" Ar intf
3110command.
3111.It Va atm_arpserver_ Ns Aq Ar netif
3112.Pq Vt str
3113For the ATM network interface
3114.Ar netif ,
3115this variable defines the ATM address for a host which is to provide ATMARP
3116service.
3117This variable is only applicable to interfaces using a UNI signalling
3118manager.
3119If set to
3120.Dq Li local ,
3121this host will become an ATMARP server.
3122The value will be passed as the parameters of an
3123.Dq Nm atm Cm "set arpserver" Ar netif
3124command.
3125.It Va atm_scsparp_ Ns Aq Ar netif
3126.Pq Vt bool
3127If set to
3128.Dq Li YES ,
3129SCSP/ATMARP service for the network interface
3130.Ar netif
3131will be initiated using the
3132.Xr scspd 8
3133and
3134.Xr atmarpd 8
3135daemons.
3136This variable is only applicable if
3137.Va atm_arpserver_ Ns Aq Ar netif
3138is set to
3139.Dq Li local .
3140.It Va atm_pvcs
3141.Pq Vt str
3142Set to the list of ATM PVCs to be added at system
3143boot time.
3144For each whitespace separated
3145.Ar element
3146in the value, an
3147.Va atm_pvc_ Ns Aq Ar element
3148variable is assumed to exist.
3149The value of each of these variables
3150will be passed as the parameters of an
3151.Dq Nm atm Cm "add pvc"
3152command.
3153.It Va atm_arps
3154.Pq Vt str
3155Set to the list of permanent ATM ARP entries to be added
3156at system boot time.
3157For each whitespace separated
3158.Ar element
3159in the value, an
3160.Va atm_arp_ Ns Aq Ar element
3161variable is assumed to exist.
3162The value of each of these variables
3163will be passed as the parameters of an
3164.Dq Nm atm Cm "add arp"
3165command.
3166.It Va natm_interfaces
3167.Pq Vt str
3168Set to the list of
3169.Xr natm 4
3170interfaces that will also be used for HARP through
3171.Xr harp 4 .
3172If this list is not empty all interfaces in the list will be brought up
3173with
3174.Xr ifconfig 8
3175and
3176.Xr harp 4
3177will be loaded.
3178For this to work the interface drivers must be either compiled into the
3179kernel or must reside on the root partition.
3180.It Va keybell
3181.Pq Vt str
3182The keyboard bell sound.
3183Set to
3184.Dq Li normal ,
3185.Dq Li visual ,
3186.Dq Li off ,
3187or
3188.Dq Li NO
3189if the default behavior is desired.
3190For details, refer to the
3191.Xr kbdcontrol 1
3192manpage.
3193.It Va keyboard
3194.Pq Vt str
3195If set to a non-null string, the virtual console's keyboard input is
3196set to this device.
3197.It Va keymap
3198.Pq Vt str
3199If set to
3200.Dq Li NO ,
3201no keymap is installed, otherwise the value is used to install
3202the keymap file in
3203.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
3204.It Va keyrate
3205.Pq Vt str
3206The keyboard repeat speed.
3207Set to
3208.Dq Li slow ,
3209.Dq Li normal ,
3210.Dq Li fast ,
3211or
3212.Dq Li NO
3213if the default behavior is desired.
3214.It Va keychange
3215.Pq Vt str
3216If not set to
3217.Dq Li NO ,
3218attempt to program the function keys with the value.
3219The value should
3220be a single string of the form:
3221.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3222.It Va cursor
3223.Pq Vt str
3224Can be set to the value of
3225.Dq Li normal ,
3226.Dq Li blink ,
3227.Dq Li destructive ,
3228or
3229.Dq Li NO
3230to set the cursor behavior explicitly or choose the default behavior.
3231.It Va scrnmap
3232.Pq Vt str
3233If set to
3234.Dq Li NO ,
3235no screen map is installed, otherwise the value is used to install
3236the screen map file in
3237.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3238.It Va font8x16
3239.Pq Vt str
3240If set to
3241.Dq Li NO ,
3242the default 8x16 font value is used for screen size requests, otherwise
3243the value in
3244.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3245is used.
3246.It Va font8x14
3247.Pq Vt str
3248If set to
3249.Dq Li NO ,
3250the default 8x14 font value is used for screen size requests, otherwise
3251the value in
3252.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3253is used.
3254.It Va font8x8
3255.Pq Vt str
3256If set to
3257.Dq Li NO ,
3258the default 8x8 font value is used for screen size requests, otherwise
3259the value in
3260.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3261is used.
3262.It Va blanktime
3263.Pq Vt int
3264If set to
3265.Dq Li NO ,
3266the default screen blanking interval is used, otherwise it is set
3267to
3268.Ar value
3269seconds.
3270.It Va saver
3271.Pq Vt str
3272If not set to
3273.Dq Li NO ,
3274this is the actual screen saver to use
3275.Li ( blank , snake , daemon ,
3276etc).
3277.It Va moused_nondefault_enable
3278.Pq Vt str
3279If set to
3280.Dq Li NO ,
3281the mouse device specified on
3282the command line is not automatically treated as enabled by the
3283.Pa /etc/rc.d/moused
3284script.
3285Having this variable set to
3286.Dq Li YES
3287allows a
3288.Xr usb 4
3289mouse,
3290for example,
3291to be enabled as soon as it is plugged in.
3292.It Va moused_enable
3293.Pq Vt str
3294If set to
3295.Dq Li YES ,
3296the
3297.Xr moused 8
3298daemon is started for doing cut/paste selection on the console.
3299.It Va moused_type
3300.Pq Vt str
3301This is the protocol type of the mouse connected to this host.
3302This variable must be set if
3303.Va moused_enable
3304is set to
3305.Dq Li YES .
3306The
3307.Xr moused 8
3308daemon
3309is able to detect the appropriate mouse type automatically in many cases.
3310Set this variable to
3311.Dq Li auto
3312to let the daemon detect it, or
3313select one from the following list if the automatic detection fails.
3314.Pp
3315If the mouse is attached to the PS/2 mouse port, choose
3316.Dq Li auto
3317or
3318.Dq Li ps/2 ,
3319regardless of the brand and model of the mouse.
3320Likewise, if the
3321mouse is attached to the bus mouse port, choose
3322.Dq Li auto
3323or
3324.Dq Li busmouse .
3325All other protocols are for serial mice and will not work with
3326the PS/2 and bus mice.
3327If this is a USB mouse,
3328.Dq Li auto
3329is the only protocol type which will work.
3330.Pp
3331.Bl -tag -width ".Li x10mouseremote" -compact
3332.It Li microsoft
3333Microsoft mouse (serial)
3334.It Li intellimouse
3335Microsoft IntelliMouse (serial)
3336.It Li mousesystems
3337Mouse systems Corp.\& mouse (serial)
3338.It Li mmseries
3339MM Series mouse (serial)
3340.It Li logitech
3341Logitech mouse (serial)
3342.It Li busmouse
3343A bus mouse
3344.It Li mouseman
3345Logitech MouseMan and TrackMan (serial)
3346.It Li glidepoint
3347ALPS GlidePoint (serial)
3348.It Li thinkingmouse
3349Kensington ThinkingMouse (serial)
3350.It Li ps/2
3351PS/2 mouse
3352.It Li mmhittab
3353MM HitTablet (serial)
3354.It Li x10mouseremote
3355X10 MouseRemote (serial)
3356.It Li versapad
3357Interlink VersaPad (serial)
3358.El
3359.Pp
3360Even if the mouse is not in the above list, it may be compatible
3361with one in the list.
3362Refer to the manual page for
3363.Xr moused 8
3364for compatibility information.
3365.Pp
3366It should also be noted that while this is enabled, any
3367other client of the mouse (such as an X server) should access
3368the mouse through the virtual mouse device,
3369.Pa /dev/sysmouse ,
3370and configure it as a
3371.Dq Li sysmouse
3372type mouse, since all
3373mouse data is converted to this single canonical format when
3374using
3375.Xr moused 8 .
3376If the client program does not support the
3377.Dq Li sysmouse
3378type,
3379specify the
3380.Dq Li mousesystems
3381type.
3382It is the second preferred type.
3383.It Va moused_port
3384.Pq Vt str
3385If
3386.Va moused_enable
3387is set to
3388.Dq Li YES ,
3389this is the actual port the mouse is on.
3390It might be
3391.Pa /dev/cuau0
3392for a COM1 serial mouse,
3393.Pa /dev/psm0
3394for a PS/2 mouse or
3395.Pa /dev/mse0
3396for a bus mouse, for example.
3397.It Va moused_flags
3398.Pq Vt str
3399If
3400.Va moused_flags
3401is set, its value is used as an additional set of flags to pass to the
3402.Xr moused 8
3403daemon.
3404.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3405When
3406.Va moused_nondefault_enable
3407is enabled, and a
3408.Xr moused 8
3409daemon is started for a non-default port, the
3410.Va "moused_" Ns Ar XXX Ns Va "_flags"
3411set of options has precedence over and replaces the default
3412.Va moused_flags
3413(where
3414.Ar XXX
3415is the name of the non-default port, i.e.,\&
3416.Ar ums0 ) .
3417By setting
3418.Va "moused_" Ns Ar XXX Ns Va "_flags"
3419it is possible to set up a different set of default flags for each
3420.Xr moused 8
3421instance.
3422For example, you can use
3423.Dq Li "-3"
3424for the default
3425.Va moused_flags
3426to make your laptop's touchpad more comfortable to use,
3427but an empty set of options for
3428.Va moused_ums0_flags
3429when your
3430.Xr usb 4
3431mouse has three or more buttons.
3432.It Va mousechar_start
3433.Pq Vt int
3434If set to
3435.Dq Li NO ,
3436the default mouse cursor character range
3437.Li 0xd0 Ns - Ns Li 0xd3
3438is used,
3439otherwise the range start is set
3440to
3441.Ar value
3442character, see
3443.Xr vidcontrol 1 .
3444Use if the default range is occupied in the language code table.
3445.It Va allscreens_flags
3446.Pq Vt str
3447If set,
3448.Xr vidcontrol 1
3449is run with these options for each of the virtual terminals
3450.Pq Pa /dev/ttyv* .
3451For example,
3452.Dq Fl m Cm on
3453will enable the mouse pointer on all virtual terminals
3454if
3455.Va moused_enable
3456is set to
3457.Dq Li YES .
3458.It Va allscreens_kbdflags
3459.Pq Vt str
3460If set,
3461.Xr kbdcontrol 1
3462is run with these options for each of the virtual terminals
3463.Pq Pa /dev/ttyv* .
3464For example,
3465.Dq Fl h Li 200
3466will set the
3467.Xr syscons 4
3468scrollback (history) buffer to 200 lines.
3469.It Va cron_enable
3470.Pq Vt bool
3471If set to
3472.Dq Li YES ,
3473run the
3474.Xr cron 8
3475daemon at system boot time.
3476.It Va cron_program
3477.Pq Vt str
3478Path to
3479.Xr cron 8
3480(default
3481.Pa /usr/sbin/cron ) .
3482.It Va cron_flags
3483.Pq Vt str
3484If
3485.Va cron_enable
3486is set to
3487.Dq Li YES ,
3488these are the flags to pass to
3489.Xr cron 8 .
3490.It Va cron_dst
3491.Pq Vt bool
3492If set to
3493.Dq Li YES ,
3494enable the special handling of transitions to and from the
3495Daylight Saving Time in
3496.Xr cron 8
3497(equivalent to using the flag
3498.Fl s ) .
3499.It Va lpd_program
3500.Pq Vt str
3501Path to
3502.Xr lpd 8
3503(default
3504.Pa /usr/sbin/lpd ) .
3505.It Va lpd_enable
3506.Pq Vt bool
3507If set to
3508.Dq Li YES ,
3509run the
3510.Xr lpd 8
3511daemon at system boot time.
3512.It Va lpd_flags
3513.Pq Vt str
3514If
3515.Va lpd_enable
3516is set to
3517.Dq Li YES ,
3518these are the flags to pass to the
3519.Xr lpd 8
3520daemon.
3521.It Va chkprintcap_enable
3522.Pq Vt bool
3523If set to
3524.Dq Li YES ,
3525run the
3526.Xr chkprintcap 8
3527command before starting the
3528.Xr lpd 8
3529daemon.
3530.It Va chkprintcap_flags
3531.Pq Vt str
3532If
3533.Va lpd_enable
3534and
3535.Va chkprintcap_enable
3536are set to
3537.Dq Li YES ,
3538these are the flags to pass to the
3539.Xr chkprintcap 8
3540program.
3541The default is
3542.Dq Li -d ,
3543which causes missing directories to be created.
3544.It Va mta_start_script
3545.Pq Vt str
3546This variable specifies the full path to the script to run to start
3547a mail transfer agent.
3548The default is
3549.Pa /etc/rc.sendmail .
3550The
3551.Va sendmail_*
3552variables which
3553.Pa /etc/rc.sendmail
3554uses are documented in the
3555.Xr rc.sendmail 8
3556manual page.
3557.It Va dumpdev
3558.Pq Vt str
3559Indicates the device (usually a swap partition) to which a crash dump
3560should be written in the event of a system crash.
3561If the value of this variable is
3562.Dq Li AUTO ,
3563the first suitable swap device listed in
3564.Pa /etc/fstab
3565will be used as dump device.
3566Otherwise, the value of this variable is passed as the argument to
3567.Xr dumpon 8 .
3568To disable crash dumps, set this variable to
3569.Dq Li NO .
3570.It Va dumpdir
3571.Pq Vt str
3572When the system reboots after a crash and a crash dump is found on the
3573device specified by the
3574.Va dumpdev
3575variable,
3576.Xr savecore 8
3577will save that crash dump and a copy of the kernel to the directory
3578specified by the
3579.Va dumpdir
3580variable.
3581The default value is
3582.Pa /var/crash .
3583Set to
3584.Dq Li NO
3585to not run
3586.Xr savecore 8
3587at boot time when
3588.Va dumpdir
3589is set.
3590.It Va savecore_flags
3591.Pq Vt str
3592If crash dumps are enabled, these are the flags to pass to the
3593.Xr savecore 8
3594utility.
3595.It Va quota_enable
3596.Pq Vt bool
3597Set to
3598.Dq Li YES
3599to turn on user and group disk quotas on system startup via the
3600.Xr quotaon 8
3601command for all file systems marked as having quotas enabled in
3602.Pa /etc/fstab .
3603The kernel must be built with
3604.Cd "options QUOTA"
3605for disk quotas to function.
3606.It Va check_quotas
3607.Pq Vt bool
3608Set to
3609.Dq Li YES
3610to enable user and group disk quota checking via the
3611.Xr quotacheck 8
3612command.
3613.It Va quotacheck_flags
3614.Pq Vt str
3615If
3616.Va quota_enable
3617is set to
3618.Dq Li YES ,
3619and
3620.Va check_quotas
3621is set to
3622.Dq Li YES ,
3623these are the flags to pass to the
3624.Xr quotacheck 8
3625utility.
3626The default is
3627.Dq Li "-a" ,
3628which checks quotas for all file systems with quotas enabled in
3629.Pa /etc/fstab .
3630.It Va quotaon_flags
3631.Pq Vt str
3632If
3633.Va quota_enable
3634is set to
3635.Dq Li YES ,
3636these are the flags to pass to the
3637.Xr quotaon 8
3638utility.
3639The default is
3640.Dq Li "-a" ,
3641which enables quotas for all file systems with quotas enabled in
3642.Pa /etc/fstab .
3643.It Va quotaoff_flags
3644.Pq Vt str
3645If
3646.Va quota_enable
3647is set to
3648.Dq Li YES ,
3649these are the flags to pass to the
3650.Xr quotaoff 8
3651utility when shutting down the quota system.
3652The default is
3653.Dq Li "-a" ,
3654which disables quotas for all file systems with quotas enabled in
3655.Pa /etc/fstab .
3656.It Va accounting_enable
3657.Pq Vt bool
3658Set to
3659.Dq Li YES
3660to enable system accounting through the
3661.Xr accton 8
3662facility.
3663.It Va ibcs2_enable
3664.Pq Vt bool
3665Set to
3666.Dq Li YES
3667to enable iBCS2 (SCO) binary emulation at system initial boot
3668time.
3669.It Va ibcs2_loaders
3670.Pq Vt str
3671If not set to
3672.Dq Li NO
3673and if
3674.Va ibcs2_enable
3675is set to
3676.Dq Li YES ,
3677this specifies a list of additional iBCS2 loaders to enable.
3678.It Va linux_enable
3679.Pq Vt bool
3680Set to
3681.Dq Li YES
3682to enable Linux/ELF binary emulation at system initial
3683boot time.
3684.It Va svr4_enable
3685.Pq Vt bool
3686If set to
3687.Dq Li YES ,
3688enable SysVR4 emulation at boot time.
3689.It Va sysvipc_enable
3690.Pq Vt bool
3691If set to
3692.Dq Li YES ,
3693load System V IPC primitives at boot time.
3694.It Va clear_tmp_enable
3695.Pq Vt bool
3696Set to
3697.Dq Li YES
3698to have
3699.Pa /tmp
3700cleaned at startup.
3701.It Va clear_tmp_X
3702.Pq Vt bool
3703Set to
3704.Dq Li NO
3705to disable removing of X11 lock files,
3706and the removal and (secure) recreation
3707of the various socket directories for X11
3708related programs.
3709.It Va ldconfig_paths
3710.Pq Vt str
3711Set to the list of shared library paths to use with
3712.Xr ldconfig 8 .
3713NOTE:
3714.Pa /usr/lib
3715will always be added first, so it need not appear in this list.
3716.It Va ldconfig32_paths
3717.Pq Vt str
3718Set to the list of 32-bit compatibility shared library paths to
3719use with
3720.Xr ldconfig 8 .
3721.It Va ldconfig_paths_aout
3722.Pq Vt str
3723Set to the list of shared library paths to use with
3724.Xr ldconfig 8
3725legacy
3726.Xr a.out 5
3727support.
3728.It Va ldconfig_insecure
3729.Pq Vt bool
3730The
3731.Xr ldconfig 8
3732utility normally refuses to use directories
3733which are writable by anyone except root.
3734Set this variable to
3735.Dq Li YES
3736to disable that security check during system startup.
3737.It Va ldconfig_local_dirs
3738.Pq Vt str
3739Set to the list of local
3740.Xr ldconfig 8
3741directories.
3742The names of all files in the directories listed will be
3743passed as arguments to
3744.Xr ldconfig 8 .
3745.It Va ldconfig_local32_dirs
3746.Pq Vt str
3747Set to the list of local 32-bit compatibility
3748.Xr ldconfig 8
3749directories.
3750The names of all files in the directories listed will be
3751passed as arguments to
3752.Dq Nm ldconfig Fl 32 .
3753.It Va kern_securelevel_enable
3754.Pq Vt bool
3755Set to
3756.Dq Li YES
3757to set the kernel security level at system startup.
3758.It Va kern_securelevel
3759.Pq Vt int
3760The kernel security level to set at startup.
3761The allowed range of
3762.Ar value
3763ranges from \-1 (the compile time default) to 3 (the
3764most secure).
3765See
3766.Xr security 7
3767for the list of possible security levels and their effect
3768on system operation.
3769.It Va sshd_program
3770.Pq Vt str
3771Path to the SSH server program
3772.Pa ( /usr/sbin/sshd
3773is the default).
3774.It Va sshd_enable
3775.Pq Vt bool
3776Set to
3777.Dq Li YES
3778to start
3779.Xr sshd 8
3780at system boot time.
3781.It Va sshd_flags
3782.Pq Vt str
3783If
3784.Va sshd_enable
3785is set to
3786.Dq Li YES ,
3787these are the flags to pass to the
3788.Xr sshd 8
3789daemon.
3790.It Va ftpd_program
3791.Pq Vt str
3792Path to the FTP server program
3793.Pa ( /usr/libexec/ftpd
3794is the default).
3795.It Va ftpd_enable
3796.Pq Vt bool
3797Set to
3798.Dq Li YES
3799to start
3800.Xr ftpd 8
3801as a stand-alone daemon at system boot time.
3802.It Va ftpd_flags
3803.Pq Vt str
3804If
3805.Va ftpd_enable
3806is set to
3807.Dq Li YES ,
3808these are the additional flags to pass to the
3809.Xr ftpd 8
3810daemon.
3811.It Va watchdogd_enable
3812.Pq Vt bool
3813If set to
3814.Dq Li YES ,
3815start the
3816.Xr watchdogd 8
3817daemon at boot time.
3818This requires that the kernel have been compiled with a
3819.Xr watchdog 4
3820compatible device.
3821.It Va watchdogd_flags
3822.Pq Vt str
3823If
3824.Va watchdogd_enable
3825is set to
3826.Dq Li YES ,
3827these are the flags passed to the
3828.Xr watchdogd 8
3829daemon.
3830.It Va devfs_rulesets
3831.Pq Vt str
3832List of files containing sets of rules for
3833.Xr devfs 8 .
3834.It Va devfs_system_ruleset
3835.Pq Vt str
3836Rule name(s) to apply to the system
3837.Pa /dev
3838itself.
3839.It Va devfs_set_rulesets
3840.Pq Vt str
3841Pairs of already-mounted
3842.Pa dev
3843directories and rulesets that should be applied to them.
3844For example: /mount/dev=ruleset_name
3845.It Va devfs_load_rulesets
3846.Pq Vt bool
3847If set, always load the default rulesets listed in
3848.Va devfs_rulesets .
3849.It Va performance_cx_lowest
3850.Pq Vt str
3851CPU idle state to use while on AC power.
3852The string
3853.Dq Li LOW
3854indicates that
3855.Xr acpi 4
3856should use the lowest power state available while
3857.Dq Li HIGH
3858indicates that the lowest latency state (less power savings) should be used.
3859.It Va performance_cpu_freq
3860.Pq Vt str
3861CPU clock frequency to use while on AC power.
3862The string
3863.Dq Li LOW
3864indicates that
3865.Xr cpufreq 4
3866should use the lowest frequency available while
3867.Dq Li HIGH
3868indicates that the highest frequency (less power savings) should be used.
3869.It Va economy_cx_lowest
3870.Pq Vt str
3871CPU idle state to use when off AC power.
3872The string
3873.Dq Li LOW
3874indicates that
3875.Xr acpi 4
3876should use the lowest power state available while
3877.Dq Li HIGH
3878indicates that the lowest latency state (less power savings) should be used.
3879.It Va economy_cpu_freq
3880.Pq Vt str
3881CPU clock frequency to use when off AC power.
3882The string
3883.Dq Li LOW
3884indicates that
3885.Xr cpufreq 4
3886should use the lowest frequency available while
3887.Dq Li HIGH
3888indicates that the highest frequency (less power savings) should be used.
3889.It Va jail_enable
3890.Pq Vt bool
3891If set to
3892.Dq Li NO ,
3893any configured jails will not be started.
3894.It Va jail_conf
3895.Pq Vt str
3896The configuration filename used by
3897.Xr jail 8
3898utility.
3899The default value is
3900.Pa /etc/jail.conf .
3901.It Va jail_parallel_start
3902.Pq Vt bool
3903If set to
3904.Dq Li YES ,
3905all configured jails will be started in the background (in parallel).
3906.It Va jail_flags
3907.Pq Vt str
3908Unset by default.
3909When set, use as default value for
3910.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3911for every jail in
3912.Va jail_list .
3913.It Va jail_list
3914.Pq Vt str
3915A space separated list of names for jails.
3916If this variable is empty,
3917all of
3918.Xr jail 8
3919instances in the configuration file will be configured.
3920This is purely a configuration aid to help identify and
3921configure multiple jails.
3922The names specified in this list will be used to
3923identify settings common to an instance of a jail,
3924and should contain alphanumeric characters only.
3925The literal jail name of
3926.Dq Li 0
3927.Pq zero
3928is not allowed.
3929.It Va jail_* variables
3930Note that older releases supported per-jail configuration via
3931.Xr rc.conf 5
3932variables.
3933For example,
3934hostname of a jail named
3935.Li vjail
3936was able to be set by
3937.Li jail_vjail_hostname .
3938These per-jail configuration variables are now obsolete in favor of
3939.Xr jail 8
3940configuration file.
3941For backward compatibility,
3942when per-jail configuration variables are defined,
3943.Xr jail 8
3944configuration files are created as
3945.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf
3946and used.
3947.Pp
3948The following per-jail parameters are handled by
3949.Pa rc.d/jail
3950script out of their corresponding
3951.Nm
3952variables.
3953In addition to them, parameters in
3954.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3955will be added to the configuration file.
3956They must be a semi-colon
3957.Pq Ql \&;
3958delimited list of
3959.Dq key=value .
3960For more details,
3961see
3962.Xr jail 8
3963manual page.
3964.Bl -tag -width "host.hostname" -offset indent
3965.It Li path
3966set from
3967.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3968.It Li host.hostname
3969set from
3970.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3971.It Li exec.consolelog
3972set from
3973.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3974The default value is
3975.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3976.It Li interface
3977set from
3978.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
3979.It Li vnet.interface
3980set from
3981.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
3982This implies
3983.Li vnet
3984parameter will be enabled and cannot be specified with
3985.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
3986.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3987and/or
3988.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3989at the same time.
3990.It Li fstab
3991set from
3992.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3993.It Li mount
3994set from
|
4045.It Li allow.set_hostname
4046set from
4047.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
4048.It Li allow.rawsocket
4049set from
4050.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
4051.It Li allow.sysvipc
4052set from
4053.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
4054.El
4055.\" -----------------------------------------------------
4056.It Va harvest_interrupt
4057.Pq Vt bool
4058Set to
4059.Dq Li YES
4060to use hardware interrupts as an entropy source.
4061Refer to
4062.Xr random 4
4063for more information.
4064.It Va harvest_ethernet
4065.Pq Vt bool
4066Set to
4067.Dq Li YES
4068to use LAN traffic as an entropy source.
4069Refer to
4070.Xr random 4
4071for more information.
4072.It Va harvest_p_to_p
4073.Pq Vt bool
4074Set to
4075.Dq Li YES
4076to use serial line traffic as an entropy source.
4077Refer to
4078.Xr random 4
4079for more information.
4080.It Va entropy_dir
4081.Pq Vt str
4082Set to
4083.Dq Li NO
4084to disable caching entropy via
4085.Xr cron 8 .
4086Otherwise set to the directory used to store entropy files in.
4087.It Va entropy_file
4088.Pq Vt str
4089Set to
4090.Dq Li NO
4091to disable caching entropy through reboots.
4092Otherwise set to the filename used to store cached entropy through
4093reboots.
4094This file should be located on the root file system to seed the
4095.Xr random 4
4096device as early as possible in the boot process.
4097.It Va entropy_save_sz
4098.Pq Vt int
4099Size of the entropy cache files saved by
4100.Nm save-entropy
4101periodically.
4102.It Va entropy_save_num
4103.Pq Vt int
4104Number of entropy cache files to save by
4105.Nm save-entropy
4106periodically.
4107.It Va ipsec_enable
4108.Pq Vt bool
4109Set to
4110.Dq Li YES
4111to run
4112.Xr setkey 8
4113on
4114.Va ipsec_file
4115at boot time.
4116.It Va ipsec_file
4117.Pq Vt str
4118Configuration file for
4119.Xr setkey 8 .
4120.It Va dmesg_enable
4121.Pq Vt bool
4122Set to
4123.Dq Li YES
4124to save
4125.Xr dmesg 8
4126to
4127.Pa /var/run/dmesg.boot
4128on boot.
4129.It Va rcshutdown_timeout
4130.Pq Vt int
4131If set, start a watchdog timer in the background which will terminate
4132.Pa rc.shutdown
4133if
4134.Xr shutdown 8
4135has not completed within the specified time (in seconds).
4136Notice that in addition to this soft timeout,
4137.Xr init 8
4138also applies a hard timeout for the execution of
4139.Pa rc.shutdown .
4140This is configured via
4141.Xr sysctl 8
4142variable
4143.Va kern.init_shutdown_timeout
4144and defaults to 120 seconds.
4145Setting the value of
4146.Va rcshutdown_timeout
4147to more than 120 seconds will have no effect until the
4148.Xr sysctl 8
4149variable
4150.Va kern.init_shutdown_timeout
4151is also increased.
4152.It Va virecover_enable
4153.Pq Vt bool
4154Set to
4155.Dq Li NO
4156to prevent the system from trying to
4157recover pre-maturely terminated
4158.Xr vi 1
4159sessions.
4160.It Va ugidfw_enable
4161.Pq Vt bool
4162Set to
4163.Dq Li YES
4164to load the
4165.Xr mac_bsdextended 4
4166module upon system initialization and load a default
4167ruleset file.
4168.It Va bsdextended_script
4169.Pq Vt str
4170The default
4171.Xr mac_bsdextended 4
4172ruleset file to load.
4173The default value of this variable is
4174.Pa /etc/rc.bsdextended .
4175.It Va newsyslog_enable
4176.Pq Vt bool
4177If set to
4178.Dq Li YES ,
4179run
4180.Xr newsyslog 8
4181command at startup.
4182.It Va newsyslog_flags
4183.Pq Vt str
4184If
4185.Va newsyslog_enable
4186is set to
4187.Dq Li YES ,
4188these are the flags to pass to the
4189.Xr newsyslog 8
4190program.
4191The default is
4192.Dq Li -CN ,
4193which causes log files flagged with a
4194.Cm C
4195to be created.
4196.It Va mdconfig_md Ns Aq Ar X
4197.Pq Vt str
4198Arguments to
4199.Xr mdconfig 8
4200for
4201.Xr md 4
4202device
4203.Ar X .
4204At minimum a
4205.Fl t Ar type
4206must be specified and either a
4207.Fl s Ar size
4208for malloc or swap backed
4209.Xr md 4
4210devices or a
4211.Fl f Ar file
4212for vnode backed
4213.Xr md 4
4214devices.
4215Note that
4216.Va mdconfig_md Ns Aq Ar X
4217variables are evaluated until one variable is unset or null.
4218.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4219.Pq Vt str
4220Optional arguments passed to
4221.Xr newfs 8
4222to initialize
4223.Xr md 4
4224device
4225.Ar X .
4226.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4227.Pq Vt str
4228An ownership specification passed to
4229.Xr chown 8
4230after the specified
4231.Xr md 4
4232device
4233.Ar X
4234has been mounted.
4235Both the
4236.Xr md 4
4237device and the mount point will be changed.
4238.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4239.Pq Vt str
4240A mode string passed to
4241.Xr chmod 1
4242after the specified
4243.Xr md 4
4244device
4245.Ar X
4246has been mounted.
4247Both the
4248.Xr md 4
4249device and the mount point will be changed.
4250.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4251.Pq Vt str
4252Files to be copied to the mount point of the
4253.Xr md 4
4254device
4255.Ar X
4256after it has been mounted.
4257.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4258.Pq Vt str
4259Command to execute after the specified
4260.Xr md 4
4261device
4262.Ar X
4263has been mounted.
4264Note that the command is passed to
4265.Ic eval
4266and that both
4267.Va _dev
4268and
4269.Va _mp
4270variables can be used to reference respectively the
4271.Xr md 4
4272device and the mount point.
4273Assuming that the
4274.Xr md 4
4275device is
4276.Li md0 ,
4277one could set the following:
4278.Bd -literal
4279mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4280.Ed
4281.It Va autobridge_interfaces
4282.Pq Vt str
4283Set to the list of bridge interfaces that will have newly arriving interfaces
4284checked against to be automatically added.
4285If not set to
4286.Dq Li NO
4287then for each whitespace separated
4288.Ar element
4289in the value, a
4290.Va autobridge_ Ns Aq Ar element
4291variable is assumed to exist which has a whitespace separated list of interface
4292names to match, these names can use wildcards.
4293For example:
4294.Bd -literal
4295autobridge_interfaces="bridge0"
4296autobridge_bridge0="tap* dc0 vlan[345]"
4297.Ed
4298.It Va mixer_enable
4299.Pq Vt bool
4300If set to
4301.Dq Li YES ,
4302enable support for sound mixer.
4303.It Va hcsecd_enable
4304.Pq Vt bool
4305If set to
4306.Dq Li YES ,
4307enable Bluetooth security daemon.
4308.It Va hcsecd_config
4309.Pq Vt str
4310Configuration file for
4311.Xr hcsecd 8 .
4312Default
4313.Pa /etc/bluetooth/hcsecd.conf .
4314.It Va sdpd_enable
4315.Pq Vt bool
4316If set to
4317.Dq Li YES ,
4318enable Bluetooth Service Discovery Protocol daemon.
4319.It Va sdpd_control
4320.Pq Vt str
4321Path to
4322.Xr sdpd 8
4323control socket.
4324Default
4325.Pa /var/run/sdp .
4326.It Va sdpd_groupname
4327.Pq Vt str
4328Sets
4329.Xr sdpd 8
4330group to run as after it initializes.
4331Default
4332.Dq Li nobody .
4333.It Va sdpd_username
4334.Pq Vt str
4335Sets
4336.Xr sdpd 8
4337user to run as after it initializes.
4338Default
4339.Dq Li nobody .
4340.It Va bthidd_enable
4341.Pq Vt bool
4342If set to
4343.Dq Li YES ,
4344enable Bluetooth Human Interface Device daemon.
4345.It Va bthidd_config
4346.Pq Vt str
4347Configuration file for
4348.Xr bthidd 8 .
4349Default
4350.Pa /etc/bluetooth/bthidd.conf .
4351.It Va bthidd_hids
4352.Pq Vt str
4353Path to a file, where
4354.Xr bthidd 8
4355will store information about known HID devices.
4356Default
4357.Pa /var/db/bthidd.hids .
4358.It Va rfcomm_pppd_server_enable
4359.Pq Vt bool
4360If set to
4361.Dq Li YES ,
4362enable Bluetooth RFCOMM PPP wrapper daemon.
4363.It Va rfcomm_pppd_server_profile
4364.Pq Vt str
4365The name of the profile to use from
4366.Pa /etc/ppp/ppp.conf .
4367Multiple profiles can be specified here.
4368Also used to specify per-profile overrides.
4369When the profile name contains any of the characters
4370.Dq Li .-/+
4371they are translated to
4372.Dq Li _
4373for the proposes of the override variable names.
4374.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4375.Pq Vt str
4376Overrides local address to listen on.
4377By default
4378.Xr rfcomm_pppd 8
4379will listen on
4380.Dq Li ANY
4381address.
4382The address can be specified as BD_ADDR or name.
4383.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4384.Pq Vt str
4385Overrides local RFCOMM channel to listen on.
4386By default
4387.Xr rfcomm_pppd 8
4388will listen on RFCOMM channel 1.
4389Must set properly if multiple profiles used in the same time.
4390.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4391.Pq Vt bool
4392Tells
4393.Xr rfcomm_pppd 8
4394if it should register Serial Port service on the specified RFCOMM channel.
4395Default
4396.Dq Li NO .
4397.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4398.Pq Vt bool
4399Tells
4400.Xr rfcomm_pppd 8
4401if it should register Dial-Up Networking service on the specified
4402RFCOMM channel.
4403Default
4404.Dq Li NO .
4405.It Va ubthidhci_enable
4406.Pq Vt bool
4407If set to
4408.Dq Li YES ,
4409change the USB Bluetooth controller from HID mode to HCI mode.
4410You also need to specify the location of USB Bluetooth controller with the
4411.Va ubthidhci_busnum
4412and
4413.Va ubthidhci_addr
4414variables.
4415.It Va ubthidhci_busnum
4416Bus number where the USB Bluetooth controller is located.
4417Check the output of
4418.Xr usbconfig 8
4419on your system to find this information.
4420.It Va ubthidhci_addr
4421Bus address of the USB Bluetooth controller.
4422Check the output of
4423.Xr usbconfig 8
4424on your system to find this information.
4425.It Va netwait_enable
4426.Pq Vt bool
4427If set to
4428.Dq Li YES ,
4429delays the start of network-reliant services until
4430.Va netwait_if
4431is up and ICMP packets to a destination defined in
4432.Va netwait_ip
4433are flowing.
4434Link state is examined first, followed by
4435.Dq Li pinging
4436an IP address to verify network usability.
4437If no destination can be reached or timeouts are exceeded,
4438network services are started anyway with no guarantee that
4439the network is usable.
4440Use of this variable requires both
4441.Va netwait_ip
4442and
4443.Va netwait_if
4444to be set.
4445.It Va netwait_ip
4446.Pq Vt str
4447Empty by default.
4448This variable contains a space-delimited list of IP addresses to
4449.Xr ping 8 .
4450DNS hostnames should not be used as resolution is not guaranteed
4451to be functional at this point.
4452If multiple IP addresses are specified,
4453each will be tried until one is successful or the list is exhausted.
4454.It Va netwait_timeout
4455.Pq Vt int
4456Indicates the total number of seconds to perform a
4457.Dq Li ping
4458against each IP address in
4459.Va netwait_ip ,
4460at a rate of one ping per second.
4461If any of the pings are successful,
4462full network connectivity is considered reliable.
4463The default is 60.
4464.It Va netwait_if
4465.Pq Vt str
4466Empty by default.
4467Defines the name of the network interface on which watch for link.
4468.Xr ifconfig 8
4469is used to monitor the interface, looking for
4470.Dq Li status: no carrier .
4471Once gone, the link is considered up.
4472This can be a
4473.Xr vlan 4
4474interface if desired.
4475.It Va netwait_if_timeout
4476.Pq Vt int
4477Defines the total number of seconds to wait for link to become usable,
4478polled at a 1-second interval.
4479The default is 30.
4480.El
4481.Sh FILES
4482.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4483.It Pa /etc/defaults/rc.conf
4484.It Pa /etc/rc.conf
4485.It Pa /etc/rc.conf.local
4486.El
4487.Sh SEE ALSO
4488.Xr catman 1 ,
4489.Xr chmod 1 ,
4490.Xr gdb 1 ,
4491.Xr info 1 ,
4492.Xr kbdcontrol 1 ,
4493.Xr makewhatis 1 ,
4494.Xr sh 1 ,
4495.Xr vi 1 ,
4496.Xr vidcontrol 1 ,
4497.Xr bridge 4 ,
4498.Xr dummynet 4 ,
4499.Xr ip 4 ,
4500.Xr ipf 4 ,
4501.Xr ipfw 4 ,
4502.Xr ipnat 4 ,
4503.Xr kld 4 ,
4504.Xr pf 4 ,
4505.Xr pflog 4 ,
4506.Xr pfsync 4 ,
4507.Xr tcp 4 ,
4508.Xr udp 4 ,
4509.Xr exports 5 ,
4510.Xr fstab 5 ,
4511.Xr ipf 5 ,
4512.Xr ipnat 5 ,
4513.Xr motd 5 ,
4514.Xr newsyslog.conf 5 ,
4515.Xr pf.conf 5 ,
4516.Xr security 7 ,
4517.Xr accton 8 ,
4518.Xr amd 8 ,
4519.Xr apm 8 ,
4520.Xr atm 8 ,
4521.Xr bthidd 8 ,
4522.Xr chkprintcap 8 ,
4523.Xr chown 8 ,
4524.Xr cron 8 ,
4525.Xr devfs 8 ,
4526.Xr dhclient 8 ,
4527.Xr ftpd 8 ,
4528.Xr geli 8 ,
4529.Xr hcsecd 8 ,
4530.Xr ifconfig 8 ,
4531.Xr inetd 8 ,
4532.Xr ipf 8 ,
4533.Xr ipfw 8 ,
4534.Xr ipnat 8 ,
4535.Xr jail 8 ,
4536.Xr kldxref 8 ,
4537.Xr lpd 8 ,
4538.Xr mdconfig 8 ,
4539.Xr mdmfs 8 ,
4540.Xr mixer 8 ,
4541.Xr mountd 8 ,
4542.Xr moused 8 ,
4543.Xr mrouted 8 ,
4544.Xr named 8 ,
4545.Xr newfs 8 ,
4546.Xr newsyslog 8 ,
4547.Xr nfsd 8 ,
4548.Xr ntpd 8 ,
4549.Xr ntpdate 8 ,
4550.Xr pfctl 8 ,
4551.Xr pflogd 8 ,
4552.Xr ping 8 ,
4553.Xr powerd 8 ,
4554.Xr quotacheck 8 ,
4555.Xr quotaon 8 ,
4556.Xr rc 8 ,
4557.Xr rc.sendmail 8 ,
4558.Xr rfcomm_pppd 8 ,
4559.Xr route 8 ,
4560.Xr routed 8 ,
4561.Xr rpcbind 8 ,
4562.Xr rpc.lockd 8 ,
4563.Xr rpc.statd 8 ,
4564.Xr rwhod 8 ,
4565.Xr savecore 8 ,
4566.Xr sdpd 8 ,
4567.Xr sshd 8 ,
4568.Xr swapon 8 ,
4569.Xr sysctl 8 ,
4570.Xr syslogd 8 ,
4571.Xr timed 8 ,
4572.Xr unbound 8 ,
4573.Xr usbconfig 8 ,
4574.Xr wlandebug 8 ,
4575.Xr yp 8 ,
4576.Xr ypbind 8 ,
4577.Xr ypserv 8 ,
4578.Xr ypset 8
4579.Sh HISTORY
4580The
4581.Nm
4582file appeared in
4583.Fx 2.2.2 .
4584.Sh AUTHORS
4585.An Jordan K. Hubbard .
| 4046.It Li allow.set_hostname
4047set from
4048.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
4049.It Li allow.rawsocket
4050set from
4051.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
4052.It Li allow.sysvipc
4053set from
4054.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
4055.El
4056.\" -----------------------------------------------------
4057.It Va harvest_interrupt
4058.Pq Vt bool
4059Set to
4060.Dq Li YES
4061to use hardware interrupts as an entropy source.
4062Refer to
4063.Xr random 4
4064for more information.
4065.It Va harvest_ethernet
4066.Pq Vt bool
4067Set to
4068.Dq Li YES
4069to use LAN traffic as an entropy source.
4070Refer to
4071.Xr random 4
4072for more information.
4073.It Va harvest_p_to_p
4074.Pq Vt bool
4075Set to
4076.Dq Li YES
4077to use serial line traffic as an entropy source.
4078Refer to
4079.Xr random 4
4080for more information.
4081.It Va entropy_dir
4082.Pq Vt str
4083Set to
4084.Dq Li NO
4085to disable caching entropy via
4086.Xr cron 8 .
4087Otherwise set to the directory used to store entropy files in.
4088.It Va entropy_file
4089.Pq Vt str
4090Set to
4091.Dq Li NO
4092to disable caching entropy through reboots.
4093Otherwise set to the filename used to store cached entropy through
4094reboots.
4095This file should be located on the root file system to seed the
4096.Xr random 4
4097device as early as possible in the boot process.
4098.It Va entropy_save_sz
4099.Pq Vt int
4100Size of the entropy cache files saved by
4101.Nm save-entropy
4102periodically.
4103.It Va entropy_save_num
4104.Pq Vt int
4105Number of entropy cache files to save by
4106.Nm save-entropy
4107periodically.
4108.It Va ipsec_enable
4109.Pq Vt bool
4110Set to
4111.Dq Li YES
4112to run
4113.Xr setkey 8
4114on
4115.Va ipsec_file
4116at boot time.
4117.It Va ipsec_file
4118.Pq Vt str
4119Configuration file for
4120.Xr setkey 8 .
4121.It Va dmesg_enable
4122.Pq Vt bool
4123Set to
4124.Dq Li YES
4125to save
4126.Xr dmesg 8
4127to
4128.Pa /var/run/dmesg.boot
4129on boot.
4130.It Va rcshutdown_timeout
4131.Pq Vt int
4132If set, start a watchdog timer in the background which will terminate
4133.Pa rc.shutdown
4134if
4135.Xr shutdown 8
4136has not completed within the specified time (in seconds).
4137Notice that in addition to this soft timeout,
4138.Xr init 8
4139also applies a hard timeout for the execution of
4140.Pa rc.shutdown .
4141This is configured via
4142.Xr sysctl 8
4143variable
4144.Va kern.init_shutdown_timeout
4145and defaults to 120 seconds.
4146Setting the value of
4147.Va rcshutdown_timeout
4148to more than 120 seconds will have no effect until the
4149.Xr sysctl 8
4150variable
4151.Va kern.init_shutdown_timeout
4152is also increased.
4153.It Va virecover_enable
4154.Pq Vt bool
4155Set to
4156.Dq Li NO
4157to prevent the system from trying to
4158recover pre-maturely terminated
4159.Xr vi 1
4160sessions.
4161.It Va ugidfw_enable
4162.Pq Vt bool
4163Set to
4164.Dq Li YES
4165to load the
4166.Xr mac_bsdextended 4
4167module upon system initialization and load a default
4168ruleset file.
4169.It Va bsdextended_script
4170.Pq Vt str
4171The default
4172.Xr mac_bsdextended 4
4173ruleset file to load.
4174The default value of this variable is
4175.Pa /etc/rc.bsdextended .
4176.It Va newsyslog_enable
4177.Pq Vt bool
4178If set to
4179.Dq Li YES ,
4180run
4181.Xr newsyslog 8
4182command at startup.
4183.It Va newsyslog_flags
4184.Pq Vt str
4185If
4186.Va newsyslog_enable
4187is set to
4188.Dq Li YES ,
4189these are the flags to pass to the
4190.Xr newsyslog 8
4191program.
4192The default is
4193.Dq Li -CN ,
4194which causes log files flagged with a
4195.Cm C
4196to be created.
4197.It Va mdconfig_md Ns Aq Ar X
4198.Pq Vt str
4199Arguments to
4200.Xr mdconfig 8
4201for
4202.Xr md 4
4203device
4204.Ar X .
4205At minimum a
4206.Fl t Ar type
4207must be specified and either a
4208.Fl s Ar size
4209for malloc or swap backed
4210.Xr md 4
4211devices or a
4212.Fl f Ar file
4213for vnode backed
4214.Xr md 4
4215devices.
4216Note that
4217.Va mdconfig_md Ns Aq Ar X
4218variables are evaluated until one variable is unset or null.
4219.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4220.Pq Vt str
4221Optional arguments passed to
4222.Xr newfs 8
4223to initialize
4224.Xr md 4
4225device
4226.Ar X .
4227.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4228.Pq Vt str
4229An ownership specification passed to
4230.Xr chown 8
4231after the specified
4232.Xr md 4
4233device
4234.Ar X
4235has been mounted.
4236Both the
4237.Xr md 4
4238device and the mount point will be changed.
4239.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4240.Pq Vt str
4241A mode string passed to
4242.Xr chmod 1
4243after the specified
4244.Xr md 4
4245device
4246.Ar X
4247has been mounted.
4248Both the
4249.Xr md 4
4250device and the mount point will be changed.
4251.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4252.Pq Vt str
4253Files to be copied to the mount point of the
4254.Xr md 4
4255device
4256.Ar X
4257after it has been mounted.
4258.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4259.Pq Vt str
4260Command to execute after the specified
4261.Xr md 4
4262device
4263.Ar X
4264has been mounted.
4265Note that the command is passed to
4266.Ic eval
4267and that both
4268.Va _dev
4269and
4270.Va _mp
4271variables can be used to reference respectively the
4272.Xr md 4
4273device and the mount point.
4274Assuming that the
4275.Xr md 4
4276device is
4277.Li md0 ,
4278one could set the following:
4279.Bd -literal
4280mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4281.Ed
4282.It Va autobridge_interfaces
4283.Pq Vt str
4284Set to the list of bridge interfaces that will have newly arriving interfaces
4285checked against to be automatically added.
4286If not set to
4287.Dq Li NO
4288then for each whitespace separated
4289.Ar element
4290in the value, a
4291.Va autobridge_ Ns Aq Ar element
4292variable is assumed to exist which has a whitespace separated list of interface
4293names to match, these names can use wildcards.
4294For example:
4295.Bd -literal
4296autobridge_interfaces="bridge0"
4297autobridge_bridge0="tap* dc0 vlan[345]"
4298.Ed
4299.It Va mixer_enable
4300.Pq Vt bool
4301If set to
4302.Dq Li YES ,
4303enable support for sound mixer.
4304.It Va hcsecd_enable
4305.Pq Vt bool
4306If set to
4307.Dq Li YES ,
4308enable Bluetooth security daemon.
4309.It Va hcsecd_config
4310.Pq Vt str
4311Configuration file for
4312.Xr hcsecd 8 .
4313Default
4314.Pa /etc/bluetooth/hcsecd.conf .
4315.It Va sdpd_enable
4316.Pq Vt bool
4317If set to
4318.Dq Li YES ,
4319enable Bluetooth Service Discovery Protocol daemon.
4320.It Va sdpd_control
4321.Pq Vt str
4322Path to
4323.Xr sdpd 8
4324control socket.
4325Default
4326.Pa /var/run/sdp .
4327.It Va sdpd_groupname
4328.Pq Vt str
4329Sets
4330.Xr sdpd 8
4331group to run as after it initializes.
4332Default
4333.Dq Li nobody .
4334.It Va sdpd_username
4335.Pq Vt str
4336Sets
4337.Xr sdpd 8
4338user to run as after it initializes.
4339Default
4340.Dq Li nobody .
4341.It Va bthidd_enable
4342.Pq Vt bool
4343If set to
4344.Dq Li YES ,
4345enable Bluetooth Human Interface Device daemon.
4346.It Va bthidd_config
4347.Pq Vt str
4348Configuration file for
4349.Xr bthidd 8 .
4350Default
4351.Pa /etc/bluetooth/bthidd.conf .
4352.It Va bthidd_hids
4353.Pq Vt str
4354Path to a file, where
4355.Xr bthidd 8
4356will store information about known HID devices.
4357Default
4358.Pa /var/db/bthidd.hids .
4359.It Va rfcomm_pppd_server_enable
4360.Pq Vt bool
4361If set to
4362.Dq Li YES ,
4363enable Bluetooth RFCOMM PPP wrapper daemon.
4364.It Va rfcomm_pppd_server_profile
4365.Pq Vt str
4366The name of the profile to use from
4367.Pa /etc/ppp/ppp.conf .
4368Multiple profiles can be specified here.
4369Also used to specify per-profile overrides.
4370When the profile name contains any of the characters
4371.Dq Li .-/+
4372they are translated to
4373.Dq Li _
4374for the proposes of the override variable names.
4375.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4376.Pq Vt str
4377Overrides local address to listen on.
4378By default
4379.Xr rfcomm_pppd 8
4380will listen on
4381.Dq Li ANY
4382address.
4383The address can be specified as BD_ADDR or name.
4384.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4385.Pq Vt str
4386Overrides local RFCOMM channel to listen on.
4387By default
4388.Xr rfcomm_pppd 8
4389will listen on RFCOMM channel 1.
4390Must set properly if multiple profiles used in the same time.
4391.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4392.Pq Vt bool
4393Tells
4394.Xr rfcomm_pppd 8
4395if it should register Serial Port service on the specified RFCOMM channel.
4396Default
4397.Dq Li NO .
4398.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4399.Pq Vt bool
4400Tells
4401.Xr rfcomm_pppd 8
4402if it should register Dial-Up Networking service on the specified
4403RFCOMM channel.
4404Default
4405.Dq Li NO .
4406.It Va ubthidhci_enable
4407.Pq Vt bool
4408If set to
4409.Dq Li YES ,
4410change the USB Bluetooth controller from HID mode to HCI mode.
4411You also need to specify the location of USB Bluetooth controller with the
4412.Va ubthidhci_busnum
4413and
4414.Va ubthidhci_addr
4415variables.
4416.It Va ubthidhci_busnum
4417Bus number where the USB Bluetooth controller is located.
4418Check the output of
4419.Xr usbconfig 8
4420on your system to find this information.
4421.It Va ubthidhci_addr
4422Bus address of the USB Bluetooth controller.
4423Check the output of
4424.Xr usbconfig 8
4425on your system to find this information.
4426.It Va netwait_enable
4427.Pq Vt bool
4428If set to
4429.Dq Li YES ,
4430delays the start of network-reliant services until
4431.Va netwait_if
4432is up and ICMP packets to a destination defined in
4433.Va netwait_ip
4434are flowing.
4435Link state is examined first, followed by
4436.Dq Li pinging
4437an IP address to verify network usability.
4438If no destination can be reached or timeouts are exceeded,
4439network services are started anyway with no guarantee that
4440the network is usable.
4441Use of this variable requires both
4442.Va netwait_ip
4443and
4444.Va netwait_if
4445to be set.
4446.It Va netwait_ip
4447.Pq Vt str
4448Empty by default.
4449This variable contains a space-delimited list of IP addresses to
4450.Xr ping 8 .
4451DNS hostnames should not be used as resolution is not guaranteed
4452to be functional at this point.
4453If multiple IP addresses are specified,
4454each will be tried until one is successful or the list is exhausted.
4455.It Va netwait_timeout
4456.Pq Vt int
4457Indicates the total number of seconds to perform a
4458.Dq Li ping
4459against each IP address in
4460.Va netwait_ip ,
4461at a rate of one ping per second.
4462If any of the pings are successful,
4463full network connectivity is considered reliable.
4464The default is 60.
4465.It Va netwait_if
4466.Pq Vt str
4467Empty by default.
4468Defines the name of the network interface on which watch for link.
4469.Xr ifconfig 8
4470is used to monitor the interface, looking for
4471.Dq Li status: no carrier .
4472Once gone, the link is considered up.
4473This can be a
4474.Xr vlan 4
4475interface if desired.
4476.It Va netwait_if_timeout
4477.Pq Vt int
4478Defines the total number of seconds to wait for link to become usable,
4479polled at a 1-second interval.
4480The default is 30.
4481.El
4482.Sh FILES
4483.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4484.It Pa /etc/defaults/rc.conf
4485.It Pa /etc/rc.conf
4486.It Pa /etc/rc.conf.local
4487.El
4488.Sh SEE ALSO
4489.Xr catman 1 ,
4490.Xr chmod 1 ,
4491.Xr gdb 1 ,
4492.Xr info 1 ,
4493.Xr kbdcontrol 1 ,
4494.Xr makewhatis 1 ,
4495.Xr sh 1 ,
4496.Xr vi 1 ,
4497.Xr vidcontrol 1 ,
4498.Xr bridge 4 ,
4499.Xr dummynet 4 ,
4500.Xr ip 4 ,
4501.Xr ipf 4 ,
4502.Xr ipfw 4 ,
4503.Xr ipnat 4 ,
4504.Xr kld 4 ,
4505.Xr pf 4 ,
4506.Xr pflog 4 ,
4507.Xr pfsync 4 ,
4508.Xr tcp 4 ,
4509.Xr udp 4 ,
4510.Xr exports 5 ,
4511.Xr fstab 5 ,
4512.Xr ipf 5 ,
4513.Xr ipnat 5 ,
4514.Xr motd 5 ,
4515.Xr newsyslog.conf 5 ,
4516.Xr pf.conf 5 ,
4517.Xr security 7 ,
4518.Xr accton 8 ,
4519.Xr amd 8 ,
4520.Xr apm 8 ,
4521.Xr atm 8 ,
4522.Xr bthidd 8 ,
4523.Xr chkprintcap 8 ,
4524.Xr chown 8 ,
4525.Xr cron 8 ,
4526.Xr devfs 8 ,
4527.Xr dhclient 8 ,
4528.Xr ftpd 8 ,
4529.Xr geli 8 ,
4530.Xr hcsecd 8 ,
4531.Xr ifconfig 8 ,
4532.Xr inetd 8 ,
4533.Xr ipf 8 ,
4534.Xr ipfw 8 ,
4535.Xr ipnat 8 ,
4536.Xr jail 8 ,
4537.Xr kldxref 8 ,
4538.Xr lpd 8 ,
4539.Xr mdconfig 8 ,
4540.Xr mdmfs 8 ,
4541.Xr mixer 8 ,
4542.Xr mountd 8 ,
4543.Xr moused 8 ,
4544.Xr mrouted 8 ,
4545.Xr named 8 ,
4546.Xr newfs 8 ,
4547.Xr newsyslog 8 ,
4548.Xr nfsd 8 ,
4549.Xr ntpd 8 ,
4550.Xr ntpdate 8 ,
4551.Xr pfctl 8 ,
4552.Xr pflogd 8 ,
4553.Xr ping 8 ,
4554.Xr powerd 8 ,
4555.Xr quotacheck 8 ,
4556.Xr quotaon 8 ,
4557.Xr rc 8 ,
4558.Xr rc.sendmail 8 ,
4559.Xr rfcomm_pppd 8 ,
4560.Xr route 8 ,
4561.Xr routed 8 ,
4562.Xr rpcbind 8 ,
4563.Xr rpc.lockd 8 ,
4564.Xr rpc.statd 8 ,
4565.Xr rwhod 8 ,
4566.Xr savecore 8 ,
4567.Xr sdpd 8 ,
4568.Xr sshd 8 ,
4569.Xr swapon 8 ,
4570.Xr sysctl 8 ,
4571.Xr syslogd 8 ,
4572.Xr timed 8 ,
4573.Xr unbound 8 ,
4574.Xr usbconfig 8 ,
4575.Xr wlandebug 8 ,
4576.Xr yp 8 ,
4577.Xr ypbind 8 ,
4578.Xr ypserv 8 ,
4579.Xr ypset 8
4580.Sh HISTORY
4581The
4582.Nm
4583file appeared in
4584.Fx 2.2.2 .
4585.Sh AUTHORS
4586.An Jordan K. Hubbard .
|