xref: /dragonfly/share/man/man5/rc.conf.5 (revision 28c26f7e) 
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
26.\" $DragonFly: src/share/man/man5/rc.conf.5,v 1.61 2008/10/20 07:35:08 swildner Exp $
27.Dd August 28, 2009
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the installer.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions directly.
46Instead, it is included by the various generic startup scripts in
47.Pa /etc
48which conditionalize their
49internal actions according to the settings found there.
50.Pp
51The
52.Pa /etc/defaults/rc.conf
53file specifies the default settings for all the available options,
54the
55.Pa /etc/rc.conf
56file specifies override settings.
57Options need only be specified in
58.Pa /etc/rc.conf
59when the system administrator wishes to override the defaults.
60The file
61.Pa /etc/rc.conf.local
62is used to override settings in
63.Pa /etc/rc.conf
64for historical reasons.
65See the
66.Va rc_conf_files
67variable below.
68.Pp
69The following list provides a name and short description for each
70variable that can be set in the
71.Nm
72file.
73To set a variable of
74.Vt bool
75type, specify either
76.Dq Li YES ,
77.Dq Li TRUE ,
78.Dq Li ON ,
79or
80.Dq Li 1 .
81To unset, specify
82.Dq Li NO ,
83.Dq Li FALSE ,
84.Dq Li OFF ,
85or
86.Dq Li 0 .
87These values are case insensitive.
88The
89.Va _enable
90postfix in the name of a variable for starting a service can be
91omitted (as in
92.Nx ) .
93.Bl -tag -width indent-two
94.It Va rc_debug
95.Pq Vt bool
96If set to
97.Dq Li YES ,
98enable output of debug messages from rc scripts.
99This variable can be helpful in diagnosing mistakes when
100editing or integrating new scripts.
101Beware that this produces copious output to the terminal and
102.Xr syslog 3 .
103.It Va rc_info
104.Pq Vt bool
105If set to
106.Dq Li NO ,
107disable informational messages from the rc scripts.
108Informational messages are displayed when
109a condition that is not serious enough to warrant a warning or an error occurs.
110.It Va swapfile
111.Pq Vt str
112If set to
113.Dq Li NO ,
114no swapfile is installed, otherwise the value is used as the full
115pathname to a file to use for additional swap space.
116.It Va apm_enable
117.Pq Vt bool
118If set to
119.Dq Li YES ,
120enable support for Automatic Power Management with the
121.Xr apm 8
122command.
123.It Va apmd_enable
124.Pq Vt bool
125Run
126.Xr apmd 8
127to handle APM event from userland.
128This also enables support for APM.
129.It Va apmd_flags
130.Pq Vt str
131If
132.Va apmd_enable
133is set to
134.Dq Li YES ,
135these are the flags to pass to the
136.Xr apmd 8
137daemon.
138.It Va battd_enable
139Enable
140.Xr battd 8
141to monitor the status of batteries present in the system.
142This also enables support for APM.
143.It Va battd_flags
144.Pq Vt str
145If
146.Va battd_enable
147is set to
148.Dq Li YES ,
149these are the flags to pass to the
150.Xr battd 8
151daemon.
152.It Va devd_enable
153.Pq Vt bool
154Run
155.Xr devd 8
156to handle device added, removed or unknown events from the kernel.
157.It Va devd_flags
158.Pq Vt str
159If
160.Va devd_enable
161is set to
162.Dq Li YES ,
163these are the flags to pass to the
164.Xr devd 8
165daemon.
166.It Va sensorsd_enable
167.Pq Vt bool
168Set to
169.Dq Li NO
170by default.
171Setting this to
172.Dq Li YES
173enables
174.Xr sensorsd 8 ,
175a sensors monitoring and logging daemon.
176.It Va sensorsd_flags
177.Pq Vt str
178Empty by default.
179Additional flags passed to the
180.Xr sensorsd 8
181program.
182.It Va pccard_ifconfig
183.Pq Vt str
184List of arguments to be passed to
185.Xr ifconfig 8
186at boot time or on insertion of the card (e.g.\&
187.Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
188for a fixed address or
189.Dq Li DHCP
190for a DHCP client).
191.It Va pccard_ether_delay
192.Pq Vt str
193Set the delay before starting
194.Xr dhclient 8
195in the
196.Pa /etc/pccard_ether
197script.
198This defaults to 5 seconds to work around a bug in the
199.Xr ed 4
200driver which can lead to system hangs when using some newer
201.Xr ed 4
202based cards.
203.It Va removable_interfaces
204.Pq Vt str
205List of removable network interfaces to be supported by
206.Pa /etc/pccard_ether .
207.It Va local_startup
208.Pq Vt str
209List of directories to search for startup script files.
210.It Va script_name_sep
211.Pq Vt str
212The field separator to use for breaking down the list of startup script files
213into individual filenames.
214The default is a space.
215It is not necessary to change this unless there are startup scripts with names
216containing spaces.
217.It Va hostapd_enable
218.Pq Vt bool
219Set to
220.Dq Li YES
221to start
222.Xr hostapd 8
223at system boot time.
224.It Va hostname
225.Pq Vt str
226The fully qualified domain name (FQDN) of this host on the network.
227This should almost certainly be set to something meaningful, even if
228there is no network connection.
229If
230.Xr dhclient 8
231is used to set the hostname via DHCP,
232this variable should be set to an empty string.
233.It Va ipv6_enable
234.Pq Vt bool
235Enable support for IPv6 networking.
236Note that this requires that the kernel have been compiled with
237.Cd "options INET6" .
238.It Va nisdomainname
239.Pq Vt str
240The NIS domain name of this host, or
241.Dq Li NO
242if NIS is not used.
243.It Va dhclient_program
244.Pq Vt str
245Path to the DHCP client program
246(default
247.Pa /sbin/dhclient ) .
248.It Va dhclient_flags
249.Pq Vt str
250Additional flags to pass to the DHCP client program.
251.It Va pf_enable
252.Pq Vt bool
253Set to
254.Dq Li YES
255to load
256.Xr pf 4
257at startup.
258If the kernel was not built with
259.Cd "device pf" ,
260the
261.Pa pf.ko
262kernel module will be loaded.
263See also
264.Va firewall_enable
265and
266.Va ipfilter_enable .
267.It Va pf_rules
268.Pq Vt str
269Path to the
270.Xr pf 4
271ruleset definition file.
272.It Va pf_program
273.Pq Vt str
274Path to
275.Xr pfctl 8 .
276.It Va pf_flags
277.Pq Vt str
278If
279.Va pf_enable
280is set to
281.Dq Li YES ,
282these are the flags to pass to
283.Xr pfctl 8
284when loading the ruleset.
285.It Va pflog_enable
286.Pq Vt bool
287Set this to
288.Dq Li YES
289to enable
290.Xr pflogd 8
291which logs packets from
292.Xr pf 4 .
293.It Va pflog_logfile
294.Pq Vt str
295If
296.Va pflog_enable
297is set to
298.Dq Li YES
299this specifies the path of the log file.
300.It Va pflog_program
301.Pq Vt str
302Path to
303.Xr pflogd 8 .
304.It Va pflog_flags
305.Pq Vt str
306If
307.Va pflog_enable
308is set to
309.Dq Li YES ,
310these are the flags to pass to
311.Xr pflogd 8 .
312.It Va firewall_enable
313.Pq Vt bool
314Set to
315.Dq Li YES
316to load firewall rules at startup.
317If the kernel was not built with
318.Cd "options IPFIREWALL" ,
319the
320.Pa ipfw.ko
321kernel module will be loaded.
322See also
323.Va pf_enable
324and
325.Va ipfilter_enable .
326.It Va ipv6_firewall_enable
327.Pq Vt bool
328The IPv6 equivalent of
329.Va firewall_enable .
330Set to
331.Dq Li YES
332to load IPv6 firewall rules at startup.
333If the kernel was not built with
334.Cd "options IPV6FIREWALL" ,
335the
336.Pa ip6fw.ko
337kernel module will be loaded.
338.It Va firewall_script
339.Pq Vt str
340The full path to the firewall script to run
341(default
342.Pa /etc/rc.firewall ) .
343.It Va ipv6_firewall_script
344.Pq Vt str
345The IPv6 equivalent of
346.Va firewall_script .
347.It Va firewall_type
348.Pq Vt str
349Names the firewall type from the selection in
350.Pa /etc/rc.firewall ,
351or the file which contains the local firewall ruleset.
352Valid selections from
353.Pa /etc/rc.firewall
354are:
355.Pp
356.Bl -tag -width ".Li simple" -compact
357.It Li open
358unrestricted IP access
359.It Li closed
360all IP services disabled, except via
361.Dq Li lo0
362.It Li client
363basic protection for a workstation on a LAN
364.It Li simple
365alias for
366.Li client .
367.El
368.Pp
369If a filename is specified, the full path must be given.
370.It Va firewall_trusted_nets
371.Pq Vt str
372List of trusted networks (if
373.Va firewall_type
374is set to
375.Li client ) .
376.It Va firewall_trusted_interfaces
377.Pq Vt str
378List of trusted network interfaces (if
379.Va firewall_type
380is set to
381.Li client ) .
382.It Va firewall_allowed_icmp_types
383.Pq Vt str
384List of allowed ICMP types (if
385.Va firewall_type
386is set to
387.Li client ) .
388.It Va firewall_open_tcp_ports
389.Pq Vt str
390List of TCP ports to open (if
391.Va firewall_type
392is set to
393.Li client ) .
394.It Va firewall_open_udp_ports
395.Pq Vt str
396List of UDP ports to open (if
397.Va firewall_type
398is set to
399.Li client ) .
400.It Va ipv6_firewall_type
401.Pq Vt str
402The IPv6 equivalent of
403.Va firewall_type .
404.It Va firewall_quiet
405.Pq Vt bool
406Set to
407.Dq Li YES
408to disable the display of firewall rules on the console during boot.
409.It Va ipv6_firewall_quiet
410.Pq Vt bool
411The IPv6 equivalent of
412.Va firewall_quiet .
413.It Va firewall_logging
414.Pq Vt bool
415Set to
416.Dq Li YES
417to enable firewall event logging.
418This is equivalent to the
419.Dv IPFIREWALL_VERBOSE
420kernel option.
421.It Va ipv6_firewall_logging
422.Pq Vt bool
423The IPv6 equivalent of
424.Va firewall_logging .
425.It Va firewall_flags
426.Pq Vt str
427Flags passed to
428.Xr ipfw 8
429if
430.Va firewall_type
431specifies a filename.
432.It Va ipv6_firewall_flags
433.Pq Vt str
434The IPv6 equivalent of
435.Va firewall_flags .
436.It Va natd_program
437.Pq Vt str
438Path to
439.Xr natd 8 .
440.It Va natd_enable
441.Pq Vt bool
442Set to
443.Dq Li YES
444to enable
445.Xr natd 8 .
446.Va firewall_enable
447must also be set to
448.Dq Li YES ,
449and
450.Xr divert 4
451sockets must be enabled in the kernel.
452.It Va natd_interface
453.Pq Vt str
454This is the name of the public interface on which
455.Xr natd 8
456should run.
457The interface may be given as an interface name or as an IP address.
458.It Va natd_flags
459.Pq Vt str
460Additional
461.Xr natd 8
462flags should be placed here.
463The
464.Fl n
465or
466.Fl a
467flag is automatically added with the above
468.Va natd_interface
469as an argument.
470.\" ----- ipfilter_enable setting --------------------------------
471.It Va ipfilter_enable
472.Pq Vt bool
473Set to
474.Dq Li NO
475by default.
476Setting this to
477.Dq Li YES
478enables
479.Xr ipf 8
480packet filtering.
481.Pp
482Typical usage will require putting
483.Bd -literal
484ipfilter_enable="YES"
485ipnat_enable="YES"
486ipmon_enable="YES"
487ipfs_enable="YES"
488.Ed
489.Pp
490into
491.Pa /etc/rc.conf
492and editing
493.Pa /etc/ipf.rules
494and
495.Pa /etc/ipnat.rules
496appropriately.
497.Pp
498Note that
499.Va ipfilter_enable
500and
501.Va ipnat_enable
502can be enabled independently.
503.Va ipmon_enable
504and
505.Va ipfs_enable
506both require at least one of
507.Va ipfilter_enable
508and
509.Va ipnat_enable
510to be enabled.
511.Pp
512Having
513.Bd -literal
514options IPFILTER
515options IPFILTER_LOG
516options IPFILTER_DEFAULT_BLOCK
517.Ed
518.Pp
519in the kernel configuration file is a good idea, too.
520See also
521.Va pf_enable
522and
523.Va firewall_enable .
524.\" ----- ipfilter_program setting ------------------------------
525.It Va ipfilter_program
526.Pq Vt str
527Path to
528.Xr ipf 8
529(default
530.Pa /sbin/ipf ) .
531.\" ----- ipfilter_rules setting --------------------------------
532.It Va ipfilter_rules
533.Pq Vt str
534Set to
535.Pa /etc/ipf.rules
536by default.
537The name of the filter rule definition file.
538The file is expected to be readable for the
539.Xr ipf 8
540command to execute.
541.\" ----- ipv6_ipfilter_rules setting ---------------------------
542.It Va ipv6_ipfilter_rules
543.Pq Vt str
544Set to
545.Pa /etc/ipf6.rules
546by default.
547The name of the IPv6 filter rule definition file.
548The file is expected to be readable for the
549.Xr ipf 8
550command to execute.
551.\" ----- ipfilter_flags setting --------------------------------
552.It Va ipfilter_flags
553.Pq Vt str
554Empty by default.
555Flags passed to the
556.Xr ipf 8
557program.
558.\" ----- ipnat_enable setting ----------------------------------
559.It Va ipnat_enable
560.Pq Vt bool
561Set to
562.Dq Li NO
563by default.
564Set it to
565.Dq Li YES
566to enable
567.Xr ipnat 8
568network address translation.
569See
570.Va ipfilter_enable
571for a detailed discussion.
572.\" ----- ipnat_program setting ---------------------------------
573.It Va ipnat_program
574.Pq Vt str
575Path to
576.Xr ipnat 8
577(default
578.Pa /sbin/ipnat ) .
579.\" ----- ipnat_rules setting -----------------------------------
580.It Va ipnat_rules
581.Pq Vt str
582Set to
583.Pa /etc/ipnat.rules
584by default.
585The name of the file
586holding the network address translation definition.
587This file is expected to be readable for the
588.Xr ipnat 8
589command to execute.
590.\" ----- ipnat_flags setting -----------------------------------
591.It Va ipnat_flags
592.Pq Vt str
593Empty by default.
594Flags passed to the
595.Xr ipnat 8
596program.
597.\" ----- ipmon_enable setting ----------------------------------
598.It Va ipmon_enable
599.Pq Vt bool
600Set to
601.Dq Li NO
602by default.
603Set it to
604.Dq Li YES
605to enable
606.Xr ipmon 8
607monitoring (logging
608.Xr ipf 8
609and
610.Xr ipnat 8
611events).
612Setting this variable needs setting
613.Va ipfilter_enable
614or
615.Va ipnat_enable
616too.
617See
618.Va ipfilter_enable
619for a detailed discussion.
620.\" ----- ipmon_program setting ---------------------------------
621.It Va ipmon_program
622.Pq Vt str
623Path to
624.Xr ipmon 8
625(default
626.Pa /sbin/ipmon ) .
627.\" ----- ipmon_flags setting -----------------------------------
628.It Va ipmon_flags
629.Pq Vt str
630Set to
631.Dq Li -Ds
632by default.
633Flags passed to the
634.Xr ipmon 8
635program.
636Another typical example would be
637.Dq Fl D Pa /var/log/ipflog
638to have
639.Xr ipmon 8
640log directly to a file bypassing
641.Xr syslogd 8 .
642Make sure to adjust
643.Pa /etc/newsyslog.conf
644in such case like this:
645.Bd -literal
646/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
647.Ed
648.\" ----- ipfs_enable setting -----------------------------------
649.It Va ipfs_enable
650.Pq Vt bool
651Set to
652.Dq Li NO
653by default.
654Set it to
655.Dq Li YES
656to enable
657.Xr ipfs 8
658saving the filter and NAT state tables during shutdown
659and reloading them during startup again.
660Setting this variable needs setting
661.Va ipfilter_enable
662or
663.Va ipnat_enable
664to
665.Dq Li YES
666too.
667See
668.Va ipfilter_enable
669for a detailed discussion.
670Note that if
671.Va kern_securelevel
672is set to 3,
673.Va ipfs_enable
674cannot be used because the raised securelevel will prevent
675.Xr ipfs 8
676from saving the state tables at shutdown time.
677.\" ----- ipfs_program setting ----------------------------------
678.It Va ipfs_program
679.Pq Vt str
680Path to
681.Xr ipfs 8
682(default
683.Pa /sbin/ipfs ) .
684.\" ----- ipfs_flags setting ------------------------------------
685.It Va ipfs_flags
686.Pq Vt str
687Empty by default.
688Flags passed to the
689.Xr ipfs 8
690program.
691.\" ----- end of added ipf hook ---------------------------------
692.It Va tcp_extensions
693.Pq Vt bool
694Set to
695.Dq Li YES
696by default.
697Setting this to
698.Dq Li NO
699disables certain TCP options as described by
700.Rs
701.%T "RFC 1323"
702.Re
703Setting this to
704.Dq Li NO
705might help remedy such problems with connections as randomly hanging
706or other weird behavior.
707Some network devices are known to be broken with respect to these options.
708.It Va log_in_vain
709.Pq Vt int
710Set to 0 by default.
711The
712.Xr sysctl 8
713variables,
714.Va net.inet.tcp.log_in_vain
715and
716.Va net.inet.udp.log_in_vain ,
717as described in
718.Xr tcp 4
719and
720.Xr udp 4 ,
721are set to the given value.
722.It Va tcp_keepalive
723.Pq Vt bool
724Set to
725.Dq Li YES
726by default.
727Setting to
728.Dq Li NO
729will disable probing idle TCP connections to verify that the
730peer is still up and reachable.
731.It Va tcp_drop_synfin
732.Pq Vt bool
733Set to
734.Dq Li NO
735by default.
736Setting to
737.Dq Li YES
738will cause the kernel to ignore TCP frames that have both
739the SYN and FIN flags set.
740This prevents OS fingerprinting, but may break some legitimate applications.
741This option is only available if the kernel was built with the
742.Dv TCP_DROP_SYNFIN
743option.
744.It Va icmp_drop_redirect
745.Pq Vt bool
746Set to
747.Dq Li NO
748by default.
749Setting to
750.Dq Li YES
751will cause the kernel to ignore ICMP REDIRECT packets.
752Refer to
753.Xr icmp 4
754for more information.
755.It Va icmp_log_redirect
756.Pq Vt bool
757Set to
758.Dq Li NO
759by default.
760Setting to
761.Dq Li YES
762will cause the kernel to log ICMP REDIRECT packets.
763Note that
764the log messages are not rate-limited, so this option should only be used
765for troubleshooting networks.
766Refer to
767.Xr icmp 4
768for more information.
769.It Va icmp_bmcastecho
770.Pq Vt bool
771Set to
772.Dq Li YES
773to respond to broadcast or multicast ICMP ping packets.
774Refer to
775.Xr icmp 4
776for more information.
777.It Va ip_portrange_first
778.Pq Vt int
779If not set to
780.Dq Li NO ,
781this is the first port in the default portrange.
782Refer to
783.Xr ip 4
784for more information.
785.It Va ip_portrange_last
786.Pq Vt int
787If not set to
788.Dq Li NO ,
789this is the last port in the default portrange.
790Refer to
791.Xr ip 4
792for more information.
793.\"
794.It Va ifconfig_ Ns Aq Ar interface
795.Pq Vt str
796Configuration for
797.Dq interface .
798Typically includes IP address.
799Assuming that the interface in question was
800.Li ed0 ,
801it might look something like this:
802.Bd -literal
803ifconfig_ed0="inet 10.0.0.1 netmask 0xffff0000"
804.Ed
805.Pp
806If the
807.Pa /etc/start_if. Ns Aq Ar interface
808file is present, it is read and executed by the
809.Xr sh 1
810interpreter before configuring the interface as specified in the
811.Va ifconfig_ Ns Aq Ar interface
812and
813.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
814variables.
815.Pp
816It is possible to bring up an interface with DHCP by adding
817.Dq Li DHCP
818to the
819.Va ifconfig_ Ns Aq Ar interface
820variable.
821For instance, to initialize the
822.Li ed0
823device via DHCP, it is possible to use something like:
824.Bd -literal
825ifconfig_ed0="DHCP"
826.Ed
827.Pp
828Also, if your interface needs WPA authentication, it is possible to add
829.Dq Li WPA
830to the
831.Va ifconfig_ Ns Aq Ar interface
832variable.
833This will start
834.Xr wpa_supplicant 8 .
835See
836.Xr wpa_supplicant.conf 5
837for configuring authentication information.
838.Pp
839Finally, you can add
840.Xr ifconfig 8
841options in this variable, in addition to the
842.Pa /etc/start_if. Ns Aq Ar interface
843file.
844For instance, to initialize the
845.Li wi0
846device via DHCP, using WPA authentication and 802.11b mode, it is
847possible to use something like:
848.Bd -literal
849ifconfig_wi0="up DHCP WPA mode 11b"
850.Ed
851.Pp
852.\"
853.It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
854.Pq Vt str
855Configuration to establish an additional network address for
856.Dq interface .
857Assuming that the interface in question was
858.Li ed0 ,
859it might look something like this:
860.Bd -literal
861ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
862ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
863.Ed
864.Pp
865And so on.
866For each
867.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
868entry that is found, its contents are passed to
869.Xr ifconfig 8 .
870Execution stops at the first unsuccessful access, so if
871something like this is present:
872.Bd -literal
873ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
874ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
875ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
876ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
877.Ed
878.Pp
879Then note that alias4 would
880.Em not
881be added since the search would stop with the missing alias3 entry.
882.Pp
883.\"
884.It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _name
885.Pq Vt str
886New name for
887.Dq interface .
888It is possible to rename interface by doing:
889.Bd -literal
890ifconfig_ed0_name="net0"
891ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
892.Ed
893.It Va network_interfaces
894.Pq Vt str
895The list of network interfaces to configure on this host,
896or
897.Dq Li auto
898to configure all network interfaces
899(default
900.Dq Li auto ) .
901For example, if the only network devices to be configured are the loopback device
902.Pq Li lo0
903and a NIC using the
904.Xr ed 4
905driver, this could be set to
906.Dq Li "lo0 ed0" .
907An
908.Va ifconfig_ Ns Aq Ar interface
909variable is assumed to exist for each value of
910.Ar interface .
911.It Va ipv6_network_interfaces
912.Pq Vt str
913This is the IPv6 equivalent of
914.Va network_interfaces .
915Instead of setting the ifconfig variables as
916.Va ifconfig_ Ns Aq Ar interface
917they should be set as
918.Va ipv6_ifconfig_ Ns Aq Ar interface .
919Aliases should be set as
920.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
921Interfaces that do not have a
922.Va ipv6_ifconfig_ Ns Aq Ar interface
923setting will be auto configured by
924.Xr rtsol 8
925if the
926.Va ipv6_gateway_enable
927is set to
928.Dq Li NO .
929Note that the IPv6 networking code does not support the
930.Pa /etc/start_if. Ns Aq Ar interface
931files.
932.It Va ipv6_prefix_ Ns Aq Ar interface
933.Pq Vt str
934Assign prefix to
935.Ar interface ,
936prefixlen 64 is used.
937.It Va ipv6_default_interface
938.Pq Vt str
939If not set to
940.Dq Li NO ,
941this is the default output interface for scoped addresses.
942Now this works only for IPv6 link local multicast addresses.
943.It Va cloned_interfaces
944.Pq Vt str
945Set to the list of clonable network interfaces to create on this host.
946Entries in
947.Va cloned_interfaces
948are automatically appended to
949.Va network_interfaces
950for configuration.
951.It Va gif_interfaces
952.Pq Vt str
953Set to the list of
954.Xr gif 4
955tunnel interfaces to configure on this host.
956A
957.Va gifconfig_ Ns Aq Ar interface
958variable is assumed to exist for each value of
959.Ar interface .
960The value of this variable is used to configure the link layer of the
961tunnel according to the syntax of the
962.Cm tunnel
963option to
964.Xr ifconfig 8 .
965Additionally, this option ensures that each listed interface is created via the
966.Cm create
967option to
968.Xr ifconfig 8
969before attempting to configure it.
970.It Va sppp_interfaces
971.Pq Vt str
972Set to the list of
973.Xr sppp 4
974interfaces to configure on this host.
975A
976.Va spppconfig_ Ns Aq Ar interface
977variable is assumed to exist for each value of
978.Ar interface .
979Each interface should also be configured by a general
980.Va ifconfig_ Ns Aq Ar interface
981setting.
982Refer to
983.Xr spppcontrol 8
984for more information about available options.
985.It Va ppp_enable
986.Pq Vt bool
987If set to
988.Dq Li YES ,
989run the
990.Xr ppp 8
991daemon.
992.It Va ppp_mode
993.Pq Vt str
994Mode in which to run the
995.Xr ppp 8
996daemon.
997Accepted modes are
998.Dq Li auto ,
999.Dq Li ddial ,
1000.Dq Li direct
1001and
1002.Dq Li dedicated .
1003See the manual for a full description.
1004.It Va ppp_nat
1005.Pq Vt bool
1006If set to
1007.Dq Li YES ,
1008enables network address translation.
1009Used in conjunction with
1010.Va gateway_enable
1011allows hosts on private network addresses access to the Internet using
1012this host as a network address translating router.
1013.It Va ppp_profile
1014.Pq Vt str
1015The name of the profile to use from
1016.Pa /etc/ppp/ppp.conf .
1017.It Va ppp_user
1018.Pq Vt str
1019The name of the user under which
1020.Xr ppp 8
1021should be started.
1022By default,
1023.Xr ppp 8
1024is started as
1025.Dq Li root .
1026.It Va rc_conf_files
1027.Pq Vt str
1028This option is used to specify a list of files that will override
1029the settings in
1030.Pa /etc/defaults/rc.conf .
1031The files will be read in the order in which they are specified and should
1032include the full path to the file.
1033By default, the files specified are
1034.Pa /etc/rc.conf
1035and
1036.Pa /etc/rc.conf.local
1037.It Va fsck_y_enable
1038.Pq Vt bool
1039If set to
1040.Dq Li YES ,
1041.Xr fsck 8
1042will be run with the
1043.Fl y
1044flag if the initial preen of the file systems fails.
1045.It Va netfs_types
1046.Pq Vt str
1047List of file system types that are network-based.
1048This list should generally not be modified by end users.
1049Use
1050.Va extra_netfs_types
1051instead.
1052.It Va extra_netfs_types
1053.Pq Vt str
1054If set to something other than
1055.Dq Li NO
1056(the default), this variable extends the list of file system types
1057for which automatic mounting at startup by
1058.Xr rc 8
1059should be delayed until the network is initialized.
1060It should contain
1061a whitespace-separated list of network file system descriptor pairs,
1062each consisting of a file system type as passed to
1063.Xr mount 8
1064and a human-readable, one-word description, joined with a colon
1065.Pq Ql \&: .
1066Extending the default list in this way is only necessary
1067when third party file system types are used.
1068.It Va devfs_config_files
1069.Pq Vt str
1070This option is used to specify a list of configuration files containing
1071.Xr devfs 5
1072rules that will be applied by
1073.Xr devfsctl 8
1074in the order in which they are specified and must include the full path
1075to the file.
1076.It Va syslogd_enable
1077.Pq Vt bool
1078If set to
1079.Dq Li YES ,
1080run the
1081.Xr syslogd 8
1082daemon.
1083.It Va syslogd_program
1084.Pq Vt str
1085Path to
1086.Xr syslogd 8
1087(default
1088.Pa /usr/sbin/syslogd ) .
1089.It Va syslogd_flags
1090.Pq Vt str
1091If
1092.Va syslogd_enable
1093is set to
1094.Dq Li YES ,
1095these are the flags to pass to
1096.Xr syslogd 8 .
1097.It Va inetd_enable
1098.Pq Vt bool
1099If set to
1100.Dq Li YES ,
1101run the
1102.Xr inetd 8
1103daemon.
1104.It Va inetd_program
1105.Pq Vt str
1106Path to
1107.Xr inetd 8
1108(default
1109.Pa /usr/sbin/inetd ) .
1110.It Va inetd_flags
1111.Pq Vt str
1112If
1113.Va inetd_enable
1114is set to
1115.Dq Li YES ,
1116these are the flags to pass to
1117.Xr inetd 8 .
1118.It Va named_enable
1119.Pq Vt bool
1120If set to
1121.Dq Li YES ,
1122run the
1123.Xr named 8
1124daemon.
1125.It Va named_program
1126.Pq Vt str
1127Path to
1128.Xr named 8
1129(default
1130.Pa /usr/sbin/named ) .
1131.It Va named_flags
1132.Pq Vt str
1133If
1134.Va named_enable
1135is set to
1136.Dq Li YES ,
1137these are the flags to pass to
1138.Xr named 8 .
1139.It Va named_pidfile
1140.Pq Vt str
1141This is the default path to the
1142.Xr named 8
1143daemon's PID file.
1144Change it if you change the location in
1145.Pa /etc/namedb/named.conf .
1146.It Va named_chrootdir
1147.Pq Vt str
1148The root directory for a name server run in a
1149.Xr chroot 8
1150environment.
1151If left empty
1152.Xr named 8
1153will not be run in a
1154.Xr chroot 8
1155environment.
1156.It Va rwhod_enable
1157.Pq Vt bool
1158If set to
1159.Dq Li YES ,
1160run the
1161.Xr rwhod 8
1162daemon at boot time.
1163.It Va rwhod_flags
1164.Pq Vt str
1165If
1166.Va rwhod_enable
1167is set to
1168.Dq Li YES ,
1169these are the flags to pass to it.
1170.It Va amd_enable
1171.Pq Vt bool
1172If set to
1173.Dq Li YES ,
1174run the
1175.Xr amd 8
1176daemon at boot time.
1177.It Va amd_flags
1178.Pq Vt str
1179If
1180.Va amd_enable
1181is set to
1182.Dq Li YES ,
1183these are the flags to pass to it.
1184See the
1185.Xr amd 8
1186manpage for more information.
1187.It Va amd_map_program
1188.Pq Vt str
1189If set, the specified program is run to get the list of
1190.Xr amd 8
1191maps.
1192For example, if the
1193.Xr amd 8
1194maps are stored in NIS, one can set this to run
1195.Xr ypcat 1
1196to get a list of
1197.Xr amd 8
1198maps from the
1199.Pa amd.master
1200NIS map.
1201.It Va update_motd
1202.Pq Vt bool
1203If set to
1204.Dq Li YES ,
1205.Pa /etc/motd
1206will be updated at boot time to reflect the kernel release being run.
1207If set to
1208.Dq Li NO ,
1209.Pa /etc/motd
1210will not be updated.
1211.It Va nfs_client_enable
1212.Pq Vt bool
1213If set to
1214.Dq Li YES ,
1215setup NFS client parameters at boot time.
1216.It Va nfs_access_cache
1217.Pq Vt int
1218If
1219.Va nfs_client_enable
1220is set to
1221.Dq Li YES ,
1222this can be set to
1223.Dq Li 0
1224to disable NFS ACCESS RPC caching, or to the number of seconds for which
1225NFS ACCESS results should be cached.
1226A value of 2-10 seconds will substantially reduce network traffic for
1227many NFS operations.
1228The default is 5 seconds.
1229Note that the attribute cache holds stat information only.
1230The NFS data cache is independent of the attribute cache and is only
1231invalidated when the client detects that the server has modified the
1232underlying file.
1233This value specifies a maximum timeout.
1234The NFS client will automatically use a shorter timeout for files which
1235have been recently modified.
1236.It Va nfs_neg_cache
1237.Pq Vt int
1238If
1239.Va nfs_client_enable
1240is set to
1241.Dq Li YES ,
1242this can be set to
1243.Dq Li 0
1244to disable the caching of NEGATIVE LOOKUPS (lookups of non-existent
1245filenames), or to the number of seconds for which negative lookups should
1246be cached.
1247A value of 2-10 seconds will substantially reduce network
1248traffic for many NFS operations, especially source code builds.
1249The default is 3 seconds.
1250.It Va nfs_server_enable
1251.Pq Vt bool
1252If set to
1253.Dq Li YES ,
1254run the NFS server daemons at boot time.
1255.It Va nfs_server_flags
1256.Pq Vt str
1257If
1258.Va nfs_server_enable
1259is set to
1260.Dq Li YES ,
1261these are the flags to pass to the
1262.Xr nfsd 8
1263daemon.
1264.It Va mountd_enable
1265.Pq Vt bool
1266If set to
1267.Dq Li YES ,
1268and no
1269.Va nfs_server_enable
1270is set, start
1271.Xr mountd 8 ,
1272but not
1273.Xr nfsd 8
1274daemon.
1275It is commonly needed to run CFS without real NFS used.
1276.It Va mountd_flags
1277.Pq Vt str
1278If
1279.Va mountd_enable
1280is set to
1281.Dq Li YES ,
1282these are the flags to pass to the
1283.Xr mountd 8
1284daemon.
1285.It Va weak_mountd_authentication
1286.Pq Vt bool
1287If set to
1288.Dq Li YES ,
1289allow services like PCNFSD to make non-privileged mount requests.
1290.It Va nfs_reserved_port_only
1291.Pq Vt bool
1292If set to
1293.Dq Li YES ,
1294provide NFS services only on a secure port.
1295.It Va nfs_bufpackets
1296.Pq Vt int
1297If set to a number, indicates the number of packets worth of
1298socket buffer space to reserve on an NFS client.
1299The kernel default is typically 4.
1300Using a higher number may be useful on gigabit networks to improve performance.
1301The minimum value is 2 and the maximum is 64.
1302.It Va rpc_umntall_enable
1303.Pq Vt bool
1304If set to
1305.Dq Li YES
1306(default) and we are also an NFS client, run
1307.Xr rpc.umntall 8
1308at boot time to clear out old mounts on remote servers.
1309If set to
1310.Dq Li NO
1311then
1312.Xr rpc.umntall 8
1313will not be run at boot time.
1314.It Va rpc_lockd_enable
1315.Pq Vt bool
1316If set to
1317.Dq Li YES
1318and also an NFS server, run
1319.Xr rpc.lockd 8
1320at boot time.
1321.It Va rpc_lockd_flags
1322.Pq Vt str
1323If
1324.Va rpc_lockd_enable
1325is set to
1326.Dq Li YES ,
1327these are the flags to pass to
1328.Xr rpc.lockd 8 .
1329.It Va rpc_statd_enable
1330.Pq Vt bool
1331If set to
1332.Dq Li YES
1333and also an NFS server, run
1334.Xr rpc.statd 8
1335at boot time.
1336.It Va rpc_statd_flags
1337.Pq Vt str
1338If
1339.Va rpc_statd_enable
1340is set to
1341.Dq Li YES ,
1342these are the flags to pass to
1343.Xr rpc.statd 8 .
1344.It Va rpcbind_program
1345.Pq Vt str
1346Path to program for rpcbind daemon
1347(default
1348.Pa /usr/sbin/rpcbind ) .
1349.It Va rpcbind_enable
1350.Pq Vt bool
1351If set to
1352.Dq Li YES ,
1353run
1354.Va rpcbind_program
1355at boot time.
1356.It Va rpcbind_flags
1357.Pq Vt str
1358If
1359.Va rpcbind_enable
1360is set to
1361.Dq Li YES ,
1362these are the flags to pass to
1363.Va rpcbind_program .
1364.It Va keyserv_enable
1365.Pq Vt bool
1366If set to
1367.Dq Li YES ,
1368run the
1369.Xr keyserv 8
1370daemon on boot for running Secure RPC.
1371.It Va keyserv_flags
1372.Pq Vt str
1373If
1374.Va keyserv_enable
1375is set to
1376.Dq Li YES ,
1377these are the flags to pass to
1378.Xr keyserv 8
1379daemon.
1380.It Va pppoed_enable
1381.Pq Vt bool
1382If set to
1383.Dq Li YES ,
1384run the
1385.Xr pppoed 8
1386daemon at boot time to provide PPP over Ethernet services.
1387.It Va pppoed_provider
1388.Pq Vt str
1389.Xr pppoed 8
1390listens to requests to this provider and ultimately runs
1391.Xr ppp 8
1392with a
1393.Ar system
1394argument of the same name.
1395.It Va pppoed_flags
1396.Pq Vt str
1397Additional flags to pass to
1398.Xr pppoed 8 .
1399.It Va pppoed_interface
1400.Pq Vt str
1401The network interface to run
1402.Xr pppoed 8
1403on.
1404This is mandatory when
1405.Va pppoed_enable
1406is set to
1407.Dq Li YES .
1408.It Va timed_enable
1409.Pq Vt bool
1410If set to
1411.Dq Li YES ,
1412run the
1413.Xr timed 8
1414service at boot time.
1415This command is intended for networks of machines where a consistent
1416.Dq "network time"
1417for all hosts must be established.
1418This is often useful in large NFS environments where time stamps on
1419files are expected to be consistent network-wide.
1420.It Va timed_flags
1421.Pq Vt str
1422If
1423.Va timed_enable
1424is set to
1425.Dq Li YES ,
1426these are the flags to pass to the
1427.Xr timed 8
1428service.
1429.It Va dntpd_enable
1430.Pq Vt bool
1431If set to
1432.Dq Li YES ,
1433run
1434.Xr dntpd 8
1435at system boot time.
1436.It Va dntpd_program
1437.Pq Vt str
1438Path to
1439.Xr dntpd 8
1440(default
1441.Pa /usr/sbin/dntpd ) .
1442.It Va dntpd_flags
1443.Pq Vt str
1444If
1445.Va dntpd_enable
1446is set to
1447.Dq Li YES ,
1448these are the flags to pass to the
1449.Xr dntpd 8
1450daemon.
1451.It Va btconfig_enable
1452.Pq Vt bool
1453If set to
1454.Dq Li YES ,
1455configure Bluetooth devices via
1456.Xr btconfig 8
1457at system boot time.
1458.It Va btconfig_devices
1459.Pq Vt str
1460If
1461.Va btconfig_enable
1462is set to
1463.Dq Li YES ,
1464this is the list of Bluetooth devices to configure.
1465If
1466.Va btconfig_devices
1467is not specified, all devices known to the system will be configured.
1468A
1469.Va btconfig_ Ns Aq Ar device
1470variable can be set to specify parameters to be passed to
1471.Ar device .
1472.It Va btconfig_args
1473.Pq Vt str
1474If
1475.Va btconfig_enable
1476is set to
1477.Dq Li YES ,
1478this is the list of configuration parameters to pass to all Bluetooth
1479devices.
1480.It Va sdpd_enable
1481.Pq Vt bool
1482If set to
1483.Dq Li YES ,
1484run the Service Discovery Profile daemon
1485.Xr ( sdpd 8 )
1486at system boot time.
1487.It Va sdpd_flags
1488.Pq Vt str
1489If
1490.Va sdpd_enable
1491is set to
1492.Dq Li YES ,
1493these are the flags to pass to the
1494.Xr sdpd 8
1495daemon.
1496.It Va bthcid_enable
1497.Pq Vt bool
1498If set to
1499.Dq Li YES ,
1500run the Bluetooth Link Key/PIN Code Manager daemon
1501.Xr ( bthcid 8 )
1502at system boot time.
1503.It Va bthcid_flags
1504.Pq Vt str
1505If
1506.Va bthcid_enable
1507is set to
1508.Dq Li YES ,
1509these are the flags to pass to the
1510.Xr bthcid 8
1511daemon.
1512.It Va nis_client_enable
1513.Pq Vt bool
1514If set to
1515.Dq Li YES ,
1516run the
1517.Xr ypbind 8
1518service at system boot time.
1519.It Va nis_client_flags
1520.Pq Vt str
1521If
1522.Va nis_client_enable
1523is set to
1524.Dq Li YES ,
1525these are the flags to pass to the
1526.Xr ypbind 8
1527service.
1528.It Va nis_ypset_enable
1529.Pq Vt bool
1530If set to
1531.Dq Li YES ,
1532run the
1533.Xr ypset 8
1534daemon at system boot time.
1535.It Va nis_ypset_flags
1536.Pq Vt str
1537If
1538.Va nis_ypset_enable
1539is set to
1540.Dq Li YES ,
1541these are the flags to pass to the
1542.Xr ypset 8
1543daemon.
1544.It Va nis_server_enable
1545.Pq Vt bool
1546If set to
1547.Dq Li YES ,
1548run the
1549.Xr ypserv 8
1550daemon at system boot time.
1551.It Va nis_server_flags
1552.Pq Vt str
1553If
1554.Va nis_server_enable
1555is set to
1556.Dq Li YES ,
1557these are the flags to pass to the
1558.Xr ypserv 8
1559daemon.
1560.It Va nis_ypxfrd_enable
1561.Pq Vt bool
1562If set to
1563.Dq Li YES ,
1564run the
1565.Xr rpc.ypxfrd 8
1566daemon at system boot time.
1567.It Va nis_ypxfrd_flags
1568.Pq Vt str
1569If
1570.Va nis_ypxfrd_enable
1571is set to
1572.Dq Li YES ,
1573these are the flags to pass to the
1574.Xr rpc.ypxfrd 8
1575daemon.
1576.It Va nis_yppasswdd_enable
1577.Pq Vt bool
1578If set to
1579.Dq Li YES ,
1580run the
1581.Xr rpc.yppasswdd 8
1582daemon at system boot time.
1583.It Va nis_yppasswdd_flags
1584.Pq Vt str
1585If
1586.Va nis_yppasswdd_enable
1587is set to
1588.Dq Li YES ,
1589these are the flags to pass to the
1590.Xr rpc.yppasswdd 8
1591daemon.
1592.It Va rpc_ypupdated_enable
1593.Pq Vt bool
1594If set to
1595.Dq Li YES ,
1596run the
1597.Nm rpc.ypupdated
1598daemon at system boot time.
1599.It Va defaultrouter
1600.Pq Vt str
1601If not set to
1602.Dq Li NO ,
1603create a default route to this host name or IP address
1604(use an IP address if this router is also required to get to the
1605name server!).
1606.It Va ipv6_defaultrouter
1607.Pq Vt str
1608The IPv6 equivalent of
1609.Va defaultrouter .
1610.It Va static_routes
1611.Pq Vt str
1612Set to the list of static routes that are to be added at system boot time.
1613If not set to
1614.Dq Li NO
1615then for each whitespace separated
1616.Ar element
1617in the value, a
1618.Va route_ Ns Aq Ar element
1619variable is assumed to exist whose contents will later be passed to a
1620.Dq Nm route Cm add
1621operation.
1622.It Va ipv6_static_routes
1623.Pq Vt str
1624The IPv6 equivalent of
1625.Va static_routes .
1626If not set to
1627.Dq Li NO
1628then for each whitespace separated
1629.Ar element
1630in the value, a
1631.Va ipv6_route_ Ns Aq Ar element
1632variable is assumed to exist whose contents will later be passed to a
1633.Dq Nm route Cm add Fl inet6
1634operation.
1635.It Va gateway_enable
1636.Pq Vt bool
1637If set to
1638.Dq Li YES ,
1639configure host to act as an IP router, e.g. to forward packets
1640between interfaces.
1641.It Va ipv6_gateway_enable
1642.Pq Vt bool
1643The IPv6 equivalent of
1644.Va gateway_enable .
1645.It Va router_enable
1646.Pq Vt bool
1647If set to
1648.Dq Li YES ,
1649run a routing daemon of some sort, based on the settings of
1650.Va router_program
1651and
1652.Va router_flags .
1653.It Va ipv6_router_enable
1654.Pq Vt bool
1655The IPv6 equivalent of
1656.Va router_enable .
1657If set to
1658.Dq Li YES ,
1659run a routing daemon of some sort, based on the settings of
1660.Va ipv6_router_program
1661and
1662.Va ipv6_router_flags .
1663.It Va router_program
1664.Pq Vt str
1665If
1666.Va router_enable
1667is set to
1668.Dq Li YES ,
1669this is the name of the routing daemon to use
1670(default
1671.Pa /sbin/routed ) .
1672.It Va ipv6_router_program
1673.Pq Vt str
1674The IPv6 equivalent of
1675.Va router_program
1676(default
1677.Pa /sbin/route6d ) .
1678.It Va router_flags
1679.Pq Vt str
1680If
1681.Va router_enable
1682is set to
1683.Dq Li YES ,
1684these are the flags to pass to the routing daemon.
1685.It Va ipv6_router_flags
1686.Pq Vt str
1687The IPv6 equivalent of
1688.Va router_flags .
1689.It Va mrouted_enable
1690.Pq Vt bool
1691If set to
1692.Dq Li YES ,
1693run the multicast routing daemon,
1694.Xr mrouted 8 .
1695.It Va mroute6d_enable
1696.Pq Vt bool
1697The IPv6 equivalent of
1698.Va mrouted_enable .
1699If set to
1700.Dq Li YES ,
1701run the IPv6 multicast routing daemon.
1702Note that no IPv6 multicast routing daemon is included in the
1703.Dx
1704base system but
1705.Xr pim6dd 8
1706can be installed from the
1707.Xr pkgsrc 7
1708collection.
1709.It Va mrouted_flags
1710.Pq Vt str
1711If
1712.Va mrouted_enable
1713is set to
1714.Dq Li YES ,
1715these are the flags to pass to the
1716.Xr mrouted 8
1717daemon.
1718.It Va mroute6d_flags
1719.Pq Vt str
1720The IPv6 equivalent of
1721.Va mrouted_flags .
1722If
1723.Va mroute6d_enable
1724is set to
1725.Dq Li YES ,
1726these are the flags passed to the IPv6 multicast routing daemon.
1727.It Va mroute6d_program
1728.Pq Vt str
1729If
1730.Va mroute6d_enable
1731is set to
1732.Dq Li YES ,
1733this is the path to the IPv6 multicast routing daemon.
1734.It Va rtadvd_enable
1735.Pq Vt bool
1736If set to
1737.Dq Li YES ,
1738run the
1739.Xr rtadvd 8
1740daemon at boot time.
1741.Xr rtadvd 8
1742will only run if
1743.Va ipv6_gateway_enable
1744is also set to
1745.Dq Li YES .
1746The
1747.Xr rtadvd 8
1748utility sends router advertisement packets to the interfaces specified in
1749.Va rtadvd_interfaces .
1750.Xr rtadvd 8
1751and should only be enabled with great care.
1752You may want to fine-tune
1753.Xr rtadvd.conf 5 .
1754.It Va rtadvd_interfaces
1755.Pq Vt str
1756If
1757.Va rtadvd_enable
1758is set to
1759.Dq Li YES
1760this is the list of interfaces to use.
1761.It Va rtsold_enable
1762.Pq Vt bool
1763If set to
1764.Dq Li YES ,
1765run the
1766.Xr rtsold 8
1767daemon at boot time.
1768The
1769.Xr rtsold 8
1770daemon is used for automatic discovery of non-link local addresses.
1771.It Va rtsold_flags
1772.Pq Vt str
1773If
1774.Va rtsold_enable
1775is set to
1776.Dq Li YES ,
1777these are the flags to pass to the
1778.Xr rtsold 8
1779daemon.
1780.It Va ipxgateway_enable
1781.Pq Vt bool
1782If set to
1783.Dq Li YES ,
1784enable the routing of IPX traffic.
1785.It Va ipxrouted_enable
1786.Pq Vt bool
1787If set to
1788.Dq Li YES ,
1789run the
1790.Xr IPXrouted 8
1791daemon at system boot time.
1792.It Va ipxrouted_flags
1793.Pq Vt str
1794If
1795.Va ipxrouted_enable
1796is set to
1797.Dq Li YES ,
1798these are the flags to pass to the
1799.Xr IPXrouted 8
1800daemon.
1801.It Va arpproxy_all
1802.Pq Vt bool
1803If set to
1804.Dq Li YES ,
1805enable global proxy ARP.
1806.It Va forward_sourceroute
1807.Pq Vt bool
1808If set to
1809.Dq Li YES
1810and
1811.Va gateway_enable
1812is also set to
1813.Dq Li YES ,
1814source-routed packets are forwarded.
1815.It Va accept_sourceroute
1816.Pq Vt bool
1817If set to
1818.Dq Li YES ,
1819the system will accept source-routed packets directed at it.
1820.It Va rarpd_enable
1821.Pq Vt bool
1822If set to
1823.Dq Li YES ,
1824run the
1825.Xr rarpd 8
1826daemon at system boot time.
1827.It Va rarpd_flags
1828.Pq Vt str
1829If
1830.Va rarpd_enable
1831is set to
1832.Dq Li YES ,
1833these are the flags to pass to the
1834.Xr rarpd 8
1835daemon.
1836.It Va bootparamd_enable
1837.Pq Vt bool
1838If set to
1839.Dq Li YES ,
1840run the
1841.Xr bootparamd 8
1842daemon at system boot time.
1843.It Va bootparamd_flags
1844.Pq Vt str
1845If
1846.Va bootparamd_enable
1847is set to
1848.Dq Li YES ,
1849these are the flags to pass to the
1850.Xr bootparamd 8
1851daemon.
1852.It Va stf_interface_ipv4addr
1853.Pq Vt str
1854If not set to
1855.Dq Li NO ,
1856this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling interface).
1857Specify this entry to enable the 6to4 interface.
1858.It Va stf_interface_ipv4plen
1859.Pq Vt int
1860Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1861An effective value is 0-31.
1862.It Va stf_interface_ipv6_ifid
1863.Pq Vt str
1864IPv6 interface ID for
1865.Xr stf 4 .
1866This can be set to
1867.Dq Li AUTO .
1868.It Va stf_interface_ipv6_slaid
1869.Pq Vt str
1870IPv6 Site Level Aggregator for
1871.Xr stf 4 .
1872.It Va ipv6_faith_prefix
1873.Pq Vt str
1874If not set to
1875.Dq Li NO ,
1876this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP translator.
1877You also need
1878.Xr faithd 8
1879setup.
1880.It Va ipv6_ipv4mapping
1881.Pq Vt bool
1882If set to
1883.Dq Li YES
1884this enables IPv4 mapped IPv6 address communication (like
1885.Li ::ffff:a.b.c.d ) .
1886.It Va atm_enable
1887.Pq Vt bool
1888Set to
1889.Dq Li YES
1890to enable the configuration of ATM interfaces at system boot time.
1891For all of the ATM variables described below, please refer to the
1892.Xr atm 8
1893man page for further details on the available command parameters.
1894Also refer to the files in
1895.Pa /usr/share/examples/atm
1896for more detailed configuration information.
1897.It Va atm_netif_ Ns Aq Ar intf
1898.Pq Vt str
1899For the ATM physical interface
1900.Ar intf ,
1901this variable defines the name prefix and count for the ATM network
1902interfaces to be created.
1903The value will be passed as the parameters of an
1904.Dq Nm atm Cm "set netif" Ar intf
1905command.
1906.It Va atm_sigmgr_ Ns Aq Ar intf
1907.Pq Vt str
1908For the ATM physical interface
1909.Ar intf ,
1910this variable defines the ATM signalling manager to be used.
1911The value will be passed as the parameters of an
1912.Dq Nm atm Cm attach Ar intf
1913command.
1914.It Va atm_prefix_ Ns Aq Ar intf
1915.Pq Vt str
1916For the ATM physical interface
1917.Ar intf ,
1918this variable defines the NSAP prefix for interfaces using a UNI signalling
1919manager.
1920If set to
1921.Dq Li ILMI ,
1922the prefix will automatically be set via the
1923.Xr ilmid 8
1924daemon.
1925Otherwise, the value will be passed as the parameters of an
1926.Dq Nm atm Cm "set prefix" Ar intf
1927command.
1928.It Va atm_macaddr_ Ns Aq Ar intf
1929.Pq Vt str
1930For the ATM physical interface
1931.Ar intf ,
1932this variable defines the MAC address for interfaces using a UNI signalling
1933manager.
1934If set to
1935.Dq Li NO ,
1936the hardware MAC address contained in the ATM interface card will be used.
1937Otherwise, the value will be passed as the parameters of an
1938.Dq Nm atm Cm "set mac" Ar intf
1939command.
1940.It Va atm_arpserver_ Ns Aq Ar netif
1941.Pq Vt str
1942For the ATM network interface
1943.Ar netif ,
1944this variable defines the ATM address for a host which is to provide ATMARP
1945service.
1946This variable is only applicable to interfaces using a UNI signalling manager.
1947If set to
1948.Dq Li local ,
1949this host will become an ATMARP server.
1950The value will be passed as the parameters of an
1951.Dq Nm atm Cm "set arpserver" Ar netif
1952command.
1953.It Va atm_scsparp_ Ns Aq Ar netif
1954.Pq Vt bool
1955If set to
1956.Dq Li YES ,
1957SCSP/ATMARP service for the network interface
1958.Ar netif
1959will be initiated using the
1960.Xr scspd 8
1961and
1962.Xr atmarpd 8
1963daemons.
1964This variable is only applicable if
1965.Va atm_arpserver_ Ns Aq Ar netif
1966is set to
1967.Dq Li local .
1968.It Va atm_arps
1969.Pq Vt str
1970Set to the list of permanent ATM ARP entries to be added at system boot time.
1971For each whitespace separated
1972.Ar element
1973in the value, an
1974.Va atm_arp_ Ns Aq Ar element
1975variable is assumed to exist.
1976The value of each of these variables will be passed as the parameters of an
1977.Dq Nm atm Cm "add arp"
1978command.
1979.It Va keybell
1980.Pq Vt str
1981The keyboard bell sound.
1982Set to
1983.Dq Li normal ,
1984.Dq Li visual ,
1985.Dq Li off ,
1986or
1987.Dq Li NO
1988if the default behavior is desired.
1989For details, refer to the
1990.Xr kbdcontrol 1
1991manpage.
1992.It Va keymap
1993.Pq Vt str
1994If set to
1995.Dq Li NO ,
1996no keymap is installed, otherwise the value is used to install
1997the keymap file in
1998.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1999.It Va keyrate
2000.Pq Vt str
2001The keyboard repeat speed.
2002Set to
2003.Dq Li slow ,
2004.Dq Li normal ,
2005.Dq Li fast ,
2006or
2007.Dq Li NO
2008if the default behavior is desired.
2009.It Va keychange
2010.Pq Vt str
2011If not set to
2012.Dq Li NO ,
2013attempt to program the function keys with the value.
2014The value should be a single string of the form:
2015.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
2016.It Va cursor
2017.Pq Vt str
2018Can be set to the value of
2019.Dq Li normal ,
2020.Dq Li blink ,
2021.Dq Li destructive ,
2022or
2023.Dq Li NO
2024to set the cursor behavior explicitly or choose the default behavior.
2025.It Va scrnmap
2026.Pq Vt str
2027If set to
2028.Dq Li NO ,
2029no screen map is installed, otherwise the value is used to install
2030the screen map file in
2031.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
2032.It Va font8x16
2033.Pq Vt str
2034If set to
2035.Dq Li NO ,
2036the default 8x16 font value is used for screen size requests, otherwise
2037the value in
2038.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2039is used.
2040.It Va font8x14
2041.Pq Vt str
2042If set to
2043.Dq Li NO ,
2044the default 8x14 font value is used for screen size requests, otherwise
2045the value in
2046.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2047is used.
2048.It Va font8x8
2049.Pq Vt str
2050If set to
2051.Dq Li NO ,
2052the default 8x8 font value is used for screen size requests, otherwise
2053the value in
2054.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2055is used.
2056.It Va blanktime
2057.Pq Vt int
2058If set to
2059.Dq Li NO ,
2060the default screen blanking interval is used, otherwise it is set to
2061.Ar value
2062seconds.
2063.It Va saver
2064.Pq Vt str
2065If not set to
2066.Dq Li NO ,
2067this is the actual screen saver to use
2068.Li ( blank , snake , daemon ,
2069etc).
2070.It Va moused_enable
2071.Pq Vt str
2072If set to
2073.Dq Li YES ,
2074the
2075.Xr moused 8
2076daemon is started for doing cut/paste selection on the console.
2077.It Va moused_type
2078.Pq Vt str
2079This is the protocol type of the mouse connected to this host.
2080This variable must be set if
2081.Va moused_enable
2082is set to
2083.Dq Li YES .
2084The
2085.Xr moused 8
2086daemon
2087is able to detect the appropriate mouse type automatically in many cases.
2088Set this variable to
2089.Dq Li auto
2090to let the daemon detect it, or
2091select one from the following list if the automatic detection fails.
2092.Pp
2093If the mouse is attached to the PS/2 mouse port, choose
2094.Dq Li auto
2095or
2096.Dq Li ps/2 ,
2097regardless of the brand and model of the mouse.
2098Likewise, if the mouse is attached to the bus mouse port, choose
2099.Dq Li auto
2100or
2101.Dq Li busmouse .
2102All other protocols are for serial mice and will not work with
2103the PS/2 and bus mice.
2104If this is a USB mouse,
2105.Dq Li auto
2106is the only protocol type which will work.
2107.Pp
2108.Bl -tag -width ".Li x10mouseremote" -compact
2109.It Li microsoft
2110Microsoft mouse (serial)
2111.It Li intellimouse
2112Microsoft IntelliMouse (serial)
2113.It Li mousesystems
2114Mouse systems Corp. mouse (serial)
2115.It Li mmseries
2116MM Series mouse (serial)
2117.It Li logitech
2118Logitech mouse (serial)
2119.It Li busmouse
2120A bus mouse
2121.It Li mouseman
2122Logitech MouseMan and TrackMan (serial)
2123.It Li glidepoint
2124ALPS GlidePoint (serial)
2125.It Li thinkingmouse
2126Kensington ThinkingMouse (serial)
2127.It Li ps/2
2128PS/2 mouse
2129.It Li mmhittab
2130MM HitTablet (serial)
2131.It Li x10mouseremote
2132X10 MouseRemote (serial)
2133.It Li versapad
2134Interlink VersaPad (serial)
2135.El
2136.Pp
2137Even if the mouse is not in the above list, it may be compatible
2138with one in the list.
2139Refer to the man page for
2140.Xr moused 8
2141for compatibility information.
2142.Pp
2143It should also be noted that while this is enabled, any
2144other client of the mouse (such as an X server) should access
2145the mouse through the virtual mouse device,
2146.Pa /dev/sysmouse ,
2147and configure it as a
2148.Dq Li sysmouse
2149type mouse, since all
2150mouse data is converted to this single canonical format when using
2151.Xr moused 8 .
2152If the client program does not support the
2153.Dq Li sysmouse
2154type, specify the
2155.Dq Li mousesystems
2156type.
2157It is the second preferred type.
2158.It Va moused_port
2159.Pq Vt str
2160If
2161.Va moused_enable
2162is set to
2163.Dq Li YES ,
2164this is the actual port the mouse is on.
2165It might be
2166.Pa /dev/cuaa0
2167for a COM1 serial mouse,
2168.Pa /dev/psm0
2169for a PS/2 mouse or
2170.Pa /dev/mse0
2171for a bus mouse, for example.
2172.It Va moused_flags
2173.Pq Vt str
2174If
2175.Va moused_type
2176is set, these are the additional flags to pass to the
2177.Xr moused 8
2178daemon.
2179.It Va mousechar_start
2180.Pq Vt int
2181If set to
2182.Dq Li NO ,
2183the default mouse cursor character range
2184.Li 0xd0 Ns - Ns Li 0xd3
2185is used, otherwise the range start is set to
2186.Ar value
2187character, see
2188.Xr vidcontrol 1 .
2189Use if the default range is occupied in the language code table.
2190.It Va vidhistory
2191.Pq Vt int
2192Set the size of the history (scrollback) buffer in lines.
2193.It Va allscreens_flags
2194.Pq Vt str
2195If set,
2196.Xr vidcontrol 1
2197is run with these options for each of the virtual terminals
2198.Pq Pa /dev/ttyv* .
2199For example,
2200.Dq Fl m Cm on
2201will enable the mouse pointer on all virtual terminals if
2202.Va moused_enable
2203is set to
2204.Dq Li YES .
2205.It Va allscreens_kbdflags
2206.Pq Vt str
2207If set,
2208.Xr kbdcontrol 1
2209is run with these options for each of the virtual terminals
2210.Pq Pa /dev/ttyv* .
2211For example,
2212.Dq Fl h Li 200
2213will set the
2214.Xr syscons 4
2215scrollback (history) buffer to 200 lines.
2216.It Va cron_enable
2217.Pq Vt bool
2218If set to
2219.Dq Li YES ,
2220run the
2221.Xr cron 8
2222daemon at system boot time.
2223.It Va cron_program
2224.Pq Vt str
2225Path to
2226.Xr cron 8
2227(default
2228.Pa /usr/sbin/cron ) .
2229.It Va cron_flags
2230.Pq Vt str
2231If
2232.Va cron_enable
2233is set to
2234.Dq Li YES ,
2235these are the flags to pass to
2236.Xr cron 8 .
2237.It Va lpd_program
2238.Pq Vt str
2239Path to
2240.Xr lpd 8
2241(default
2242.Pa /usr/sbin/lpd ) .
2243.It Va lpd_enable
2244.Pq Vt bool
2245If set to
2246.Dq Li YES ,
2247run the
2248.Xr lpd 8
2249daemon at system boot time.
2250.It Va lpd_flags
2251.Pq Vt str
2252If
2253.Va lpd_enable
2254is set to
2255.Dq Li YES ,
2256these are the flags to pass to the
2257.Xr lpd 8
2258daemon.
2259.It Va nscd_enable
2260.Pq Vt bool
2261If set to
2262.Dq Li YES ,
2263run the
2264.Xr nscd 8
2265daemon at system boot time.
2266.It Va mixer_enable
2267.Pq Vt bool
2268If set to
2269.Dq Li YES ,
2270preserve
2271.Xr mixer 8
2272settings across reboots.
2273.It Va mta_start_script
2274.Pq Vt str
2275The full path to the script to run to start
2276a mail transfer agent.
2277The default is
2278.Pa /etc/rc.sendmail .
2279The
2280.Va sendmail_*
2281variables which
2282.Pa /etc/rc.sendmail
2283uses are documented in the
2284.Xr rc.sendmail 8
2285man page.
2286.It Va fixbootfile
2287.Pq Vt bool
2288In a
2289.Sq HAMMER ROOT with UFS /boot
2290setup, the boot loader will not set up the
2291.Va kern.bootfile
2292sysctl correctly.
2293The system will attempt to fix this on its own.
2294Set this variable to
2295.Dq Li NO
2296to turn this behavior off.
2297.It Va dumpdev
2298.Pq Vt str
2299Indicates the device (usually a swap partition) to which a crash dump
2300should be written in the event of a system crash.
2301The value of this variable is passed as the argument to
2302.Xr dumpon 8 .
2303To disable crash dumps, set this variable to
2304.Dq Li NO .
2305.It Va dumpdir
2306.Pq Vt str
2307When the system reboots after a crash and a crash dump is found on the
2308device specified by the
2309.Va dumpdev
2310variable,
2311.Xr savecore 8
2312will save that crash dump and a copy of the kernel to the directory
2313specified by the
2314.Va dumpdir
2315variable.
2316The default value is
2317.Pa /var/crash .
2318Set to
2319.Dq Li NO
2320to not run
2321.Xr savecore 8
2322at boot time when
2323.Va dumpdir
2324is set.
2325.It Va savecore_flags
2326.Pq Vt str
2327If crash dumps are enabled, these are the flags to pass to the
2328.Xr savecore 8
2329utility.
2330.It Va enable_quotas
2331.Pq Vt bool
2332Set to
2333.Dq Li YES
2334to turn on user disk quotas on system startup via the
2335.Xr quotaon 8
2336command.
2337.It Va check_quotas
2338.Pq Vt bool
2339Set to
2340.Dq Li YES
2341to enable user disk quota checking via the
2342.Xr quotacheck 8
2343command.
2344.It Va accounting_enable
2345.Pq Vt bool
2346Set to
2347.Dq Li YES
2348to enable system accounting through the
2349.Xr accton 8
2350facility.
2351.It Va linux_enable
2352.Pq Vt bool
2353Set to
2354.Dq Li YES
2355to enable Linux/ELF binary emulation at system initial boot time.
2356.It Va sysvipc_enable
2357.Pq Vt bool
2358If set to
2359.Dq Li YES ,
2360load System V IPC primitives at boot time.
2361.\" ----- cleanvar_enable setting--------------------------------
2362.It Va cleanvar_enable
2363.Pq Vt bool
2364Set to
2365.Dq Li YES
2366to have
2367.Pa /var/run ,
2368.Pa /var/spool/lock
2369and
2370.Pa /var/spool/uucp/.Temp/*
2371cleaned at startup.
2372.\" ----- clear_tmp_enable setting-------------------------------
2373.It Va clear_tmp_enable
2374.Pq Vt bool
2375Set to
2376.Dq Li YES
2377to have
2378.Pa /tmp
2379cleaned at startup.
2380.\" ----- ldconfig_paths setting --------------------------------
2381.It Va ldconfig_paths
2382.Pq Vt str
2383Set to the list of shared library paths to use with
2384.Xr ldconfig 8 .
2385NOTE:
2386.Pa /usr/lib
2387will always be added first, so it need not appear in this list.
2388.It Va ldconfig_insecure
2389.Pq Vt bool
2390The
2391.Xr ldconfig 8
2392utility normally refuses to use directories
2393which are writable by anyone except root.
2394Set this variable to
2395.Dq Li YES
2396to disable that security check during system startup.
2397.It Va kern_securelevel
2398.Pq Vt int
2399The kernel security level to set at startup.
2400The allowed range of
2401.Ar value
2402ranges from \-1 (the compile time default) to 3 (the most secure).
2403See
2404.Xr init 8
2405for the list of possible security levels and their effect on system operation.
2406.It Va start_vinum
2407.Pq Vt bool
2408Set to
2409.Dq Li YES
2410to start
2411.Xr vinum 8
2412at system boot time.
2413.It Va sshd_enable
2414.Pq Vt bool
2415Set to
2416.Dq Li YES
2417to start
2418.Xr sshd 8
2419at system boot time.
2420.It Va sshd_program
2421.Pq Vt str
2422Path to the SSH server program
2423(default
2424.Pa /usr/sbin/sshd ) .
2425.It Va sshd_flags
2426.Pq Vt str
2427If
2428.Va sshd_enable
2429is set to
2430.Dq Li YES ,
2431these are the flags to pass to the
2432.Xr sshd 8
2433daemon.
2434.It Va ftpd_enable
2435.Pq Vt bool
2436Set to
2437.Dq Li YES
2438to start
2439.Xr ftpd 8
2440at system boot time.
2441.It Va ftpd_flags
2442.Pq Vt str
2443If
2444.Va ftpd_enable
2445is set to
2446.Dq Li YES ,
2447these are the flags to pass to the
2448.Xr ftpd 8
2449daemon.
2450.It Va usbd_enable
2451.Pq Vt bool
2452If set to
2453.Dq Li YES ,
2454run the
2455.Xr usbd 8
2456daemon at boot time.
2457.It Va usbd_flags
2458.Pq Vt str
2459If
2460.Va usbd_enable
2461is set to
2462.Dq Li YES ,
2463these are the flags passed to
2464.Xr usbd 8
2465daemon.
2466.It Va watchdogd_enable
2467.Pq Vt bool
2468If set to
2469.Dq Li YES ,
2470start the
2471.Xr watchdogd 8
2472daemon at boot time.
2473This requires that the kernel have been compiled with
2474.Cd "options WATCHDOG" .
2475.It Va jail_enable
2476.Pq Vt bool
2477If set to
2478.Dq Li NO ,
2479any configured jails will not be started.
2480.It Va jail_list
2481.Pq Vt str
2482A space separated list of names for jails.
2483This is purely a configuration aid to help identify and
2484configure multiple jails.
2485The names specified in this list will be used to
2486identify settings common to an instance of a jail.
2487Assuming that the jail in question was named
2488.Li vjail ,
2489you would have the following dependent variables:
2490.Bd -literal
2491jail_vjail_hostname="jail.example.com"
2492jail_vjail_ip="192.168.1.100"
2493jail_vjail_rootdir="/var/jails/vjail/root"
2494.Ed
2495.Pp
2496.It Va jail_flags
2497.Pq Vt str
2498Unset by default.
2499When set, use as default value for
2500.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2501for every jail in
2502.Va jail_list .
2503.It Va jail_interface
2504.Pq Vt str
2505Unset by default.
2506When set, use as default value for
2507.Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2508for every jail in
2509.Va jail_list .
2510.It Va jail_fstab
2511.Pq Vt str
2512Unset by default.
2513When set, use as default value for
2514.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2515for every jail in
2516.Va jail_list .
2517.It Va jail_mount_enable
2518.Pq Vt bool
2519Set to
2520.Dq Li NO
2521by default.
2522When set to
2523.Dq Li YES ,
2524sets
2525.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2526to
2527.Dq Li YES
2528by default for every jail in
2529.Va jail_list .
2530.It Va jail_fdesc_enable
2531.Pq Vt bool
2532Set to
2533.Dq Li NO
2534by default.
2535When set to
2536.Dq Li YES ,
2537sets
2538.Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2539to
2540.Dq Li YES
2541by default for every jail in
2542.Va jail_list .
2543.It Va jail_procfs_enable
2544.Pq Vt bool
2545Set to
2546.Dq Li NO
2547by default.
2548When set to
2549.Dq Li YES ,
2550sets
2551.Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2552to
2553.Dq Li YES
2554by default for every jail in
2555.Va jail_list .
2556.It Va jail_exec_start
2557.Pq Vt str
2558Unset by default.
2559When set, use as default value for
2560.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2561for every jail in
2562.Va jail_list .
2563.It Va jail_exec_stop
2564Unset by default.
2565When set, use as default value for
2566.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2567for every jail in
2568.Va jail_list .
2569.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
2570.Pq Vt str
2571Unset by default.
2572Set to the root directory used by jail
2573.Va jname .
2574.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
2575.Pq Vt str
2576Unset by default.
2577Set to the fully qualified domain name (FQDN) assigned to jail
2578.Va jname .
2579.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
2580.Pq Vt str
2581Unset by default.
2582Set to the IP address assigned to jail
2583.Va jname .
2584.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2585.Pq Vt str
2586Set to
2587.Dq Li -l -U root
2588by default.
2589These are flags to pass to
2590.Xr jail 8 .
2591.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2592.Pq Vt str
2593Unset by default.
2594When set, sets the interface to use when setting IP address alias.
2595Note that the alias is created at jail startup and removed at jail shutdown.
2596.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2597.Pq Vt str
2598Set to
2599.Pa /etc/fstab. Ns Aq Ar jname
2600by default.
2601This is the file system information file to use for jail
2602.Va jname .
2603.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2604.Pq Vt bool
2605Set to
2606.Dq Li NO
2607by default.
2608When set to
2609.Dq Li YES ,
2610mount all file systems from
2611.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2612at jail startup.
2613.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2614.Pq Vt bool
2615Set to
2616.Dq Li NO
2617by default.
2618When set to
2619.Dq Li YES ,
2620mount the file-descriptor file system inside jail
2621.Ar jname
2622at jail startup.
2623.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2624.Pq Vt bool
2625Set to
2626.Dq Li NO
2627by default.
2628When set to
2629.Dq Li YES ,
2630mount the process file system inside jail
2631.Ar jname
2632at jail startup.
2633.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2634.Pq Vt str
2635Set to
2636.Dq Li /bin/sh /etc/rc
2637by default.
2638This is the command executed at jail startup.
2639.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2640.Pq Vt str
2641Set to
2642.Dq Li /bin/sh /etc/rc.shutdown
2643by default.
2644This is the command executed at jail shutdown.
2645.It Va jail_set_hostname_allow
2646.Pq Vt bool
2647If set to
2648.Dq Li NO ,
2649do not allow the root user in a jail to set its hostname.
2650.It Va jail_socket_unixiproute_only
2651.Pq Vt bool
2652If set to
2653.Dq Li YES ,
2654do not allow any sockets,
2655besides UNIX/IP/route sockets,
2656to be used within a jail.
2657.It Va jail_sysvipc_allow
2658.Pq Vt bool
2659If set to
2660.Dq Li YES ,
2661allow applications within a jail to use System V IPC.
2662.It Va newsyslog_enable
2663.Pq Vt bool
2664If set to
2665.Dq Li YES ,
2666run
2667.Xr newsyslog 8
2668before syslogd starts.
2669.It Va newsyslog_flags
2670.Pq Vt str
2671If
2672.Va newsyslog_enable
2673is set to
2674.Dq Li YES ,
2675these are the flags passed to
2676.Xr newsyslog 8 .
2677.It Va resident_enable
2678.Pq Vt bool
2679If set to
2680.Dq Li YES ,
2681make the dynamic binaries listed in
2682.Pa /etc/resident.conf
2683resident.
2684.It Va varsym_enable
2685.Pq Vt bool
2686If set to
2687.Dq Li YES ,
2688process
2689.Pa /etc/varsym.conf
2690to set system-wide variables for variant symlinks.
2691.It Va rand_irqs
2692.Pq Vt str
2693Set either to
2694.Dq Li NO
2695or a whitespace separated list of IRQ numbers which will be used as a source of
2696randomness.
2697.\" ----- isdn settings ---------------------------------
2698.It Va isdn_enable
2699.Pq Vt bool
2700Set to
2701.Dq Li NO
2702by default.
2703When set to
2704.Dq Li YES ,
2705starts the
2706.Xr isdnd 8
2707daemon at system boot time.
2708.It Va isdn_flags
2709.Pq Vt str
2710Set to
2711.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
2712by default.
2713Additional flags to pass to
2714.Xr isdnd 8
2715(but see
2716.Va isdn_fsdev
2717and
2718.Va isdn_ttype
2719for certain tunable parameters).
2720.It Va isdn_ttype
2721.Pq Vt str
2722Set to
2723.Dq Li cons25
2724by default.
2725The terminal type of the output device when
2726.Xr isdnd 8
2727operates in full-screen mode.
2728.It Va isdn_screenflags
2729.Pq Vt str
2730Set to
2731.Dq Li NO
2732by default.
2733The video mode for full-screen mode (only for
2734.Xr syscons 4
2735console driver, see
2736.Xr vidcontrol 1
2737for valid modes).
2738.It Va isdn_fsdev
2739.Pq Vt str
2740Set to
2741.Dq Li NO
2742by default.
2743The output device for
2744.Xr isdnd 8
2745in full-screen mode (or
2746.Dq Li NO
2747for daemon mode).
2748.It Va isdn_trace
2749.Pq Vt bool
2750Set to
2751.Dq Li NO
2752by default.
2753When set to
2754.Dq Li YES ,
2755enables the ISDN protocol trace utility
2756.Xr isdntrace 8
2757at system boot time.
2758.It Va isdn_traceflags
2759.Pq Vt str
2760Set to
2761.Dq Fl f Pa /var/tmp/isdntrace0
2762by default.
2763Flags for
2764.Xr isdntrace 8 .
2765.\" -----------------------------------------------------
2766.It Va entropy_dir
2767.Pq Vt str
2768Set to
2769.Dq Li NO
2770to disable caching entropy via
2771.Xr cron 8 .
2772Otherwise set to the directory used to store entropy files in.
2773.It Va entropy_file
2774.Pq Vt str
2775Set to
2776.Dq Li NO
2777to disable caching entropy through reboots.
2778Otherwise set to the filename used to store cached entropy through reboots.
2779This file should be located on the root file system to seed the
2780.Xr random 4
2781device as early as possible in the boot process.
2782.It Va ipsec_enable
2783.Pq Vt bool
2784Set to
2785.Dq Li YES
2786to run
2787.Xr setkey 8
2788on
2789.Va ipsec_file
2790at boot time.
2791.It Va ipsec_file
2792.Pq Vt str
2793Configuration file for
2794.Xr setkey 8 .
2795.It Va dmesg_enable
2796.Pq Vt bool
2797Set to
2798.Dq Li YES
2799to save
2800.Xr dmesg 8
2801to
2802.Pa /var/run/dmesg.boot
2803on boot.
2804.It Va rcshutdown_timeout
2805.Pq Vt int
2806If set, start a watchdog timer in the background which will terminate
2807.Pa rc.shutdown
2808if
2809.Xr shutdown 8
2810has not completed within the specified time (in seconds).
2811.El
2812.Sh FILES
2813.Bl -tag -width ".Pa /etc/start_if. Ns Aq Ar interface" -compact
2814.It Pa /etc/defaults/rc.conf
2815.It Pa /etc/rc.conf
2816.It Pa /etc/rc.conf.local
2817.It Pa /etc/start_if. Ns Aq Ar interface
2818.El
2819.Sh SEE ALSO
2820.Xr catman 1 ,
2821.Xr gdb 1 ,
2822.Xr info 1 ,
2823.Xr kbdcontrol 1 ,
2824.Xr varsym 1 ,
2825.Xr vidcontrol 1 ,
2826.Xr ip 4 ,
2827.Xr ipf 4 ,
2828.Xr ipfw 4 ,
2829.Xr kld 4 ,
2830.Xr pf 4 ,
2831.Xr tcp 4 ,
2832.Xr udp 4 ,
2833.Xr exports 5 ,
2834.Xr motd 5 ,
2835.Xr resident.conf 5 ,
2836.Xr varsym.conf 5 ,
2837.Xr accton 8 ,
2838.Xr amd 8 ,
2839.Xr apm 8 ,
2840.Xr atm 8 ,
2841.Xr btconfig 8 ,
2842.Xr bthcid 8 ,
2843.Xr cron 8 ,
2844.Xr devd 8 ,
2845.Xr dhclient 8 ,
2846.Xr dntpd 8 ,
2847.Xr ftpd 8 ,
2848.Xr ifconfig 8 ,
2849.Xr inetd 8 ,
2850.Xr isdnd 8 ,
2851.Xr isdntrace 8 ,
2852.Xr jail 8 ,
2853.Xr lpd 8 ,
2854.Xr makewhatis 8 ,
2855.Xr mdconfig 8 ,
2856.Xr mixer 8 ,
2857.Xr mountd 8 ,
2858.Xr moused 8 ,
2859.Xr mrouted 8 ,
2860.Xr named 8 ,
2861.Xr nfsd 8 ,
2862.Xr pcnfsd 8 ,
2863.Xr pfctl 8 ,
2864.Xr pflogd 8 ,
2865.Xr quotacheck 8 ,
2866.Xr quotaon 8 ,
2867.Xr rc 8 ,
2868.Xr rc.sendmail 8 ,
2869.Xr resident 8 ,
2870.Xr rndcontrol 8 ,
2871.Xr route 8 ,
2872.Xr routed 8 ,
2873.Xr rpcbind 8 ,
2874.Xr rpc.lockd 8 ,
2875.Xr rpc.statd 8 ,
2876.Xr rtadvd 8 ,
2877.Xr rtsold 8 ,
2878.Xr rwhod 8 ,
2879.Xr savecore 8 ,
2880.Xr sdpd 8 ,
2881.Xr sensorsd 8 ,
2882.Xr sshd 8 ,
2883.Xr swapon 8 ,
2884.Xr sysctl 8 ,
2885.Xr syslogd 8 ,
2886.Xr timed 8 ,
2887.Xr usbd 8 ,
2888.Xr vinum 8 ,
2889.Xr yp 8 ,
2890.Xr ypbind 8 ,
2891.Xr ypserv 8 ,
2892.Xr ypset 8
2893.Sh HISTORY
2894The
2895.Nm
2896file appeared in
2897.Fx 2.2.2 .
2898.Sh AUTHORS
2899.An Jordan K. Hubbard .
2900