xref: /dragonfly/share/man/man5/rc.conf.5 (revision 2d8a3be7) 
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
26.\" $DragonFly: src/share/man/man5/rc.conf.5,v 1.3 2003/08/01 04:23:44 rob Exp $
27.Dd March 3, 2002
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility,
42.Xr sysinstall 8 .
43.Pp
44The purpose of
45.Nm
46is not to run commands or perform system startup actions
47directly.
48Instead, it is included by the
49various generic startup scripts in
50.Pa /etc
51which conditionalize their
52internal actions according to the settings found there.
53.Pp
54The
55.Pa /etc/rc.conf
56file is included from the file
57.Pa /etc/defaults/rc.conf ,
58which specifies the default settings for all the available options.
59Options need only be specified in
60.Pa /etc/rc.conf
61when the system administrator wishes to override these defaults.
62The file
63.Pa /etc/rc.conf.local
64is used to override settings in
65.Pa /etc/rc.conf
66for historical reasons.
67See the
68.Va rc_conf_files
69variable below.
70.Pp
71The following list provides a name and short description for each
72variable that can be set in the
73.Nm
74file:
75.Bl -tag -width indent-two
76.It Va rc_debug
77.Pq Vt bool
78If set to
79.Dq Li YES ,
80enable output of debug messages from rc scripts.
81This variable can be helpful in diagnosing mistakes when
82editing or integrating new scripts.
83Beware that this produces copious output to the terminal and
84.Xr syslog 3 .
85.It Va rc_info
86.Pq Vt bool
87If set to
88.Dq Li NO ,
89disable informational messages from the rc scripts.
90Informational messages are displayed when
91a condition that is not serious enough to warrant a warning or
92an error occurs.
93.It Va swapfile
94.Pq Vt str
95If set to
96.Dq Li NO ,
97no swapfile is installed, otherwise the value is used as the full
98pathname to a file to use for additional swap space.
99.It Va apm_enable
100.Pq Vt bool
101If set to
102.Dq Li YES ,
103enable support for Automatic Power Management with
104the
105.Xr apm 8
106command.
107.It Va apmd_enable
108.Pq Vt bool
109Run
110.Xr apmd 8
111to handle APM event from userland.
112This also enables support for APM.
113.It Va apmd_flags
114.Pq Vt str
115If
116.Va apmd_enable
117is set to
118.Dq Li YES ,
119these are the flags to pass to the
120.Xr apmd 8
121daemon.
122.It Va devd_enable
123.Pq Vt bool
124Run
125.Xr devd 8
126to handle device added, removed or unknown events from the kernel.
127.It Va pccard_enable
128.Pq Vt bool
129If set to
130.Dq Li YES ,
131enable PCCARD support at boot time.
132.It Va pccard_mem
133.Pq Vt str
134Set to PCCARD controller memory address or
135.Dq Li DEFAULT
136for the default value.
137.It Va pccard_ifconfig
138.Pq Vt str
139List of arguments to be passed to
140.Xr ifconfig 8
141at boot time or on
142insertion of the card (e.g.\&
143.Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
144for a fixed address or
145.Dq Li DHCP
146for a DHCP client).
147.It Va pccard_beep
148.Pq Vt int
149If 0,
150set the PCCARD controller to silent mode.
151If 1,
152set it to beep mode.
153If 2,
154set it to melody mode.
155.It Va pccard_conf
156.Pq Vt str
157Path to the configuration file for the
158.Xr pccardd 8
159daemon (e.g.\&
160.Pa /etc/pccard.conf.sample ) .
161.It Va pccardd_flags
162.Pq Vt str
163If
164.Va pccard_enable
165is set to
166.Dq Li YES ,
167these are the flags to pass to the
168.Xr pccardd 8
169daemon.
170.It Va pccard_ether_delay
171.Pq Vt str
172Set the delay before starting
173.Xr dhclient 8
174in the
175.Pa /etc/pccard_ether
176script.
177This defaults to 5 seconds to work around a bug in the
178.Xr ed 4
179driver which can lead to system hangs when using some newer
180.Xr ed 4
181based cards.
182.It Va removable_interfaces
183.Pq Vt str
184List of removable network interfaces to be supported by
185.Pa /etc/pccard_ether .
186.It Va local_startup
187.Pq Vt str
188List of directories to search for startup script files.
189.It Va script_name_sep
190.Pq Vt str
191The field separator to use for breaking down the list of startup script files
192into individual filenames.
193The default is a space.
194It is not necessary to change this unless there are startup scripts with names
195containing spaces.
196.It Va hostname
197.Pq Vt str
198The fully qualified domain name (FQDN) of this host on the network.
199This should almost certainly be set to something meaningful, even if
200there is no network connection.
201If
202.Xr dhclient 8
203is used to set the hostname via DHCP,
204this variable should be set to an empty string.
205.It Va ipv6_enable
206.Pq Vt bool
207Enable support for IPv6 networking.
208Note that this requires that the kernel have been compiled with
209.Cd "options INET6" .
210.It Va nisdomainname
211.Pq Vt str
212The NIS domain name of this host, or
213.Dq Li NO
214if NIS is not used.
215.It Va dhclient_program
216.Pq Vt str
217Path to the DHCP client program
218.Pa ( /sbin/dhclient ,
219the ISC DHCP client,
220is the default).
221.It Va dhclient_flags
222.Pq Vt str
223Additional flags to pass to the DHCP client program.
224For the ISC DHCP client, see the
225.Xr dhclient 8
226manpage for a description of the command line options available.
227.It Va background_dhclient
228.Pq Vt bool
229Set to
230.Dq Li YES
231to start the dhcp client in background.
232This can cause trouble with applications depending on
233a working network, but it will provide a faster startup
234in many cases.
235.It Va firewall_enable
236.Pq Vt bool
237Set to
238.Dq Li YES
239to load firewall rules at startup.
240If the kernel was not built with
241.Cd "options IPFIREWALL" ,
242the
243.Pa ipfw.ko
244kernel module will be loaded.
245See also
246.Va ipfilter_enable .
247.It Va ipv6_firewall_enable
248.Pq Vt bool
249The IPv6 equivalent of
250.Va firewall_enable .
251Set to
252.Dq Li YES
253to load IPv6 firewall rules at startup.
254If the kernel was not built with
255.Cd "options IPV6FIREWALL" ,
256the
257.Pa ip6fw.ko
258kernel module will be loaded.
259.It Va firewall_script
260.Pq Vt str
261This variable specifies the full path to the firewall script to run.
262The default is
263.Pa /etc/rc.firewall .
264.It Va ipv6_firewall_script
265.Pq Vt str
266The IPv6 equivalent of
267.Va firewall_script .
268.It Va firewall_type
269.Pq Vt str
270Names the firewall type from the selection in
271.Pa /etc/rc.firewall ,
272or the file which contains the local firewall ruleset.
273Valid selections from
274.Pa /etc/rc.firewall
275are:
276.Pp
277.Bl -tag -width ".Li simple" -compact
278.It Li open
279unrestricted IP access
280.It Li closed
281all IP services disabled, except via
282.Dq Li lo0
283.It Li client
284basic protection for a workstation
285.It Li simple
286basic protection for a LAN.
287.El
288.Pp
289If a filename is specified, the full path
290must be given.
291.It Va ipv6_firewall_type
292.Pq Vt str
293The IPv6 equivalent of
294.Va firewall_type .
295.It Va firewall_quiet
296.Pq Vt bool
297Set to
298.Dq Li YES
299to disable the display of firewall rules on the console during boot.
300.It Va ipv6_firewall_quiet
301.Pq Vt bool
302The IPv6 equivalent of
303.Va firewall_quiet .
304.It Va firewall_logging
305.Pq Vt bool
306Set to
307.Dq Li YES
308to enable firewall event logging.
309This is equivalent to the
310.Dv IPFIREWALL_VERBOSE
311kernel option.
312.It Va ipv6_firewall_logging
313.Pq Vt bool
314The IPv6 equivalent of
315.Va firewall_logging .
316.It Va firewall_flags
317.Pq Vt str
318Flags passed to
319.Xr ipfw 8
320if
321.Va firewall_type
322specifies a filename.
323.It Va ipv6_firewall_flags
324.Pq Vt str
325The IPv6 equivalent of
326.Va firewall_flags .
327.It Va natd_program
328.Pq Vt str
329Path to
330.Xr natd 8 .
331.It Va natd_enable
332.Pq Vt bool
333Set to
334.Dq Li YES
335to enable
336.Xr natd 8 .
337.Va firewall_enable
338must also be set to
339.Dq Li YES ,
340and
341.Xr divert 4
342sockets must be enabled in the kernel.
343.It Va natd_interface
344.Pq Vt str
345This is the name of the public interface on which
346.Xr natd 8
347should run.
348The interface may be given as an interface name or as an IP address.
349.It Va natd_flags
350.Pq Vt str
351Additional
352.Xr natd 8
353flags should be placed here.
354The
355.Fl n
356or
357.Fl a
358flag is automatically added with the above
359.Va natd_interface
360as an argument.
361.\" ----- ipfilter_enable setting --------------------------------
362.It Va ipfilter_enable
363.Pq Vt bool
364Set to
365.Dq Li NO
366by default.
367Setting this to
368.Dq Li YES
369enables
370.Xr ipf 8
371packet filtering.
372.Pp
373Typical usage will require putting
374.Bd -literal
375ipfilter_enable="YES"
376ipnat_enable="YES"
377ipmon_enable="YES"
378ipfs_enable="YES"
379.Ed
380.Pp
381into
382.Pa /etc/rc.conf
383and editing
384.Pa /etc/ipf.rules
385and
386.Pa /etc/ipnat.rules
387appropriately.
388.Pp
389Note that
390.Va ipfilter_enable
391and
392.Va ipnat_enable
393can be enabled independently.
394.Va ipmon_enable
395and
396.Va ipfs_enable
397both require at least one of
398.Va ipfilter_enable
399and
400.Va ipnat_enable
401to be enabled.
402.Pp
403Having
404.Bd -literal
405options IPFILTER
406options IPFILTER_LOG
407options IPFILTER_DEFAULT_BLOCK
408.Ed
409.Pp
410in the kernel configuration file is a good idea, too.
411.\" ----- ipfilter_program setting ------------------------------
412.It Va ipfilter_program
413.Pq Vt str
414Path to
415.Xr ipf 8
416(default
417.Pa /sbin/ipf ) .
418.\" ----- ipfilter_rules setting --------------------------------
419.It Va ipfilter_rules
420.Pq Vt str
421Set to
422.Pa /etc/ipf.rules
423by default.
424This variable contains the name of the filter rule definition file.
425The file is expected to be readable for the
426.Xr ipf 8
427command to execute.
428.\" ----- ipv6_ipfilter_rules setting ---------------------------
429.It Va ipv6_ipfilter_rules
430.Pq Vt str
431Set to
432.Pa /etc/ipf6.rules
433by default.
434This variable contains the IPv6 filter rule definition file.
435The file is expected to be readable for the
436.Xr ipf 8
437command to execute.
438.\" ----- ipfilter_flags setting --------------------------------
439.It Va ipfilter_flags
440.Pq Vt str
441Empty by default.
442This variable contains flags passed to the
443.Xr ipf 8
444program.
445.\" ----- ipnat_enable setting ----------------------------------
446.It Va ipnat_enable
447.Pq Vt bool
448Set to
449.Dq Li NO
450by default.
451Set it to
452.Dq Li YES
453to enable
454.Xr ipnat 1
455network address translation.
456See
457.Va ipfilter_enable
458for a detailed discussion.
459.\" ----- ipnat_program setting ---------------------------------
460.It Va ipnat_program
461.Pq Vt str
462Path to
463.Xr ipnat 1
464(default
465.Pa /sbin/ipnat ) .
466.\" ----- ipnat_rules setting -----------------------------------
467.It Va ipnat_rules
468.Pq Vt str
469Set to
470.Pa /etc/ipnat.rules
471by default.
472This variable contains the name of the file
473holding the network address translation definition.
474This file is expected to be readable for the
475.Xr ipnat 1
476command to execute.
477.\" ----- ipnat_flags setting -----------------------------------
478.It Va ipnat_flags
479.Pq Vt str
480Empty by default.
481This variable contains flags passed to the
482.Xr ipnat 1
483program.
484.\" ----- ipmon_enable setting ----------------------------------
485.It Va ipmon_enable
486.Pq Vt bool
487Set to
488.Dq Li NO
489by default.
490Set it to
491.Dq Li YES
492to enable
493.Xr ipmon 8
494monitoring (logging
495.Xr ipf 8
496and
497.Xr ipnat 1
498events).
499Setting this variable needs setting
500.Va ipfilter_enable
501or
502.Va ipnat_enable
503too.
504See
505.Va ipfilter_enable
506for a detailed discussion.
507.\" ----- ipmon_program setting ---------------------------------
508.It Va ipmon_program
509.Pq Vt str
510Path to
511.Xr ipmon 8
512(default
513.Pa /sbin/ipmon ) .
514.\" ----- ipmon_flags setting -----------------------------------
515.It Va ipmon_flags
516.Pq Vt str
517Set to
518.Dq Li -Ds
519by default.
520This variable contains flags passed to the
521.Xr ipmon 8
522program.
523Another typical example would be
524.Dq Fl D Pa /var/log/ipflog
525to have
526.Xr ipmon 8
527log directly to a file bypassing
528.Xr syslogd 8 .
529Make sure to adjust
530.Pa /etc/newsyslog.conf
531in such case like this:
532.Bd -literal
533/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
534.Ed
535.\" ----- ipfs_enable setting -----------------------------------
536.It Va ipfs_enable
537.Pq Vt bool
538Set to
539.Dq Li NO
540by default.
541Set it to
542.Dq Li YES
543to enable
544.Xr ipfs 8
545saving the filter and NAT state tables during shutdown
546and reloading them during startup again.
547Setting this variable needs setting
548.Va ipfilter_enable
549or
550.Va ipnat_enable
551to
552.Dq Li YES
553too.
554See
555.Va ipfilter_enable
556for a detailed discussion.
557Note that if
558.Va kern_securelevel
559is set to 3,
560.Va ipfs_enable
561cannot be used
562because the raised securelevel will prevent
563.Xr ipfs 8
564from saving the state tables at shutdown time.
565.\" ----- ipfs_program setting ----------------------------------
566.It Va ipfs_program
567.Pq Vt str
568Path to
569.Xr ipfs 8
570(default
571.Pa /sbin/ipfs ) .
572.\" ----- ipfs_flags setting ------------------------------------
573.It Va ipfs_flags
574.Pq Vt str
575Empty by default.
576This variable contains flags passed to the
577.Xr ipfs 8
578program.
579.\" ----- end of added ipf hook ---------------------------------
580.It Va tcp_extensions
581.Pq Vt bool
582Set to
583.Dq Li YES
584by default.
585Setting this to
586.Dq Li NO
587disables certain TCP options as described by
588.Rs
589.%T "RFC 1323"
590.Re
591Setting this to
592.Dq Li NO
593might help remedy such problems with connections as randomly hanging
594or other weird behavior.
595Some network devices are known
596to be broken with respect to these options.
597.It Va log_in_vain
598.Pq Vt int
599Set to 0 by default.
600The
601.Xr sysctl 8
602variables,
603.Va net.inet.tcp.log_in_vain
604and
605.Va net.inet.udp.log_in_vain ,
606as described in
607.Xr tcp 4
608and
609.Xr udp 4 ,
610are set to the given value.
611.It Va tcp_keepalive
612.Pq Vt bool
613Set to
614.Dq Li YES
615by default.
616Setting to
617.Dq Li NO
618will disable probing idle TCP connections to verify that the
619peer is still up and reachable.
620.It Va tcp_drop_synfin
621.Pq Vt bool
622Set to
623.Dq Li NO
624by default.
625Setting to
626.Dq Li YES
627will cause the kernel to ignore TCP frames that have both
628the SYN and FIN flags set.
629This prevents OS fingerprinting, but may
630break some legitimate applications.
631This option is only available if the
632kernel was built with the
633.Dv TCP_DROP_SYNFIN
634option.
635.It Va icmp_drop_redirect
636.Pq Vt bool
637Set to
638.Dq Li NO
639by default.
640Setting to
641.Dq Li YES
642will cause the kernel to ignore ICMP REDIRECT packets.
643Refer to
644.Xr icmp 4
645for more information.
646.It Va icmp_log_redirect
647.Pq Vt bool
648Set to
649.Dq Li NO
650by default.
651Setting to
652.Dq Li YES
653will cause the kernel to log ICMP REDIRECT packets.
654Note that
655the log messages are not rate-limited, so this option should only be used
656for troubleshooting networks.
657Refer to
658.Xr icmp 4
659for more information.
660.It Va icmp_bmcastecho
661.Pq Vt bool
662Set to
663.Dq Li YES
664to respond to broadcast or multicast ICMP ping packets.
665Refer to
666.Xr icmp 4
667for more information.
668.It Va ip_portrange_first
669.Pq Vt int
670If not set to
671.Dq Li NO ,
672this is the first port in the default portrange.
673Refer to
674.Xr ip 4
675for more information.
676.It Va ip_portrange_last
677.Pq Vt int
678If not set to
679.Dq Li NO ,
680this is the last port in the default portrange.
681Refer to
682.Xr ip 4
683for more information.
684.It Va network_interfaces
685.Pq Vt str
686Set to the list of network interfaces to configure on this host.
687For example, if the only network devices in the system are the loopback
688device
689.Pq Li lo0
690and a NIC using the
691.Xr ed 4
692driver,
693this could be set to
694.Dq Li "lo0 ed0" .
695An
696.Va ifconfig_ Ns Aq Ar interface
697variable is also assumed to exist for each value of
698.Ar interface .
699It is also possible to add IP alias entries here in cases where
700multiple IP addresses registered against a single interface
701are desired.
702Assuming that the interface in question was
703.Li ed0 ,
704it might look
705something like this:
706.Bd -literal
707ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
708ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
709.Ed
710.Pp
711And so on.
712For each
713.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
714entry that is found,
715its contents are passed to
716.Xr ifconfig 8 .
717Execution stops at the first unsuccessful access, so if
718something like this is present:
719.Bd -literal
720ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
721ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
722ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
723ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
724.Ed
725.Pp
726Then note that alias4 would
727.Em not
728be added since the search would
729stop with the missing alias3 entry.
730.Pp
731If the
732.Pa /etc/start_if. Ns Aq Ar interface
733file is present, it is read and executed by the
734.Xr sh 1
735interpreter
736before configuring the interface as specified in the
737.Va ifconfig_ Ns Aq Ar interface
738and
739.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
740variables.
741.Pp
742It is possible to bring up an interface with DHCP by setting the
743.Va ifconfig_ Ns Aq Ar interface
744variable to
745.Dq Li DHCP .
746For instance, to initialize the
747.Li ed0
748device via DHCP,
749it is possible to use something like:
750.Bd -literal
751ifconfig_ed0="DHCP"
752.Ed
753.It Va ipv6_network_interfaces
754.Pq Vt str
755This is the IPv6 equivalent of
756.Va network_interfaces .
757Instead of setting the ifconfig variables as
758.Va ifconfig_ Ns Aq Ar interface
759they should be set as
760.Va ipv6_ifconfig_ Ns Aq Ar interface .
761Aliases should be set as
762.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
763.Va ipv6_prefix_ Ns Aq Ar interface
764does something.
765Interfaces that do not have a
766.Va ipv6_ifconfig_ Ns Aq Ar interface
767setting will be auto configured by
768.Xr rtsol 8
769if the
770.Va ipv6_gateway_enable
771is set to
772.Dq Li NO .
773Note that the IPv6 networking code does not support the
774.Pa /etc/start_if. Ns Aq Ar interface
775files.
776.It Va ipv6_default_interface
777.Pq Vt str
778If not set to
779.Dq Li NO ,
780this is the default output interface for scoped addresses.
781Now this works only for IPv6 link local multicast addresses.
782.It Va cloned_interfaces
783.Pq Vt str
784Set to the list of clonable network interfaces to create on this host.
785Entries in
786.Va cloned_interfaces
787are automatically appended to
788.Va network_interfaces
789for configuration.
790.It Va gif_interfaces
791.Pq Vt str
792Set to the list of
793.Xr gif 4
794tunnel interfaces to configure on this host.
795A
796.Va gifconfig_ Ns Aq Ar interface
797variable is assumed to exist for each value of
798.Ar interface .
799The value of this variable is used to configure the link layer of the
800tunnel according to the syntax of the
801.Cm tunnel
802option to
803.Xr ifconfig 8 .
804Additionally, this option ensures that each listed interface is created
805via the
806.Cm create
807option to
808.Xr ifconfig 8
809before attempting to configure it.
810.It Va sppp_interfaces
811.Pq Vt str
812Set to the list of
813.Xr sppp 4
814interfaces to configure on this host.
815A
816.Va spppconfig_ Ns Aq Ar interface
817variable is assumed to exist for each value of
818.Ar interface .
819Each interface should also be configured by a general
820.Va ifconfig_ Ns Aq Ar interface
821setting.
822Refer to
823.Xr spppcontrol 8
824for more information about available options.
825.It Va ppp_enable
826.Pq Vt bool
827If set to
828.Dq Li YES ,
829run the
830.Xr ppp 8
831daemon.
832.It Va ppp_mode
833.Pq Vt str
834Mode in which to run the
835.Xr ppp 8
836daemon.
837Accepted modes are
838.Dq Li auto ,
839.Dq Li ddial ,
840.Dq Li direct
841and
842.Dq Li dedicated .
843See the manual for a full description.
844.It Va ppp_nat
845.Pq Vt bool
846If set to
847.Dq Li YES ,
848enables network address translation.
849Used in conjunction with
850.Va gateway_enable
851allows hosts on private network addresses access to the Internet using
852this host as a network address translating router.
853.It Va ppp_profile
854.Pq Vt str
855The name of the profile to use from
856.Pa /etc/ppp/ppp.conf .
857.It Va ppp_user
858.Pq Vt str
859The name of the user under which
860.Xr ppp 8
861should be started.
862By
863default,
864.Xr ppp 8
865is started as
866.Dq Li root .
867.It Va rc_conf_files
868.Pq Vt str
869This option is used to specify a list of files that will override
870the settings in
871.Pa /etc/defaults/rc.conf .
872The files will be read in the order in which they are specified and should
873include the full path to the file.
874By default, the files specified are
875.Pa /etc/rc.conf
876and
877.Pa /etc/rc.conf.local
878.It Va fsck_y_enable
879.Pq Vt bool
880If set to
881.Dq Li YES ,
882.Xr fsck 8
883will be run with the
884.Fl y
885flag if the initial preen
886of the file systems fails.
887.It Va netfs_types
888.Pq Vt str
889List of file system types that are network-based.
890This list should generally not be modified by end users.
891Use
892.Va extra_netfs_types
893instead.
894.It Va extra_netfs_types
895.Pq Vt str
896If set to something other than
897.Dq Li NO
898(the default),
899this variable extends the list of file system types
900for which automatic mounting at startup by
901.Xr rc 8
902should be delayed until the network is initialized.
903It should contain
904a whitespace-separated list of network file system descriptor pairs,
905each consisting of a file system type as passed to
906.Xr mount 8
907and a human-readable, one-word description,
908joined with a colon
909.Pq Ql \&: .
910Extending the default list in this way is only necessary
911when third party file system types are used.
912.It Va syslogd_enable
913.Pq Vt bool
914If set to
915.Dq Li YES ,
916run the
917.Xr syslogd 8
918daemon.
919.It Va syslogd_program
920.Pq Vt str
921Path to
922.Xr syslogd 8
923(default
924.Pa /usr/sbin/syslogd ) .
925.It Va syslogd_flags
926.Pq Vt str
927If
928.Va syslogd_enable
929is set to
930.Dq Li YES ,
931these are the flags to pass to
932.Xr syslogd 8 .
933.It Va inetd_enable
934.Pq Vt bool
935If set to
936.Dq Li YES ,
937run the
938.Xr inetd 8
939daemon.
940.It Va inetd_program
941.Pq Vt str
942Path to
943.Xr inetd 8
944(default
945.Pa /usr/sbin/inetd ) .
946.It Va inetd_flags
947.Pq Vt str
948If
949.Va inetd_enable
950is set to
951.Dq Li YES ,
952these are the flags to pass to
953.Xr inetd 8 .
954.It Va named_rcng
955.Pq Vt bool
956If set to
957.Dq Li YES
958use new functionality provided in the
959.Pa /etc/rc.d/named
960script to facilitate a
961.Xr chroot 8
962instance of
963.Xr named 8 .
964This variable is experimental.
965It may be removed or changed in the near future.
966.It Va named_enable
967.Pq Vt bool
968If set to
969.Dq Li YES ,
970run the
971.Xr named 8
972daemon.
973.It Va named_program
974.Pq Vt str
975Path to
976.Xr named 8
977(default
978.Pa /usr/sbin/named ) .
979.It Va named_flags
980.Pq Vt str
981If
982.Va named_enable
983is set to
984.Dq Li YES ,
985these are the flags to pass to
986.Xr named 8 .
987.It Va named_pidfile
988.Pq Vt str
989This is the default path to the
990.Xr named 8
991daemon's PID file.
992Change it if you change the location in
993.Xr named.conf 5 .
994.It Va named_chrootdir
995.Pq Vt str
996The root directory for a name server run in a
997.Xr chroot 8
998environment.
999If left empty
1000.Xr named 8
1001will not be run in a
1002.Xr chroot 8
1003environment.
1004This variable has no effect if
1005.Va named_rcng
1006is not enabled.
1007This variable is experimental.
1008It may be removed or changed in the near future.
1009.It Va named_chroot_autoupdate
1010.Pq Vt bool
1011Set to
1012.Dq Li NO
1013to disable automatic syncing of libraries and
1014other system files between the root file system and the
1015.Xr chroot 8 .
1016This variable has no effect if
1017.Va named_rcng
1018is not enabled.
1019This variable is experimental.
1020It may be removed or changed in the near future.
1021.It Va named_symlink_enable
1022.Pq Vt bool
1023Set to
1024.Dq Li NO
1025to disable symlinking of
1026.Va named_pidfile
1027and
1028.Pa /var/run/ndc
1029into the
1030.Xr chroot 8
1031environment in which
1032.Xr named 8
1033is running.
1034This variable has no effect if
1035.Va named_rcng
1036is not enabled.
1037This variable is experimental.
1038It may be removed or changed in the near future.
1039.It Va kerberos5_server_enable
1040.Pq Vt bool
1041Set to
1042.Dq Li YES
1043to start a Kerberos 5 authentication server
1044at boot time.
1045.It Va kerberos5_server
1046.Pq Vt str
1047If
1048.Va kerberos5_server_enable
1049is set to
1050.Dq Li YES
1051this is the path to Kerberos 5 Authentication Server.
1052.It Va kadmind5_server_enable
1053.Pq Vt bool
1054Set to
1055.Dq Li YES
1056to start
1057.Xr kadmind 8 ,
1058the Kerberos 5 Administration Daemon; set to
1059.Dq Li NO
1060on a slave server.
1061.It Va kadmind5_server
1062.Pq Vt str
1063If
1064.Va kadmind5_server_enable
1065is set to
1066.Dq Li YES
1067this is the path to Kerberos 5 Administration Daemon.
1068.It Va kpasswdd_server_enable
1069.Pq Vt bool
1070Set to
1071.Dq Li YES
1072to start
1073.Xr kpasswdd 8 ,
1074the Kerberos 5 Password-Changing Daemon; set to
1075.Dq Li NO
1076on a slave server.
1077.It Va kpasswdd_server
1078.Pq Vt str
1079If
1080.Va kpasswdd_server_enable
1081is set to
1082.Dq Li YES
1083this is the path to Kerberos 5 Password-Changing Daemon.
1084.It Va rwhod_enable
1085.Pq Vt bool
1086If set to
1087.Dq Li YES ,
1088run the
1089.Xr rwhod 8
1090daemon at boot time.
1091.It Va rwhod_flags
1092.Pq Vt str
1093If
1094.Va rwhod_enable
1095is set to
1096.Dq Li YES ,
1097these are the flags to pass to it.
1098.It Va amd_enable
1099.Pq Vt bool
1100If set to
1101.Dq Li YES ,
1102run the
1103.Xr amd 8
1104daemon at boot time.
1105.It Va amd_flags
1106.Pq Vt str
1107If
1108.Va amd_enable
1109is set to
1110.Dq Li YES ,
1111these are the flags to pass to it.
1112See the
1113.Xr amd 8
1114manpage for more information.
1115.It Va amd_map_program
1116.Pq Vt str
1117If set,
1118the specified program is run to get the list of
1119.Xr amd 8
1120maps.
1121For example, if the
1122.Xr amd 8
1123maps are stored in NIS, one can set this to
1124run
1125.Xr ypcat 1
1126to get a list of
1127.Xr amd 8
1128maps from the
1129.Pa amd.master
1130NIS map.
1131.It Va update_motd
1132.Pq Vt bool
1133If set to
1134.Dq Li YES ,
1135.Pa /etc/motd
1136will be updated at boot time to reflect the kernel release
1137being run.
1138If set to
1139.Dq Li NO ,
1140.Pa /etc/motd
1141will not be updated.
1142.It Va nfs_client_enable
1143.Pq Vt bool
1144If set to
1145.Dq Li YES ,
1146run the NFS client daemons at boot time.
1147.It Va nfs_access_cache
1148.Pq Vt int
1149If
1150.Va nfs_client_enable
1151is set to
1152.Dq Li YES ,
1153this can be set to
1154.Dq Li 0
1155to disable NFS ACCESS RPC caching, or to the number of seconds for which
1156NFS ACCESS
1157results should be cached.
1158A value of 2-10 seconds will substantially reduce network
1159traffic for many NFS operations.
1160.It Va nfs_server_enable
1161.Pq Vt bool
1162If set to
1163.Dq Li YES ,
1164run the NFS server daemons at boot time.
1165.It Va nfs_server_flags
1166.Pq Vt str
1167If
1168.Va nfs_server_enable
1169is set to
1170.Dq Li YES ,
1171these are the flags to pass to the
1172.Xr nfsd 8
1173daemon.
1174.It Va mountd_enable
1175.Pq Vt bool
1176If set to
1177.Dq Li YES ,
1178and no
1179.Va nfs_server_enable
1180is set, start
1181.Xr mountd 8 ,
1182but not
1183.Xr nfsd 8
1184daemon.
1185It is commonly needed to run CFS without real NFS used.
1186.It Va mountd_flags
1187.Pq Vt str
1188If
1189.Va mountd_enable
1190is set to
1191.Dq Li YES ,
1192these are the flags to pass to the
1193.Xr mountd 8
1194daemon.
1195.It Va weak_mountd_authentication
1196.Pq Vt bool
1197If set to
1198.Dq Li YES ,
1199allow services like PCNFSD to make non-privileged mount
1200requests.
1201.It Va nfs_reserved_port_only
1202.Pq Vt bool
1203If set to
1204.Dq Li YES ,
1205provide NFS services only on a secure port.
1206.It Va nfs_bufpackets
1207.Pq Vt int
1208If set to a number, indicates the number of packets worth of
1209socket buffer space to reserve on an NFS client.
1210The kernel default is typically 4.
1211Using a higher number may be
1212useful on gigabit networks to improve performance.
1213The minimum value is
12142 and the maximum is 64.
1215.It Va rpc_lockd_enable
1216.Pq Vt bool
1217If set to
1218.Dq Li YES
1219and also an NFS server, run
1220.Xr rpc.lockd 8
1221at boot time.
1222.It Va rpc_statd_enable
1223.Pq Vt bool
1224If set to
1225.Dq Li YES
1226and also an NFS server, run
1227.Xr rpc.statd 8
1228at boot time.
1229.It Va rpcbind_program
1230.Pq Vt str
1231Path to
1232.Xr rpcbind 8
1233(default
1234.Pa /usr/sbin/rpcbind ) .
1235.It Va rpcbind_enable
1236.Pq Vt bool
1237If set to
1238.Dq Li YES ,
1239run the
1240.Xr rpcbind 8
1241service at boot time.
1242.It Va rpcbind_flags
1243.Pq Vt str
1244If
1245.Va rpcbind_enable
1246is set to
1247.Dq Li YES ,
1248these are the flags to pass to the
1249.Xr rpcbind 8
1250daemon.
1251.It Va keyserv_enable
1252.Pq Vt bool
1253If set to
1254.Dq Li YES ,
1255run the
1256.Xr keyserv 8
1257daemon on boot for running Secure RPC.
1258.It Va keyserv_flags
1259.Pq Vt str
1260If
1261.Va keyserv_enable
1262is set to
1263.Dq Li YES ,
1264these are the flags to pass to
1265.Xr keyserv 8
1266daemon.
1267.It Va pppoed_enable
1268.Pq Vt bool
1269If set to
1270.Dq Li YES ,
1271run the
1272.Xr pppoed 8
1273daemon at boot time to provide PPP over Ethernet services.
1274.It Va pppoed_ Ns Ar provider
1275.Pq Vt str
1276.Xr pppoed 8
1277listens to requests to this
1278.Ar provider
1279and ultimately runs
1280.Xr ppp 8
1281with a
1282.Ar system
1283argument of the same name.
1284.It Va pppoed_flags
1285.Pq Vt str
1286Additional flags to pass to
1287.Xr pppoed 8 .
1288.It Va pppoed_interface
1289.Pq Vt str
1290The network interface to run
1291.Xr pppoed 8
1292on.
1293This is mandatory when
1294.Va pppoed_enable
1295is set to
1296.Dq Li YES .
1297.It Va timed_enable
1298.Pq Vt bool
1299If set to
1300.Dq Li YES ,
1301run the
1302.Xr timed 8
1303service at boot time.
1304This command is intended for networks of
1305machines where a consistent
1306.Dq "network time"
1307for all hosts must be established.
1308This is often useful in large NFS
1309environments where time stamps on files are expected to be consistent
1310network-wide.
1311.It Va timed_flags
1312.Pq Vt str
1313If
1314.Va timed_enable
1315is set to
1316.Dq Li YES ,
1317these are the flags to pass to the
1318.Xr timed 8
1319service.
1320.It Va ntpdate_enable
1321.Pq Vt bool
1322If set to
1323.Dq Li YES ,
1324run
1325.Xr ntpdate 8
1326at system startup.
1327This command is intended to
1328synchronize the system clock only
1329.Em once
1330from some standard reference.
1331An option to set this up initially
1332(from a list of known servers) is also provided by the
1333.Xr sysinstall 8
1334program when the system is first installed.
1335.It Va ntpdate_program
1336.Pq Vt str
1337Path to
1338.Xr ntpdate 8
1339(default
1340.Pa /usr/sbin/ntpdate ) .
1341.It Va ntpdate_flags
1342.Pq Vt str
1343If
1344.Va ntpdate_enable
1345is set to
1346.Dq Li YES ,
1347these are the flags to pass to the
1348.Xr ntpdate 8
1349command (typically a hostname).
1350.It Va ntpd_enable
1351.Pq Vt bool
1352If set to
1353.Dq Li YES ,
1354run the
1355.Xr ntpd 8
1356command at boot time.
1357.It Va ntpd_program
1358.Pq Vt str
1359Path to
1360.Xr ntpd 8
1361(default
1362.Pa /usr/sbin/ntpd ) .
1363.It Va ntpd_flags
1364.Pq Vt str
1365If
1366.Va ntpd_enable
1367is set to
1368.Dq Li YES ,
1369these are the flags to pass to the
1370.Xr ntpd 8
1371daemon.
1372.It Va nis_client_enable
1373.Pq Vt bool
1374If set to
1375.Dq Li YES ,
1376run the
1377.Xr ypbind 8
1378service at system boot time.
1379.It Va nis_client_flags
1380.Pq Vt str
1381If
1382.Va nis_client_enable
1383is set to
1384.Dq Li YES ,
1385these are the flags to pass to the
1386.Xr ypbind 8
1387service.
1388.It Va nis_ypset_enable
1389.Pq Vt bool
1390If set to
1391.Dq Li YES ,
1392run the
1393.Xr ypset 8
1394daemon at system boot time.
1395.It Va nis_ypset_flags
1396.Pq Vt str
1397If
1398.Va nis_ypset_enable
1399is set to
1400.Dq Li YES ,
1401these are the flags to pass to the
1402.Xr ypset 8
1403daemon.
1404.It Va nis_server_enable
1405.Pq Vt bool
1406If set to
1407.Dq Li YES ,
1408run the
1409.Xr ypserv 8
1410daemon at system boot time.
1411.It Va nis_server_flags
1412.Pq Vt str
1413If
1414.Va nis_server_enable
1415is set to
1416.Dq Li YES ,
1417these are the flags to pass to the
1418.Xr ypserv 8
1419daemon.
1420.It Va nis_ypxfrd_enable
1421.Pq Vt bool
1422If set to
1423.Dq Li YES ,
1424run the
1425.Xr rpc.ypxfrd 8
1426daemon at system boot time.
1427.It Va nis_ypxfrd_flags
1428.Pq Vt str
1429If
1430.Va nis_ypxfrd_enable
1431is set to
1432.Dq Li YES ,
1433these are the flags to pass to the
1434.Xr rpc.ypxfrd 8
1435daemon.
1436.It Va nis_yppasswdd_enable
1437.Pq Vt bool
1438If set to
1439.Dq Li YES ,
1440run the
1441.Xr rpc.yppasswdd 8
1442daemon at system boot time.
1443.It Va nis_yppasswdd_flags
1444.Pq Vt str
1445If
1446.Va nis_yppasswdd_enable
1447is set to
1448.Dq Li YES ,
1449these are the flags to pass to the
1450.Xr rpc.yppasswdd 8
1451daemon.
1452.It Va rpc_ypupdated_enable
1453.Pq Vt bool
1454If set to
1455.Dq Li YES ,
1456run the
1457.Nm rpc.ypupdated
1458daemon at system boot time.
1459.It Va defaultrouter
1460.Pq Vt str
1461If not set to
1462.Dq Li NO ,
1463create a default route to this host name or IP address
1464(use an IP address if this router is also required to get to the
1465name server!).
1466.It Va ipv6_defaultrouter
1467.Pq Vt str
1468The IPv6 equivalent of
1469.Va defaultrouter .
1470.It Va static_routes
1471.Pq Vt str
1472Set to the list of static routes that are to be added at system
1473boot time.
1474If not set to
1475.Dq Li NO
1476then for each whitespace separated
1477.Ar element
1478in the value, a
1479.Va route_ Ns Aq Ar element
1480variable is assumed to exist
1481whose contents will later be passed to a
1482.Dq Nm route Cm add
1483operation.
1484.It Va ipv6_static_routes
1485.Pq Vt str
1486The IPv6 equivalent of
1487.Va static_routes .
1488If not set to
1489.Dq Li NO
1490then for each whitespace separated
1491.Ar element
1492in the value, a
1493.Va ipv6_route_ Ns Aq Ar element
1494variable is assumed to exist
1495whose contents will later be passed to a
1496.Dq Nm route Cm add Fl inet6
1497operation.
1498.It Va gateway_enable
1499.Pq Vt bool
1500If set to
1501.Dq Li YES ,
1502configure host to act as an IP router, e.g. to forward packets
1503between interfaces.
1504.It Va ipv6_gateway_enable
1505.Pq Vt bool
1506The IPv6 equivalent of
1507.Va gateway_enable .
1508.It Va router_enable
1509.Pq Vt bool
1510If set to
1511.Dq Li YES ,
1512run a routing daemon of some sort, based on the
1513settings of
1514.Va router
1515and
1516.Va router_flags .
1517.It Va ipv6_router_enable
1518.Pq Vt bool
1519The IPv6 equivalent of
1520.Va router_enable .
1521If set to
1522.Dq Li YES ,
1523run a routing daemon of some sort, based on the
1524settings of
1525.Va ipv6_router
1526and
1527.Va ipv6_router_flags .
1528.It Va router
1529.Pq Vt str
1530If
1531.Va router_enable
1532is set to
1533.Dq Li YES ,
1534this is the name of the routing daemon to use.
1535.It Va ipv6_router
1536.Pq Vt str
1537The IPv6 equivalent of
1538.Va router .
1539.It Va router_flags
1540.Pq Vt str
1541If
1542.Va router_enable
1543is set to
1544.Dq Li YES ,
1545these are the flags to pass to the routing daemon.
1546.It Va ipv6_router_flags
1547.Pq Vt str
1548The IPv6 equivalent of
1549.Va router_flags .
1550.It Va mrouted_enable
1551.Pq Vt bool
1552If set to
1553.Dq Li YES ,
1554run the multicast routing daemon,
1555.Xr mrouted 8 .
1556.It Va mroute6d_enable
1557.Pq Vt bool
1558The IPv6 equivalent of
1559.Va mrouted_enable .
1560If set to
1561.Dq Li YES ,
1562run the IPv6 multicast routing daemon.
1563Note that no IPv6 multicast routing daemon is included in the
1564.Fx
1565base system but
1566.Xr pim6dd 8
1567can be installed from the
1568.Fx
1569Ports Collection.
1570.It Va mrouted_flags
1571.Pq Vt str
1572If
1573.Va mrouted_enable
1574is set to
1575.Dq Li YES ,
1576these are the flags to pass to the
1577.Xr mrouted 8
1578daemon.
1579.It Va mroute6d_flags
1580.Pq Vt str
1581The IPv6 equivalent of
1582.Va mrouted_flags .
1583If
1584.Va mroute6d_enable
1585is set to
1586.Dq Li YES ,
1587these are the flags passed to the IPv6 multicast routing daemon.
1588.It Va mroute6d_program
1589.Pq Vt str
1590If
1591.Va mroute6d_enable
1592is set to
1593.Dq Li YES ,
1594this is the path to the IPv6 multicast routing daemon.
1595.It Va rtadvd_enable
1596.Pq Vt bool
1597If set to
1598.Dq Li YES ,
1599run the
1600.Xr rtadvd 8
1601daemon at boot time.
1602.Xr rtadvd 8
1603will only run if
1604.Va ipv6_gateway_enable
1605is also set to
1606.Dq Li YES .
1607The
1608.Xr rtadvd 8
1609utility sends router advertisement packets to the interfaces specified in
1610.Va rtadvd_interfaces .
1611.Xr rtadvd 8
1612and should only be enabled with great care.
1613You may want to fine-tune
1614.Xr rtadvd.conf 5 .
1615.It Va rtadvd_interfaces
1616.Pq Vt str
1617If
1618.Va rtadvd_enable
1619is set to
1620.Dq Li YES
1621this is the list of interfaces to use.
1622.It Va ipxgateway_enable
1623.Pq Vt bool
1624If set to
1625.Dq Li YES ,
1626enable the routing of IPX traffic.
1627.It Va ipxrouted_enable
1628.Pq Vt bool
1629If set to
1630.Dq Li YES ,
1631run the
1632.Xr IPXrouted 8
1633daemon at system boot time.
1634.It Va ipxrouted_flags
1635.Pq Vt str
1636If
1637.Va ipxrouted_enable
1638is set to
1639.Dq Li YES ,
1640these are the flags to pass to the
1641.Xr IPXrouted 8
1642daemon.
1643.It Va arpproxy_all
1644.Pq Vt bool
1645If set to
1646.Dq Li YES ,
1647enable global proxy ARP.
1648.It Va forward_sourceroute
1649.Pq Vt bool
1650If set to
1651.Dq Li YES
1652and
1653.Va gateway_enable
1654is also set to
1655.Dq Li YES ,
1656source-routed packets are forwarded.
1657.It Va accept_sourceroute
1658.Pq Vt bool
1659If set to
1660.Dq Li YES ,
1661the system will accept source-routed packets directed at it.
1662.It Va rarpd_enable
1663.Pq Vt bool
1664If set to
1665.Dq Li YES ,
1666run the
1667.Xr rarpd 8
1668daemon at system boot time.
1669.It Va rarpd_flags
1670.Pq Vt str
1671If
1672.Va rarpd_enable
1673is set to
1674.Dq Li YES ,
1675these are the flags to pass to the
1676.Xr rarpd 8
1677daemon.
1678.It Va bootparamd_enable
1679.Pq Vt bool
1680If set to
1681.Dq Li YES ,
1682run the
1683.Xr bootparamd 8
1684daemon at system boot time.
1685.It Va bootparamd_flags
1686.Pq Vt str
1687If
1688.Va bootparamd_enable
1689is set to
1690.Dq Li YES ,
1691these are the flags to pass to the
1692.Xr bootparamd 8
1693daemon.
1694.It Va stf_interface_ipv4addr
1695.Pq Vt str
1696If not set to
1697.Dq Li NO ,
1698this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
1699interface).
1700Specify this entry to enable the 6to4 interface.
1701.It Va stf_interface_ipv4plen
1702.Pq Vt int
1703Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1704An effective value is 0-31.
1705.It Va stf_interface_ipv6_ifid
1706.Pq Vt str
1707IPv6 interface ID for
1708.Xr stf 4 .
1709This can be set to
1710.Dq Li AUTO .
1711.It Va stf_interface_ipv6_slaid
1712.Pq Vt str
1713IPv6 Site Level Aggregator for
1714.Xr stf 4 .
1715.It Va ipv6_faith_prefix
1716.Pq Vt str
1717If not set to
1718.Dq Li NO ,
1719this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
1720translator.
1721You also need
1722.Xr faithd 8
1723setup.
1724.It Va ipv6_ipv4mapping
1725.Pq Vt bool
1726If set to
1727.Dq Li YES
1728this enables IPv4 mapped IPv6 address communication (like
1729.Li ::ffff:a.b.c.d ) .
1730.It Va atm_enable
1731.Pq Vt bool
1732Set to
1733.Dq Li YES
1734to enable the configuration of ATM interfaces at system boot time.
1735For all of the ATM variables described below, please refer to the
1736.Xr atm 8
1737man page for further details on the available command parameters.
1738Also refer to the files in
1739.Pa /usr/share/examples/atm
1740for more detailed configuration information.
1741.It Va atm_load
1742.Pq Vt str
1743This is a list of physical ATM interface drivers to load. Typical values are
1744.Dq Li hfa_pci
1745and/or
1746.Dq Li hea_pci .
1747.It Va atm_netif_ Ns Aq Ar intf
1748.Pq Vt str
1749For the ATM physical interface
1750.Ar intf ,
1751this variable defines the name prefix and count for the ATM network
1752interfaces to be created.
1753The value will be passed as the parameters of an
1754.Dq Nm atm Cm "set netif" Ar intf
1755command.
1756.It Va atm_sigmgr_ Ns Aq Ar intf
1757.Pq Vt str
1758For the ATM physical interface
1759.Ar intf ,
1760this variable defines the ATM signalling manager to be used.
1761The value will be passed as the parameters of an
1762.Dq Nm atm Cm attach Ar intf
1763command.
1764.It Va atm_prefix_ Ns Aq Ar intf
1765.Pq Vt str
1766For the ATM physical interface
1767.Ar intf ,
1768this variable defines the NSAP prefix for interfaces using a UNI signalling
1769manager.
1770If set to
1771.Dq Li ILMI ,
1772the prefix will automatically be set via the
1773.Xr ilmid 8
1774daemon.
1775Otherwise, the value will be passed as the parameters of an
1776.Dq Nm atm Cm "set prefix" Ar intf
1777command.
1778.It Va atm_macaddr_ Ns Aq Ar intf
1779.Pq Vt str
1780For the ATM physical interface
1781.Ar intf ,
1782this variable defines the MAC address for interfaces using a UNI signalling
1783manager.
1784If set to
1785.Dq Li NO ,
1786the hardware MAC address contained in the ATM interface card will be used.
1787Otherwise, the value will be passed as the parameters of an
1788.Dq Nm atm Cm "set mac" Ar intf
1789command.
1790.It Va atm_arpserver_ Ns Aq Ar netif
1791.Pq Vt str
1792For the ATM network interface
1793.Ar netif ,
1794this variable defines the ATM address for a host which is to provide ATMARP
1795service.
1796This variable is only applicable to interfaces using a UNI signalling
1797manager.
1798If set to
1799.Dq Li local ,
1800this host will become an ATMARP server.
1801The value will be passed as the parameters of an
1802.Dq Nm atm Cm "set arpserver" Ar netif
1803command.
1804.It Va atm_scsparp_ Ns Aq Ar netif
1805.Pq Vt bool
1806If set to
1807.Dq Li YES ,
1808SCSP/ATMARP service for the network interface
1809.Ar netif
1810will be initiated using the
1811.Xr scspd 8
1812and
1813.Xr atmarpd 8
1814daemons.
1815This variable is only applicable if
1816.Va atm_arpserver_ Ns Aq Ar netif
1817is set to
1818.Dq Li local .
1819.It Va atm_pvcs
1820.Pq Vt str
1821Set to the list of ATM PVCs to be added at system
1822boot time.
1823For each whitespace separated
1824.Ar element
1825in the value, an
1826.Va atm_pvc_ Ns Aq Ar element
1827variable is assumed to exist.
1828The value of each of these variables
1829will be passed as the parameters of an
1830.Dq Nm atm Cm "add pvc"
1831command.
1832.It Va atm_arps
1833.Pq Vt str
1834Set to the list of permanent ATM ARP entries to be added
1835at system boot time.
1836For each whitespace separated
1837.Ar element
1838in the value, an
1839.Va atm_arp_ Ns Aq Ar element
1840variable is assumed to exist.
1841The value of each of these variables
1842will be passed as the parameters of an
1843.Dq Nm atm Cm "add arp"
1844command.
1845.It Va natm_interfaces
1846.Pq Vt str
1847Set to the list of
1848.Xr natm 4
1849interfaces that will also be used for HARP through
1850.Xr harp 4 .
1851If this list is not empty all interfaces in the list will be brought up
1852with
1853.Xr ifconfig 9
1854and
1855.Xr harp 4
1856will be loaded.
1857For this to work the interface drivers must be either compiled into the
1858kernel or must reside on the root partition.
1859.It Va keybell
1860.Pq Vt str
1861The keyboard bell sound.
1862Set to
1863.Dq Li normal ,
1864.Dq Li visual ,
1865.Dq Li off ,
1866or
1867.Dq Li NO
1868if the default behavior is desired.
1869For details, refer to the
1870.Xr kbdcontrol 1
1871manpage.
1872.It Va keymap
1873.Pq Vt str
1874If set to
1875.Dq Li NO ,
1876no keymap is installed, otherwise the value is used to install
1877the keymap file in
1878.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1879.It Va keyrate
1880.Pq Vt str
1881The keyboard repeat speed.
1882Set to
1883.Dq Li slow ,
1884.Dq Li normal ,
1885.Dq Li fast ,
1886or
1887.Dq Li NO
1888if the default behavior is desired.
1889.It Va keychange
1890.Pq Vt str
1891If not set to
1892.Dq Li NO ,
1893attempt to program the function keys with the value.
1894The value should
1895be a single string of the form:
1896.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
1897.It Va cursor
1898.Pq Vt str
1899Can be set to the value of
1900.Dq Li normal ,
1901.Dq Li blink ,
1902.Dq Li destructive ,
1903or
1904.Dq Li NO
1905to set the cursor behavior explicitly or choose the default behavior.
1906.It Va scrnmap
1907.Pq Vt str
1908If set to
1909.Dq Li NO ,
1910no screen map is installed, otherwise the value is used to install
1911the screen map file in
1912.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
1913.It Va font8x16
1914.Pq Vt str
1915If set to
1916.Dq Li NO ,
1917the default 8x16 font value is used for screen size requests, otherwise
1918the value in
1919.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1920is used.
1921.It Va font8x14
1922.Pq Vt str
1923If set to
1924.Dq Li NO ,
1925the default 8x14 font value is used for screen size requests, otherwise
1926the value in
1927.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1928is used.
1929.It Va font8x8
1930.Pq Vt str
1931If set to
1932.Dq Li NO ,
1933the default 8x8 font value is used for screen size requests, otherwise
1934the value in
1935.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1936is used.
1937.It Va blanktime
1938.Pq Vt int
1939If set to
1940.Dq Li NO ,
1941the default screen blanking interval is used, otherwise it is set
1942to
1943.Ar value
1944seconds.
1945.It Va saver
1946.Pq Vt str
1947If not set to
1948.Dq Li NO ,
1949this is the actual screen saver to use
1950.Li ( blank , snake , daemon ,
1951etc).
1952.It Va moused_enable
1953.Pq Vt str
1954If set to
1955.Dq Li YES ,
1956the
1957.Xr moused 8
1958daemon is started for doing cut/paste selection on the console.
1959.It Va moused_type
1960.Pq Vt str
1961This is the protocol type of the mouse connected to this host.
1962This variable must be set if
1963.Va moused_enable
1964is set to
1965.Dq Li YES .
1966The
1967.Xr moused 8
1968daemon
1969is able to detect the appropriate mouse type automatically in many cases.
1970Set this variable to
1971.Dq Li auto
1972to let the daemon detect it, or
1973select one from the following list if the automatic detection fails.
1974.Pp
1975If the mouse is attached to the PS/2 mouse port, choose
1976.Dq Li auto
1977or
1978.Dq Li ps/2 ,
1979regardless of the brand and model of the mouse.
1980Likewise, if the
1981mouse is attached to the bus mouse port, choose
1982.Dq Li auto
1983or
1984.Dq Li busmouse .
1985All other protocols are for serial mice and will not work with
1986the PS/2 and bus mice.
1987If this is a USB mouse,
1988.Dq Li auto
1989is the only protocol type which will work.
1990.Pp
1991.Bl -tag -width ".Li x10mouseremote" -compact
1992.It Li microsoft
1993Microsoft mouse (serial)
1994.It Li intellimouse
1995Microsoft IntelliMouse (serial)
1996.It Li mousesystems
1997Mouse systems Corp. mouse (serial)
1998.It Li mmseries
1999MM Series mouse (serial)
2000.It Li logitech
2001Logitech mouse (serial)
2002.It Li busmouse
2003A bus mouse
2004.It Li mouseman
2005Logitech MouseMan and TrackMan (serial)
2006.It Li glidepoint
2007ALPS GlidePoint (serial)
2008.It Li thinkingmouse
2009Kensington ThinkingMouse (serial)
2010.It Li ps/2
2011PS/2 mouse
2012.It Li mmhittab
2013MM HitTablet (serial)
2014.It Li x10mouseremote
2015X10 MouseRemote (serial)
2016.It Li versapad
2017Interlink VersaPad (serial)
2018.El
2019.Pp
2020Even if the mouse is not in the above list, it may be compatible
2021with one in the list.
2022Refer to the man page for
2023.Xr moused 8
2024for compatibility information.
2025.Pp
2026It should also be noted that while this is enabled, any
2027other client of the mouse (such as an X server) should access
2028the mouse through the virtual mouse device,
2029.Pa /dev/sysmouse ,
2030and configure it as a
2031.Dq Li sysmouse
2032type mouse, since all
2033mouse data is converted to this single canonical format when
2034using
2035.Xr moused 8 .
2036If the client program does not support the
2037.Dq Li sysmouse
2038type,
2039specify the
2040.Dq Li mousesystems
2041type.
2042It is the second preferred type.
2043.It Va moused_port
2044.Pq Vt str
2045If
2046.Va moused_enable
2047is set to
2048.Dq Li YES ,
2049this is the actual port the mouse is on.
2050It might be
2051.Pa /dev/cuaa0
2052for a COM1 serial mouse,
2053.Pa /dev/psm0
2054for a PS/2 mouse or
2055.Pa /dev/mse0
2056for a bus mouse, for example.
2057.It Va moused_flags
2058.Pq Vt str
2059If
2060.Va moused_type
2061is set, these are the additional flags to pass to the
2062.Xr moused 8
2063daemon.
2064.It Va mousechar_start
2065.Pq Vt int
2066If set to
2067.Dq Li NO ,
2068the default mouse cursor character range
2069.Li 0xd0 Ns - Ns Li 0xd3
2070is used,
2071otherwise the range start is set
2072to
2073.Ar value
2074character, see
2075.Xr vidcontrol 1 .
2076Use if the default range is occupied in the language code table.
2077.It Va allscreens_flags
2078.Pq Vt str
2079If set,
2080.Xr vidcontrol 1
2081is run with these options for each of the virtual terminals
2082.Pq Pa /dev/ttyv* .
2083For example,
2084.Dq Fl m Cm on
2085will enable the mouse pointer on all virtual terminals
2086if
2087.Va moused_enable
2088is set to
2089.Dq Li YES .
2090.It Va allscreens_kbdflags
2091.Pq Vt str
2092If set,
2093.Xr kbdcontrol 1
2094is run with these options for each of the virtual terminals
2095.Pq Pa /dev/ttyv* .
2096For example,
2097.Dq Fl h Li 200
2098will set the
2099.Xr syscons 4
2100scrollback (history) buffer to 200 lines.
2101.It Va cron_enable
2102.Pq Vt bool
2103If set to
2104.Dq Li YES ,
2105run the
2106.Xr cron 8
2107daemon at system boot time.
2108.It Va cron_program
2109.Pq Vt str
2110Path to
2111.Xr cron 8
2112(default
2113.Pa /usr/sbin/cron ) .
2114.It Va cron_flags
2115.Pq Vt str
2116If
2117.Va cron_enable
2118is set to
2119.Dq Li YES ,
2120these are the flags to pass to
2121.Xr cron 8 .
2122.It Va lpd_program
2123.Pq Vt str
2124Path to
2125.Xr lpd 8
2126(default
2127.Pa /usr/sbin/lpd ) .
2128.It Va lpd_enable
2129.Pq Vt bool
2130If set to
2131.Dq Li YES ,
2132run the
2133.Xr lpd 8
2134daemon at system boot time.
2135.It Va lpd_flags
2136.Pq Vt str
2137If
2138.Va lpd_enable
2139is set to
2140.Dq Li YES ,
2141these are the flags to pass to the
2142.Xr lpd 8
2143daemon.
2144.It Va mta_start_script
2145.Pq Vt str
2146This variable specifies the full path to the script to run to start
2147a mail transfer agent.
2148The default is
2149.Pa /etc/rc.sendmail .
2150The
2151.Va sendmail_*
2152variables which
2153.Pa /etc/rc.sendmail
2154uses are documented in the
2155.Xr rc.sendmail 8
2156man page.
2157.It Va dumpdev
2158.Pq Vt str
2159Indicates the device (usually a swap partition) to which a crash dump
2160should be written in the event of a system crash.
2161The value of this variable is passed as the argument to
2162.Xr dumpon 8 .
2163To disable crash dumps, set this variable to
2164.Dq Li NO .
2165.It Va dumpdir
2166.Pq Vt str
2167When the system reboots after a crash and a crash dump is found on the
2168device specified by the
2169.Va dumpdev
2170variable,
2171.Xr savecore 8
2172will save that crash dump and a copy of the kernel to the directory
2173specified by the
2174.Va dumpdir
2175variable.
2176The default value is
2177.Pa /var/crash .
2178Set to
2179.Dq Li NO
2180to not run
2181.Xr savecore 8
2182at boot time when
2183.Va dumpdir
2184is set.
2185.It Va savecore_flags
2186.Pq Vt str
2187If crash dumps are enabled, these are the flags to pass to the
2188.Xr savecore 8
2189utility.
2190.It Va enable_quotas
2191.Pq Vt bool
2192Set to
2193.Dq Li YES
2194to turn on user disk quotas on system startup via the
2195.Xr quotaon 8
2196command.
2197.It Va check_quotas
2198.Pq Vt bool
2199Set to
2200.Dq Li YES
2201to enable user disk quota checking via the
2202.Xr quotacheck 8
2203command.
2204.It Va accounting_enable
2205.Pq Vt bool
2206Set to
2207.Dq Li YES
2208to enable system accounting through the
2209.Xr accton 8
2210facility.
2211.It Va ibcs2_enable
2212.Pq Vt bool
2213Set to
2214.Dq Li YES
2215to enable iBCS2 (SCO) binary emulation at system initial boot
2216time.
2217.It Va ibcs2_loaders
2218.Pq Vt str
2219If not set to
2220.Dq Li NO
2221and if
2222.Va ibcs2_enable
2223is set to
2224.Dq Li YES ,
2225this specifies a list of additional iBCS2 loaders to enable.
2226.It Va linux_enable
2227.Pq Vt bool
2228Set to
2229.Dq Li YES
2230to enable Linux/ELF binary emulation at system initial
2231boot time.
2232.It Va osf1_enable
2233.Pq Vt bool
2234Set to
2235.Dq Li YES
2236to enable OSF/1 (Digital UNIX) binary emulation at system
2237initial boot time.
2238(alpha)
2239.It Va svr4_enable
2240.Pq Vt bool
2241If set to
2242.Dq Li YES ,
2243enable SysVR4 emulation at boot time.
2244.It Va sysvipc_enable
2245.Pq Vt bool
2246If set to
2247.Dq Li YES ,
2248load System V IPC primitives at boot time.
2249.It Va clear_tmp_enable
2250.Pq Vt bool
2251Set to
2252.Dq Li YES
2253to have
2254.Pa /tmp
2255cleaned at startup.
2256.It Va ldconfig_paths
2257.Pq Vt str
2258Set to the list of shared library paths to use with
2259.Xr ldconfig 8 .
2260NOTE:
2261.Pa /usr/lib
2262will always be added first, so it need not appear in this list.
2263.It Va ldconfig_paths_aout
2264.Pq Vt str
2265Set to the list of shared library paths to use with
2266.Xr ldconfig 8
2267legacy
2268.Xr a.out 5
2269support.
2270.It Va ldconfig_insecure
2271.Pq Vt bool
2272The
2273.Xr ldconfig 8
2274utility normally refuses to use directories
2275which are writable by anyone except root.
2276Set this variable to
2277.Dq Li YES
2278to disable that security check during system startup.
2279.It Va kern_securelevel_enable
2280.Pq Vt bool
2281Set to
2282.Dq Li YES
2283to set the kernel security level at system startup.
2284.It Va kern_securelevel
2285.Pq Vt int
2286The kernel security level to set at startup.
2287The allowed range of
2288.Ar value
2289ranges from \-1 (the compile time default) to 3 (the
2290most secure).
2291See
2292.Xr init 8
2293for the list of possible security levels and their effect
2294on system operation.
2295.It Va lomac_enable
2296.Pq Vt bool
2297Set to
2298.Dq Li YES
2299to enable Low Watermark Mandatory Access Control (LOMAC) at boot time.
2300This security model enforces integrity constraints for system processes;
2301see
2302.Xr lomac 4
2303for a complete description of the LOMAC model, as well as its impact
2304on system operation.
2305.It Va start_vinum
2306.Pq Vt bool
2307Set to
2308.Dq Li YES
2309to start
2310.Xr vinum 8
2311at system boot time.
2312.It Va sshd_program
2313.Pq Vt str
2314Path to the SSH server program
2315.Pa ( /usr/sbin/sshd
2316is the default).
2317.It Va sshd_enable
2318.Pq Vt bool
2319Set to
2320.Dq Li YES
2321to start
2322.Xr sshd 8
2323at system boot time.
2324.It Va sshd_flags
2325.Pq Vt str
2326If
2327.Va sshd_enable
2328is set to
2329.Dq Li YES ,
2330these are the flags to pass to the
2331.Xr sshd 8
2332daemon.
2333.It Va usbd_enable
2334.Pq Vt bool
2335If set to
2336.Dq Li YES ,
2337run the
2338.Xr usbd 8
2339daemon at boot time.
2340.It Va usbd_flags
2341.Pq Vt str
2342If
2343.Va usbd_enable
2344is set to
2345.Dq Li YES ,
2346these are the flags passed to
2347.Xr usbd 8
2348daemon.
2349.It Va watchdogd_enable
2350.Pq Vt bool
2351If set to
2352.Dq Li YES ,
2353start the
2354.Xr watchdogd 8
2355daemon at boot time.
2356This requires that the kernel have been compiled with
2357.Cd "options WATCHDOG" .
2358.It Va jail_enable
2359.Pq Vt bool
2360If set to
2361.Dq Li NO ,
2362any configured jails will not be started.
2363.It Va jail_list
2364.Pq Vt str
2365A space separated list of names for jails.
2366This is purely a configuration aid to help identify and
2367configure multiple jails.
2368The names specified in this list will be used to
2369identify settings common to an instance of a jail.
2370Assuming that the jail in question was named
2371.Li vjail ,
2372you would have the following dependant variables:
2373.Bd -literal
2374jail_vjail_hostname="jail.example.com"
2375jail_vjail_ip="192.168.1.100"
2376jail_vjail_rootdir="/var/jails/vjail/root"
2377jail_vjail_exec="/bin/sh /etc/rc"
2378.Ed
2379.Pp
2380The last one is optional.
2381It defaults to
2382.Pa /etc/rc
2383if it is not set.
2384.It Va jail_set_hostname_allow
2385.Pq Vt bool
2386If set to
2387.Dq Li NO ,
2388do not allow the root user in a jail to set its hostname.
2389.It Va jail_socket_unixiproute_only
2390.Pq Vt bool
2391If set to
2392.Dq Li NO ,
2393do not allow any protocol,
2394besides TCP/IP,
2395to be used within a jail.
2396.It Va jail_sysvipc_allow
2397.Pq Vt bool
2398If set to
2399.Dq Li YES ,
2400allow applications within a jail to use System V IPC.
2401.It Va unaligned_print
2402.Pq Vt bool
2403If set to
2404.Dq Li NO ,
2405unaligned access warnings will not be printed.
2406(alpha)
2407.\" ----- isdn settings ---------------------------------
2408.It Va isdn_enable
2409.Pq Vt bool
2410Set to
2411.Dq Li NO
2412by default.
2413When set to
2414.Dq Li YES ,
2415starts the
2416.Xr isdnd 8
2417daemon
2418at system boot time.
2419.It Va isdn_flags
2420.Pq Vt str
2421Set to
2422.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
2423by default.
2424Additional flags to pass to
2425.Xr isdnd 8
2426(but see
2427.Va isdn_fsdev
2428and
2429.Va isdn_ttype
2430for certain tunable parameters).
2431.It Va isdn_ttype
2432.Pq Vt str
2433Set to
2434.Dq Li cons25
2435by default.
2436The terminal type of the output device when
2437.Xr isdnd 8
2438operates in full-screen mode.
2439.It Va isdn_screenflags
2440.Pq Vt str
2441Set to
2442.Dq Li NO
2443by default.
2444The video mode for full-screen mode (only for
2445.Xr syscons 4
2446console driver, see
2447.Xr vidcontrol 1
2448for valid modes).
2449.It Va isdn_fsdev
2450.Pq Vt str
2451Set to
2452.Dq Li NO
2453by default.
2454The output device for
2455.Xr isdnd 8
2456in full-screen mode (or
2457.Dq Li NO
2458for daemon mode).
2459.It Va isdn_trace
2460.Pq Vt bool
2461Set to
2462.Dq Li NO
2463by default.
2464When set to
2465.Dq Li YES ,
2466enables the ISDN protocol trace utility
2467.Xr isdntrace 8
2468at system boot time.
2469.It Va isdn_traceflags
2470.Pq Vt str
2471Set to
2472.Dq Fl f Pa /var/tmp/isdntrace0
2473by default.
2474Flags for
2475.Xr isdntrace 8 .
2476.\" -----------------------------------------------------
2477.It Va pcvt_verbose
2478.Pq Vt bool
2479Set to
2480.Dq Li NO
2481by default.
2482When set to
2483.Dq Li YES ,
2484verbose messages about the actions done by the start script are displayed.
2485.Em Note :
2486the
2487.Xr pcvt 4
2488driver must be compiled into the kernel before the
2489.Xr pcvt 4
2490related
2491options described here take any effect.
2492.It Va pcvt_keymap
2493.Pq Vt str
2494Set to
2495.Dq Li NO
2496by default.
2497Use this to configure a national keyboard mapping found in the
2498.Pa /usr/share/misc/keycap.pcvt
2499file of keyboard mappings.
2500(See also the manual pages
2501.Xr keycap 5
2502and
2503.Xr keycap 3
2504for usage of
2505.Xr pcvt 4 Ns 's
2506keycap database and the manual page
2507.Xr kcon 1
2508option
2509.Fl m
2510for national keyboard mapping configuration.)
2511.It Va pcvt_keydel
2512.Pq Vt int
2513Set to
2514.Dq Li NO
2515by default.
2516Used to set the keyboard key repeat delay value.
2517Valid values are
2518in the range 0..3 for delay values of 250, 500, 750 and 1000 msec.
2519(See also the
2520.Xr kcon 1
2521manual page.)
2522.It Va pcvt_keyrate
2523.Pq Vt int
2524Set to
2525.Dq Li NO
2526by default.
2527Used to set the keyboard key repetition rate value.
2528Valid values are
2529in the range 0..31 for repetition values of 2..30 characters per second.
2530.It Va pcvt_keyrepeat
2531.Pq Vt bool
2532Set to
2533.Dq Li NO
2534by default.
2535Set to
2536.Dq Li YES
2537to enable automatic keyboard key repeating.
2538.It Va pcvt_force24
2539.Pq Vt bool
2540Set to
2541.Dq Li NO
2542by default.
2543Set to
2544.Dq Li YES
2545to force
2546.Xr pcvt 4
2547to use 24 lines only (in 25 lines mode) for compatibility
2548with the original
2549.Tn VT220
2550terminal.
2551.It Va pcvt_hpext
2552.Pq Vt bool
2553Set to
2554.Dq Li NO
2555by default.
2556Set to
2557.Dq Li YES
2558to enable the display and functionality of function key labels (as found
2559on
2560.Tn Hewlett-Packard
2561terminals such as the
2562.Tn HP2392A
2563and the
2564.Tn HP700/92
2565in
2566.Tn ANSI
2567mode).
2568.It Va pcvt_lines
2569.Pq Vt int
2570Set to
2571.Dq Li NO
2572by default resulting in a value of 25.
2573Used to set the number of lines on the screen.
2574For VGA displays, valid
2575values are 25, 28, 40 and 50 lines.
2576(See also the
2577.Xr scon 1
2578manual page.)
2579.It Va pcvt_blanktime
2580.Pq Vt int
2581Set to
2582.Dq Li NO
2583by default.
2584Used to set the screen saver timeout in seconds for values greater than
2585zero.
2586.It Va pcvt_cursorh
2587.Pq Vt int
2588Set to
2589.Dq Li NO
2590by default.
2591Used to set the cursor top scanline.
2592(See also the
2593.Xr cursor 1
2594manual page.)
2595.It Va pcvt_cursorl
2596.Pq Vt int
2597Set to
2598.Dq Li NO
2599by default.
2600Used to set the cursor bottom scanline.
2601.It Va pcvt_monohigh
2602.Pq Vt bool
2603Set to
2604.Dq Li NO
2605by default.
2606Set to
2607.Dq Li YES
2608to set intensity to high on monochrome monitors.
2609(See also the
2610.Xr scon 1
2611manual page, option
2612.Fl p ,
2613for more information on changing VGA palette
2614values.)
2615.It Va harvest_interrupt
2616.Pq Vt bool
2617Set to
2618.Dq Li YES
2619to use hardware interrupts as an entropy source.
2620Refer to
2621.Xr random 4
2622for more information.
2623.It Va harvest_ethernet
2624.Pq Vt bool
2625Set to
2626.Dq Li YES
2627to use LAN traffic as an entropy source.
2628Refer to
2629.Xr random 4
2630for more information.
2631.It Va harvest_p_to_p
2632.Pq Vt bool
2633Set to
2634.Dq Li YES
2635to use serial line traffic as an entropy source.
2636Refer to
2637.Xr random 4
2638for more information.
2639.It Va entropy_dir
2640.Pq Vt str
2641Set to
2642.Dq Li NO
2643to disable caching entropy via
2644.Xr cron 8 .
2645Otherwise set to the directory used to store entropy files in.
2646.It Va entropy_file
2647.Pq Vt str
2648Set to
2649.Dq Li NO
2650to disable caching entropy through reboots.
2651Otherwise set to the filename used to store cached entropy through
2652reboots.
2653This file should be located on the root file system to seed the
2654.Xr random 4
2655device as early as possible in the boot process.
2656.It Va entropy_save_sz
2657.Pq Vt int
2658Size of the entropy cache files saved by
2659.Nm save-entropy
2660periodically.
2661.It Va entropy_save_num
2662.Pq Vt int
2663Number of entropy cache files to save by
2664.Nm save-entropy
2665periodically.
2666.It Va ipsec_enable
2667.Pq Vt bool
2668Set to
2669.Dq Li YES
2670to run
2671.Xr setkey 8
2672on
2673.Va ipsec_file
2674at boot time.
2675.It Va ipsec_file
2676.Pq Vt str
2677Configuration file for
2678.Xr setkey 8 .
2679.It Va dmesg_enable
2680.Pq Vt bool
2681Set to
2682.Dq Li YES
2683to save
2684.Xr dmesg 8
2685to
2686.Pa /var/run/dmesg.boot
2687on boot.
2688.It Va rcshutdown_timeout
2689.Pq Vt int
2690If set, start a watchdog timer in the background which will terminate
2691.Pa rc.shutdown
2692if
2693.Xr shutdown 8
2694has not completed within the specified time (in seconds).
2695.El
2696.Sh FILES
2697.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
2698.It Pa /etc/defaults/rc.conf
2699.It Pa /etc/rc.conf
2700.It Pa /etc/rc.conf.local
2701.El
2702.Sh SEE ALSO
2703.Xr catman 1 ,
2704.Xr gdb 1 ,
2705.Xr info 1 ,
2706.Xr kbdcontrol 1 ,
2707.Xr makewhatis 1 ,
2708.Xr vidcontrol 1 ,
2709.Xr ip 4 ,
2710.Xr kld 4 ,
2711.Xr tcp 4 ,
2712.Xr udp 4 ,
2713.Xr exports 5 ,
2714.Xr motd 5 ,
2715.Xr accton 8 ,
2716.Xr amd 8 ,
2717.Xr apm 8 ,
2718.Xr atm 8 ,
2719.Xr cron 8 ,
2720.Xr dhclient 8 ,
2721.Xr ifconfig 8 ,
2722.Xr inetd 8 ,
2723.Xr isdnd 8 ,
2724.Xr isdntrace 8 ,
2725.Xr kldxref 8 ,
2726.Xr lpd 8 ,
2727.Xr mdconfig 8 ,
2728.Xr mountd 8 ,
2729.Xr moused 8 ,
2730.Xr mrouted 8 ,
2731.Xr named 8 ,
2732.Xr nfsd 8 ,
2733.Xr ntpd 8 ,
2734.Xr ntpdate 8 ,
2735.Xr pcnfsd 8 ,
2736.Xr quotacheck 8 ,
2737.Xr quotaon 8 ,
2738.Xr rc 8 ,
2739.Xr rc.sendmail 8 ,
2740.Xr route 8 ,
2741.Xr routed 8 ,
2742.Xr rpc.lockd 8 ,
2743.Xr rpc.statd 8 ,
2744.Xr rpcbind 8 ,
2745.Xr rwhod 8 ,
2746.Xr savecore 8 ,
2747.Xr sshd 8 ,
2748.Xr swapon 8 ,
2749.Xr sysctl 8 ,
2750.Xr syslogd 8 ,
2751.Xr timed 8 ,
2752.Xr usbd 8 ,
2753.Xr vinum 8 ,
2754.Xr yp 8 ,
2755.Xr ypbind 8 ,
2756.Xr ypserv 8 ,
2757.Xr ypset 8
2758.Sh HISTORY
2759The
2760.Nm
2761file appeared in
2762.Fx 2.2.2 .
2763.Sh AUTHORS
2764.An Jordan K. Hubbard .
2765