1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd April 9, 2008 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67See the 68.Va rc_conf_files 69variable below. 70.Pp 71Options are set with 72.Dq Ar name Ns Li = Ns Ar value 73assignments that use 74.Xr sh 1 75syntax. 76The following list provides a name and short description for each 77variable that can be set in the 78.Nm 79file: 80.Bl -tag -width indent-two 81.It Va rc_debug 82.Pq Vt bool 83If set to 84.Dq Li YES , 85enable output of debug messages from rc scripts. 86This variable can be helpful in diagnosing mistakes when 87editing or integrating new scripts. 88Beware that this produces copious output to the terminal and 89.Xr syslog 3 . 90.It Va rc_info 91.Pq Vt bool 92If set to 93.Dq Li NO , 94disable informational messages from the rc scripts. 95Informational messages are displayed when 96a condition that is not serious enough to warrant a warning or 97an error occurs. 98.It Va early_late_divider 99.Pq Vt str 100The name of the script that should be used as the 101delimiter between the 102.Dq early 103and 104.Dq late 105stages of the boot process. 106The early stage should contain all the services needed to 107get the disks (local or remote) mounted so that the late 108stage can include scripts contained in the directories 109listed in the 110.Va local_startup 111variable (see below). 112Thus, the two likely candidates for this value are 113.Pa mountcritlocal 114for the typical system, and 115.Pa mountcritremote 116if the system needs remote file 117systems mounted to get access to the 118.Va local_startup 119directories; for example when 120.Pa /usr/local 121is NFS mounted. 122For 123.Pa rc.conf 124within a 125.Xr jail 8 126.Pa NETWORKING 127is likely to be an appropriate value. 128Extreme care should be taken when changing this value, 129and before changing it one should ensure that there are 130adequate provisions to recover from a failed boot 131(such as physical contact with the machine, 132or reliable remote console access). 133.It Va swapfile 134.Pq Vt str 135If set to 136.Dq Li NO , 137no swapfile is installed, otherwise the value is used as the full 138pathname to a file to use for additional swap space. 139.It Va apm_enable 140.Pq Vt bool 141If set to 142.Dq Li YES , 143enable support for Automatic Power Management with 144the 145.Xr apm 8 146command. 147.It Va apmd_enable 148.Pq Vt bool 149Run 150.Xr apmd 8 151to handle APM event from userland. 152This also enables support for APM. 153.It Va apmd_flags 154.Pq Vt str 155If 156.Va apmd_enable 157is set to 158.Dq Li YES , 159these are the flags to pass to the 160.Xr apmd 8 161daemon. 162.It Va devd_enable 163.Pq Vt bool 164Run 165.Xr devd 8 166to handle device added, removed or unknown events from the kernel. 167.It Va ddb_enable 168.Pq Vt bool 169Run 170.Xr ddb 8 171to install 172.Xr ddb 4 173scripts at boot time. 174.It Va ddb_config 175.Pq Vt str 176Configuration file for 177.Xr ddb 8 . 178Default 179.Pa /etc/ddb.conf . 180.It Va kldxref_enable 181.Pq Vt bool 182Set to 183.Dq Li NO 184by default. 185Set to 186.Dq Li YES 187to automatically rebuild 188.Pa linker.hints 189files with 190.Xr kldxref 8 191at boot time. 192.It Va kldxref_clobber 193.Pq Vt bool 194Set to 195.Dq Li NO 196by default. 197If 198.Va kldxref_enable 199is true, 200setting to 201.Dq Li YES 202will overwrite existing 203.Pa linker.hints 204files at boot time. 205Otherwise, 206only missing 207.Pa linker.hints 208files are generated. 209.It Va kldxref_module_path 210.Pq Vt str 211Empty by default. 212A semi-colon 213.Pq Ql \&; 214delimited list of paths containing 215.Xr kld 4 216modules. 217If empty, 218the contents of the 219.Va kern.module_path 220.Xr sysctl 8 221are used. 222.It Va powerd_enable 223.Pq Vt bool 224If set to 225.Dq Li YES , 226enable the system power control facility with the 227.Xr powerd 8 228daemon. 229.It Va powerd_flags 230.Pq Vt str 231If 232.Va powerd_enable 233is set to 234.Dq Li YES , 235these are the flags to pass to the 236.Xr powerd 8 237daemon. 238.It Va tmpmfs 239Controls the creation of a 240.Pa /tmp 241memory file system. 242Always happens if set to 243.Dq Li YES 244and never happens if set to 245.Dq Li NO . 246If set to anything else, a memory file system is created if 247.Pa /tmp 248is not writable. 249.It Va tmpsize 250Controls the size of a created 251.Pa /tmp 252memory file system. 253.It Va tmpmfs_flags 254Extra options passed to the 255.Xr mdmfs 8 256utility when the memory file system for 257.Pa /tmp 258is created. 259The default is 260.Dq Li "-S" , 261which inhibits the use of softupdates on 262.Pa /tmp 263so that file system space is freed without delay 264after file truncation or deletion. 265See 266.Xr mdmfs 8 267for other options you can use in 268.Va tmpmfs_flags . 269.It Va varmfs 270Controls the creation of a 271.Pa /var 272memory file system. 273Always happens if set to 274.Dq Li YES 275and never happens if set to 276.Dq Li NO . 277If set to anything else, a memory file system is created if 278.Pa /var 279is not writable. 280.It Va varsize 281Controls the size of a created 282.Pa /var 283memory file system. 284.It Va varmfs_flags 285Extra options passed to the 286.Xr mdmfs 8 287utility when the memory file system for 288.Pa /var 289is created. 290The default is 291.Dq Li "-S" , 292which inhibits the use of softupdates on 293.Pa /var 294so that file system space is freed without delay 295after file truncation or deletion. 296See 297.Xr mdmfs 8 298for other options you can use in 299.Va varmfs_flags . 300.It Va populate_var 301Controls the automatic population of the 302.Pa /var 303file system. 304Always happens if set to 305.Dq Li YES 306and never happens if set to 307.Dq Li NO . 308If set to anything else, a memory file system is created if 309.Pa /var 310is not writable. 311Note that this process requires access to certain commands in 312.Pa /usr 313before 314.Pa /usr 315is mounted on normal systems. 316.It Va cleanvar_enable 317.Pq Vt bool 318Clean the 319.Pa /var 320directory. 321.It Va local_startup 322.Pq Vt str 323List of directories to search for startup script files. 324.It Va script_name_sep 325.Pq Vt str 326The field separator to use for breaking down the list of startup script files 327into individual filenames. 328The default is a space. 329It is not necessary to change this unless there are startup scripts with names 330containing spaces. 331.It Va hostapd_enable 332.Pq Vt bool 333Set to 334.Dq Li YES 335to start 336.Xr hostapd 8 337at system boot time. 338.It Va hostname 339.Pq Vt str 340The fully qualified domain name (FQDN) of this host on the network. 341This should almost certainly be set to something meaningful, even if 342there is no network connection. 343If 344.Xr dhclient 8 345is used to set the hostname via DHCP, 346this variable should be set to an empty string. 347.It Va ipv6_enable 348.Pq Vt bool 349Enable support for IPv6 networking. 350Note that this requires that the kernel has been compiled with 351.Cd "options INET6" . 352.It Va nisdomainname 353.Pq Vt str 354The NIS domain name of this host, or 355.Dq Li NO 356if NIS is not used. 357.It Va dhclient_program 358.Pq Vt str 359Path to the DHCP client program 360.Pa ( /sbin/dhclient , 361the 362.Ox 363DHCP client, 364is the default). 365.It Va dhclient_flags 366.Pq Vt str 367Additional flags to pass to the DHCP client program. 368For the 369.Ox 370DHCP client, see the 371.Xr dhclient 8 372manpage for a description of the command line options available. 373.It Va dhclient_flags_ Ns Aq Ar iface 374Additional flags to pass to the DHCP client program running on 375.Ar iface 376only. 377When specified, this variable overrides 378.Va dhclient_flags . 379.It Va background_dhclient 380.Pq Vt bool 381Set to 382.Dq Li YES 383to start the DHCP client in background. 384This can cause trouble with applications depending on 385a working network, but it will provide a faster startup 386in many cases. 387.It Va background_dhclient_ Ns Aq Ar iface 388When specified, this variable overrides the 389.Va background_dhclient 390variable for interface 391.Ar iface 392only. 393.It Va synchronous_dhclient 394.Pq Bt bool 395Set to 396.Dq Li NO 397to start 398.Xr dhclient 8 399only in response to interface events and not synchronously at startup. 400This behavior can be overridden on a per-interface basis by replacing 401the 402.Dq Li DHCP 403keyword in the 404.Va ifconfig_ Ns Aq Ar interface 405variable with 406.Dq Li SYNCDHCP 407or 408.Dq Li NOSYNCDHCP . 409.It Va firewall_enable 410.Pq Vt bool 411Set to 412.Dq Li YES 413to load firewall rules at startup. 414If the kernel was not built with 415.Cd "options IPFIREWALL" , 416the 417.Pa ipfw.ko 418kernel module will be loaded. 419See also 420.Va ipfilter_enable . 421.It Va ipv6_firewall_enable 422.Pq Vt bool 423The IPv6 equivalent of 424.Va firewall_enable . 425Set to 426.Dq Li YES 427to load IPv6 firewall rules at startup. 428If the kernel was not built with 429.Cd "options IPV6FIREWALL" , 430the 431.Pa ipfw.ko 432kernel module will be loaded. 433.It Va firewall_script 434.Pq Vt str 435This variable specifies the full path to the firewall script to run. 436The default is 437.Pa /etc/rc.firewall . 438.It Va ipv6_firewall_script 439.Pq Vt str 440The IPv6 equivalent of 441.Va firewall_script . 442.It Va firewall_type 443.Pq Vt str 444Names the firewall type from the selection in 445.Pa /etc/rc.firewall , 446or the file which contains the local firewall ruleset. 447Valid selections from 448.Pa /etc/rc.firewall 449are: 450.Pp 451.Bl -tag -width ".Li simple" -compact 452.It Li open 453unrestricted IP access 454.It Li closed 455all IP services disabled, except via 456.Dq Li lo0 457.It Li client 458basic protection for a workstation 459.It Li simple 460basic protection for a LAN. 461.El 462.Pp 463If a filename is specified, the full path 464must be given. 465.It Va ipv6_firewall_type 466.Pq Vt str 467The IPv6 equivalent of 468.Va firewall_type . 469.It Va firewall_quiet 470.Pq Vt bool 471Set to 472.Dq Li YES 473to disable the display of firewall rules on the console during boot. 474.It Va ipv6_firewall_quiet 475.Pq Vt bool 476The IPv6 equivalent of 477.Va firewall_quiet . 478.It Va firewall_logging 479.Pq Vt bool 480Set to 481.Dq Li YES 482to enable firewall event logging. 483This is equivalent to the 484.Dv IPFIREWALL_VERBOSE 485kernel option. 486.It Va ipv6_firewall_logging 487.Pq Vt bool 488The IPv6 equivalent of 489.Va firewall_logging . 490.It Va firewall_flags 491.Pq Vt str 492Flags passed to 493.Xr ipfw 8 494if 495.Va firewall_type 496specifies a filename. 497.It Va ipv6_firewall_flags 498.Pq Vt str 499The IPv6 equivalent of 500.Va firewall_flags . 501.\" ----- firewall_nat_enable setting -------------------------------- 502.It Va firewall_nat_enable 503.Pq Vt bool 504The 505.Xr ipfw 8 506equivalent of 507.Va natd_enable . 508Setting this to 509.Dq Li YES 510enables kernel NAT. 511.Va firewall_enable 512must also be set to 513.Dq Li YES . 514.It Va firewall_nat_interface 515.Pq Vt str 516The 517.Xr ipfw 8 518equivalent of 519.Va natd_interface . 520This is the name of the public interface or IP address on which 521kernel NAT should run. 522.It Va firewall_nat_flags 523.Pq Vt str 524Additional configuration parameters for kernel NAT should be placed here. 525.It Va dummynet_enable 526.Pq Vt bool 527Setting this to 528.Dq Li YES 529will automatically load the 530.Xr dummynet 4 531module if 532.Va firewall_enable 533is also set to 534.Dq Li YES . 535.\" ------------------------------------------------------------------- 536.It Va natd_program 537.Pq Vt str 538Path to 539.Xr natd 8 . 540.It Va natd_enable 541.Pq Vt bool 542Set to 543.Dq Li YES 544to enable 545.Xr natd 8 . 546.Va firewall_enable 547must also be set to 548.Dq Li YES , 549and 550.Xr divert 4 551sockets must be enabled in the kernel. 552If the kernel was not built with 553.Cd "options IPDIVERT" , 554the 555.Pa ipdivert.ko 556kernel module will be loaded. 557.It Va natd_interface 558.Pq Vt str 559This is the name of the public interface on which 560.Xr natd 8 561should run. 562The interface may be given as an interface name or as an IP address. 563.It Va natd_flags 564.Pq Vt str 565Additional 566.Xr natd 8 567flags should be placed here. 568The 569.Fl n 570or 571.Fl a 572flag is automatically added with the above 573.Va natd_interface 574as an argument. 575.\" ----- ipfilter_enable setting -------------------------------- 576.It Va ipfilter_enable 577.Pq Vt bool 578Set to 579.Dq Li NO 580by default. 581Setting this to 582.Dq Li YES 583enables 584.Xr ipf 8 585packet filtering. 586.Pp 587Typical usage will require putting 588.Bd -literal 589ipfilter_enable="YES" 590ipnat_enable="YES" 591ipmon_enable="YES" 592ipfs_enable="YES" 593.Ed 594.Pp 595into 596.Pa /etc/rc.conf 597and editing 598.Pa /etc/ipf.rules 599and 600.Pa /etc/ipnat.rules 601appropriately. 602.Pp 603Note that 604.Va ipfilter_enable 605and 606.Va ipnat_enable 607can be enabled independently. 608.Va ipmon_enable 609and 610.Va ipfs_enable 611both require at least one of 612.Va ipfilter_enable 613and 614.Va ipnat_enable 615to be enabled. 616.Pp 617Having 618.Bd -literal 619options IPFILTER 620options IPFILTER_LOG 621options IPFILTER_DEFAULT_BLOCK 622.Ed 623.Pp 624in the kernel configuration file is a good idea, too. 625.\" ----- ipfilter_program setting ------------------------------ 626.It Va ipfilter_program 627.Pq Vt str 628Path to 629.Xr ipf 8 630(default 631.Pa /sbin/ipf ) . 632.\" ----- ipfilter_rules setting -------------------------------- 633.It Va ipfilter_rules 634.Pq Vt str 635Set to 636.Pa /etc/ipf.rules 637by default. 638This variable contains the name of the filter rule definition file. 639The file is expected to be readable for the 640.Xr ipf 8 641command to execute. 642.\" ----- ipv6_ipfilter_rules setting --------------------------- 643.It Va ipv6_ipfilter_rules 644.Pq Vt str 645Set to 646.Pa /etc/ipf6.rules 647by default. 648This variable contains the IPv6 filter rule definition file. 649The file is expected to be readable for the 650.Xr ipf 8 651command to execute. 652.\" ----- ipfilter_flags setting -------------------------------- 653.It Va ipfilter_flags 654.Pq Vt str 655Empty by default. 656This variable contains flags passed to the 657.Xr ipf 8 658program. 659.\" ----- ipnat_enable setting ---------------------------------- 660.It Va ipnat_enable 661.Pq Vt bool 662Set to 663.Dq Li NO 664by default. 665Set it to 666.Dq Li YES 667to enable 668.Xr ipnat 8 669network address translation. 670See 671.Va ipfilter_enable 672for a detailed discussion. 673.\" ----- ipnat_program setting --------------------------------- 674.It Va ipnat_program 675.Pq Vt str 676Path to 677.Xr ipnat 8 678(default 679.Pa /sbin/ipnat ) . 680.\" ----- ipnat_rules setting ----------------------------------- 681.It Va ipnat_rules 682.Pq Vt str 683Set to 684.Pa /etc/ipnat.rules 685by default. 686This variable contains the name of the file 687holding the network address translation definition. 688This file is expected to be readable for the 689.Xr ipnat 8 690command to execute. 691.\" ----- ipnat_flags setting ----------------------------------- 692.It Va ipnat_flags 693.Pq Vt str 694Empty by default. 695This variable contains flags passed to the 696.Xr ipnat 8 697program. 698.\" ----- ipmon_enable setting ---------------------------------- 699.It Va ipmon_enable 700.Pq Vt bool 701Set to 702.Dq Li NO 703by default. 704Set it to 705.Dq Li YES 706to enable 707.Xr ipmon 8 708monitoring (logging 709.Xr ipf 8 710and 711.Xr ipnat 8 712events). 713Setting this variable needs setting 714.Va ipfilter_enable 715or 716.Va ipnat_enable 717too. 718See 719.Va ipfilter_enable 720for a detailed discussion. 721.\" ----- ipmon_program setting --------------------------------- 722.It Va ipmon_program 723.Pq Vt str 724Path to 725.Xr ipmon 8 726(default 727.Pa /sbin/ipmon ) . 728.\" ----- ipmon_flags setting ----------------------------------- 729.It Va ipmon_flags 730.Pq Vt str 731Set to 732.Dq Li -Ds 733by default. 734This variable contains flags passed to the 735.Xr ipmon 8 736program. 737Another typical example would be 738.Dq Fl D Pa /var/log/ipflog 739to have 740.Xr ipmon 8 741log directly to a file bypassing 742.Xr syslogd 8 . 743Make sure to adjust 744.Pa /etc/newsyslog.conf 745in such case like this: 746.Bd -literal 747/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 748.Ed 749.\" ----- ipfs_enable setting ----------------------------------- 750.It Va ipfs_enable 751.Pq Vt bool 752Set to 753.Dq Li NO 754by default. 755Set it to 756.Dq Li YES 757to enable 758.Xr ipfs 8 759saving the filter and NAT state tables during shutdown 760and reloading them during startup again. 761Setting this variable needs setting 762.Va ipfilter_enable 763or 764.Va ipnat_enable 765to 766.Dq Li YES 767too. 768See 769.Va ipfilter_enable 770for a detailed discussion. 771Note that if 772.Va kern_securelevel 773is set to 3, 774.Va ipfs_enable 775cannot be used 776because the raised securelevel will prevent 777.Xr ipfs 8 778from saving the state tables at shutdown time. 779.\" ----- ipfs_program setting ---------------------------------- 780.It Va ipfs_program 781.Pq Vt str 782Path to 783.Xr ipfs 8 784(default 785.Pa /sbin/ipfs ) . 786.\" ----- ipfs_flags setting ------------------------------------ 787.It Va ipfs_flags 788.Pq Vt str 789Empty by default. 790This variable contains flags passed to the 791.Xr ipfs 8 792program. 793.\" ----- end of added ipf hook --------------------------------- 794.It Va pf_enable 795.Pq Vt bool 796Set to 797.Dq Li NO 798by default. 799Setting this to 800.Dq Li YES 801enables 802.Xr pf 4 803packet filtering. 804.Pp 805Typical usage will require putting 806.Pp 807.Dl pf_enable="YES" 808.Pp 809into 810.Pa /etc/rc.conf 811and editing 812.Pa /etc/pf.conf 813appropriately. 814Adding 815.Pp 816.Dl "device pf" 817.Pp 818builds support for 819.Xr pf 4 820into the kernel, otherwise the 821kernel module will be loaded. 822.It Va pf_rules 823.Pq Vt str 824Path to 825.Xr pf 4 826ruleset configuration file 827(default 828.Pa /etc/pf.conf ) . 829.It Va pf_program 830.Pq Vt str 831Path to 832.Xr pfctl 8 833(default 834.Pa /sbin/pfctl ) . 835.It Va pf_flags 836.Pq Vt str 837If 838.Va pf_enable 839is set to 840.Dq Li YES , 841these flags are passed to the 842.Xr pfctl 8 843program when loading the ruleset. 844.It Va pflog_enable 845.Pq Vt bool 846Set to 847.Dq Li NO 848by default. 849Setting this to 850.Dq Li YES 851enables 852.Xr pflogd 8 853which logs packets from the 854.Xr pf 4 855packet filter. 856.It Va pflog_logfile 857.Pq Vt str 858If 859.Va pflog_enable 860is set to 861.Dq Li YES 862this controls where 863.Xr pflogd 8 864stores the logfile 865(default 866.Pa /var/log/pflog ) . 867Check 868.Pa /etc/newsyslog.conf 869to adjust logfile rotation for this. 870.It Va pflog_program 871.Pq Vt str 872Path to 873.Xr pflogd 8 874(default 875.Pa /sbin/pflogd ) . 876.It Va pflog_flags 877.Pq Vt str 878Empty by default. 879This variable contains additional flags passed to the 880.Xr pflogd 8 881program. 882.It Va ftpproxy_enable 883.Pq Vt bool 884Set to 885.Dq Li NO 886by default. 887Setting this to 888.Dq Li YES 889enables 890.Xr ftp-proxy 8 891which supports the 892.Xr pf 4 893packet filter in translating ftp connections. 894.It Va ftpproxy_flags 895.Pq Vt str 896Empty by default. 897This variable contains additional flags passed to the 898.Xr ftp-proxy 8 899program. 900.It Va pfsync_enable 901.Pq Vt bool 902Set to 903.Dq Li NO 904by default. 905Setting this to 906.Dq Li YES 907enables exposing 908.Xr pf 4 909state changes to other hosts over the network by means of 910.Xr pfsync 4 . 911The 912.Va pfsync_syncdev 913variable 914must also be set then. 915.It Va pfsync_syncdev 916.Pq Vt str 917Empty by default. 918This variable specifies the name of the network interface 919.Xr pfsync 4 920should operate through. 921It must be set accordingly if 922.Va pfsync_enable 923is set to 924.Dq Li YES . 925.It Va pfsync_syncpeer 926.Pq Vt str 927Empty by default. 928This variable is optional. 929By default, state change messages are sent out on the synchronisation 930interface using IP multicast packets. 931The protocol is IP protocol 240, PFSYNC, and the multicast group used is 932224.0.0.240. 933When a peer address is specified using the 934.Va pfsync_syncpeer 935option, the peer address is used as a destination for the pfsync 936traffic, and the traffic can then be protected using 937.Xr ipsec 4 . 938See the 939.Xr pfsync 4 940manpage for more details about using 941.Xr ipsec 4 942with 943.Xr pfsync 4 944interfaces. 945.It Va pfsync_ifconfig 946.Pq Vt str 947Empty by default. 948This variable can contain additional options to be passed to the 949.Xr ifconfig 8 950command used to set up 951.Xr pfsync 4 . 952.It Va tcp_extensions 953.Pq Vt bool 954Set to 955.Dq Li YES 956by default. 957Setting this to 958.Dq Li NO 959disables certain TCP options as described by 960.Rs 961.%T "RFC 1323" 962.Re 963Setting this to 964.Dq Li NO 965might help remedy such problems with connections as randomly hanging 966or other weird behavior. 967Some network devices are known 968to be broken with respect to these options. 969.It Va log_in_vain 970.Pq Vt int 971Set to 0 by default. 972The 973.Xr sysctl 8 974variables, 975.Va net.inet.tcp.log_in_vain 976and 977.Va net.inet.udp.log_in_vain , 978as described in 979.Xr tcp 4 980and 981.Xr udp 4 , 982are set to the given value. 983.It Va tcp_keepalive 984.Pq Vt bool 985Set to 986.Dq Li YES 987by default. 988Setting to 989.Dq Li NO 990will disable probing idle TCP connections to verify that the 991peer is still up and reachable. 992.It Va tcp_drop_synfin 993.Pq Vt bool 994Set to 995.Dq Li NO 996by default. 997Setting to 998.Dq Li YES 999will cause the kernel to ignore TCP frames that have both 1000the SYN and FIN flags set. 1001This prevents OS fingerprinting, but may 1002break some legitimate applications. 1003.It Va icmp_drop_redirect 1004.Pq Vt bool 1005Set to 1006.Dq Li NO 1007by default. 1008Setting to 1009.Dq Li YES 1010will cause the kernel to ignore ICMP REDIRECT packets. 1011Refer to 1012.Xr icmp 4 1013for more information. 1014.It Va icmp_log_redirect 1015.Pq Vt bool 1016Set to 1017.Dq Li NO 1018by default. 1019Setting to 1020.Dq Li YES 1021will cause the kernel to log ICMP REDIRECT packets. 1022Note that 1023the log messages are not rate-limited, so this option should only be used 1024for troubleshooting networks. 1025Refer to 1026.Xr icmp 4 1027for more information. 1028.It Va icmp_bmcastecho 1029.Pq Vt bool 1030Set to 1031.Dq Li YES 1032to respond to broadcast or multicast ICMP ping packets. 1033Refer to 1034.Xr icmp 4 1035for more information. 1036.It Va ip_portrange_first 1037.Pq Vt int 1038If not set to 1039.Dq Li NO , 1040this is the first port in the default portrange. 1041Refer to 1042.Xr ip 4 1043for more information. 1044.It Va ip_portrange_last 1045.Pq Vt int 1046If not set to 1047.Dq Li NO , 1048this is the last port in the default portrange. 1049Refer to 1050.Xr ip 4 1051for more information. 1052.It Va network_interfaces 1053.Pq Vt str 1054Set to the list of network interfaces to configure on this host or 1055.Dq Li AUTO 1056(the default) for all current interfaces. 1057Setting the 1058.Va network_interfaces 1059variable to anything other than the default is deprecated. 1060Interfaces that the administrator wishes to store configuration for, 1061but not start at boot should be configured with the 1062.Dq Li NOAUTO 1063keyword in their 1064.Va ifconfig_ Ns Aq Ar interface 1065variables as described below. 1066.Pp 1067An 1068.Va ifconfig_ Ns Aq Ar interface 1069variable is also assumed to exist for each value of 1070.Ar interface . 1071When an interface name contains any of the characters 1072.Dq Li .-/+ 1073they are translated to 1074.Dq Li _ 1075before lookup. 1076The variable can contain arguments to 1077.Xr ifconfig 8 , 1078as well as special case-insensitive keywords described below. 1079Such keywords are removed before passing the value to 1080.Xr ifconfig 8 1081while the order of the other arguments is preserved. 1082.Pp 1083One can configure more than one IPv4 address with the 1084.Va ipv4_addrs_ Ns Aq Ar interface 1085variable. 1086One or more IP addresses must be provided in Classless Inter-Domain 1087Routing (CIDR) address notation, whose last byte can be a range like 1088192.168.0.5-23/24. 1089In this case the address 192.168.0.5 will be configured with the 1090netmask /24 and the addresses 192.168.0.6 to 192.168.0.23 with 1091the non-conflicting netmask /32 as explained in the 1092.Xr ifconfig 8 1093alias section. 1094With the interface in question being 1095.Li ed0 , 1096an example could look like: 1097.Bd -literal 1098ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28" 1099.Ed 1100.Pp 1101It is also possible to add IP alias entries using 1102.Xr ifconfig 8 1103syntax. 1104Assuming that the interface in question was 1105.Li ed0 , 1106it might look 1107something like this: 1108.Bd -literal 1109ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1110ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1111.Ed 1112.Pp 1113And so on. 1114For each 1115.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1116entry that is found, 1117its contents are passed to 1118.Xr ifconfig 8 . 1119Execution stops at the first unsuccessful access, so if 1120something like this is present: 1121.Bd -literal 1122ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1123ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1124ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1125ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1126.Ed 1127.Pp 1128Then note that alias4 would 1129.Em not 1130be added since the search would 1131stop with the missing 1132.Dq Li alias3 1133entry. 1134Due to this difficult to manage behavior, the 1135.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1136form is deprecated. 1137.Pp 1138If the 1139.Pa /etc/start_if. Ns Aq Ar interface 1140file is present, it is read and executed by the 1141.Xr sh 1 1142interpreter 1143before configuring the interface as specified in the 1144.Va ifconfig_ Ns Aq Ar interface 1145and 1146.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1147variables. 1148.Pp 1149If a 1150.Va wlans_ Ns Aq Ar interface 1151variable is set, 1152an 1153.Xr wlan 4 1154interface will be created for each item in the list with the 1155.Ar wlandev 1156argument set to 1157.Ar interface . 1158Further wlan cloning arguments may be passed to the 1159.Xr ifconfig 8 1160.Cm create 1161command by setting the 1162.Va create_args_ Ns Aq Ar interface 1163variable. 1164One or more 1165.Xr wlan 4 1166devices must be created for each wireless devices as of 1167.Fx 8.0 . 1168.Pp 1169If the 1170.Va ifconfig_ Ns Aq Ar interface 1171contains the keyword 1172.Dq Li NOAUTO 1173then the interface will not be configured 1174at boot or by 1175.Pa /etc/pccard_ether 1176when 1177.Va network_interfaces 1178is set to 1179.Dq Li AUTO . 1180.Pp 1181It is possible to bring up an interface with DHCP by adding 1182.Dq Li DHCP 1183to the 1184.Va ifconfig_ Ns Aq Ar interface 1185variable. 1186For instance, to initialize the 1187.Li ed0 1188device via DHCP, 1189it is possible to use something like: 1190.Bd -literal 1191ifconfig_ed0="DHCP" 1192.Ed 1193.Pp 1194Also, if you want to configure your wireless interface with 1195.Xr wpa_supplicant 8 1196for use with WPA, EAP/LEAP or WEP, you need to add 1197.Dq Li WPA 1198to the 1199.Va ifconfig_ Ns Aq Ar interface 1200variable. 1201.Pp 1202Finally, you can add 1203.Xr ifconfig 8 1204options in this variable, in addition to the 1205.Pa /etc/start_if. Ns Aq Ar interface 1206file. 1207For instance, configure an 1208.Xr ath 4 1209wireless device in station mode with an address obtained 1210via DHCP, using WPA authentication and 802.11b mode, it is 1211possible to use something like: 1212.Bd -literal 1213wlans_ath0="wlan0" 1214ifconfig_wlan0="DHCP WPA mode 11b" 1215.Ed 1216.Pp 1217In addition to the 1218.Va ifconfig_ Ns Aq Ar interface 1219form, a fallback variable 1220.Va ifconfig_DEFAULT 1221may be configured. 1222It will be used for all interfaces with no 1223.Va ifconfig_ Ns Aq Ar interface 1224variable. 1225This is intended to replace the no longer supported 1226.Va pccard_ifconfig 1227variable. 1228.Pp 1229It is also possible to rename interface by doing: 1230.Bd -literal 1231ifconfig_ed0_name="net0" 1232ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000" 1233.Ed 1234.It Va ipv6_network_interfaces 1235.Pq Vt str 1236This is the IPv6 equivalent of 1237.Va network_interfaces . 1238Instead of setting the ifconfig variables as 1239.Va ifconfig_ Ns Aq Ar interface 1240they should be set as 1241.Va ipv6_ifconfig_ Ns Aq Ar interface . 1242Aliases should be set as 1243.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . 1244.Va ipv6_prefix_ Ns Aq Ar interface 1245does something. 1246Interfaces that do not have a 1247.Va ipv6_ifconfig_ Ns Aq Ar interface 1248setting will be auto configured by 1249.Xr rtsol 8 1250if the 1251.Va ipv6_gateway_enable 1252is set to 1253.Dq Li NO . 1254Note that the IPv6 networking code does not support the 1255.Pa /etc/start_if. Ns Aq Ar interface 1256files. 1257.It Va ipv6_default_interface 1258.Pq Vt str 1259If not set to 1260.Dq Li NO , 1261this is the default output interface for scoped addresses. 1262Now this works only for IPv6 link local multicast addresses. 1263.It Va cloned_interfaces 1264.Pq Vt str 1265Set to the list of clonable network interfaces to create on this host. 1266Entries in 1267.Va cloned_interfaces 1268are automatically appended to 1269.Va network_interfaces 1270for configuration. 1271.It Va fec_interfaces 1272.Pq Vt str 1273Set to the list of 1274.Xr ng_fec 4 1275Fast EtherChannel interfaces to configure on this host. 1276A 1277.Va fecconfig_ Ns Aq Ar interface 1278variable is assumed to exist for each value of 1279.Ar interface . 1280The value of this variable is used to configure link aggregated interfaces 1281according to the syntax of the 1282.Cm NGM_FEC_ADD_IFACE 1283to 1284.Xr ngctl 8 1285msg. 1286Additionally, this option ensures that each listed interface is created 1287via the 1288.Cm mkpeer 1289command to 1290.Xr ngctl 8 1291before attempting to configure it. 1292For example: 1293.Bd -literal 1294fec_interfaces="fec0" 1295fecconfig_fec0="em0 em1" 1296ifconfig_fec0="DHCP" 1297.Ed 1298.It Va gif_interfaces 1299.Pq Vt str 1300Set to the list of 1301.Xr gif 4 1302tunnel interfaces to configure on this host. 1303A 1304.Va gifconfig_ Ns Aq Ar interface 1305variable is assumed to exist for each value of 1306.Ar interface . 1307The value of this variable is used to configure the link layer of the 1308tunnel according to the syntax of the 1309.Cm tunnel 1310option to 1311.Xr ifconfig 8 . 1312Additionally, this option ensures that each listed interface is created 1313via the 1314.Cm create 1315option to 1316.Xr ifconfig 8 1317before attempting to configure it. 1318.It Va sppp_interfaces 1319.Pq Vt str 1320Set to the list of 1321.Xr sppp 4 1322interfaces to configure on this host. 1323A 1324.Va spppconfig_ Ns Aq Ar interface 1325variable is assumed to exist for each value of 1326.Ar interface . 1327Each interface should also be configured by a general 1328.Va ifconfig_ Ns Aq Ar interface 1329setting. 1330Refer to 1331.Xr spppcontrol 8 1332for more information about available options. 1333.It Va ppp_enable 1334.Pq Vt bool 1335If set to 1336.Dq Li YES , 1337run the 1338.Xr ppp 8 1339daemon. 1340.It Va ppp_profile 1341.Pq Vt str 1342The name of the profile to use from 1343.Pa /etc/ppp/ppp.conf . 1344Also used for per-profile overrides of 1345.Va ppp_mode 1346and 1347.Va ppp_nat , 1348and 1349.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1350When the profile name contains any of the characters 1351.Dq Li .-/+ 1352they are translated to 1353.Dq Li _ 1354for the proposes of the override variable names. 1355.It Va ppp_mode 1356.Pq Vt str 1357Mode in which to run the 1358.Xr ppp 8 1359daemon. 1360.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1361.Pq Vt str 1362Overrides the global 1363.Va ppp_mode 1364for 1365.Ar profile . 1366Accepted modes are 1367.Dq Li auto , 1368.Dq Li ddial , 1369.Dq Li direct 1370and 1371.Dq Li dedicated . 1372See the manual for a full description. 1373.It Va ppp_nat 1374.Pq Vt bool 1375If set to 1376.Dq Li YES , 1377enables network address translation. 1378Used in conjunction with 1379.Va gateway_enable 1380allows hosts on private network addresses access to the Internet using 1381this host as a network address translating router. 1382.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1383.Pq Vt str 1384Overrides the global 1385.Va ppp_nat 1386for 1387.Ar profile . 1388.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1389.Pq Vt int 1390Set the unit number to be used for this profile. 1391See the manual description of 1392.Fl unit Ns Ar N 1393for details. 1394.It Va ppp_user 1395.Pq Vt str 1396The name of the user under which 1397.Xr ppp 8 1398should be started. 1399By 1400default, 1401.Xr ppp 8 1402is started as 1403.Dq Li root . 1404.It Va rc_conf_files 1405.Pq Vt str 1406This option is used to specify a list of files that will override 1407the settings in 1408.Pa /etc/defaults/rc.conf . 1409The files will be read in the order in which they are specified and should 1410include the full path to the file. 1411By default, the files specified are 1412.Pa /etc/rc.conf 1413and 1414.Pa /etc/rc.conf.local 1415.It Va zfs_enable 1416.Pq Vt bool 1417If set to 1418.Dq Li YES , 1419.Pa /etc/rc.d/zfs 1420will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1421(ZVOLs). 1422.It Va gbde_autoattach_all 1423.Pq Vt bool 1424If set to 1425.Dq Li YES , 1426.Pa /etc/rc.d/gbde 1427will attempt to automatically initialize your .bde devices in 1428.Pa /etc/fstab . 1429.It Va gbde_devices 1430.Pq Vt str 1431List the devices that the script should try to attach, 1432or 1433.Dq Li AUTO . 1434.It Va gbde_lockdir 1435.Pq Vt str 1436The directory where the 1437.Xr gbde 4 1438lockfiles are located. 1439The default lockfile directory is 1440.Pa /etc . 1441.Pp 1442The lockfile for each individual 1443.Xr gbde 4 1444device can be overridden by setting the variable 1445.Va gbde_lock_ Ns Aq Ar device , 1446where 1447.Ar device 1448is the encrypted device without the 1449.Dq Pa /dev/ 1450and 1451.Dq Pa .bde 1452parts. 1453.It Va gbde_attach_attempts 1454.Pq Vt int 1455Number of times to attempt attaching to a 1456.Xr gbde 4 1457device, i.e., how many times the user is asked for the pass-phrase. 1458Default is 3. 1459.It Va geli_devices 1460.Pq Vt str 1461List of devices to automatically attach on boot. 1462Note that .eli devices from 1463.Pa /etc/fstab 1464are automatically appended to this list. 1465.It Va geli_tries 1466.Pq Vt int 1467Number of times user is asked for the pass-phrase. 1468If empty, it will be taken from 1469.Va kern.geom.eli.tries 1470sysctl variable. 1471.It Va geli_default_flags 1472.Pq Vt str 1473Default flags to use by 1474.Xr geli 8 1475when configuring disk encryption. 1476Flags can be configured for every device separately by defining 1477.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1478variable. 1479.It Va geli_autodetach 1480.Pq Vt str 1481Specifies if GELI devices should be marked for detach on last close after 1482file systems are mounted. 1483Default is 1484.Dq Li YES . 1485This can be changed for every device separately by defining 1486.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1487variable. 1488.It Va geli_swap_flags 1489Options passed to the 1490.Xr geli 8 1491utility when encrypted GEOM providers for swap partitions are created. 1492The default is 1493.Dq Li "-a aes -l 256 -s 4096 -d" . 1494.It Va root_rw_mount 1495.Pq Vt bool 1496Set to 1497.Dq Li YES 1498by default. 1499After the file systems are checked at boot time, the root file system 1500is remounted as read-write if this is set to 1501.Dq Li YES . 1502Diskless systems that mount their root file system from a read-only remote 1503NFS share should set this to 1504.Dq Li NO 1505in their 1506.Pa rc.conf . 1507.It Va fsck_y_enable 1508.Pq Vt bool 1509If set to 1510.Dq Li YES , 1511.Xr fsck 8 1512will be run with the 1513.Fl y 1514flag if the initial preen 1515of the file systems fails. 1516.It Va background_fsck 1517.Pq Vt bool 1518If set to 1519.Dq Li YES , 1520the system will attempt to run 1521.Xr fsck 8 1522in the background where possible. 1523.It Va background_fsck_delay 1524.Pq Vt int 1525The amount of time in seconds to sleep before starting a background 1526.Xr fsck 8 . 1527It defaults to sixty seconds to allow large applications such as 1528the X server to start before disk I/O bandwidth is monopolized by 1529.Xr fsck 8 . 1530If set to a negative number, the background file system check will be 1531delayed indefinitely to allow the administrator to run it at a more 1532convenient time. 1533For example it may be run from 1534.Xr cron 8 1535by adding a line like 1536.Pp 1537.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1538.Pp 1539to 1540.Pa /etc/crontab . 1541.It Va netfs_types 1542.Pq Vt str 1543List of file system types that are network-based. 1544This list should generally not be modified by end users. 1545Use 1546.Va extra_netfs_types 1547instead. 1548.It Va extra_netfs_types 1549.Pq Vt str 1550If set to something other than 1551.Dq Li NO 1552(the default), 1553this variable extends the list of file system types 1554for which automatic mounting at startup by 1555.Xr rc 8 1556should be delayed until the network is initialized. 1557It should contain 1558a whitespace-separated list of network file system descriptor pairs, 1559each consisting of a file system type as passed to 1560.Xr mount 8 1561and a human-readable, one-word description, 1562joined with a colon 1563.Pq Ql \&: . 1564Extending the default list in this way is only necessary 1565when third party file system types are used. 1566.It Va syslogd_enable 1567.Pq Vt bool 1568If set to 1569.Dq Li YES , 1570run the 1571.Xr syslogd 8 1572daemon. 1573.It Va syslogd_program 1574.Pq Vt str 1575Path to 1576.Xr syslogd 8 1577(default 1578.Pa /usr/sbin/syslogd ) . 1579.It Va syslogd_flags 1580.Pq Vt str 1581If 1582.Va syslogd_enable 1583is set to 1584.Dq Li YES , 1585these are the flags to pass to 1586.Xr syslogd 8 . 1587.It Va inetd_enable 1588.Pq Vt bool 1589If set to 1590.Dq Li YES , 1591run the 1592.Xr inetd 8 1593daemon. 1594.It Va inetd_program 1595.Pq Vt str 1596Path to 1597.Xr inetd 8 1598(default 1599.Pa /usr/sbin/inetd ) . 1600.It Va inetd_flags 1601.Pq Vt str 1602If 1603.Va inetd_enable 1604is set to 1605.Dq Li YES , 1606these are the flags to pass to 1607.Xr inetd 8 . 1608.It Va named_enable 1609.Pq Vt bool 1610If set to 1611.Dq Li YES , 1612run the 1613.Xr named 8 1614daemon. 1615.It Va named_program 1616.Pq Vt str 1617Path to 1618.Xr named 8 1619(default 1620.Pa /usr/sbin/named ) . 1621.It Va named_flags 1622.Pq Vt str 1623If 1624.Va named_enable 1625is set to 1626.Dq Li YES , 1627these are the flags to pass to 1628.Xr named 8 . 1629.It Va named_pidfile 1630.Pq Vt str 1631This is the default path to the 1632.Xr named 8 1633daemon's PID file. 1634This must match the location in 1635.Xr named.conf 5 . 1636.It Va named_uid 1637.Pq Vt str 1638The user that the 1639.Xr named 8 1640process should be run as. 1641.It Va named_chrootdir 1642.Pq Vt str 1643The root directory for a name server run in a 1644.Xr chroot 8 1645environment (default 1646.Pa /var/named ) . 1647If left empty 1648.Xr named 8 1649will not be run in a 1650.Xr chroot 8 1651environment. 1652.It Va named_chroot_autoupdate 1653.Pq Vt bool 1654Set to 1655.Dq Li NO 1656to disable automatic update of the 1657.Xr chroot 8 1658environment. 1659.It Va named_symlink_enable 1660.Pq Vt bool 1661Set to 1662.Dq Li NO 1663to disable symlinking of 1664daemon's PID file 1665into the 1666.Xr chroot 8 1667environment. 1668.It Va kerberos5_server_enable 1669.Pq Vt bool 1670Set to 1671.Dq Li YES 1672to start a Kerberos 5 authentication server 1673at boot time. 1674.It Va kerberos5_server 1675.Pq Vt str 1676If 1677.Va kerberos5_server_enable 1678is set to 1679.Dq Li YES 1680this is the path to Kerberos 5 Authentication Server. 1681.It Va kerberos5_server_flags 1682.Pq Vt str 1683Empty by default. 1684This variable contains additional flags to be passed to the Kerberos 5 1685authentication server. 1686.It Va kadmind5_server_enable 1687.Pq Vt bool 1688Set to 1689.Dq Li YES 1690to start 1691.Xr kadmind 8 , 1692the Kerberos 5 Administration Daemon; set to 1693.Dq Li NO 1694on a slave server. 1695.It Va kadmind5_server 1696.Pq Vt str 1697If 1698.Va kadmind5_server_enable 1699is set to 1700.Dq Li YES 1701this is the path to Kerberos 5 Administration Daemon. 1702.It Va kpasswdd_server_enable 1703.Pq Vt bool 1704Set to 1705.Dq Li YES 1706to start 1707.Xr kpasswdd 8 , 1708the Kerberos 5 Password-Changing Daemon; set to 1709.Dq Li NO 1710on a slave server. 1711.It Va kpasswdd_server 1712.Pq Vt str 1713If 1714.Va kpasswdd_server_enable 1715is set to 1716.Dq Li YES 1717this is the path to Kerberos 5 Password-Changing Daemon. 1718.It Va rwhod_enable 1719.Pq Vt bool 1720If set to 1721.Dq Li YES , 1722run the 1723.Xr rwhod 8 1724daemon at boot time. 1725.It Va rwhod_flags 1726.Pq Vt str 1727If 1728.Va rwhod_enable 1729is set to 1730.Dq Li YES , 1731these are the flags to pass to it. 1732.It Va amd_enable 1733.Pq Vt bool 1734If set to 1735.Dq Li YES , 1736run the 1737.Xr amd 8 1738daemon at boot time. 1739.It Va amd_flags 1740.Pq Vt str 1741If 1742.Va amd_enable 1743is set to 1744.Dq Li YES , 1745these are the flags to pass to it. 1746See the 1747.Xr amd 8 1748manpage for more information. 1749.It Va amd_map_program 1750.Pq Vt str 1751If set, 1752the specified program is run to get the list of 1753.Xr amd 8 1754maps. 1755For example, if the 1756.Xr amd 8 1757maps are stored in NIS, one can set this to 1758run 1759.Xr ypcat 1 1760to get a list of 1761.Xr amd 8 1762maps from the 1763.Pa amd.master 1764NIS map. 1765.It Va update_motd 1766.Pq Vt bool 1767If set to 1768.Dq Li YES , 1769.Pa /etc/motd 1770will be updated at boot time to reflect the kernel release 1771being run. 1772If set to 1773.Dq Li NO , 1774.Pa /etc/motd 1775will not be updated. 1776.It Va nfs_client_enable 1777.Pq Vt bool 1778If set to 1779.Dq Li YES , 1780run the NFS client daemons at boot time. 1781.It Va nfs_access_cache 1782.Pq Vt int 1783If 1784.Va nfs_client_enable 1785is set to 1786.Dq Li YES , 1787this can be set to 1788.Dq Li 0 1789to disable NFS ACCESS RPC caching, or to the number of seconds for which 1790NFS ACCESS 1791results should be cached. 1792A value of 2-10 seconds will substantially reduce network 1793traffic for many NFS operations. 1794.It Va nfs_server_enable 1795.Pq Vt bool 1796If set to 1797.Dq Li YES , 1798run the NFS server daemons at boot time. 1799.It Va nfs_server_flags 1800.Pq Vt str 1801If 1802.Va nfs_server_enable 1803is set to 1804.Dq Li YES , 1805these are the flags to pass to the 1806.Xr nfsd 8 1807daemon. 1808.It Va idmapd_enable 1809.Pq Vt bool 1810If set to 1811.Dq Li YES , 1812run the ID mapping daemon for NFS version 4. 1813.It Va idmapd_flags 1814.Pq Vt str 1815If 1816.Va idmapd_enable 1817is set to 1818.Dq Li YES , 1819these are the flags to pass to the 1820.Xr idmapd 8 1821daemon. 1822.It Va mountd_enable 1823.Pq Vt bool 1824If set to 1825.Dq Li YES , 1826and no 1827.Va nfs_server_enable 1828is set, start 1829.Xr mountd 8 , 1830but not 1831.Xr nfsd 8 1832daemon. 1833It is commonly needed to run CFS without real NFS used. 1834.It Va mountd_flags 1835.Pq Vt str 1836If 1837.Va mountd_enable 1838is set to 1839.Dq Li YES , 1840these are the flags to pass to the 1841.Xr mountd 8 1842daemon. 1843.It Va weak_mountd_authentication 1844.Pq Vt bool 1845If set to 1846.Dq Li YES , 1847allow services like PCNFSD to make non-privileged mount 1848requests. 1849.It Va nfs_reserved_port_only 1850.Pq Vt bool 1851If set to 1852.Dq Li YES , 1853provide NFS services only on a secure port. 1854.It Va nfs_bufpackets 1855.Pq Vt int 1856If set to a number, indicates the number of packets worth of 1857socket buffer space to reserve on an NFS client. 1858The kernel default is typically 4. 1859Using a higher number may be 1860useful on gigabit networks to improve performance. 1861The minimum value is 18622 and the maximum is 64. 1863.It Va rpc_lockd_enable 1864.Pq Vt bool 1865If set to 1866.Dq Li YES 1867and also an NFS server or client, run 1868.Xr rpc.lockd 8 1869at boot time. 1870.It Va rpc_lockd_flags 1871.Pq Vt str 1872If 1873.Va rpc_lockd_enable 1874is set to 1875.Dq Li YES , 1876these are the flags to pass to the 1877.Xr rpc.lockd 8 1878daemon. 1879.It Va rpc_statd_enable 1880.Pq Vt bool 1881If set to 1882.Dq Li YES 1883and also an NFS server or client, run 1884.Xr rpc.statd 8 1885at boot time. 1886.It Va rpc_statd_flags 1887.Pq Vt str 1888If 1889.Va rpc_statd_enable 1890is set to 1891.Dq Li YES , 1892these are the flags to pass to the 1893.Xr rpc.statd 8 1894daemon. 1895.It Va rpcbind_program 1896.Pq Vt str 1897Path to 1898.Xr rpcbind 8 1899(default 1900.Pa /usr/sbin/rpcbind ) . 1901.It Va rpcbind_enable 1902.Pq Vt bool 1903If set to 1904.Dq Li YES , 1905run the 1906.Xr rpcbind 8 1907service at boot time. 1908.It Va rpcbind_flags 1909.Pq Vt str 1910If 1911.Va rpcbind_enable 1912is set to 1913.Dq Li YES , 1914these are the flags to pass to the 1915.Xr rpcbind 8 1916daemon. 1917.It Va keyserv_enable 1918.Pq Vt bool 1919If set to 1920.Dq Li YES , 1921run the 1922.Xr keyserv 8 1923daemon on boot for running Secure RPC. 1924.It Va keyserv_flags 1925.Pq Vt str 1926If 1927.Va keyserv_enable 1928is set to 1929.Dq Li YES , 1930these are the flags to pass to 1931.Xr keyserv 8 1932daemon. 1933.It Va pppoed_enable 1934.Pq Vt bool 1935If set to 1936.Dq Li YES , 1937run the 1938.Xr pppoed 8 1939daemon at boot time to provide PPP over Ethernet services. 1940.It Va pppoed_ Ns Aq Ar provider 1941.Pq Vt str 1942.Xr pppoed 8 1943listens to requests to this 1944.Ar provider 1945and ultimately runs 1946.Xr ppp 8 1947with a 1948.Ar system 1949argument of the same name. 1950.It Va pppoed_flags 1951.Pq Vt str 1952Additional flags to pass to 1953.Xr pppoed 8 . 1954.It Va pppoed_interface 1955.Pq Vt str 1956The network interface to run 1957.Xr pppoed 8 1958on. 1959This is mandatory when 1960.Va pppoed_enable 1961is set to 1962.Dq Li YES . 1963.It Va timed_enable 1964.Pq Vt bool 1965If set to 1966.Dq Li YES , 1967run the 1968.Xr timed 8 1969service at boot time. 1970This command is intended for networks of 1971machines where a consistent 1972.Dq "network time" 1973for all hosts must be established. 1974This is often useful in large NFS 1975environments where time stamps on files are expected to be consistent 1976network-wide. 1977.It Va timed_flags 1978.Pq Vt str 1979If 1980.Va timed_enable 1981is set to 1982.Dq Li YES , 1983these are the flags to pass to the 1984.Xr timed 8 1985service. 1986.It Va ntpdate_enable 1987.Pq Vt bool 1988If set to 1989.Dq Li YES , 1990run 1991.Xr ntpdate 8 1992at system startup. 1993This command is intended to 1994synchronize the system clock only 1995.Em once 1996from some standard reference. 1997An option to set this up initially 1998(from a list of known servers) is also provided by the 1999.Xr sysinstall 8 2000program when the system is first installed. 2001.It Va ntpdate_config 2002.Pq Vt str 2003Configuration file for 2004.Xr ntpdate 8 . 2005Default 2006.Pa /etc/ntp.conf . 2007.It Va ntpdate_hosts 2008.Pq Vt str 2009A whitespace-separated list of NTP servers to synchronize with at startup. 2010The default is to use the servers listed in 2011.Va ntpdate_config , 2012if that file exists. 2013.It Va ntpdate_program 2014.Pq Vt str 2015Path to 2016.Xr ntpdate 8 2017(default 2018.Pa /usr/sbin/ntpdate ) . 2019.It Va ntpdate_flags 2020.Pq Vt str 2021If 2022.Va ntpdate_enable 2023is set to 2024.Dq Li YES , 2025these are the flags to pass to the 2026.Xr ntpdate 8 2027command (typically a hostname). 2028.It Va ntpd_enable 2029.Pq Vt bool 2030If set to 2031.Dq Li YES , 2032run the 2033.Xr ntpd 8 2034command at boot time. 2035.It Va ntpd_program 2036.Pq Vt str 2037Path to 2038.Xr ntpd 8 2039(default 2040.Pa /usr/sbin/ntpd ) . 2041.It Va ntpd_config 2042.Pq Vt str 2043Path to 2044.Xr ntpd 8 2045configuration file. 2046Default 2047.Pa /etc/ntp.conf . 2048.It Va ntpd_flags 2049.Pq Vt str 2050If 2051.Va ntpd_enable 2052is set to 2053.Dq Li YES , 2054these are the flags to pass to the 2055.Xr ntpd 8 2056daemon. 2057.It Va ntpd_sync_on_start 2058.Pq Vt bool 2059If set to 2060.Dq Li YES , 2061.Xr ntpd 8 2062is run with the 2063.Fl g 2064flag, which syncs the system's clock on startup. 2065See 2066.Xr ntpd 8 2067for more information regarding the 2068.Fl g 2069option. 2070This is a preferred alternative to using 2071.Xr ntpdate 8 2072or specifying the 2073.Va ntpdate_enable 2074variable. 2075.It Va nis_client_enable 2076.Pq Vt bool 2077If set to 2078.Dq Li YES , 2079run the 2080.Xr ypbind 8 2081service at system boot time. 2082.It Va nis_client_flags 2083.Pq Vt str 2084If 2085.Va nis_client_enable 2086is set to 2087.Dq Li YES , 2088these are the flags to pass to the 2089.Xr ypbind 8 2090service. 2091.It Va nis_ypset_enable 2092.Pq Vt bool 2093If set to 2094.Dq Li YES , 2095run the 2096.Xr ypset 8 2097daemon at system boot time. 2098.It Va nis_ypset_flags 2099.Pq Vt str 2100If 2101.Va nis_ypset_enable 2102is set to 2103.Dq Li YES , 2104these are the flags to pass to the 2105.Xr ypset 8 2106daemon. 2107.It Va nis_server_enable 2108.Pq Vt bool 2109If set to 2110.Dq Li YES , 2111run the 2112.Xr ypserv 8 2113daemon at system boot time. 2114.It Va nis_server_flags 2115.Pq Vt str 2116If 2117.Va nis_server_enable 2118is set to 2119.Dq Li YES , 2120these are the flags to pass to the 2121.Xr ypserv 8 2122daemon. 2123.It Va nis_ypxfrd_enable 2124.Pq Vt bool 2125If set to 2126.Dq Li YES , 2127run the 2128.Xr rpc.ypxfrd 8 2129daemon at system boot time. 2130.It Va nis_ypxfrd_flags 2131.Pq Vt str 2132If 2133.Va nis_ypxfrd_enable 2134is set to 2135.Dq Li YES , 2136these are the flags to pass to the 2137.Xr rpc.ypxfrd 8 2138daemon. 2139.It Va nis_yppasswdd_enable 2140.Pq Vt bool 2141If set to 2142.Dq Li YES , 2143run the 2144.Xr rpc.yppasswdd 8 2145daemon at system boot time. 2146.It Va nis_yppasswdd_flags 2147.Pq Vt str 2148If 2149.Va nis_yppasswdd_enable 2150is set to 2151.Dq Li YES , 2152these are the flags to pass to the 2153.Xr rpc.yppasswdd 8 2154daemon. 2155.It Va rpc_ypupdated_enable 2156.Pq Vt bool 2157If set to 2158.Dq Li YES , 2159run the 2160.Nm rpc.ypupdated 2161daemon at system boot time. 2162.It Va bsnmpd_enable 2163.Pq Vt bool 2164If set to 2165.Dq Li YES , 2166run the 2167.Xr bsnmpd 1 2168daemon at system boot time. 2169Be sure to understand the security implications of running SNMP daemon 2170on your host. 2171.It Va bsnmpd_flags 2172.Pq Vt str 2173If 2174.Va bsnmpd_enable 2175is set to 2176.Dq Li YES , 2177these are the flags to pass to the 2178.Xr bsnmpd 1 2179daemon. 2180.It Va defaultrouter 2181.Pq Vt str 2182If not set to 2183.Dq Li NO , 2184create a default route to this host name or IP address 2185(use an IP address if this router is also required to get to the 2186name server!). 2187.It Va ipv6_defaultrouter 2188.Pq Vt str 2189The IPv6 equivalent of 2190.Va defaultrouter . 2191.It Va static_routes 2192.Pq Vt str 2193Set to the list of static routes that are to be added at system 2194boot time. 2195If not set to 2196.Dq Li NO 2197then for each whitespace separated 2198.Ar element 2199in the value, a 2200.Va route_ Ns Aq Ar element 2201variable is assumed to exist 2202whose contents will later be passed to a 2203.Dq Nm route Cm add 2204operation. 2205For example: 2206.Bd -literal 2207static_routes="mcast gif0local" 2208route_mcast="-net 224.0.0.0/4 -iface gif0" 2209route_gif0local="-host 169.254.1.1 -iface lo0" 2210.Ed 2211.It Va ipv6_static_routes 2212.Pq Vt str 2213The IPv6 equivalent of 2214.Va static_routes . 2215If not set to 2216.Dq Li NO 2217then for each whitespace separated 2218.Ar element 2219in the value, a 2220.Va ipv6_route_ Ns Aq Ar element 2221variable is assumed to exist 2222whose contents will later be passed to a 2223.Dq Nm route Cm add Fl inet6 2224operation. 2225.It Va natm_static_routes 2226.Pq Vt str 2227The 2228.Xr natmip 4 2229equivalent of 2230.Va static_routes . 2231If not empty then for each whitespace separated 2232.Ar element 2233in the value, a 2234.Va route_ Ns Aq Ar element 2235variable is assumed to exist whose contents will later be passed to a 2236.Dq Nm atmconfig Cm natm Cm add 2237operation. 2238.It Va gateway_enable 2239.Pq Vt bool 2240If set to 2241.Dq Li YES , 2242configure host to act as an IP router, e.g.\& to forward packets 2243between interfaces. 2244.It Va ipv6_gateway_enable 2245.Pq Vt bool 2246The IPv6 equivalent of 2247.Va gateway_enable . 2248.It Va router_enable 2249.Pq Vt bool 2250If set to 2251.Dq Li YES , 2252run a routing daemon of some sort, based on the 2253settings of 2254.Va router 2255and 2256.Va router_flags . 2257.It Va ipv6_router_enable 2258.Pq Vt bool 2259The IPv6 equivalent of 2260.Va router_enable . 2261If set to 2262.Dq Li YES , 2263run a routing daemon of some sort, based on the 2264settings of 2265.Va ipv6_router 2266and 2267.Va ipv6_router_flags . 2268.It Va router 2269.Pq Vt str 2270If 2271.Va router_enable 2272is set to 2273.Dq Li YES , 2274this is the name of the routing daemon to use. 2275.It Va ipv6_router 2276.Pq Vt str 2277The IPv6 equivalent of 2278.Va router . 2279.It Va router_flags 2280.Pq Vt str 2281If 2282.Va router_enable 2283is set to 2284.Dq Li YES , 2285these are the flags to pass to the routing daemon. 2286.It Va ipv6_router_flags 2287.Pq Vt str 2288The IPv6 equivalent of 2289.Va router_flags . 2290.It Va mrouted_enable 2291.Pq Vt bool 2292If set to 2293.Dq Li YES , 2294run the multicast routing daemon, 2295.Xr mrouted 8 . 2296.It Va mroute6d_enable 2297.Pq Vt bool 2298The IPv6 equivalent of 2299.Va mrouted_enable . 2300If set to 2301.Dq Li YES , 2302run the IPv6 multicast routing daemon. 2303.Pp 2304Note that multicast routing daemons are no longer included in the 2305.Fx 2306base system, however, both 2307.Xr mrouted 8 2308and 2309.Xr pim6dd 8 2310may be installed from the 2311.Fx 2312Ports Collection. 2313.It Va mrouted_flags 2314.Pq Vt str 2315If 2316.Va mrouted_enable 2317is set to 2318.Dq Li YES , 2319these are the flags to pass to the 2320.Xr mrouted 8 2321daemon. 2322.It Va mroute6d_flags 2323.Pq Vt str 2324The IPv6 equivalent of 2325.Va mrouted_flags . 2326If 2327.Va mroute6d_enable 2328is set to 2329.Dq Li YES , 2330these are the flags passed to the IPv6 multicast routing daemon. 2331.It Va mroute6d_program 2332.Pq Vt str 2333If 2334.Va mroute6d_enable 2335is set to 2336.Dq Li YES , 2337this is the path to the IPv6 multicast routing daemon. 2338.It Va rtadvd_enable 2339.Pq Vt bool 2340If set to 2341.Dq Li YES , 2342run the 2343.Xr rtadvd 8 2344daemon at boot time. 2345.Xr rtadvd 8 2346will only run if 2347.Va ipv6_gateway_enable 2348is also set to 2349.Dq Li YES . 2350The 2351.Xr rtadvd 8 2352utility sends router advertisement packets to the interfaces specified in 2353.Va rtadvd_interfaces 2354and should only be enabled with great care. 2355You may want to fine-tune 2356.Xr rtadvd.conf 5 . 2357.It Va rtadvd_interfaces 2358.Pq Vt str 2359If 2360.Va rtadvd_enable 2361is set to 2362.Dq Li YES 2363this is the list of interfaces to use. 2364.It Va ipxgateway_enable 2365.Pq Vt bool 2366If set to 2367.Dq Li YES , 2368enable the routing of IPX traffic. 2369.It Va ipxrouted_enable 2370.Pq Vt bool 2371If set to 2372.Dq Li YES , 2373run the 2374.Xr IPXrouted 8 2375daemon at system boot time. 2376.It Va ipxrouted_flags 2377.Pq Vt str 2378If 2379.Va ipxrouted_enable 2380is set to 2381.Dq Li YES , 2382these are the flags to pass to the 2383.Xr IPXrouted 8 2384daemon. 2385.It Va arpproxy_all 2386.Pq Vt bool 2387If set to 2388.Dq Li YES , 2389enable global proxy ARP. 2390.It Va forward_sourceroute 2391.Pq Vt bool 2392If set to 2393.Dq Li YES 2394and 2395.Va gateway_enable 2396is also set to 2397.Dq Li YES , 2398source-routed packets are forwarded. 2399.It Va accept_sourceroute 2400.Pq Vt bool 2401If set to 2402.Dq Li YES , 2403the system will accept source-routed packets directed at it. 2404.It Va rarpd_enable 2405.Pq Vt bool 2406If set to 2407.Dq Li YES , 2408run the 2409.Xr rarpd 8 2410daemon at system boot time. 2411.It Va rarpd_flags 2412.Pq Vt str 2413If 2414.Va rarpd_enable 2415is set to 2416.Dq Li YES , 2417these are the flags to pass to the 2418.Xr rarpd 8 2419daemon. 2420.It Va bootparamd_enable 2421.Pq Vt bool 2422If set to 2423.Dq Li YES , 2424run the 2425.Xr bootparamd 8 2426daemon at system boot time. 2427.It Va bootparamd_flags 2428.Pq Vt str 2429If 2430.Va bootparamd_enable 2431is set to 2432.Dq Li YES , 2433these are the flags to pass to the 2434.Xr bootparamd 8 2435daemon. 2436.It Va stf_interface_ipv4addr 2437.Pq Vt str 2438If not set to 2439.Dq Li NO , 2440this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2441interface). 2442Specify this entry to enable the 6to4 interface. 2443.It Va stf_interface_ipv4plen 2444.Pq Vt int 2445Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2446An effective value is 0-31. 2447.It Va stf_interface_ipv6_ifid 2448.Pq Vt str 2449IPv6 interface ID for 2450.Xr stf 4 . 2451This can be set to 2452.Dq Li AUTO . 2453.It Va stf_interface_ipv6_slaid 2454.Pq Vt str 2455IPv6 Site Level Aggregator for 2456.Xr stf 4 . 2457.It Va ipv6_faith_prefix 2458.Pq Vt str 2459If not set to 2460.Dq Li NO , 2461this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2462translator. 2463You also need 2464.Xr faithd 8 2465setup. 2466.It Va ipv6_ipv4mapping 2467.Pq Vt bool 2468If set to 2469.Dq Li YES 2470this enables IPv4 mapped IPv6 address communication (like 2471.Li ::ffff:a.b.c.d ) . 2472.It Va atm_enable 2473.Pq Vt bool 2474Set to 2475.Dq Li YES 2476to enable the configuration of ATM interfaces at system boot time. 2477For all of the ATM variables described below, please refer to the 2478.Xr atm 8 2479manual page for further details on the available command parameters. 2480Also refer to the files in 2481.Pa /usr/share/examples/atm 2482for more detailed configuration information. 2483.It Va atm_load 2484.Pq Vt str 2485This is a list of physical ATM interface drivers to load. 2486Typical values are 2487.Dq Li hfa_pci 2488and/or 2489.Dq Li hea_pci . 2490.It Va atm_netif_ Ns Aq Ar intf 2491.Pq Vt str 2492For the ATM physical interface 2493.Ar intf , 2494this variable defines the name prefix and count for the ATM network 2495interfaces to be created. 2496The value will be passed as the parameters of an 2497.Dq Nm atm Cm "set netif" Ar intf 2498command. 2499.It Va atm_sigmgr_ Ns Aq Ar intf 2500.Pq Vt str 2501For the ATM physical interface 2502.Ar intf , 2503this variable defines the ATM signalling manager to be used. 2504The value will be passed as the parameters of an 2505.Dq Nm atm Cm attach Ar intf 2506command. 2507.It Va atm_prefix_ Ns Aq Ar intf 2508.Pq Vt str 2509For the ATM physical interface 2510.Ar intf , 2511this variable defines the NSAP prefix for interfaces using a UNI signalling 2512manager. 2513If set to 2514.Dq Li ILMI , 2515the prefix will automatically be set via the 2516.Xr ilmid 8 2517daemon. 2518Otherwise, the value will be passed as the parameters of an 2519.Dq Nm atm Cm "set prefix" Ar intf 2520command. 2521.It Va atm_macaddr_ Ns Aq Ar intf 2522.Pq Vt str 2523For the ATM physical interface 2524.Ar intf , 2525this variable defines the MAC address for interfaces using a UNI signalling 2526manager. 2527If set to 2528.Dq Li NO , 2529the hardware MAC address contained in the ATM interface card will be used. 2530Otherwise, the value will be passed as the parameters of an 2531.Dq Nm atm Cm "set mac" Ar intf 2532command. 2533.It Va atm_arpserver_ Ns Aq Ar netif 2534.Pq Vt str 2535For the ATM network interface 2536.Ar netif , 2537this variable defines the ATM address for a host which is to provide ATMARP 2538service. 2539This variable is only applicable to interfaces using a UNI signalling 2540manager. 2541If set to 2542.Dq Li local , 2543this host will become an ATMARP server. 2544The value will be passed as the parameters of an 2545.Dq Nm atm Cm "set arpserver" Ar netif 2546command. 2547.It Va atm_scsparp_ Ns Aq Ar netif 2548.Pq Vt bool 2549If set to 2550.Dq Li YES , 2551SCSP/ATMARP service for the network interface 2552.Ar netif 2553will be initiated using the 2554.Xr scspd 8 2555and 2556.Xr atmarpd 8 2557daemons. 2558This variable is only applicable if 2559.Va atm_arpserver_ Ns Aq Ar netif 2560is set to 2561.Dq Li local . 2562.It Va atm_pvcs 2563.Pq Vt str 2564Set to the list of ATM PVCs to be added at system 2565boot time. 2566For each whitespace separated 2567.Ar element 2568in the value, an 2569.Va atm_pvc_ Ns Aq Ar element 2570variable is assumed to exist. 2571The value of each of these variables 2572will be passed as the parameters of an 2573.Dq Nm atm Cm "add pvc" 2574command. 2575.It Va atm_arps 2576.Pq Vt str 2577Set to the list of permanent ATM ARP entries to be added 2578at system boot time. 2579For each whitespace separated 2580.Ar element 2581in the value, an 2582.Va atm_arp_ Ns Aq Ar element 2583variable is assumed to exist. 2584The value of each of these variables 2585will be passed as the parameters of an 2586.Dq Nm atm Cm "add arp" 2587command. 2588.It Va natm_interfaces 2589.Pq Vt str 2590Set to the list of 2591.Xr natm 4 2592interfaces that will also be used for HARP through 2593.Xr harp 4 . 2594If this list is not empty all interfaces in the list will be brought up 2595with 2596.Xr ifconfig 8 2597and 2598.Xr harp 4 2599will be loaded. 2600For this to work the interface drivers must be either compiled into the 2601kernel or must reside on the root partition. 2602.It Va keybell 2603.Pq Vt str 2604The keyboard bell sound. 2605Set to 2606.Dq Li normal , 2607.Dq Li visual , 2608.Dq Li off , 2609or 2610.Dq Li NO 2611if the default behavior is desired. 2612For details, refer to the 2613.Xr kbdcontrol 1 2614manpage. 2615.It Va keyboard 2616.Pq Vt str 2617If set to a non-null string, the virtual console's keyboard input is 2618set to this device. 2619.It Va keymap 2620.Pq Vt str 2621If set to 2622.Dq Li NO , 2623no keymap is installed, otherwise the value is used to install 2624the keymap file in 2625.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 2626.It Va keyrate 2627.Pq Vt str 2628The keyboard repeat speed. 2629Set to 2630.Dq Li slow , 2631.Dq Li normal , 2632.Dq Li fast , 2633or 2634.Dq Li NO 2635if the default behavior is desired. 2636.It Va keychange 2637.Pq Vt str 2638If not set to 2639.Dq Li NO , 2640attempt to program the function keys with the value. 2641The value should 2642be a single string of the form: 2643.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 2644.It Va cursor 2645.Pq Vt str 2646Can be set to the value of 2647.Dq Li normal , 2648.Dq Li blink , 2649.Dq Li destructive , 2650or 2651.Dq Li NO 2652to set the cursor behavior explicitly or choose the default behavior. 2653.It Va scrnmap 2654.Pq Vt str 2655If set to 2656.Dq Li NO , 2657no screen map is installed, otherwise the value is used to install 2658the screen map file in 2659.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 2660.It Va font8x16 2661.Pq Vt str 2662If set to 2663.Dq Li NO , 2664the default 8x16 font value is used for screen size requests, otherwise 2665the value in 2666.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2667is used. 2668.It Va font8x14 2669.Pq Vt str 2670If set to 2671.Dq Li NO , 2672the default 8x14 font value is used for screen size requests, otherwise 2673the value in 2674.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2675is used. 2676.It Va font8x8 2677.Pq Vt str 2678If set to 2679.Dq Li NO , 2680the default 8x8 font value is used for screen size requests, otherwise 2681the value in 2682.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2683is used. 2684.It Va blanktime 2685.Pq Vt int 2686If set to 2687.Dq Li NO , 2688the default screen blanking interval is used, otherwise it is set 2689to 2690.Ar value 2691seconds. 2692.It Va saver 2693.Pq Vt str 2694If not set to 2695.Dq Li NO , 2696this is the actual screen saver to use 2697.Li ( blank , snake , daemon , 2698etc). 2699.It Va moused_nondefault_enable 2700.Pq Vt str 2701If set to 2702.Dq Li NO , 2703the mouse device specified on 2704the command line is not automatically treated as enabled by the 2705.Pa /etc/rc.d/moused 2706script. 2707Having this variable set to 2708.Dq Li YES 2709allows a 2710.Xr usb 4 2711mouse, 2712for example, 2713to be enabled as soon as it is plugged in. 2714.It Va moused_enable 2715.Pq Vt str 2716If set to 2717.Dq Li YES , 2718the 2719.Xr moused 8 2720daemon is started for doing cut/paste selection on the console. 2721.It Va moused_type 2722.Pq Vt str 2723This is the protocol type of the mouse connected to this host. 2724This variable must be set if 2725.Va moused_enable 2726is set to 2727.Dq Li YES . 2728The 2729.Xr moused 8 2730daemon 2731is able to detect the appropriate mouse type automatically in many cases. 2732Set this variable to 2733.Dq Li auto 2734to let the daemon detect it, or 2735select one from the following list if the automatic detection fails. 2736.Pp 2737If the mouse is attached to the PS/2 mouse port, choose 2738.Dq Li auto 2739or 2740.Dq Li ps/2 , 2741regardless of the brand and model of the mouse. 2742Likewise, if the 2743mouse is attached to the bus mouse port, choose 2744.Dq Li auto 2745or 2746.Dq Li busmouse . 2747All other protocols are for serial mice and will not work with 2748the PS/2 and bus mice. 2749If this is a USB mouse, 2750.Dq Li auto 2751is the only protocol type which will work. 2752.Pp 2753.Bl -tag -width ".Li x10mouseremote" -compact 2754.It Li microsoft 2755Microsoft mouse (serial) 2756.It Li intellimouse 2757Microsoft IntelliMouse (serial) 2758.It Li mousesystems 2759Mouse systems Corp.\& mouse (serial) 2760.It Li mmseries 2761MM Series mouse (serial) 2762.It Li logitech 2763Logitech mouse (serial) 2764.It Li busmouse 2765A bus mouse 2766.It Li mouseman 2767Logitech MouseMan and TrackMan (serial) 2768.It Li glidepoint 2769ALPS GlidePoint (serial) 2770.It Li thinkingmouse 2771Kensington ThinkingMouse (serial) 2772.It Li ps/2 2773PS/2 mouse 2774.It Li mmhittab 2775MM HitTablet (serial) 2776.It Li x10mouseremote 2777X10 MouseRemote (serial) 2778.It Li versapad 2779Interlink VersaPad (serial) 2780.El 2781.Pp 2782Even if the mouse is not in the above list, it may be compatible 2783with one in the list. 2784Refer to the manual page for 2785.Xr moused 8 2786for compatibility information. 2787.Pp 2788It should also be noted that while this is enabled, any 2789other client of the mouse (such as an X server) should access 2790the mouse through the virtual mouse device, 2791.Pa /dev/sysmouse , 2792and configure it as a 2793.Dq Li sysmouse 2794type mouse, since all 2795mouse data is converted to this single canonical format when 2796using 2797.Xr moused 8 . 2798If the client program does not support the 2799.Dq Li sysmouse 2800type, 2801specify the 2802.Dq Li mousesystems 2803type. 2804It is the second preferred type. 2805.It Va moused_port 2806.Pq Vt str 2807If 2808.Va moused_enable 2809is set to 2810.Dq Li YES , 2811this is the actual port the mouse is on. 2812It might be 2813.Pa /dev/cuad0 2814for a COM1 serial mouse, 2815.Pa /dev/psm0 2816for a PS/2 mouse or 2817.Pa /dev/mse0 2818for a bus mouse, for example. 2819.It Va moused_flags 2820.Pq Vt str 2821If 2822.Va moused_flags 2823is set, its value is used as an additional set of flags to pass to the 2824.Xr moused 8 2825daemon. 2826.It Va "moused_" Ns Ar XXX Ns Va "_flags" 2827When 2828.Va moused_nondefault_enable 2829is enabled, and a 2830.Xr moused 8 2831daemon is started for a non-default port, the 2832.Va "moused_" Ns Ar XXX Ns Va "_flags" 2833set of options has precedence over and replaces the default 2834.Va moused_flags (where 2835.Ar XXX 2836is the name of the non-default port, i.e.\& 2837.Ar ums0 ) . 2838By setting 2839.Va "moused_" Ns Ar XXX Ns Va "_flags" 2840it is possible to set up a different set of default flags for each 2841.Xr moused 8 2842instance. 2843For example, you can use 2844.Dq Li "-3" 2845for the default 2846.Va moused_flags 2847to make your laptop's touchpad more comfortable to use, 2848but an empty set of options for 2849.Va moused_ums0_flags 2850when your 2851.Xr usb 4 2852mouse has three or more buttons. 2853.It Va mousechar_start 2854.Pq Vt int 2855If set to 2856.Dq Li NO , 2857the default mouse cursor character range 2858.Li 0xd0 Ns - Ns Li 0xd3 2859is used, 2860otherwise the range start is set 2861to 2862.Ar value 2863character, see 2864.Xr vidcontrol 1 . 2865Use if the default range is occupied in the language code table. 2866.It Va allscreens_flags 2867.Pq Vt str 2868If set, 2869.Xr vidcontrol 1 2870is run with these options for each of the virtual terminals 2871.Pq Pa /dev/ttyv* . 2872For example, 2873.Dq Fl m Cm on 2874will enable the mouse pointer on all virtual terminals 2875if 2876.Va moused_enable 2877is set to 2878.Dq Li YES . 2879.It Va allscreens_kbdflags 2880.Pq Vt str 2881If set, 2882.Xr kbdcontrol 1 2883is run with these options for each of the virtual terminals 2884.Pq Pa /dev/ttyv* . 2885For example, 2886.Dq Fl h Li 200 2887will set the 2888.Xr syscons 4 2889scrollback (history) buffer to 200 lines. 2890.It Va cron_enable 2891.Pq Vt bool 2892If set to 2893.Dq Li YES , 2894run the 2895.Xr cron 8 2896daemon at system boot time. 2897.It Va cron_program 2898.Pq Vt str 2899Path to 2900.Xr cron 8 2901(default 2902.Pa /usr/sbin/cron ) . 2903.It Va cron_flags 2904.Pq Vt str 2905If 2906.Va cron_enable 2907is set to 2908.Dq Li YES , 2909these are the flags to pass to 2910.Xr cron 8 . 2911.It Va cron_dst 2912.Pq Vt bool 2913If set to 2914.Dq Li YES , 2915enable the special handling of transitions to and from the 2916Daylight Saving Time in 2917.Xr cron 8 2918(equivalent to using the flag 2919.Fl s ) . 2920.It Va lpd_program 2921.Pq Vt str 2922Path to 2923.Xr lpd 8 2924(default 2925.Pa /usr/sbin/lpd ) . 2926.It Va lpd_enable 2927.Pq Vt bool 2928If set to 2929.Dq Li YES , 2930run the 2931.Xr lpd 8 2932daemon at system boot time. 2933.It Va lpd_flags 2934.Pq Vt str 2935If 2936.Va lpd_enable 2937is set to 2938.Dq Li YES , 2939these are the flags to pass to the 2940.Xr lpd 8 2941daemon. 2942.It Va chkprintcap_enable 2943.Pq Vt bool 2944If set to 2945.Dq Li YES , 2946run the 2947.Xr chkprintcap 8 2948command before starting the 2949.Xr lpd 8 2950daemon. 2951.It Va chkprintcap_flags 2952.Pq Vt str 2953If 2954.Va lpd_enable 2955and 2956.Va chkprintcap_enable 2957are set to 2958.Dq Li YES , 2959these are the flags to pass to the 2960.Xr chkprintcap 8 2961program. 2962The default is 2963.Dq Li -d , 2964which causes missing directories to be created. 2965.It Va mta_start_script 2966.Pq Vt str 2967This variable specifies the full path to the script to run to start 2968a mail transfer agent. 2969The default is 2970.Pa /etc/rc.sendmail . 2971The 2972.Va sendmail_* 2973variables which 2974.Pa /etc/rc.sendmail 2975uses are documented in the 2976.Xr rc.sendmail 8 2977manual page. 2978.It Va dumpdev 2979.Pq Vt str 2980Indicates the device (usually a swap partition) to which a crash dump 2981should be written in the event of a system crash. 2982If the value of this variable is 2983.Dq Li AUTO , 2984the first suitable swap device listed in 2985.Pa /etc/fstab 2986will be used as dump device. 2987Otherwise, the value of this variable is passed as the argument to 2988.Xr dumpon 8 . 2989To disable crash dumps, set this variable to 2990.Dq Li NO . 2991.It Va dumpdir 2992.Pq Vt str 2993When the system reboots after a crash and a crash dump is found on the 2994device specified by the 2995.Va dumpdev 2996variable, 2997.Xr savecore 8 2998will save that crash dump and a copy of the kernel to the directory 2999specified by the 3000.Va dumpdir 3001variable. 3002The default value is 3003.Pa /var/crash . 3004Set to 3005.Dq Li NO 3006to not run 3007.Xr savecore 8 3008at boot time when 3009.Va dumpdir 3010is set. 3011.It Va savecore_flags 3012.Pq Vt str 3013If crash dumps are enabled, these are the flags to pass to the 3014.Xr savecore 8 3015utility. 3016.It Va enable_quotas 3017.Pq Vt bool 3018Set to 3019.Dq Li YES 3020to turn on user and group disk quotas on system startup via the 3021.Xr quotaon 8 3022command for all file systems marked as having quotas enabled in 3023.Pa /etc/fstab . 3024The kernel must be built with 3025.Cd "options QUOTA" 3026for disk quotas to function. 3027.It Va check_quotas 3028.Pq Vt bool 3029Set to 3030.Dq Li YES 3031to enable user and group disk quota checking via the 3032.Xr quotacheck 8 3033command. 3034.It Va quotacheck_flags 3035.Pq Vt str 3036If 3037.Va enable_quotas 3038is set to 3039.Dq Li YES , 3040and 3041.Va check_quotas 3042is set to 3043.Dq Li YES , 3044these are the flags to pass to the 3045.Xr quotacheck 8 3046utility. 3047The default is 3048.Dq Li "-a" , 3049which checks quotas for all file systems with quotas enabled in 3050.Pa /etc/fstab . 3051.It Va quotaon_flags 3052.Pq Vt str 3053If 3054.Va enable_quotas 3055is set to 3056.Dq Li YES , 3057these are the flags to pass to the 3058.Xr quotaon 8 3059utility. 3060The default is 3061.Dq Li "-a" , 3062which enables quotas for all file systems with quotas enabled in 3063.Pa /etc/fstab . 3064.It Va quotaoff_flags 3065.Pq Vt str 3066If 3067.Va enable_quotas 3068is set to 3069.Dq Li YES , 3070these are the flags to pass to the 3071.Xr quotaoff 8 3072utility when shutting down the quota system. 3073The default is 3074.Dq Li "-a" , 3075which disables quotas for all file systems with quotas enabled in 3076.Pa /etc/fstab . 3077.It Va accounting_enable 3078.Pq Vt bool 3079Set to 3080.Dq Li YES 3081to enable system accounting through the 3082.Xr accton 8 3083facility. 3084.It Va ibcs2_enable 3085.Pq Vt bool 3086Set to 3087.Dq Li YES 3088to enable iBCS2 (SCO) binary emulation at system initial boot 3089time. 3090.It Va ibcs2_loaders 3091.Pq Vt str 3092If not set to 3093.Dq Li NO 3094and if 3095.Va ibcs2_enable 3096is set to 3097.Dq Li YES , 3098this specifies a list of additional iBCS2 loaders to enable. 3099.It Va linux_enable 3100.Pq Vt bool 3101Set to 3102.Dq Li YES 3103to enable Linux/ELF binary emulation at system initial 3104boot time. 3105.It Va svr4_enable 3106.Pq Vt bool 3107If set to 3108.Dq Li YES , 3109enable SysVR4 emulation at boot time. 3110.It Va sysvipc_enable 3111.Pq Vt bool 3112If set to 3113.Dq Li YES , 3114load System V IPC primitives at boot time. 3115.It Va clear_tmp_enable 3116.Pq Vt bool 3117Set to 3118.Dq Li YES 3119to have 3120.Pa /tmp 3121cleaned at startup. 3122.It Va clear_tmp_X 3123.Pq Vt bool 3124Set to 3125.Dq Li NO 3126to disable removing of X11 lock files, 3127and the removal and (secure) recreation 3128of the various socket directories for X11 3129related programs. 3130.It Va ldconfig_paths 3131.Pq Vt str 3132Set to the list of shared library paths to use with 3133.Xr ldconfig 8 . 3134NOTE: 3135.Pa /usr/lib 3136will always be added first, so it need not appear in this list. 3137.It Va ldconfig32_paths 3138.Pq Vt str 3139Set to the list of 32-bit compatibility shared library paths to 3140use with 3141.Xr ldconfig 8 . 3142.It Va ldconfig_paths_aout 3143.Pq Vt str 3144Set to the list of shared library paths to use with 3145.Xr ldconfig 8 3146legacy 3147.Xr a.out 5 3148support. 3149.It Va ldconfig_insecure 3150.Pq Vt bool 3151The 3152.Xr ldconfig 8 3153utility normally refuses to use directories 3154which are writable by anyone except root. 3155Set this variable to 3156.Dq Li YES 3157to disable that security check during system startup. 3158.It Va ldconfig_local_dirs 3159.Pq Vt str 3160Set to the list of local 3161.Xr ldconfig 8 3162directories. 3163The names of all files in the directories listed will be 3164passed as arguments to 3165.Xr ldconfig 8 . 3166.It Va ldconfig_local32_dirs 3167.Pq Vt str 3168Set to the list of local 32-bit compatibility 3169.Xr ldconfig 8 3170directories. 3171The names of all files in the directories listed will be 3172passed as arguments to 3173.Dq Nm ldconfig Fl 32 . 3174.It Va kern_securelevel_enable 3175.Pq Vt bool 3176Set to 3177.Dq Li YES 3178to set the kernel security level at system startup. 3179.It Va kern_securelevel 3180.Pq Vt int 3181The kernel security level to set at startup. 3182The allowed range of 3183.Ar value 3184ranges from \-1 (the compile time default) to 3 (the 3185most secure). 3186See 3187.Xr init 8 3188for the list of possible security levels and their effect 3189on system operation. 3190.It Va sshd_program 3191.Pq Vt str 3192Path to the SSH server program 3193.Pa ( /usr/sbin/sshd 3194is the default). 3195.It Va sshd_enable 3196.Pq Vt bool 3197Set to 3198.Dq Li YES 3199to start 3200.Xr sshd 8 3201at system boot time. 3202.It Va sshd_flags 3203.Pq Vt str 3204If 3205.Va sshd_enable 3206is set to 3207.Dq Li YES , 3208these are the flags to pass to the 3209.Xr sshd 8 3210daemon. 3211.It Va ftpd_program 3212.Pq Vt str 3213Path to the FTP server program 3214.Pa ( /usr/libexec/ftpd 3215is the default). 3216.It Va ftpd_enable 3217.Pq Vt bool 3218Set to 3219.Dq Li YES 3220to start 3221.Xr ftpd 8 3222as a stand-alone daemon at system boot time. 3223.It Va ftpd_flags 3224.Pq Vt str 3225If 3226.Va ftpd_enable 3227is set to 3228.Dq Li YES , 3229these are the additional flags to pass to the 3230.Xr ftpd 8 3231daemon. 3232.It Va watchdogd_enable 3233.Pq Vt bool 3234If set to 3235.Dq Li YES , 3236start the 3237.Xr watchdogd 8 3238daemon at boot time. 3239This requires that the kernel have been compiled with a 3240.Xr watchdog 4 3241compatible device. 3242.It Va watchdogd_flags 3243.Pq Vt str 3244If 3245.Va watchdogd_enable 3246is set to 3247.Dq Li YES , 3248these are the flags passed to the 3249.Xr watchdogd 8 3250daemon. 3251.It Va performance_cx_lowest 3252.Pq Vt str 3253CPU idle state to use while on AC power. 3254The string 3255.Dq Li LOW 3256indicates that 3257.Xr acpi 4 3258should use the lowest power state available while 3259.Dq Li HIGH 3260indicates that the lowest latency state (less power savings) should be used. 3261.It Va performance_cpu_freq 3262.Pq Vt str 3263CPU clock frequency to use while on AC power. 3264The string 3265.Dq Li LOW 3266indicates that 3267.Xr cpufreq 4 3268should use the lowest frequency available while 3269.Dq Li HIGH 3270indicates that the highest frequency (less power savings) should be used. 3271.It Va economy_cx_lowest 3272.Pq Vt str 3273CPU idle state to use when off AC power. 3274The string 3275.Dq Li LOW 3276indicates that 3277.Xr acpi 4 3278should use the lowest power state available while 3279.Dq Li HIGH 3280indicates that the lowest latency state (less power savings) should be used. 3281.It Va economy_cpu_freq 3282.Pq Vt str 3283CPU clock frequency to use when off AC power. 3284The string 3285.Dq Li LOW 3286indicates that 3287.Xr cpufreq 4 3288should use the lowest frequency available while 3289.Dq Li HIGH 3290indicates that the highest frequency (less power savings) should be used. 3291.It Va jail_enable 3292.Pq Vt bool 3293If set to 3294.Dq Li NO , 3295any configured jails will not be started. 3296.It Va jail_list 3297.Pq Vt str 3298A space separated list of names for jails. 3299This is purely a configuration aid to help identify and 3300configure multiple jails. 3301The names specified in this list will be used to 3302identify settings common to an instance of a jail. 3303Assuming that the jail in question was named 3304.Li vjail , 3305you would have the following dependent variables: 3306.Bd -literal 3307jail_vjail_hostname="jail.example.com" 3308jail_vjail_ip="192.168.1.100" 3309jail_vjail_rootdir="/var/jails/vjail/root" 3310.Ed 3311.Pp 3312.It Va jail_flags 3313.Pq Vt str 3314Unset by default. 3315When set, use as default value for 3316.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3317for every jail in 3318.Va jail_list . 3319.It Va jail_interface 3320.Pq Vt str 3321Unset by default. 3322When set, use as default value for 3323.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3324for every jail in 3325.Va jail_list . 3326.It Va jail_fstab 3327.Pq Vt str 3328Unset by default. 3329When set, use as default value for 3330.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3331for every jail in 3332.Va jail_list . 3333.It Va jail_mount_enable 3334.Pq Vt bool 3335Set to 3336.Dq Li NO 3337by default. 3338When set to 3339.Dq Li YES , 3340sets 3341.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3342to 3343.Dq Li YES 3344by default for every jail in 3345.Va jail_list . 3346.It Va jail_devfs_ruleset 3347.Pq Vt str 3348Unset by default. 3349When set, sets 3350.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3351to given value for every jail in 3352.Va jail_list . 3353.It Va jail_devfs_enable 3354.Pq Vt bool 3355Set to 3356.Dq Li NO 3357by default. 3358When set to 3359.Dq Li YES , 3360sets 3361.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3362to 3363.Dq Li YES 3364by default for every jail in 3365.Va jail_list . 3366.It Va jail_fdescfs_enable 3367.Pq Vt bool 3368Set to 3369.Dq Li NO 3370by default. 3371When set to 3372.Dq Li YES , 3373sets 3374.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3375to 3376.Dq Li YES 3377by default for every jail in 3378.Va jail_list . 3379.It Va jail_procfs_enable 3380.Pq Vt bool 3381Set to 3382.Dq Li NO 3383by default. 3384When set to 3385.Dq Li YES , 3386sets 3387.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3388to 3389.Dq Li YES 3390by default for every jail in 3391.Va jail_list . 3392.It Va jail_exec_start 3393.Pq Vt str 3394Unset by default. 3395When set, use as default value for 3396.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3397for every jail in 3398.Va jail_list . 3399.It Va jail_exec_afterstart Ns Aq Ar N 3400.Pq Vt str 3401Unset by default. 3402When set, use as default value for 3403.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3404for every jail in 3405.Va jail_list . 3406.It Va jail_exec_stop 3407Unset by default. 3408When set, use as default value for 3409.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3410for every jail in 3411.Va jail_list . 3412.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3413.Pq Vt str 3414Unset by default. 3415Set to the root directory used by jail 3416.Va jname . 3417.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3418.Pq Vt str 3419Unset by default. 3420Set to the fully qualified domain name (FQDN) assigned to jail 3421.Va jname . 3422.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3423.Pq Vt str 3424Unset by default. 3425Set to the IP address assigned to jail 3426.Va jname . 3427.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3428.Pq Vt str 3429Set to 3430.Dq Li -l -U root 3431by default. 3432These are flags to pass to 3433.Xr jail . 3434.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3435.Pq Vt str 3436Unset by default. 3437When set, sets the interface to use when setting IP address alias. 3438Note that the alias is created at jail startup and removed at jail shutdown. 3439.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3440.Pq Vt str 3441Set to 3442.Pa /etc/fstab. Ns Aq Ar jname 3443by default. 3444This is the file system information file to use for jail 3445.Va jname . 3446.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3447.Pq Vt bool 3448Set to 3449.Dq Li NO 3450by default. 3451When set to 3452.Dq Li YES , 3453mount all file systems from 3454.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3455at jail startup. 3456.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3457.Pq Vt str 3458Unset by default. 3459When set, defines the device file system ruleset file to use for jail 3460.Va jname . 3461.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3462.Pq Vt bool 3463Set to 3464.Dq Li NO 3465by default. 3466When set to 3467.Dq Li YES , 3468mount the device file system inside jail 3469.Ar jname 3470at jail startup. 3471.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3472.Pq Vt bool 3473Set to 3474.Dq Li NO 3475by default. 3476When set to 3477.Dq Li YES , 3478mount the file-descriptor file system inside jail 3479.Ar jname 3480at jail startup. 3481.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 3482.Pq Vt bool 3483Set to 3484.Dq Li NO 3485by default. 3486When set to 3487.Dq Li YES , 3488mount the process file system inside jail 3489.Ar jname 3490at jail startup. 3491.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3492.Pq Vt str 3493Set to 3494.Dq Li /bin/sh /etc/rc 3495by default. 3496This is the command executed at jail startup. 3497.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3498.Pq Vt str 3499Unset by default. 3500This is the command run as 3501.Ar N Ns 3502th command 3503after jail startup, where 3504.Ar N 3505is 1, 2, and so on. 3506.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3507.Pq Vt str 3508Set to 3509.Dq Li /bin/sh /etc/rc.shutdown 3510by default. 3511This is the command executed at jail shutdown. 3512.It Va jail_set_hostname_allow 3513.Pq Vt bool 3514If set to 3515.Dq Li NO , 3516do not allow the root user in a jail to set its hostname. 3517.It Va jail_socket_unixiproute_only 3518.Pq Vt bool 3519If set to 3520.Dq Li YES , 3521do not allow any sockets, 3522besides UNIX/IP/route sockets, 3523to be used within a jail. 3524.It Va jail_sysvipc_allow 3525.Pq Vt bool 3526If set to 3527.Dq Li YES , 3528allow applications within a jail to use System V IPC. 3529.\" ----- ISDN settings --------------------------------- 3530.It Va isdn_enable 3531.Pq Vt bool 3532Set to 3533.Dq Li NO 3534by default. 3535When set to 3536.Dq Li YES , 3537starts the 3538.Xr isdnd 8 3539daemon 3540at system boot time. 3541.It Va isdn_flags 3542.Pq Vt str 3543Set to 3544.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9 3545by default. 3546Additional flags to pass to 3547.Xr isdnd 8 3548(but see 3549.Va isdn_fsdev 3550and 3551.Va isdn_ttype 3552for certain tunable parameters). 3553.It Va isdn_ttype 3554.Pq Vt str 3555Set to 3556.Dq Li cons25 3557by default. 3558The terminal type of the output device when 3559.Xr isdnd 8 3560operates in full-screen mode. 3561.It Va isdn_screenflags 3562.Pq Vt str 3563Set to 3564.Dq Li NO 3565by default. 3566The video mode for full-screen mode (only for 3567.Xr syscons 4 3568console driver, see 3569.Xr vidcontrol 1 3570for valid modes). 3571.It Va isdn_fsdev 3572.Pq Vt str 3573Set to 3574.Dq Li NO 3575by default. 3576The output device for 3577.Xr isdnd 8 3578in full-screen mode (or 3579.Dq Li NO 3580for daemon mode). 3581.It Va isdn_trace 3582.Pq Vt bool 3583Set to 3584.Dq Li NO 3585by default. 3586When set to 3587.Dq Li YES , 3588enables the ISDN protocol trace utility 3589.Xr isdntrace 8 3590at system boot time. 3591.It Va isdn_traceflags 3592.Pq Vt str 3593Set to 3594.Dq Fl f Pa /var/tmp/isdntrace0 3595by default. 3596Flags for 3597.Xr isdntrace 8 . 3598.\" ----------------------------------------------------- 3599.It Va harvest_interrupt 3600.Pq Vt bool 3601Set to 3602.Dq Li YES 3603to use hardware interrupts as an entropy source. 3604Refer to 3605.Xr random 4 3606for more information. 3607.It Va harvest_ethernet 3608.Pq Vt bool 3609Set to 3610.Dq Li YES 3611to use LAN traffic as an entropy source. 3612Refer to 3613.Xr random 4 3614for more information. 3615.It Va harvest_p_to_p 3616.Pq Vt bool 3617Set to 3618.Dq Li YES 3619to use serial line traffic as an entropy source. 3620Refer to 3621.Xr random 4 3622for more information. 3623.It Va entropy_dir 3624.Pq Vt str 3625Set to 3626.Dq Li NO 3627to disable caching entropy via 3628.Xr cron 8 . 3629Otherwise set to the directory used to store entropy files in. 3630.It Va entropy_file 3631.Pq Vt str 3632Set to 3633.Dq Li NO 3634to disable caching entropy through reboots. 3635Otherwise set to the filename used to store cached entropy through 3636reboots. 3637This file should be located on the root file system to seed the 3638.Xr random 4 3639device as early as possible in the boot process. 3640.It Va entropy_save_sz 3641.Pq Vt int 3642Size of the entropy cache files saved by 3643.Nm save-entropy 3644periodically. 3645.It Va entropy_save_num 3646.Pq Vt int 3647Number of entropy cache files to save by 3648.Nm save-entropy 3649periodically. 3650.It Va ipsec_enable 3651.Pq Vt bool 3652Set to 3653.Dq Li YES 3654to run 3655.Xr setkey 8 3656on 3657.Va ipsec_file 3658at boot time. 3659.It Va ipsec_file 3660.Pq Vt str 3661Configuration file for 3662.Xr setkey 8 . 3663.It Va dmesg_enable 3664.Pq Vt bool 3665Set to 3666.Dq Li YES 3667to save 3668.Xr dmesg 8 3669to 3670.Pa /var/run/dmesg.boot 3671on boot. 3672.It Va rcshutdown_timeout 3673.Pq Vt int 3674If set, start a watchdog timer in the background which will terminate 3675.Pa rc.shutdown 3676if 3677.Xr shutdown 8 3678has not completed within the specified time (in seconds). 3679Notice that in addition to this soft timeout, 3680.Xr init 8 3681also applies a hard timeout for the execution of 3682.Pa rc.shutdown . 3683This is configured via 3684.Xr sysctl 8 3685variable 3686.Va kern.init_shutdown_timeout 3687and defaults to 120 seconds. 3688Setting the value of 3689.Va rcshutdown_timeout 3690to more than 120 seconds will have no effect until the 3691.Xr sysctl 8 3692variable 3693.Va kern.init_shutdown_timeout 3694is also increased. 3695.It Va virecover_enable 3696.Pq Vt bool 3697Set to 3698.Dq Li NO 3699to prevent the system from trying to 3700recover pre-maturely terminated 3701.Xr vi 1 3702sessions. 3703.It Va ugidfw_enable 3704.Pq Vt bool 3705Set to 3706.Dq Li YES 3707to load the 3708.Xr mac_bsdextended 4 3709module upon system initialization and load a default 3710ruleset file. 3711.It Va bsdextended_script 3712.Pq Vt str 3713The default 3714.Xr mac_bsdextended 4 3715ruleset file to load. 3716The default value of this variable is 3717.Pa /etc/rc.bsdextended . 3718.It Va newsyslog_enable 3719.Pq Vt bool 3720If set to 3721.Dq Li YES , 3722run 3723.Xr newsyslog 8 3724command at startup. 3725.It Va newsyslog_flags 3726.Pq Vt str 3727If 3728.Va newsyslog_enable 3729is set to 3730.Dq Li YES , 3731these are the flags to pass to the 3732.Xr newsyslog 8 3733program. 3734The default is 3735.Dq Li -CN , 3736which causes log files flagged with a 3737.Cm C 3738to be created. 3739.It Va mdconfig_md Ns Aq Ar X 3740.Pq Vt str 3741Arguments to 3742.Xr mdconfig 8 3743for 3744.Xr md 4 3745device 3746.Ar X . 3747At minimum a 3748.Fl t Ar type 3749must be specified and either a 3750.Fl s Ar size 3751for malloc or swap backed 3752.Xr md 4 3753devices or a 3754.Fl f Ar file 3755for vnode backed 3756.Xr md 4 3757devices. 3758Note that 3759.Va mdconfig_md Ns Aq Ar X 3760variables are evaluated until one variable is unset or null. 3761.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 3762.Pq Vt str 3763Optional arguments passed to 3764.Xr newfs 8 3765to initialize 3766.Xr md 4 3767device 3768.Ar X . 3769.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 3770.Pq Vt str 3771An ownership specification passed to 3772.Xr chown 8 3773after the specified 3774.Xr md 4 3775device 3776.Ar X 3777has been mounted. 3778Both the 3779.Xr md 4 3780device and the mount point will be changed. 3781.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 3782.Pq Vt str 3783A mode string passed to 3784.Xr chmod 1 3785after the specified 3786.Xr md 4 3787device 3788.Ar X 3789has been mounted. 3790Both the 3791.Xr md 4 3792device and the mount point will be changed. 3793.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 3794.Pq Vt str 3795Files to be copied to the mount point of the 3796.Xr md 4 3797device 3798.Ar X 3799after it has been mounted. 3800.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 3801.Pq Vt str 3802Command to execute after the specified 3803.Xr md 4 3804device 3805.Ar X 3806has been mounted. 3807Note that the command is passed to 3808.Ic eval 3809and that both 3810.Va _dev 3811and 3812.Va _mp 3813variables can be used to reference respectively the 3814.Xr md 4 3815device and the mount point. 3816Assuming that the 3817.Xr md 4 3818device is 3819.Li md0 , 3820one could set the following: 3821.Bd -literal 3822mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 3823.Ed 3824.It Va ramdisk_units 3825.Pq Vt str 3826A list of one or more ramdisk units to configure with 3827.Xr mdconfig 8 3828and 3829.Xr newfs 8 3830in time to be mounted from 3831.Xr fstab 5 . 3832Each listed unit 3833.Ar X 3834must specify at least a 3835.Ar type 3836in a 3837.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3838variable. 3839Note that this way to configure ramdisks has been deprecated 3840in favor of new 3841.Va mdconfig_md* 3842variables (see above). 3843.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3844.Pq Vt str 3845Arguments to 3846.Xr mdconfig 8 3847for ramdisk 3848.Ar X . 3849At minimum a 3850.Fl t Ar type 3851must be specified, where 3852.Ar type 3853must be one of 3854.Cm malloc 3855or 3856.Cm swap . 3857.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs 3858.Pq Vt str 3859Optional arguments passed to 3860.Xr newfs 8 3861to initialize ramdisk 3862.Ar X . 3863.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner 3864.Pq Vt str 3865An ownership specification passed to 3866.Xr chown 8 3867after the specified ramdisk unit 3868.Ar X 3869has been mounted. 3870Both the 3871.Xr md 4 3872device and the mount point will be changed. 3873.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms 3874.Pq Vt str 3875A mode string passed to 3876.Xr chmod 1 3877after the specified ramdisk unit 3878.Ar X 3879has been mounted. 3880Both the 3881.Xr md 4 3882device and the mount point will be changed. 3883.It Va autobridge_interfaces 3884.Pq Vt str 3885Set to the list of bridge interfaces that will have newly arriving interfaces 3886checked against to be automatically added. 3887If not set to 3888.Dq Li NO 3889then for each whitespace separated 3890.Ar element 3891in the value, a 3892.Va autobridge_ Ns Aq Ar element 3893variable is assumed to exist which has a whitespace separated list of interface 3894names to match, these names can use wildcards. 3895For example: 3896.Bd -literal 3897autobridge_interfaces="bridge0" 3898autobridge_bridge0="tap* dc0 vlan[345]" 3899.Ed 3900.It Va mixer_enable 3901.Pq Vt bool 3902If set to 3903.Dq Li YES , 3904enable support for sound mixer. 3905.It Va hcsecd_enable 3906.Pq Vt bool 3907If set to 3908.Dq Li YES , 3909enable Bluetooth security daemon. 3910.It Va hcsecd_config 3911.Pq Vt str 3912Configuration file for 3913.Xr hcsecd 8 . 3914Default 3915.Pa /etc/bluetooth/hcsecd.conf . 3916.It Va sdpd_enable 3917.Pq Vt bool 3918If set to 3919.Dq Li YES , 3920enable Bluetooth Service Discovery Protocol daemon. 3921.It Va sdpd_control 3922.Pq Vt str 3923Path to 3924.Xr sdpd 8 3925control socket. 3926Default 3927.Pa /var/run/sdp . 3928.It Va sdpd_groupname 3929.Pq Vt str 3930Sets 3931.Xr sdpd 8 3932group to run as after it initializes. 3933Default 3934.Dq Li nobody . 3935.It Va sdpd_username 3936.Pq Vt str 3937Sets 3938.Xr sdpd 8 3939user to run as after it initializes. 3940Default 3941.Dq Li nobody . 3942.It Va bthidd_enable 3943.Pq Vt bool 3944If set to 3945.Dq Li YES , 3946enable Bluetooth Human Interface Device daemon. 3947.It Va bthidd_config 3948.Pq Vt str 3949Configuration file for 3950.Xr bthidd 8 . 3951Default 3952.Pa /etc/bluetooth/bthidd.conf . 3953.It Va bthidd_hids 3954.Pq Vt str 3955Path to a file, where 3956.Xr bthidd 8 3957will store information about known HID devices. 3958Default 3959.Pa /var/db/bthidd.hids . 3960.It Va rfcomm_pppd_server_enable 3961.Pq Vt bool 3962If set to 3963.Dq Li YES , 3964enable Bluetooth RFCOMM PPP wrapper daemon. 3965.It Va rfcomm_pppd_server_profile 3966.Pq Vt str 3967The name of the profile to use from 3968.Pa /etc/ppp/ppp.conf . 3969Multiple profiles can be specified here. 3970Also used to specify per-profile overrides. 3971When the profile name contains any of the characters 3972.Dq Li .-/+ 3973they are translated to 3974.Dq Li _ 3975for the proposes of the override variable names. 3976.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 3977.Pq Vt str 3978Overrides local address to listen on. 3979By default 3980.Xr rfcomm_pppd 8 3981will listen on 3982.Dq Li ANY 3983address. 3984The address can be specified as BD_ADDR or name. 3985.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 3986.Pq Vt str 3987Overrides local RFCOMM channel to listen on. 3988By default 3989.Xr rfcomm_pppd 8 3990will listen on RFCOMM channel 1. 3991Must set properly if multiple profiles used in the same time. 3992.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 3993.Pq Vt bool 3994Tells 3995.Xr rfcomm_pppd 8 3996if it should register Serial Port service on the speficied RFCOMM channel. 3997Default 3998.Dq Li NO . 3999.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4000.Pq Vt bool 4001Tells 4002.Xr rfcomm_pppd 8 4003if it should register Dial-Up Networking service on the speficied 4004RFCOMM channel. 4005Default 4006.Dq Li NO . 4007.El 4008.Sh FILES 4009.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4010.It Pa /etc/defaults/rc.conf 4011.It Pa /etc/rc.conf 4012.It Pa /etc/rc.conf.local 4013.El 4014.Sh SEE ALSO 4015.Xr catman 1 , 4016.Xr chmod 1 , 4017.Xr gdb 1 , 4018.Xr info 1 , 4019.Xr kbdcontrol 1 , 4020.Xr makewhatis 1 , 4021.Xr sh 1 , 4022.Xr vi 1 , 4023.Xr vidcontrol 1 , 4024.Xr bridge 4 , 4025.Xr dummynet 4 , 4026.Xr ip 4 , 4027.Xr ipf 4 , 4028.Xr ipfw 4 , 4029.Xr ipnat 4 , 4030.Xr kld 4 , 4031.Xr pf 4 , 4032.Xr pflog 4 , 4033.Xr pfsync 4 , 4034.Xr tcp 4 , 4035.Xr udp 4 , 4036.Xr exports 5 , 4037.Xr fstab 5 , 4038.Xr ipf 5 , 4039.Xr ipnat 5 , 4040.Xr motd 5 , 4041.Xr newsyslog.conf 5 , 4042.Xr pf.conf 5 , 4043.Xr accton 8 , 4044.Xr amd 8 , 4045.Xr apm 8 , 4046.Xr atm 8 , 4047.Xr bthidd 8 , 4048.Xr chkprintcap 8 , 4049.Xr chown 8 , 4050.Xr cron 8 , 4051.Xr dhclient 8 , 4052.Xr ftpd 8 , 4053.Xr geli 8 , 4054.Xr hcsecd 8 , 4055.Xr ifconfig 8 , 4056.Xr inetd 8 , 4057.Xr ipf 8 , 4058.Xr ipfw 8 , 4059.Xr ipnat 8 , 4060.Xr isdnd 8 , 4061.Xr isdntrace 8 , 4062.Xr jail 8 , 4063.Xr kldxref 8 , 4064.Xr lpd 8 , 4065.Xr mdconfig 8 , 4066.Xr mdmfs 8 , 4067.Xr mixer 8 , 4068.Xr mountd 8 , 4069.Xr moused 8 , 4070.Xr mrouted 8 , 4071.Xr named 8 , 4072.Xr newfs 8 , 4073.Xr newsyslog 8 , 4074.Xr nfsd 8 , 4075.Xr ntpd 8 , 4076.Xr ntpdate 8 , 4077.Xr pfctl 8 , 4078.Xr pflogd 8 , 4079.Xr powerd 8 , 4080.Xr quotacheck 8 , 4081.Xr quotaon 8 , 4082.Xr rc 8 , 4083.Xr rc.sendmail 8 , 4084.Xr rfcomm_pppd 8 , 4085.Xr route 8 , 4086.Xr routed 8 , 4087.Xr rpcbind 8 , 4088.Xr rpc.lockd 8 , 4089.Xr rpc.statd 8 , 4090.Xr rwhod 8 , 4091.Xr savecore 8 , 4092.Xr sdpd 8 , 4093.Xr sshd 8 , 4094.Xr swapon 8 , 4095.Xr sysctl 8 , 4096.Xr syslogd 8 , 4097.Xr timed 8 , 4098.Xr yp 8 , 4099.Xr ypbind 8 , 4100.Xr ypserv 8 , 4101.Xr ypset 8 4102.Sh HISTORY 4103The 4104.Nm 4105file appeared in 4106.Fx 2.2.2 . 4107.Sh AUTHORS 4108.An Jordan K. Hubbard . 4109