xref: /dragonfly/share/man/man5/rc.conf.5 (revision 8a7bdfea) 
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
26.\" $DragonFly: src/share/man/man5/rc.conf.5,v 1.57 2008/02/17 19:51:53 swildner Exp $
27.Dd January 30, 2008
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the installer.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions directly.
46Instead, it is included by the various generic startup scripts in
47.Pa /etc
48which conditionalize their
49internal actions according to the settings found there.
50.Pp
51The
52.Pa /etc/rc.conf
53file is included from the file
54.Pa /etc/defaults/rc.conf ,
55which specifies the default settings for all the available options.
56Options need only be specified in
57.Pa /etc/rc.conf
58when the system administrator wishes to override these defaults.
59The file
60.Pa /etc/rc.conf.local
61is used to override settings in
62.Pa /etc/rc.conf
63for historical reasons.
64See the
65.Va rc_conf_files
66variable below.
67.Pp
68The following list provides a name and short description for each
69variable that can be set in the
70.Nm
71file.
72To set a variable of
73.Vt bool
74type, specify either
75.Dq Li YES ,
76.Dq Li TRUE ,
77.Dq Li ON ,
78or
79.Dq Li 1 .
80To unset, specify
81.Dq Li NO ,
82.Dq Li FALSE ,
83.Dq Li OFF ,
84or
85.Dq Li 0 .
86These values are case insensitive.
87The
88.Va _enable
89postfix in the name of a variables for starting a service can be
90omitted (as in
91.Nx ) .
92.Bl -tag -width indent-two
93.It Va rc_debug
94.Pq Vt bool
95If set to
96.Dq Li YES ,
97enable output of debug messages from rc scripts.
98This variable can be helpful in diagnosing mistakes when
99editing or integrating new scripts.
100Beware that this produces copious output to the terminal and
101.Xr syslog 3 .
102.It Va rc_info
103.Pq Vt bool
104If set to
105.Dq Li NO ,
106disable informational messages from the rc scripts.
107Informational messages are displayed when
108a condition that is not serious enough to warrant a warning or an error occurs.
109.It Va swapfile
110.Pq Vt str
111If set to
112.Dq Li NO ,
113no swapfile is installed, otherwise the value is used as the full
114pathname to a file to use for additional swap space.
115.It Va apm_enable
116.Pq Vt bool
117If set to
118.Dq Li YES ,
119enable support for Automatic Power Management with the
120.Xr apm 8
121command.
122.It Va apmd_enable
123.Pq Vt bool
124Run
125.Xr apmd 8
126to handle APM event from userland.
127This also enables support for APM.
128.It Va apmd_flags
129.Pq Vt str
130If
131.Va apmd_enable
132is set to
133.Dq Li YES ,
134these are the flags to pass to the
135.Xr apmd 8
136daemon.
137.It Va battd_enable
138Enable
139.Xr battd 8
140to monitor the status of batteries present in the system.
141This also enables support for APM.
142.It Va battd_flags
143.Pq Vt str
144If
145.Va battd_enable
146is set to
147.Dq Li YES ,
148these are the flags to pass to the
149.Xr battd 8
150daemon.
151.It Va sensorsd_enable
152.Pq Vt bool
153Set to
154.Dq Li NO
155by default.
156Setting this to
157.Dq Li YES
158enables
159.Xr sensorsd 8 ,
160a sensors monitoring and logging daemon.
161.It Va sensorsd_flags
162.Pq Vt str
163Empty by default.
164This variable contains additional flags passed to the
165.Xr sensorsd 8
166program.
167.It Va pccard_ifconfig
168.Pq Vt str
169List of arguments to be passed to
170.Xr ifconfig 8
171at boot time or on insertion of the card (e.g.\&
172.Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
173for a fixed address or
174.Dq Li DHCP
175for a DHCP client).
176.It Va pccard_ether_delay
177.Pq Vt str
178Set the delay before starting
179.Xr dhclient 8
180in the
181.Pa /etc/pccard_ether
182script.
183This defaults to 5 seconds to work around a bug in the
184.Xr ed 4
185driver which can lead to system hangs when using some newer
186.Xr ed 4
187based cards.
188.It Va removable_interfaces
189.Pq Vt str
190List of removable network interfaces to be supported by
191.Pa /etc/pccard_ether .
192.It Va local_startup
193.Pq Vt str
194List of directories to search for startup script files.
195.It Va script_name_sep
196.Pq Vt str
197The field separator to use for breaking down the list of startup script files
198into individual filenames.
199The default is a space.
200It is not necessary to change this unless there are startup scripts with names
201containing spaces.
202.It Va hostapd_enable
203.Pq Vt bool
204Set to
205.Dq Li YES
206to start
207.Xr hostapd 8
208at system boot time.
209.It Va hostname
210.Pq Vt str
211The fully qualified domain name (FQDN) of this host on the network.
212This should almost certainly be set to something meaningful, even if
213there is no network connection.
214If
215.Xr dhclient 8
216is used to set the hostname via DHCP,
217this variable should be set to an empty string.
218.It Va ipv6_enable
219.Pq Vt bool
220Enable support for IPv6 networking.
221Note that this requires that the kernel have been compiled with
222.Cd "options INET6" .
223.It Va nisdomainname
224.Pq Vt str
225The NIS domain name of this host, or
226.Dq Li NO
227if NIS is not used.
228.It Va dhclient_program
229.Pq Vt str
230Path to the DHCP client program
231.Pa ( /sbin/dhclient ,
232the ISC DHCP client, is the default).
233.It Va dhclient_flags
234.Pq Vt str
235Additional flags to pass to the DHCP client program.
236For the ISC DHCP client, see the
237.Xr dhclient 8
238manpage for a description of the command line options available.
239.\".It Va background_dhclient
240.\".Pq Vt bool
241.\"Set to
242.\".Dq Li YES
243.\"to start the DHCP client in background.
244.\"This can cause trouble with applications depending on
245.\"a working network, but it will provide a faster startup in many cases.
246.It Va dhcpd_enable
247.Pq Vt bool
248Set to
249.Dq Li YES
250to run
251.Xr dhcpd 8
252at system boot time.
253.It Va dhcrelay_enable
254.Pq Vt bool
255Set to
256.Dq Li YES
257to run
258.Xr dhcrelay 8
259.It Va pf_enable
260.Pq Vt bool
261Set to
262.Dq Li YES
263to load
264.Xr pf 4
265at startup.
266If the kernel was not built with
267.Cd "device pf" ,
268the
269.Pa pf.ko
270kernel module will be loaded.
271See also
272.Va firewall_enable
273and
274.Va ipfilter_enable .
275.It Va pf_rules
276.Pq Vt str
277Path to the
278.Xr pf 4
279ruleset definition file.
280.It Va pf_program
281.Pq Vt str
282Path to
283.Xr pfctl 8 .
284.It Va pf_flags
285.Pq Vt str
286If
287.Va pf_enable
288is set to
289.Dq Li YES ,
290these are the flags to pass to
291.Xr pfctl 8
292when loading the ruleset.
293.It Va pflog_enable
294.Pq Vt bool
295Set this to
296.Dq Li YES
297to enable
298.Xr pflogd 8
299which logs packets from
300.Xr pf 4 .
301.It Va pflog_logfile
302.Pq Vt str
303If
304.Va pflog_enable
305is set to
306.Dq Li YES
307this specifies the path of the log file.
308.It Va pflog_program
309.Pq Vt str
310Path to
311.Xr pflogd 8 .
312.It Va pflog_flags
313.Pq Vt str
314If
315.Va pflog_enable
316is set to
317.Dq Li YES ,
318these are the flags to pass to
319.Xr pflogd 8 .
320.It Va firewall_enable
321.Pq Vt bool
322Set to
323.Dq Li YES
324to load firewall rules at startup.
325If the kernel was not built with
326.Cd "options IPFIREWALL" ,
327the
328.Pa ipfw.ko
329kernel module will be loaded.
330See also
331.Va pf_enable
332and
333.Va ipfilter_enable .
334.It Va ipv6_firewall_enable
335.Pq Vt bool
336The IPv6 equivalent of
337.Va firewall_enable .
338Set to
339.Dq Li YES
340to load IPv6 firewall rules at startup.
341If the kernel was not built with
342.Cd "options IPV6FIREWALL" ,
343the
344.Pa ip6fw.ko
345kernel module will be loaded.
346.It Va firewall_script
347.Pq Vt str
348This variable specifies the full path to the firewall script to run.
349The default is
350.Pa /etc/rc.firewall .
351.It Va ipv6_firewall_script
352.Pq Vt str
353The IPv6 equivalent of
354.Va firewall_script .
355.It Va firewall_type
356.Pq Vt str
357Names the firewall type from the selection in
358.Pa /etc/rc.firewall ,
359or the file which contains the local firewall ruleset.
360Valid selections from
361.Pa /etc/rc.firewall
362are:
363.Pp
364.Bl -tag -width ".Li simple" -compact
365.It Li open
366unrestricted IP access
367.It Li closed
368all IP services disabled, except via
369.Dq Li lo0
370.It Li client
371basic protection for a workstation on a LAN
372.It Li simple
373alias for
374.Li client .
375.El
376.Pp
377If a filename is specified, the full path must be given.
378.It Va firewall_trusted_nets
379.Pq Vt str
380List of trusted networks (if
381.Va firewall_type
382is set to
383.Li client ) .
384.It Va firewall_trusted_interfaces
385.Pq Vt str
386List of trusted network interfaces (if
387.Va firewall_type
388is set to
389.Li client ) .
390.It Va firewall_allowed_icmp_types
391.Pq Vt str
392List of allowed ICMP types (if
393.Va firewall_type
394is set to
395.Li client ) .
396.It Va firewall_open_tcp_ports
397.Pq Vt str
398List of TCP ports to open (if
399.Va firewall_type
400is set to
401.Li client ) .
402.It Va firewall_open_udp_ports
403.Pq Vt str
404List of UDP ports to open (if
405.Va firewall_type
406is set to
407.Li client ) .
408.It Va ipv6_firewall_type
409.Pq Vt str
410The IPv6 equivalent of
411.Va firewall_type .
412.It Va firewall_quiet
413.Pq Vt bool
414Set to
415.Dq Li YES
416to disable the display of firewall rules on the console during boot.
417.It Va ipv6_firewall_quiet
418.Pq Vt bool
419The IPv6 equivalent of
420.Va firewall_quiet .
421.It Va firewall_logging
422.Pq Vt bool
423Set to
424.Dq Li YES
425to enable firewall event logging.
426This is equivalent to the
427.Dv IPFIREWALL_VERBOSE
428kernel option.
429.It Va ipv6_firewall_logging
430.Pq Vt bool
431The IPv6 equivalent of
432.Va firewall_logging .
433.It Va firewall_flags
434.Pq Vt str
435Flags passed to
436.Xr ipfw 8
437if
438.Va firewall_type
439specifies a filename.
440.It Va ipv6_firewall_flags
441.Pq Vt str
442The IPv6 equivalent of
443.Va firewall_flags .
444.It Va natd_program
445.Pq Vt str
446Path to
447.Xr natd 8 .
448.It Va natd_enable
449.Pq Vt bool
450Set to
451.Dq Li YES
452to enable
453.Xr natd 8 .
454.Va firewall_enable
455must also be set to
456.Dq Li YES ,
457and
458.Xr divert 4
459sockets must be enabled in the kernel.
460.It Va natd_interface
461.Pq Vt str
462This is the name of the public interface on which
463.Xr natd 8
464should run.
465The interface may be given as an interface name or as an IP address.
466.It Va natd_flags
467.Pq Vt str
468Additional
469.Xr natd 8
470flags should be placed here.
471The
472.Fl n
473or
474.Fl a
475flag is automatically added with the above
476.Va natd_interface
477as an argument.
478.\" ----- ipfilter_enable setting --------------------------------
479.It Va ipfilter_enable
480.Pq Vt bool
481Set to
482.Dq Li NO
483by default.
484Setting this to
485.Dq Li YES
486enables
487.Xr ipf 8
488packet filtering.
489.Pp
490Typical usage will require putting
491.Bd -literal
492ipfilter_enable="YES"
493ipnat_enable="YES"
494ipmon_enable="YES"
495ipfs_enable="YES"
496.Ed
497.Pp
498into
499.Pa /etc/rc.conf
500and editing
501.Pa /etc/ipf.rules
502and
503.Pa /etc/ipnat.rules
504appropriately.
505.Pp
506Note that
507.Va ipfilter_enable
508and
509.Va ipnat_enable
510can be enabled independently.
511.Va ipmon_enable
512and
513.Va ipfs_enable
514both require at least one of
515.Va ipfilter_enable
516and
517.Va ipnat_enable
518to be enabled.
519.Pp
520Having
521.Bd -literal
522options IPFILTER
523options IPFILTER_LOG
524options IPFILTER_DEFAULT_BLOCK
525.Ed
526.Pp
527in the kernel configuration file is a good idea, too.
528See also
529.Va pf_enable
530and
531.Va firewall_enable .
532.\" ----- ipfilter_program setting ------------------------------
533.It Va ipfilter_program
534.Pq Vt str
535Path to
536.Xr ipf 8
537(default
538.Pa /sbin/ipf ) .
539.\" ----- ipfilter_rules setting --------------------------------
540.It Va ipfilter_rules
541.Pq Vt str
542Set to
543.Pa /etc/ipf.rules
544by default.
545This variable contains the name of the filter rule definition file.
546The file is expected to be readable for the
547.Xr ipf 8
548command to execute.
549.\" ----- ipv6_ipfilter_rules setting ---------------------------
550.It Va ipv6_ipfilter_rules
551.Pq Vt str
552Set to
553.Pa /etc/ipf6.rules
554by default.
555This variable contains the IPv6 filter rule definition file.
556The file is expected to be readable for the
557.Xr ipf 8
558command to execute.
559.\" ----- ipfilter_flags setting --------------------------------
560.It Va ipfilter_flags
561.Pq Vt str
562Empty by default.
563This variable contains flags passed to the
564.Xr ipf 8
565program.
566.\" ----- ipnat_enable setting ----------------------------------
567.It Va ipnat_enable
568.Pq Vt bool
569Set to
570.Dq Li NO
571by default.
572Set it to
573.Dq Li YES
574to enable
575.Xr ipnat 8
576network address translation.
577See
578.Va ipfilter_enable
579for a detailed discussion.
580.\" ----- ipnat_program setting ---------------------------------
581.It Va ipnat_program
582.Pq Vt str
583Path to
584.Xr ipnat 8
585(default
586.Pa /sbin/ipnat ) .
587.\" ----- ipnat_rules setting -----------------------------------
588.It Va ipnat_rules
589.Pq Vt str
590Set to
591.Pa /etc/ipnat.rules
592by default.
593This variable contains the name of the file
594holding the network address translation definition.
595This file is expected to be readable for the
596.Xr ipnat 8
597command to execute.
598.\" ----- ipnat_flags setting -----------------------------------
599.It Va ipnat_flags
600.Pq Vt str
601Empty by default.
602This variable contains flags passed to the
603.Xr ipnat 8
604program.
605.\" ----- ipmon_enable setting ----------------------------------
606.It Va ipmon_enable
607.Pq Vt bool
608Set to
609.Dq Li NO
610by default.
611Set it to
612.Dq Li YES
613to enable
614.Xr ipmon 8
615monitoring (logging
616.Xr ipf 8
617and
618.Xr ipnat 8
619events).
620Setting this variable needs setting
621.Va ipfilter_enable
622or
623.Va ipnat_enable
624too.
625See
626.Va ipfilter_enable
627for a detailed discussion.
628.\" ----- ipmon_program setting ---------------------------------
629.It Va ipmon_program
630.Pq Vt str
631Path to
632.Xr ipmon 8
633(default
634.Pa /sbin/ipmon ) .
635.\" ----- ipmon_flags setting -----------------------------------
636.It Va ipmon_flags
637.Pq Vt str
638Set to
639.Dq Li -Ds
640by default.
641This variable contains flags passed to the
642.Xr ipmon 8
643program.
644Another typical example would be
645.Dq Fl D Pa /var/log/ipflog
646to have
647.Xr ipmon 8
648log directly to a file bypassing
649.Xr syslogd 8 .
650Make sure to adjust
651.Pa /etc/newsyslog.conf
652in such case like this:
653.Bd -literal
654/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
655.Ed
656.\" ----- ipfs_enable setting -----------------------------------
657.It Va ipfs_enable
658.Pq Vt bool
659Set to
660.Dq Li NO
661by default.
662Set it to
663.Dq Li YES
664to enable
665.Xr ipfs 8
666saving the filter and NAT state tables during shutdown
667and reloading them during startup again.
668Setting this variable needs setting
669.Va ipfilter_enable
670or
671.Va ipnat_enable
672to
673.Dq Li YES
674too.
675See
676.Va ipfilter_enable
677for a detailed discussion.
678Note that if
679.Va kern_securelevel
680is set to 3,
681.Va ipfs_enable
682cannot be used because the raised securelevel will prevent
683.Xr ipfs 8
684from saving the state tables at shutdown time.
685.\" ----- ipfs_program setting ----------------------------------
686.It Va ipfs_program
687.Pq Vt str
688Path to
689.Xr ipfs 8
690(default
691.Pa /sbin/ipfs ) .
692.\" ----- ipfs_flags setting ------------------------------------
693.It Va ipfs_flags
694.Pq Vt str
695Empty by default.
696This variable contains flags passed to the
697.Xr ipfs 8
698program.
699.\" ----- end of added ipf hook ---------------------------------
700.It Va tcp_extensions
701.Pq Vt bool
702Set to
703.Dq Li YES
704by default.
705Setting this to
706.Dq Li NO
707disables certain TCP options as described by
708.Rs
709.%T "RFC 1323"
710.Re
711Setting this to
712.Dq Li NO
713might help remedy such problems with connections as randomly hanging
714or other weird behavior.
715Some network devices are known to be broken with respect to these options.
716.It Va log_in_vain
717.Pq Vt int
718Set to 0 by default.
719The
720.Xr sysctl 8
721variables,
722.Va net.inet.tcp.log_in_vain
723and
724.Va net.inet.udp.log_in_vain ,
725as described in
726.Xr tcp 4
727and
728.Xr udp 4 ,
729are set to the given value.
730.It Va tcp_keepalive
731.Pq Vt bool
732Set to
733.Dq Li YES
734by default.
735Setting to
736.Dq Li NO
737will disable probing idle TCP connections to verify that the
738peer is still up and reachable.
739.It Va tcp_drop_synfin
740.Pq Vt bool
741Set to
742.Dq Li NO
743by default.
744Setting to
745.Dq Li YES
746will cause the kernel to ignore TCP frames that have both
747the SYN and FIN flags set.
748This prevents OS fingerprinting, but may break some legitimate applications.
749This option is only available if the kernel was built with the
750.Dv TCP_DROP_SYNFIN
751option.
752.It Va icmp_drop_redirect
753.Pq Vt bool
754Set to
755.Dq Li NO
756by default.
757Setting to
758.Dq Li YES
759will cause the kernel to ignore ICMP REDIRECT packets.
760Refer to
761.Xr icmp 4
762for more information.
763.It Va icmp_log_redirect
764.Pq Vt bool
765Set to
766.Dq Li NO
767by default.
768Setting to
769.Dq Li YES
770will cause the kernel to log ICMP REDIRECT packets.
771Note that
772the log messages are not rate-limited, so this option should only be used
773for troubleshooting networks.
774Refer to
775.Xr icmp 4
776for more information.
777.It Va icmp_bmcastecho
778.Pq Vt bool
779Set to
780.Dq Li YES
781to respond to broadcast or multicast ICMP ping packets.
782Refer to
783.Xr icmp 4
784for more information.
785.It Va ip_portrange_first
786.Pq Vt int
787If not set to
788.Dq Li NO ,
789this is the first port in the default portrange.
790Refer to
791.Xr ip 4
792for more information.
793.It Va ip_portrange_last
794.Pq Vt int
795If not set to
796.Dq Li NO ,
797this is the last port in the default portrange.
798Refer to
799.Xr ip 4
800for more information.
801.It Va network_interfaces
802.Pq Vt str
803Set to the list of network interfaces to configure on this host.
804For example, if the only network devices in the system are the loopback device
805.Pq Li lo0
806and a NIC using the
807.Xr ed 4
808driver, this could be set to
809.Dq Li "lo0 ed0" .
810An
811.Va ifconfig_ Ns Aq Ar interface
812variable is also assumed to exist for each value of
813.Ar interface .
814It is also possible to add IP alias entries here in cases where
815multiple IP addresses registered against a single interface are desired.
816Assuming that the interface in question was
817.Li ed0 ,
818it might look something like this:
819.Bd -literal
820ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
821ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
822.Ed
823.Pp
824And so on.
825For each
826.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
827entry that is found, its contents are passed to
828.Xr ifconfig 8 .
829Execution stops at the first unsuccessful access, so if
830something like this is present:
831.Bd -literal
832ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
833ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
834ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
835ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
836.Ed
837.Pp
838Then note that alias4 would
839.Em not
840be added since the search would stop with the missing alias3 entry.
841.Pp
842If the
843.Pa /etc/start_if. Ns Aq Ar interface
844file is present, it is read and executed by the
845.Xr sh 1
846interpreter before configuring the interface as specified in the
847.Va ifconfig_ Ns Aq Ar interface
848and
849.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
850variables.
851.Pp
852It is possible to bring up an interface with DHCP by adding
853.Dq Li DHCP
854to the
855.Va ifconfig_ Ns Aq Ar interface
856variable.
857For instance, to initialize the
858.Li ed0
859device via DHCP, it is possible to use something like:
860.Bd -literal
861ifconfig_ed0="DHCP"
862.Ed
863.Pp
864Also, if your interface needs WPA authentication, it is possible to add
865.Dq Li WPA
866to the
867.Va ifconfig_ Ns Aq Ar interface
868variable.
869This will start
870.Xr wpa_supplicant 8 .
871See
872.Xr wpa_supplicant.conf 5
873for configuring authentication information.
874.Pp
875Finally, you can add
876.Xr ifconfig 8
877options in this variable, in addition to the
878.Pa /etc/start_if. Ns Aq Ar interface
879file.
880For instance, to initialize the
881.Li wi0
882device via DHCP, using WPA authentication and 802.11b mode, it is
883possible to use something like:
884.Bd -literal
885ifconfig_wi0="up DHCP WPA mode 11b"
886.Ed
887.Pp
888It is also possible to rename interface by doing:
889.Bd -literal
890ifconfig_ed0_name="net0"
891ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
892.Ed
893.It Va ipv6_network_interfaces
894.Pq Vt str
895This is the IPv6 equivalent of
896.Va network_interfaces .
897Instead of setting the ifconfig variables as
898.Va ifconfig_ Ns Aq Ar interface
899they should be set as
900.Va ipv6_ifconfig_ Ns Aq Ar interface .
901Aliases should be set as
902.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
903.Va ipv6_prefix_ Ns Aq Ar interface
904does something.
905Interfaces that do not have a
906.Va ipv6_ifconfig_ Ns Aq Ar interface
907setting will be auto configured by
908.Xr rtsol 8
909if the
910.Va ipv6_gateway_enable
911is set to
912.Dq Li NO .
913Note that the IPv6 networking code does not support the
914.Pa /etc/start_if. Ns Aq Ar interface
915files.
916.It Va ipv6_default_interface
917.Pq Vt str
918If not set to
919.Dq Li NO ,
920this is the default output interface for scoped addresses.
921Now this works only for IPv6 link local multicast addresses.
922.It Va cloned_interfaces
923.Pq Vt str
924Set to the list of clonable network interfaces to create on this host.
925Entries in
926.Va cloned_interfaces
927are automatically appended to
928.Va network_interfaces
929for configuration.
930.It Va gif_interfaces
931.Pq Vt str
932Set to the list of
933.Xr gif 4
934tunnel interfaces to configure on this host.
935A
936.Va gifconfig_ Ns Aq Ar interface
937variable is assumed to exist for each value of
938.Ar interface .
939The value of this variable is used to configure the link layer of the
940tunnel according to the syntax of the
941.Cm tunnel
942option to
943.Xr ifconfig 8 .
944Additionally, this option ensures that each listed interface is created via the
945.Cm create
946option to
947.Xr ifconfig 8
948before attempting to configure it.
949.It Va sppp_interfaces
950.Pq Vt str
951Set to the list of
952.Xr sppp 4
953interfaces to configure on this host.
954A
955.Va spppconfig_ Ns Aq Ar interface
956variable is assumed to exist for each value of
957.Ar interface .
958Each interface should also be configured by a general
959.Va ifconfig_ Ns Aq Ar interface
960setting.
961Refer to
962.Xr spppcontrol 8
963for more information about available options.
964.It Va ppp_enable
965.Pq Vt bool
966If set to
967.Dq Li YES ,
968run the
969.Xr ppp 8
970daemon.
971.It Va ppp_mode
972.Pq Vt str
973Mode in which to run the
974.Xr ppp 8
975daemon.
976Accepted modes are
977.Dq Li auto ,
978.Dq Li ddial ,
979.Dq Li direct
980and
981.Dq Li dedicated .
982See the manual for a full description.
983.It Va ppp_nat
984.Pq Vt bool
985If set to
986.Dq Li YES ,
987enables network address translation.
988Used in conjunction with
989.Va gateway_enable
990allows hosts on private network addresses access to the Internet using
991this host as a network address translating router.
992.It Va ppp_profile
993.Pq Vt str
994The name of the profile to use from
995.Pa /etc/ppp/ppp.conf .
996.It Va ppp_user
997.Pq Vt str
998The name of the user under which
999.Xr ppp 8
1000should be started.
1001By default,
1002.Xr ppp 8
1003is started as
1004.Dq Li root .
1005.It Va rc_conf_files
1006.Pq Vt str
1007This option is used to specify a list of files that will override
1008the settings in
1009.Pa /etc/defaults/rc.conf .
1010The files will be read in the order in which they are specified and should
1011include the full path to the file.
1012By default, the files specified are
1013.Pa /etc/rc.conf
1014and
1015.Pa /etc/rc.conf.local
1016.It Va fsck_y_enable
1017.Pq Vt bool
1018If set to
1019.Dq Li YES ,
1020.Xr fsck 8
1021will be run with the
1022.Fl y
1023flag if the initial preen of the file systems fails.
1024.It Va netfs_types
1025.Pq Vt str
1026List of file system types that are network-based.
1027This list should generally not be modified by end users.
1028Use
1029.Va extra_netfs_types
1030instead.
1031.It Va extra_netfs_types
1032.Pq Vt str
1033If set to something other than
1034.Dq Li NO
1035(the default), this variable extends the list of file system types
1036for which automatic mounting at startup by
1037.Xr rc 8
1038should be delayed until the network is initialized.
1039It should contain
1040a whitespace-separated list of network file system descriptor pairs,
1041each consisting of a file system type as passed to
1042.Xr mount 8
1043and a human-readable, one-word description, joined with a colon
1044.Pq Ql \&: .
1045Extending the default list in this way is only necessary
1046when third party file system types are used.
1047.It Va syslogd_enable
1048.Pq Vt bool
1049If set to
1050.Dq Li YES ,
1051run the
1052.Xr syslogd 8
1053daemon.
1054.It Va syslogd_program
1055.Pq Vt str
1056Path to
1057.Xr syslogd 8
1058(default
1059.Pa /usr/sbin/syslogd ) .
1060.It Va syslogd_flags
1061.Pq Vt str
1062If
1063.Va syslogd_enable
1064is set to
1065.Dq Li YES ,
1066these are the flags to pass to
1067.Xr syslogd 8 .
1068.It Va inetd_enable
1069.Pq Vt bool
1070If set to
1071.Dq Li YES ,
1072run the
1073.Xr inetd 8
1074daemon.
1075.It Va inetd_program
1076.Pq Vt str
1077Path to
1078.Xr inetd 8
1079(default
1080.Pa /usr/sbin/inetd ) .
1081.It Va inetd_flags
1082.Pq Vt str
1083If
1084.Va inetd_enable
1085is set to
1086.Dq Li YES ,
1087these are the flags to pass to
1088.Xr inetd 8 .
1089.It Va named_enable
1090.Pq Vt bool
1091If set to
1092.Dq Li YES ,
1093run the
1094.Xr named 8
1095daemon.
1096.It Va named_program
1097.Pq Vt str
1098Path to
1099.Xr named 8
1100(default
1101.Pa /usr/sbin/named ) .
1102.It Va named_flags
1103.Pq Vt str
1104If
1105.Va named_enable
1106is set to
1107.Dq Li YES ,
1108these are the flags to pass to
1109.Xr named 8 .
1110.It Va named_pidfile
1111.Pq Vt str
1112This is the default path to the
1113.Xr named 8
1114daemon's PID file.
1115Change it if you change the location in
1116.Pa /etc/namedb/named.conf .
1117.It Va named_chrootdir
1118.Pq Vt str
1119The root directory for a name server run in a
1120.Xr chroot 8
1121environment.
1122If left empty
1123.Xr named 8
1124will not be run in a
1125.Xr chroot 8
1126environment.
1127.It Va kerberos5_server_enable
1128.Pq Vt bool
1129Set to
1130.Dq Li YES
1131to start a Kerberos 5 authentication server at boot time.
1132.It Va kerberos5_server_program
1133.Pq Vt str
1134If
1135.Va kerberos5_server_enable
1136is set to
1137.Dq Li YES
1138this is the path to Kerberos 5 Authentication Server.
1139.It Va kadmind5_server_enable
1140.Pq Vt bool
1141Set to
1142.Dq Li YES
1143to start
1144.Xr kadmind 8 ,
1145the Kerberos 5 Administration Daemon; set to
1146.Dq Li NO
1147on a slave server.
1148.It Va kadmind5_server_program
1149.Pq Vt str
1150If
1151.Va kadmind5_server_enable
1152is set to
1153.Dq Li YES
1154this is the path to Kerberos 5 Administration Daemon.
1155.It Va kpasswdd_server_enable
1156.Pq Vt bool
1157Set to
1158.Dq Li YES
1159to start
1160.Xr kpasswdd 8 ,
1161the Kerberos 5 Password-Changing Daemon; set to
1162.Dq Li NO
1163on a slave server.
1164.It Va kpasswdd_server_program
1165.Pq Vt str
1166If
1167.Va kpasswdd_server_enable
1168is set to
1169.Dq Li YES
1170this is the path to Kerberos 5 Password-Changing Daemon.
1171.It Va rwhod_enable
1172.Pq Vt bool
1173If set to
1174.Dq Li YES ,
1175run the
1176.Xr rwhod 8
1177daemon at boot time.
1178.It Va rwhod_flags
1179.Pq Vt str
1180If
1181.Va rwhod_enable
1182is set to
1183.Dq Li YES ,
1184these are the flags to pass to it.
1185.It Va amd_enable
1186.Pq Vt bool
1187If set to
1188.Dq Li YES ,
1189run the
1190.Xr amd 8
1191daemon at boot time.
1192.It Va amd_flags
1193.Pq Vt str
1194If
1195.Va amd_enable
1196is set to
1197.Dq Li YES ,
1198these are the flags to pass to it.
1199See the
1200.Xr amd 8
1201manpage for more information.
1202.It Va amd_map_program
1203.Pq Vt str
1204If set, the specified program is run to get the list of
1205.Xr amd 8
1206maps.
1207For example, if the
1208.Xr amd 8
1209maps are stored in NIS, one can set this to run
1210.Xr ypcat 1
1211to get a list of
1212.Xr amd 8
1213maps from the
1214.Pa amd.master
1215NIS map.
1216.It Va update_motd
1217.Pq Vt bool
1218If set to
1219.Dq Li YES ,
1220.Pa /etc/motd
1221will be updated at boot time to reflect the kernel release being run.
1222If set to
1223.Dq Li NO ,
1224.Pa /etc/motd
1225will not be updated.
1226.It Va nfs_client_enable
1227.Pq Vt bool
1228If set to
1229.Dq Li YES ,
1230run the NFS client daemons at boot time.
1231.It Va nfs_client_flags
1232.Pq Vt str
1233If
1234.Va nfs_client_enable
1235is set to
1236.Dq Li YES ,
1237these are the flags to pass to the
1238.Xr nfsiod 8
1239daemon.
1240.It Va nfs_access_cache
1241.Pq Vt int
1242If
1243.Va nfs_client_enable
1244is set to
1245.Dq Li YES ,
1246this can be set to
1247.Dq Li 0
1248to disable NFS ACCESS RPC caching, or to the number of seconds for which
1249NFS ACCESS results should be cached.
1250A value of 2-10 seconds will substantially reduce network traffic for
1251many NFS operations.
1252The default is 5 seconds.
1253Note that the attribute cache holds stat information only.
1254The NFS data cache is independent of the attribute cache and is only
1255invalidated when the client detects that the server has modified the
1256underlying file.
1257This value specifies a maximum timeout.
1258The NFS client will automatically use a shorter timeout for files which
1259have been recently modified.
1260.It Va nfs_neg_cache
1261.Pq Vt int
1262If
1263.Va nfs_client_enable
1264is set to
1265.Dq Li YES ,
1266this can be set to
1267.Dq Li 0
1268to disable the caching of NEGATIVE LOOKUPS (lookups of non-existent
1269filenames), or to the number of seconds for which negative lookups should
1270be cached.
1271A value of 2-10 seconds will substantially reduce network
1272traffic for many NFS operations, especially source code builds.
1273The default is 3 seconds.
1274.It Va nfs_server_enable
1275.Pq Vt bool
1276If set to
1277.Dq Li YES ,
1278run the NFS server daemons at boot time.
1279.It Va nfs_server_flags
1280.Pq Vt str
1281If
1282.Va nfs_server_enable
1283is set to
1284.Dq Li YES ,
1285these are the flags to pass to the
1286.Xr nfsd 8
1287daemon.
1288.It Va mountd_enable
1289.Pq Vt bool
1290If set to
1291.Dq Li YES ,
1292and no
1293.Va nfs_server_enable
1294is set, start
1295.Xr mountd 8 ,
1296but not
1297.Xr nfsd 8
1298daemon.
1299It is commonly needed to run CFS without real NFS used.
1300.It Va mountd_flags
1301.Pq Vt str
1302If
1303.Va mountd_enable
1304is set to
1305.Dq Li YES ,
1306these are the flags to pass to the
1307.Xr mountd 8
1308daemon.
1309.It Va weak_mountd_authentication
1310.Pq Vt bool
1311If set to
1312.Dq Li YES ,
1313allow services like PCNFSD to make non-privileged mount requests.
1314.It Va nfs_reserved_port_only
1315.Pq Vt bool
1316If set to
1317.Dq Li YES ,
1318provide NFS services only on a secure port.
1319.It Va nfs_bufpackets
1320.Pq Vt int
1321If set to a number, indicates the number of packets worth of
1322socket buffer space to reserve on an NFS client.
1323The kernel default is typically 4.
1324Using a higher number may be useful on gigabit networks to improve performance.
1325The minimum value is 2 and the maximum is 64.
1326.It Va rpc_umntall_enable
1327.Pq Vt bool
1328If set to
1329.Dq Li YES
1330(default) and we are also an NFS client, run
1331.Xr rpc.umntall 8
1332at boot time to clear out old mounts on remote servers.
1333If set to
1334.Dq Li NO
1335then
1336.Xr rpc.umntall 8
1337will not be run at boot time.
1338.It Va rpc_lockd_enable
1339.Pq Vt bool
1340If set to
1341.Dq Li YES
1342and also an NFS server, run
1343.Xr rpc.lockd 8
1344at boot time.
1345.It Va rpc_statd_enable
1346.Pq Vt bool
1347If set to
1348.Dq Li YES
1349and also an NFS server, run
1350.Xr rpc.statd 8
1351at boot time.
1352.It Va rpcbind_program
1353.Pq Vt str
1354Path to
1355.Xr rpcbind 8
1356(default
1357.Pa /usr/sbin/rpcbind ) .
1358.It Va rpcbind_enable
1359.Pq Vt bool
1360If set to
1361.Dq Li YES ,
1362run the
1363.Xr rpcbind 8
1364service at boot time.
1365.It Va rpcbind_flags
1366.Pq Vt str
1367If
1368.Va rpcbind_enable
1369is set to
1370.Dq Li YES ,
1371these are the flags to pass to the
1372.Xr rpcbind 8
1373daemon.
1374.It Va keyserv_enable
1375.Pq Vt bool
1376If set to
1377.Dq Li YES ,
1378run the
1379.Xr keyserv 8
1380daemon on boot for running Secure RPC.
1381.It Va keyserv_flags
1382.Pq Vt str
1383If
1384.Va keyserv_enable
1385is set to
1386.Dq Li YES ,
1387these are the flags to pass to
1388.Xr keyserv 8
1389daemon.
1390.It Va pppoed_enable
1391.Pq Vt bool
1392If set to
1393.Dq Li YES ,
1394run the
1395.Xr pppoed 8
1396daemon at boot time to provide PPP over Ethernet services.
1397.It Va pppoed_provider
1398.Pq Vt str
1399.Xr pppoed 8
1400listens to requests to this provider and ultimately runs
1401.Xr ppp 8
1402with a
1403.Ar system
1404argument of the same name.
1405.It Va pppoed_flags
1406.Pq Vt str
1407Additional flags to pass to
1408.Xr pppoed 8 .
1409.It Va pppoed_interface
1410.Pq Vt str
1411The network interface to run
1412.Xr pppoed 8
1413on.
1414This is mandatory when
1415.Va pppoed_enable
1416is set to
1417.Dq Li YES .
1418.It Va timed_enable
1419.Pq Vt bool
1420If set to
1421.Dq Li YES ,
1422run the
1423.Xr timed 8
1424service at boot time.
1425This command is intended for networks of machines where a consistent
1426.Dq "network time"
1427for all hosts must be established.
1428This is often useful in large NFS environments where time stamps on
1429files are expected to be consistent network-wide.
1430.It Va timed_flags
1431.Pq Vt str
1432If
1433.Va timed_enable
1434is set to
1435.Dq Li YES ,
1436these are the flags to pass to the
1437.Xr timed 8
1438service.
1439.It Va dntpd_enable
1440.Pq Vt bool
1441If set to
1442.Dq Li YES ,
1443run
1444.Xr dntpd 8
1445at system boot time.
1446.It Va dntpd_program
1447.Pq Vt str
1448Path to
1449.Xr dntpd 8
1450(default
1451.Pa /usr/sbin/dntpd ) .
1452.It Va dntpd_flags
1453.Pq Vt str
1454If
1455.Va dntpd_enable
1456is set to
1457.Dq Li YES ,
1458these are the flags to pass to the
1459.Xr dntpd 8
1460daemon.
1461.It Va btconfig_enable
1462.Pq Vt bool
1463If set to
1464.Dq Li YES ,
1465configure Bluetooth devices via
1466.Xr btconfig 8
1467at system boot time.
1468.It Va btconfig_devices
1469.Pq Vt str
1470If
1471.Va btconfig_enable
1472is set to
1473.Dq Li YES ,
1474this is the list of Bluetooth devices to configure.
1475If
1476.Va btconfig_devices
1477is not specified, all devices known to the system will be configured.
1478A
1479.Va btconfig_ Ns Aq Ar device
1480variable can be set to specify parameters to be passed to
1481.Ar device .
1482.It Va btconfig_args
1483.Pq Vt str
1484If
1485.Va btconfig_enable
1486is set to
1487.Dq Li YES ,
1488this is the list of configuration parameters to pass to all Bluetooth
1489devices.
1490.It Va sdpd_enable
1491.Pq Vt bool
1492If set to
1493.Dq Li YES ,
1494run the Service Discovery Profile daemon
1495.Xr ( sdpd 8 )
1496at system boot time.
1497.It Va sdpd_flags
1498.Pq Vt str
1499If
1500.Va sdpd_enable
1501is set to
1502.Dq Li YES ,
1503these are the flags to pass to the
1504.Xr sdpd 8
1505daemon.
1506.It Va bthcid_enable
1507.Pq Vt bool
1508If set to
1509.Dq Li YES ,
1510run the Bluetooth Link Key/PIN Code Manager daemon
1511.Xr ( bthcid 8 )
1512at system boot time.
1513.It Va bthcid_flags
1514.Pq Vt str
1515If
1516.Va bthcid_enable
1517is set to
1518.Dq Li YES ,
1519these are the flags to pass to the
1520.Xr bthcid 8
1521daemon.
1522.It Va nis_client_enable
1523.Pq Vt bool
1524If set to
1525.Dq Li YES ,
1526run the
1527.Xr ypbind 8
1528service at system boot time.
1529.It Va nis_client_flags
1530.Pq Vt str
1531If
1532.Va nis_client_enable
1533is set to
1534.Dq Li YES ,
1535these are the flags to pass to the
1536.Xr ypbind 8
1537service.
1538.It Va nis_ypset_enable
1539.Pq Vt bool
1540If set to
1541.Dq Li YES ,
1542run the
1543.Xr ypset 8
1544daemon at system boot time.
1545.It Va nis_ypset_flags
1546.Pq Vt str
1547If
1548.Va nis_ypset_enable
1549is set to
1550.Dq Li YES ,
1551these are the flags to pass to the
1552.Xr ypset 8
1553daemon.
1554.It Va nis_server_enable
1555.Pq Vt bool
1556If set to
1557.Dq Li YES ,
1558run the
1559.Xr ypserv 8
1560daemon at system boot time.
1561.It Va nis_server_flags
1562.Pq Vt str
1563If
1564.Va nis_server_enable
1565is set to
1566.Dq Li YES ,
1567these are the flags to pass to the
1568.Xr ypserv 8
1569daemon.
1570.It Va nis_ypxfrd_enable
1571.Pq Vt bool
1572If set to
1573.Dq Li YES ,
1574run the
1575.Xr rpc.ypxfrd 8
1576daemon at system boot time.
1577.It Va nis_ypxfrd_flags
1578.Pq Vt str
1579If
1580.Va nis_ypxfrd_enable
1581is set to
1582.Dq Li YES ,
1583these are the flags to pass to the
1584.Xr rpc.ypxfrd 8
1585daemon.
1586.It Va nis_yppasswdd_enable
1587.Pq Vt bool
1588If set to
1589.Dq Li YES ,
1590run the
1591.Xr rpc.yppasswdd 8
1592daemon at system boot time.
1593.It Va nis_yppasswdd_flags
1594.Pq Vt str
1595If
1596.Va nis_yppasswdd_enable
1597is set to
1598.Dq Li YES ,
1599these are the flags to pass to the
1600.Xr rpc.yppasswdd 8
1601daemon.
1602.It Va rpc_ypupdated_enable
1603.Pq Vt bool
1604If set to
1605.Dq Li YES ,
1606run the
1607.Nm rpc.ypupdated
1608daemon at system boot time.
1609.It Va defaultrouter
1610.Pq Vt str
1611If not set to
1612.Dq Li NO ,
1613create a default route to this host name or IP address
1614(use an IP address if this router is also required to get to the
1615name server!).
1616.It Va ipv6_defaultrouter
1617.Pq Vt str
1618The IPv6 equivalent of
1619.Va defaultrouter .
1620.It Va static_routes
1621.Pq Vt str
1622Set to the list of static routes that are to be added at system boot time.
1623If not set to
1624.Dq Li NO
1625then for each whitespace separated
1626.Ar element
1627in the value, a
1628.Va route_ Ns Aq Ar element
1629variable is assumed to exist whose contents will later be passed to a
1630.Dq Nm route Cm add
1631operation.
1632.It Va ipv6_static_routes
1633.Pq Vt str
1634The IPv6 equivalent of
1635.Va static_routes .
1636If not set to
1637.Dq Li NO
1638then for each whitespace separated
1639.Ar element
1640in the value, a
1641.Va ipv6_route_ Ns Aq Ar element
1642variable is assumed to exist whose contents will later be passed to a
1643.Dq Nm route Cm add Fl inet6
1644operation.
1645.It Va gateway_enable
1646.Pq Vt bool
1647If set to
1648.Dq Li YES ,
1649configure host to act as an IP router, e.g. to forward packets
1650between interfaces.
1651.It Va ipv6_gateway_enable
1652.Pq Vt bool
1653The IPv6 equivalent of
1654.Va gateway_enable .
1655.It Va router_enable
1656.Pq Vt bool
1657If set to
1658.Dq Li YES ,
1659run a routing daemon of some sort, based on the settings of
1660.Va router_program
1661and
1662.Va router_flags .
1663.It Va ipv6_router_enable
1664.Pq Vt bool
1665The IPv6 equivalent of
1666.Va router_enable .
1667If set to
1668.Dq Li YES ,
1669run a routing daemon of some sort, based on the settings of
1670.Va ipv6_router_program
1671and
1672.Va ipv6_router_flags .
1673.It Va router_program
1674.Pq Vt str
1675If
1676.Va router_enable
1677is set to
1678.Dq Li YES ,
1679this is the name of the routing daemon to use.
1680.It Va ipv6_router_program
1681.Pq Vt str
1682The IPv6 equivalent of
1683.Va router_program .
1684.It Va router_flags
1685.Pq Vt str
1686If
1687.Va router_enable
1688is set to
1689.Dq Li YES ,
1690these are the flags to pass to the routing daemon.
1691.It Va ipv6_router_flags
1692.Pq Vt str
1693The IPv6 equivalent of
1694.Va router_flags .
1695.It Va mrouted_enable
1696.Pq Vt bool
1697If set to
1698.Dq Li YES ,
1699run the multicast routing daemon,
1700.Xr mrouted 8 .
1701.It Va mroute6d_enable
1702.Pq Vt bool
1703The IPv6 equivalent of
1704.Va mrouted_enable .
1705If set to
1706.Dq Li YES ,
1707run the IPv6 multicast routing daemon.
1708Note that no IPv6 multicast routing daemon is included in the
1709.Dx
1710base system but
1711.Xr pim6dd 8
1712can be installed from the
1713.Xr pkgsrc 7
1714collection.
1715.It Va mrouted_flags
1716.Pq Vt str
1717If
1718.Va mrouted_enable
1719is set to
1720.Dq Li YES ,
1721these are the flags to pass to the
1722.Xr mrouted 8
1723daemon.
1724.It Va mroute6d_flags
1725.Pq Vt str
1726The IPv6 equivalent of
1727.Va mrouted_flags .
1728If
1729.Va mroute6d_enable
1730is set to
1731.Dq Li YES ,
1732these are the flags passed to the IPv6 multicast routing daemon.
1733.It Va mroute6d_program
1734.Pq Vt str
1735If
1736.Va mroute6d_enable
1737is set to
1738.Dq Li YES ,
1739this is the path to the IPv6 multicast routing daemon.
1740.It Va rtadvd_enable
1741.Pq Vt bool
1742If set to
1743.Dq Li YES ,
1744run the
1745.Xr rtadvd 8
1746daemon at boot time.
1747.Xr rtadvd 8
1748will only run if
1749.Va ipv6_gateway_enable
1750is also set to
1751.Dq Li YES .
1752The
1753.Xr rtadvd 8
1754utility sends router advertisement packets to the interfaces specified in
1755.Va rtadvd_interfaces .
1756.Xr rtadvd 8
1757and should only be enabled with great care.
1758You may want to fine-tune
1759.Xr rtadvd.conf 5 .
1760.It Va rtadvd_interfaces
1761.Pq Vt str
1762If
1763.Va rtadvd_enable
1764is set to
1765.Dq Li YES
1766this is the list of interfaces to use.
1767.It Va rtsold_enable
1768.Pq Vt bool
1769If set to
1770.Dq Li YES ,
1771run the
1772.Xr rtsold 8
1773daemon at boot time.
1774The
1775.Xr rtsold 8
1776daemon is used for automatic discovery of non-link local addresses.
1777.It Va rtsold_flags
1778.Pq Vt str
1779If
1780.Va rtsold_enable
1781is set to
1782.Dq Li YES ,
1783these are the flags to pass to the
1784.Xr rtsold 8
1785daemon.
1786.It Va ipxgateway_enable
1787.Pq Vt bool
1788If set to
1789.Dq Li YES ,
1790enable the routing of IPX traffic.
1791.It Va ipxrouted_enable
1792.Pq Vt bool
1793If set to
1794.Dq Li YES ,
1795run the
1796.Xr IPXrouted 8
1797daemon at system boot time.
1798.It Va ipxrouted_flags
1799.Pq Vt str
1800If
1801.Va ipxrouted_enable
1802is set to
1803.Dq Li YES ,
1804these are the flags to pass to the
1805.Xr IPXrouted 8
1806daemon.
1807.It Va arpproxy_all
1808.Pq Vt bool
1809If set to
1810.Dq Li YES ,
1811enable global proxy ARP.
1812.It Va forward_sourceroute
1813.Pq Vt bool
1814If set to
1815.Dq Li YES
1816and
1817.Va gateway_enable
1818is also set to
1819.Dq Li YES ,
1820source-routed packets are forwarded.
1821.It Va accept_sourceroute
1822.Pq Vt bool
1823If set to
1824.Dq Li YES ,
1825the system will accept source-routed packets directed at it.
1826.It Va rarpd_enable
1827.Pq Vt bool
1828If set to
1829.Dq Li YES ,
1830run the
1831.Xr rarpd 8
1832daemon at system boot time.
1833.It Va rarpd_flags
1834.Pq Vt str
1835If
1836.Va rarpd_enable
1837is set to
1838.Dq Li YES ,
1839these are the flags to pass to the
1840.Xr rarpd 8
1841daemon.
1842.It Va bootparamd_enable
1843.Pq Vt bool
1844If set to
1845.Dq Li YES ,
1846run the
1847.Xr bootparamd 8
1848daemon at system boot time.
1849.It Va bootparamd_flags
1850.Pq Vt str
1851If
1852.Va bootparamd_enable
1853is set to
1854.Dq Li YES ,
1855these are the flags to pass to the
1856.Xr bootparamd 8
1857daemon.
1858.It Va stf_interface_ipv4addr
1859.Pq Vt str
1860If not set to
1861.Dq Li NO ,
1862this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling interface).
1863Specify this entry to enable the 6to4 interface.
1864.It Va stf_interface_ipv4plen
1865.Pq Vt int
1866Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1867An effective value is 0-31.
1868.It Va stf_interface_ipv6_ifid
1869.Pq Vt str
1870IPv6 interface ID for
1871.Xr stf 4 .
1872This can be set to
1873.Dq Li AUTO .
1874.It Va stf_interface_ipv6_slaid
1875.Pq Vt str
1876IPv6 Site Level Aggregator for
1877.Xr stf 4 .
1878.It Va ipv6_faith_prefix
1879.Pq Vt str
1880If not set to
1881.Dq Li NO ,
1882this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP translator.
1883You also need
1884.Xr faithd 8
1885setup.
1886.It Va ipv6_ipv4mapping
1887.Pq Vt bool
1888If set to
1889.Dq Li YES
1890this enables IPv4 mapped IPv6 address communication (like
1891.Li ::ffff:a.b.c.d ) .
1892.It Va atm_enable
1893.Pq Vt bool
1894Set to
1895.Dq Li YES
1896to enable the configuration of ATM interfaces at system boot time.
1897For all of the ATM variables described below, please refer to the
1898.Xr atm 8
1899man page for further details on the available command parameters.
1900Also refer to the files in
1901.Pa /usr/share/examples/atm
1902for more detailed configuration information.
1903.It Va atm_netif_ Ns Aq Ar intf
1904.Pq Vt str
1905For the ATM physical interface
1906.Ar intf ,
1907this variable defines the name prefix and count for the ATM network
1908interfaces to be created.
1909The value will be passed as the parameters of an
1910.Dq Nm atm Cm "set netif" Ar intf
1911command.
1912.It Va atm_sigmgr_ Ns Aq Ar intf
1913.Pq Vt str
1914For the ATM physical interface
1915.Ar intf ,
1916this variable defines the ATM signalling manager to be used.
1917The value will be passed as the parameters of an
1918.Dq Nm atm Cm attach Ar intf
1919command.
1920.It Va atm_prefix_ Ns Aq Ar intf
1921.Pq Vt str
1922For the ATM physical interface
1923.Ar intf ,
1924this variable defines the NSAP prefix for interfaces using a UNI signalling
1925manager.
1926If set to
1927.Dq Li ILMI ,
1928the prefix will automatically be set via the
1929.Xr ilmid 8
1930daemon.
1931Otherwise, the value will be passed as the parameters of an
1932.Dq Nm atm Cm "set prefix" Ar intf
1933command.
1934.It Va atm_macaddr_ Ns Aq Ar intf
1935.Pq Vt str
1936For the ATM physical interface
1937.Ar intf ,
1938this variable defines the MAC address for interfaces using a UNI signalling
1939manager.
1940If set to
1941.Dq Li NO ,
1942the hardware MAC address contained in the ATM interface card will be used.
1943Otherwise, the value will be passed as the parameters of an
1944.Dq Nm atm Cm "set mac" Ar intf
1945command.
1946.It Va atm_arpserver_ Ns Aq Ar netif
1947.Pq Vt str
1948For the ATM network interface
1949.Ar netif ,
1950this variable defines the ATM address for a host which is to provide ATMARP
1951service.
1952This variable is only applicable to interfaces using a UNI signalling manager.
1953If set to
1954.Dq Li local ,
1955this host will become an ATMARP server.
1956The value will be passed as the parameters of an
1957.Dq Nm atm Cm "set arpserver" Ar netif
1958command.
1959.It Va atm_scsparp_ Ns Aq Ar netif
1960.Pq Vt bool
1961If set to
1962.Dq Li YES ,
1963SCSP/ATMARP service for the network interface
1964.Ar netif
1965will be initiated using the
1966.Xr scspd 8
1967and
1968.Xr atmarpd 8
1969daemons.
1970This variable is only applicable if
1971.Va atm_arpserver_ Ns Aq Ar netif
1972is set to
1973.Dq Li local .
1974.It Va atm_arps
1975.Pq Vt str
1976Set to the list of permanent ATM ARP entries to be added at system boot time.
1977For each whitespace separated
1978.Ar element
1979in the value, an
1980.Va atm_arp_ Ns Aq Ar element
1981variable is assumed to exist.
1982The value of each of these variables will be passed as the parameters of an
1983.Dq Nm atm Cm "add arp"
1984command.
1985.It Va keybell
1986.Pq Vt str
1987The keyboard bell sound.
1988Set to
1989.Dq Li normal ,
1990.Dq Li visual ,
1991.Dq Li off ,
1992or
1993.Dq Li NO
1994if the default behavior is desired.
1995For details, refer to the
1996.Xr kbdcontrol 1
1997manpage.
1998.It Va keymap
1999.Pq Vt str
2000If set to
2001.Dq Li NO ,
2002no keymap is installed, otherwise the value is used to install
2003the keymap file in
2004.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
2005.It Va keyrate
2006.Pq Vt str
2007The keyboard repeat speed.
2008Set to
2009.Dq Li slow ,
2010.Dq Li normal ,
2011.Dq Li fast ,
2012or
2013.Dq Li NO
2014if the default behavior is desired.
2015.It Va keychange
2016.Pq Vt str
2017If not set to
2018.Dq Li NO ,
2019attempt to program the function keys with the value.
2020The value should be a single string of the form:
2021.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
2022.It Va cursor
2023.Pq Vt str
2024Can be set to the value of
2025.Dq Li normal ,
2026.Dq Li blink ,
2027.Dq Li destructive ,
2028or
2029.Dq Li NO
2030to set the cursor behavior explicitly or choose the default behavior.
2031.It Va scrnmap
2032.Pq Vt str
2033If set to
2034.Dq Li NO ,
2035no screen map is installed, otherwise the value is used to install
2036the screen map file in
2037.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
2038.It Va font8x16
2039.Pq Vt str
2040If set to
2041.Dq Li NO ,
2042the default 8x16 font value is used for screen size requests, otherwise
2043the value in
2044.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2045is used.
2046.It Va font8x14
2047.Pq Vt str
2048If set to
2049.Dq Li NO ,
2050the default 8x14 font value is used for screen size requests, otherwise
2051the value in
2052.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2053is used.
2054.It Va font8x8
2055.Pq Vt str
2056If set to
2057.Dq Li NO ,
2058the default 8x8 font value is used for screen size requests, otherwise
2059the value in
2060.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2061is used.
2062.It Va blanktime
2063.Pq Vt int
2064If set to
2065.Dq Li NO ,
2066the default screen blanking interval is used, otherwise it is set to
2067.Ar value
2068seconds.
2069.It Va saver
2070.Pq Vt str
2071If not set to
2072.Dq Li NO ,
2073this is the actual screen saver to use
2074.Li ( blank , snake , daemon ,
2075etc).
2076.It Va moused_enable
2077.Pq Vt str
2078If set to
2079.Dq Li YES ,
2080the
2081.Xr moused 8
2082daemon is started for doing cut/paste selection on the console.
2083.It Va moused_type
2084.Pq Vt str
2085This is the protocol type of the mouse connected to this host.
2086This variable must be set if
2087.Va moused_enable
2088is set to
2089.Dq Li YES .
2090The
2091.Xr moused 8
2092daemon
2093is able to detect the appropriate mouse type automatically in many cases.
2094Set this variable to
2095.Dq Li auto
2096to let the daemon detect it, or
2097select one from the following list if the automatic detection fails.
2098.Pp
2099If the mouse is attached to the PS/2 mouse port, choose
2100.Dq Li auto
2101or
2102.Dq Li ps/2 ,
2103regardless of the brand and model of the mouse.
2104Likewise, if the mouse is attached to the bus mouse port, choose
2105.Dq Li auto
2106or
2107.Dq Li busmouse .
2108All other protocols are for serial mice and will not work with
2109the PS/2 and bus mice.
2110If this is a USB mouse,
2111.Dq Li auto
2112is the only protocol type which will work.
2113.Pp
2114.Bl -tag -width ".Li x10mouseremote" -compact
2115.It Li microsoft
2116Microsoft mouse (serial)
2117.It Li intellimouse
2118Microsoft IntelliMouse (serial)
2119.It Li mousesystems
2120Mouse systems Corp. mouse (serial)
2121.It Li mmseries
2122MM Series mouse (serial)
2123.It Li logitech
2124Logitech mouse (serial)
2125.It Li busmouse
2126A bus mouse
2127.It Li mouseman
2128Logitech MouseMan and TrackMan (serial)
2129.It Li glidepoint
2130ALPS GlidePoint (serial)
2131.It Li thinkingmouse
2132Kensington ThinkingMouse (serial)
2133.It Li ps/2
2134PS/2 mouse
2135.It Li mmhittab
2136MM HitTablet (serial)
2137.It Li x10mouseremote
2138X10 MouseRemote (serial)
2139.It Li versapad
2140Interlink VersaPad (serial)
2141.El
2142.Pp
2143Even if the mouse is not in the above list, it may be compatible
2144with one in the list.
2145Refer to the man page for
2146.Xr moused 8
2147for compatibility information.
2148.Pp
2149It should also be noted that while this is enabled, any
2150other client of the mouse (such as an X server) should access
2151the mouse through the virtual mouse device,
2152.Pa /dev/sysmouse ,
2153and configure it as a
2154.Dq Li sysmouse
2155type mouse, since all
2156mouse data is converted to this single canonical format when using
2157.Xr moused 8 .
2158If the client program does not support the
2159.Dq Li sysmouse
2160type, specify the
2161.Dq Li mousesystems
2162type.
2163It is the second preferred type.
2164.It Va moused_port
2165.Pq Vt str
2166If
2167.Va moused_enable
2168is set to
2169.Dq Li YES ,
2170this is the actual port the mouse is on.
2171It might be
2172.Pa /dev/cuaa0
2173for a COM1 serial mouse,
2174.Pa /dev/psm0
2175for a PS/2 mouse or
2176.Pa /dev/mse0
2177for a bus mouse, for example.
2178.It Va moused_flags
2179.Pq Vt str
2180If
2181.Va moused_type
2182is set, these are the additional flags to pass to the
2183.Xr moused 8
2184daemon.
2185.It Va mousechar_start
2186.Pq Vt int
2187If set to
2188.Dq Li NO ,
2189the default mouse cursor character range
2190.Li 0xd0 Ns - Ns Li 0xd3
2191is used, otherwise the range start is set to
2192.Ar value
2193character, see
2194.Xr vidcontrol 1 .
2195Use if the default range is occupied in the language code table.
2196.It Va vidhistory
2197.Pq Vt int
2198Set the size of the history (scrollback) buffer in lines.
2199.It Va allscreens_flags
2200.Pq Vt str
2201If set,
2202.Xr vidcontrol 1
2203is run with these options for each of the virtual terminals
2204.Pq Pa /dev/ttyv* .
2205For example,
2206.Dq Fl m Cm on
2207will enable the mouse pointer on all virtual terminals if
2208.Va moused_enable
2209is set to
2210.Dq Li YES .
2211.It Va allscreens_kbdflags
2212.Pq Vt str
2213If set,
2214.Xr kbdcontrol 1
2215is run with these options for each of the virtual terminals
2216.Pq Pa /dev/ttyv* .
2217For example,
2218.Dq Fl h Li 200
2219will set the
2220.Xr syscons 4
2221scrollback (history) buffer to 200 lines.
2222.It Va cron_enable
2223.Pq Vt bool
2224If set to
2225.Dq Li YES ,
2226run the
2227.Xr cron 8
2228daemon at system boot time.
2229.It Va cron_program
2230.Pq Vt str
2231Path to
2232.Xr cron 8
2233(default
2234.Pa /usr/sbin/cron ) .
2235.It Va cron_flags
2236.Pq Vt str
2237If
2238.Va cron_enable
2239is set to
2240.Dq Li YES ,
2241these are the flags to pass to
2242.Xr cron 8 .
2243.It Va lpd_program
2244.Pq Vt str
2245Path to
2246.Xr lpd 8
2247(default
2248.Pa /usr/sbin/lpd ) .
2249.It Va lpd_enable
2250.Pq Vt bool
2251If set to
2252.Dq Li YES ,
2253run the
2254.Xr lpd 8
2255daemon at system boot time.
2256.It Va lpd_flags
2257.Pq Vt str
2258If
2259.Va lpd_enable
2260is set to
2261.Dq Li YES ,
2262these are the flags to pass to the
2263.Xr lpd 8
2264daemon.
2265.It Va mixer_enable
2266.Pq Vt bool
2267If set to
2268.Dq Li YES ,
2269preserve
2270.Xr mixer 8
2271settings across reboots.
2272.It Va mta_start_script
2273.Pq Vt str
2274This variable specifies the full path to the script to run to start
2275a mail transfer agent.
2276The default is
2277.Pa /etc/rc.sendmail .
2278The
2279.Va sendmail_*
2280variables which
2281.Pa /etc/rc.sendmail
2282uses are documented in the
2283.Xr rc.sendmail 8
2284man page.
2285.It Va dumpdev
2286.Pq Vt str
2287Indicates the device (usually a swap partition) to which a crash dump
2288should be written in the event of a system crash.
2289The value of this variable is passed as the argument to
2290.Xr dumpon 8 .
2291To disable crash dumps, set this variable to
2292.Dq Li NO .
2293.It Va dumpdir
2294.Pq Vt str
2295When the system reboots after a crash and a crash dump is found on the
2296device specified by the
2297.Va dumpdev
2298variable,
2299.Xr savecore 8
2300will save that crash dump and a copy of the kernel to the directory
2301specified by the
2302.Va dumpdir
2303variable.
2304The default value is
2305.Pa /var/crash .
2306Set to
2307.Dq Li NO
2308to not run
2309.Xr savecore 8
2310at boot time when
2311.Va dumpdir
2312is set.
2313.It Va savecore_flags
2314.Pq Vt str
2315If crash dumps are enabled, these are the flags to pass to the
2316.Xr savecore 8
2317utility.
2318.It Va enable_quotas
2319.Pq Vt bool
2320Set to
2321.Dq Li YES
2322to turn on user disk quotas on system startup via the
2323.Xr quotaon 8
2324command.
2325.It Va check_quotas
2326.Pq Vt bool
2327Set to
2328.Dq Li YES
2329to enable user disk quota checking via the
2330.Xr quotacheck 8
2331command.
2332.It Va accounting_enable
2333.Pq Vt bool
2334Set to
2335.Dq Li YES
2336to enable system accounting through the
2337.Xr accton 8
2338facility.
2339.It Va linux_enable
2340.Pq Vt bool
2341Set to
2342.Dq Li YES
2343to enable Linux/ELF binary emulation at system initial boot time.
2344.It Va sysvipc_enable
2345.Pq Vt bool
2346If set to
2347.Dq Li YES ,
2348load System V IPC primitives at boot time.
2349.\" ----- cleanvar_enable setting--------------------------------
2350.It Va cleanvar_enable
2351.Pq Vt bool
2352Set to
2353.Dq Li YES
2354to have
2355.Pa /var/run ,
2356.Pa /var/spool/lock
2357and
2358.Pa /var/spool/uucp/.Temp/*
2359cleaned at startup.
2360.\" ----- clear_tmp_enable setting-------------------------------
2361.It Va clear_tmp_enable
2362.Pq Vt bool
2363Set to
2364.Dq Li YES
2365to have
2366.Pa /tmp
2367cleaned at startup.
2368.\" ----- ldconfig_paths setting --------------------------------
2369.It Va ldconfig_paths
2370.Pq Vt str
2371Set to the list of shared library paths to use with
2372.Xr ldconfig 8 .
2373NOTE:
2374.Pa /usr/lib
2375will always be added first, so it need not appear in this list.
2376.It Va ldconfig_insecure
2377.Pq Vt bool
2378The
2379.Xr ldconfig 8
2380utility normally refuses to use directories
2381which are writable by anyone except root.
2382Set this variable to
2383.Dq Li YES
2384to disable that security check during system startup.
2385.It Va kern_securelevel
2386.Pq Vt int
2387The kernel security level to set at startup.
2388The allowed range of
2389.Ar value
2390ranges from \-1 (the compile time default) to 3 (the most secure).
2391See
2392.Xr init 8
2393for the list of possible security levels and their effect on system operation.
2394.It Va start_vinum
2395.Pq Vt bool
2396Set to
2397.Dq Li YES
2398to start
2399.Xr vinum 8
2400at system boot time.
2401.It Va sshd_enable
2402.Pq Vt bool
2403Set to
2404.Dq Li YES
2405to start
2406.Xr sshd 8
2407at system boot time.
2408.It Va sshd_program
2409.Pq Vt str
2410Path to the SSH server program
2411.Pa ( /usr/sbin/sshd
2412is the default).
2413.It Va sshd_flags
2414.Pq Vt str
2415If
2416.Va sshd_enable
2417is set to
2418.Dq Li YES ,
2419these are the flags to pass to the
2420.Xr sshd 8
2421daemon.
2422.It Va ftpd_enable
2423.Pq Vt bool
2424Set to
2425.Dq Li YES
2426to start
2427.Xr ftpd 8
2428at system boot time.
2429.It Va ftpd_flags
2430.Pq Vt str
2431If
2432.Va ftpd_enable
2433is set to
2434.Dq Li YES ,
2435these are the flags to pass to the
2436.Xr ftpd 8
2437daemon.
2438.It Va usbd_enable
2439.Pq Vt bool
2440If set to
2441.Dq Li YES ,
2442run the
2443.Xr usbd 8
2444daemon at boot time.
2445.It Va usbd_flags
2446.Pq Vt str
2447If
2448.Va usbd_enable
2449is set to
2450.Dq Li YES ,
2451these are the flags passed to
2452.Xr usbd 8
2453daemon.
2454.It Va watchdogd_enable
2455.Pq Vt bool
2456If set to
2457.Dq Li YES ,
2458start the
2459.Xr watchdogd 8
2460daemon at boot time.
2461This requires that the kernel have been compiled with
2462.Cd "options WATCHDOG" .
2463.It Va jail_enable
2464.Pq Vt bool
2465If set to
2466.Dq Li NO ,
2467any configured jails will not be started.
2468.It Va jail_list
2469.Pq Vt str
2470A space separated list of names for jails.
2471This is purely a configuration aid to help identify and
2472configure multiple jails.
2473The names specified in this list will be used to
2474identify settings common to an instance of a jail.
2475Assuming that the jail in question was named
2476.Li vjail ,
2477you would have the following dependent variables:
2478.Bd -literal
2479jail_vjail_hostname="jail.example.com"
2480jail_vjail_ip="192.168.1.100"
2481jail_vjail_rootdir="/var/jails/vjail/root"
2482.Ed
2483.Pp
2484.It Va jail_flags
2485.Pq Vt str
2486Unset by default.
2487When set, use as default value for
2488.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2489for every jail in
2490.Va jail_list .
2491.It Va jail_interface
2492.Pq Vt str
2493Unset by default.
2494When set, use as default value for
2495.Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2496for every jail in
2497.Va jail_list .
2498.It Va jail_fstab
2499.Pq Vt str
2500Unset by default.
2501When set, use as default value for
2502.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2503for every jail in
2504.Va jail_list .
2505.It Va jail_mount_enable
2506.Pq Vt bool
2507Set to
2508.Dq Li NO
2509by default.
2510When set to
2511.Dq Li YES ,
2512sets
2513.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2514to
2515.Dq Li YES
2516by default for every jail in
2517.Va jail_list .
2518.It Va jail_fdesc_enable
2519.Pq Vt bool
2520Set to
2521.Dq Li NO
2522by default.
2523When set to
2524.Dq Li YES ,
2525sets
2526.Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2527to
2528.Dq Li YES
2529by default for every jail in
2530.Va jail_list .
2531.It Va jail_procfs_enable
2532.Pq Vt bool
2533Set to
2534.Dq Li NO
2535by default.
2536When set to
2537.Dq Li YES ,
2538sets
2539.Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2540to
2541.Dq Li YES
2542by default for every jail in
2543.Va jail_list .
2544.It Va jail_exec_start
2545.Pq Vt str
2546Unset by default.
2547When set, use as default value for
2548.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2549for every jail in
2550.Va jail_list .
2551.It Va jail_exec_stop
2552Unset by default.
2553When set, use as default value for
2554.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2555for every jail in
2556.Va jail_list .
2557.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
2558.Pq Vt str
2559Unset by default.
2560Set to the root directory used by jail
2561.Va jname .
2562.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
2563.Pq Vt str
2564Unset by default.
2565Set to the fully qualified domain name (FQDN) assigned to jail
2566.Va jname .
2567.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
2568.Pq Vt str
2569Unset by default.
2570Set to the IP address assigned to jail
2571.Va jname .
2572.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2573.Pq Vt str
2574Set to
2575.Dq Li -l -U root
2576by default.
2577These are flags to pass to
2578.Xr jail 8 .
2579.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2580.Pq Vt str
2581Unset by default.
2582When set, sets the interface to use when setting IP address alias.
2583Note that the alias is created at jail startup and removed at jail shutdown.
2584.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2585.Pq Vt str
2586Set to
2587.Pa /etc/fstab. Ns Aq Ar jname
2588by default.
2589This is the file system information file to use for jail
2590.Va jname .
2591.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2592.Pq Vt bool
2593Set to
2594.Dq Li NO
2595by default.
2596When set to
2597.Dq Li YES ,
2598mount all file systems from
2599.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2600at jail startup.
2601.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2602.Pq Vt bool
2603Set to
2604.Dq Li NO
2605by default.
2606When set to
2607.Dq Li YES ,
2608mount the file-descriptor file system inside jail
2609.Ar jname
2610at jail startup.
2611.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2612.Pq Vt bool
2613Set to
2614.Dq Li NO
2615by default.
2616When set to
2617.Dq Li YES ,
2618mount the process file system inside jail
2619.Ar jname
2620at jail startup.
2621.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2622.Pq Vt str
2623Set to
2624.Dq Li /bin/sh /etc/rc
2625by default.
2626This is the command executed at jail startup.
2627.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2628.Pq Vt str
2629Set to
2630.Dq Li /bin/sh /etc/rc.shutdown
2631by default.
2632This is the command executed at jail shutdown.
2633.It Va jail_set_hostname_allow
2634.Pq Vt bool
2635If set to
2636.Dq Li NO ,
2637do not allow the root user in a jail to set its hostname.
2638.It Va jail_socket_unixiproute_only
2639.Pq Vt bool
2640If set to
2641.Dq Li YES ,
2642do not allow any sockets,
2643besides UNIX/IP/route sockets,
2644to be used within a jail.
2645.It Va jail_sysvipc_allow
2646.Pq Vt bool
2647If set to
2648.Dq Li YES ,
2649allow applications within a jail to use System V IPC.
2650.It Va newsyslog_enable
2651.Pq Vt bool
2652If set to
2653.Dq Li YES ,
2654run
2655.Xr newsyslog 8
2656before syslogd starts.
2657.It Va newsyslog_flags
2658.Pq Vt str
2659If
2660.Va newsyslog_enable
2661is set to
2662.Dq Li YES ,
2663these are the flags passed to
2664.Xr newsyslog 8 .
2665.It Va resident_enable
2666.Pq Vt bool
2667If set to
2668.Dq Li YES ,
2669make the dynamic binaries listed in
2670.Pa /etc/resident.conf
2671resident.
2672.It Va varsym_enable
2673.Pq Vt bool
2674If set to
2675.Dq Li YES ,
2676process
2677.Pa /etc/varsym.conf
2678to set system-wide variables for variant symlinks.
2679.It Va rand_irqs
2680.Pq Vt str
2681Set either to
2682.Dq Li NO
2683or a whitespace separated list of IRQ numbers which will be used as a source of
2684randomness.
2685.\" ----- isdn settings ---------------------------------
2686.It Va isdn_enable
2687.Pq Vt bool
2688Set to
2689.Dq Li NO
2690by default.
2691When set to
2692.Dq Li YES ,
2693starts the
2694.Xr isdnd 8
2695daemon at system boot time.
2696.It Va isdn_flags
2697.Pq Vt str
2698Set to
2699.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
2700by default.
2701Additional flags to pass to
2702.Xr isdnd 8
2703(but see
2704.Va isdn_fsdev
2705and
2706.Va isdn_ttype
2707for certain tunable parameters).
2708.It Va isdn_ttype
2709.Pq Vt str
2710Set to
2711.Dq Li cons25
2712by default.
2713The terminal type of the output device when
2714.Xr isdnd 8
2715operates in full-screen mode.
2716.It Va isdn_screenflags
2717.Pq Vt str
2718Set to
2719.Dq Li NO
2720by default.
2721The video mode for full-screen mode (only for
2722.Xr syscons 4
2723console driver, see
2724.Xr vidcontrol 1
2725for valid modes).
2726.It Va isdn_fsdev
2727.Pq Vt str
2728Set to
2729.Dq Li NO
2730by default.
2731The output device for
2732.Xr isdnd 8
2733in full-screen mode (or
2734.Dq Li NO
2735for daemon mode).
2736.It Va isdn_trace
2737.Pq Vt bool
2738Set to
2739.Dq Li NO
2740by default.
2741When set to
2742.Dq Li YES ,
2743enables the ISDN protocol trace utility
2744.Xr isdntrace 8
2745at system boot time.
2746.It Va isdn_traceflags
2747.Pq Vt str
2748Set to
2749.Dq Fl f Pa /var/tmp/isdntrace0
2750by default.
2751Flags for
2752.Xr isdntrace 8 .
2753.\" -----------------------------------------------------
2754.It Va entropy_dir
2755.Pq Vt str
2756Set to
2757.Dq Li NO
2758to disable caching entropy via
2759.Xr cron 8 .
2760Otherwise set to the directory used to store entropy files in.
2761.It Va entropy_file
2762.Pq Vt str
2763Set to
2764.Dq Li NO
2765to disable caching entropy through reboots.
2766Otherwise set to the filename used to store cached entropy through reboots.
2767This file should be located on the root file system to seed the
2768.Xr random 4
2769device as early as possible in the boot process.
2770.It Va ipsec_enable
2771.Pq Vt bool
2772Set to
2773.Dq Li YES
2774to run
2775.Xr setkey 8
2776on
2777.Va ipsec_file
2778at boot time.
2779.It Va ipsec_file
2780.Pq Vt str
2781Configuration file for
2782.Xr setkey 8 .
2783.It Va dmesg_enable
2784.Pq Vt bool
2785Set to
2786.Dq Li YES
2787to save
2788.Xr dmesg 8
2789to
2790.Pa /var/run/dmesg.boot
2791on boot.
2792.It Va rcshutdown_timeout
2793.Pq Vt int
2794If set, start a watchdog timer in the background which will terminate
2795.Pa rc.shutdown
2796if
2797.Xr shutdown 8
2798has not completed within the specified time (in seconds).
2799.El
2800.Sh FILES
2801.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
2802.It Pa /etc/defaults/rc.conf
2803.It Pa /etc/rc.conf
2804.It Pa /etc/rc.conf.local
2805.El
2806.Sh SEE ALSO
2807.Xr catman 1 ,
2808.Xr gdb 1 ,
2809.Xr info 1 ,
2810.Xr kbdcontrol 1 ,
2811.Xr varsym 1 ,
2812.Xr vidcontrol 1 ,
2813.Xr ip 4 ,
2814.Xr ipf 4 ,
2815.Xr ipfw 4 ,
2816.Xr kld 4 ,
2817.Xr pf 4 ,
2818.Xr tcp 4 ,
2819.Xr udp 4 ,
2820.Xr exports 5 ,
2821.Xr motd 5 ,
2822.Xr resident.conf 5 ,
2823.Xr varsym.conf 5 ,
2824.Xr accton 8 ,
2825.Xr amd 8 ,
2826.Xr apm 8 ,
2827.Xr atm 8 ,
2828.Xr btconfig 8 ,
2829.Xr bthcid 8 ,
2830.Xr cron 8 ,
2831.Xr dhclient 8 ,
2832.Xr dhcpd 8 ,
2833.Xr dhcrelay 8 ,
2834.Xr dntpd 8 ,
2835.Xr ftpd 8 ,
2836.Xr ifconfig 8 ,
2837.Xr inetd 8 ,
2838.Xr isdnd 8 ,
2839.Xr isdntrace 8 ,
2840.Xr jail 8 ,
2841.Xr lpd 8 ,
2842.Xr makewhatis 8 ,
2843.Xr mdconfig 8 ,
2844.Xr mixer 8 ,
2845.Xr mountd 8 ,
2846.Xr moused 8 ,
2847.Xr mrouted 8 ,
2848.Xr named 8 ,
2849.Xr nfsd 8 ,
2850.Xr pcnfsd 8 ,
2851.Xr pfctl 8 ,
2852.Xr pflogd 8 ,
2853.Xr quotacheck 8 ,
2854.Xr quotaon 8 ,
2855.Xr rc 8 ,
2856.Xr rc.sendmail 8 ,
2857.Xr resident 8 ,
2858.Xr rndcontrol 8 ,
2859.Xr route 8 ,
2860.Xr routed 8 ,
2861.Xr rpc.lockd 8 ,
2862.Xr rpc.statd 8 ,
2863.Xr rpcbind 8 ,
2864.Xr rtsold 8 ,
2865.Xr rwhod 8 ,
2866.Xr savecore 8 ,
2867.Xr sdpd 8 ,
2868.Xr sensorsd 8 ,
2869.Xr sshd 8 ,
2870.Xr swapon 8 ,
2871.Xr sysctl 8 ,
2872.Xr syslogd 8 ,
2873.Xr timed 8 ,
2874.Xr usbd 8 ,
2875.Xr vinum 8 ,
2876.Xr yp 8 ,
2877.Xr ypbind 8 ,
2878.Xr ypserv 8 ,
2879.Xr ypset 8
2880.Sh HISTORY
2881The
2882.Nm
2883file appeared in
2884.Fx 2.2.2 .
2885.Sh AUTHORS
2886.An Jordan K. Hubbard .
2887