1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd April 9, 2008 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67See the 68.Va rc_conf_files 69variable below. 70.Pp 71Options are set with 72.Dq Ar name Ns Li = Ns Ar value 73assignments that use 74.Xr sh 1 75syntax. 76The following list provides a name and short description for each 77variable that can be set in the 78.Nm 79file: 80.Bl -tag -width indent-two 81.It Va rc_debug 82.Pq Vt bool 83If set to 84.Dq Li YES , 85enable output of debug messages from rc scripts. 86This variable can be helpful in diagnosing mistakes when 87editing or integrating new scripts. 88Beware that this produces copious output to the terminal and 89.Xr syslog 3 . 90.It Va rc_info 91.Pq Vt bool 92If set to 93.Dq Li NO , 94disable informational messages from the rc scripts. 95Informational messages are displayed when 96a condition that is not serious enough to warrant a warning or 97an error occurs. 98.It Va early_late_divider 99.Pq Vt str 100The name of the script that should be used as the 101delimiter between the 102.Dq early 103and 104.Dq late 105stages of the boot process. 106The early stage should contain all the services needed to 107get the disks (local or remote) mounted so that the late 108stage can include scripts contained in the directories 109listed in the 110.Va local_startup 111variable (see below). 112Thus, the two likely candidates for this value are 113.Pa mountcritlocal 114for the typical system, and 115.Pa mountcritremote 116if the system needs remote file 117systems mounted to get access to the 118.Va local_startup 119directories; for example when 120.Pa /usr/local 121is NFS mounted. 122For 123.Pa rc.conf 124within a 125.Xr jail 8 126.Pa NETWORKING 127is likely to be an appropriate value. 128Extreme care should be taken when changing this value, 129and before changing it one should ensure that there are 130adequate provisions to recover from a failed boot 131(such as physical contact with the machine, 132or reliable remote console access). 133.It Va swapfile 134.Pq Vt str 135If set to 136.Dq Li NO , 137no swapfile is installed, otherwise the value is used as the full 138pathname to a file to use for additional swap space. 139.It Va apm_enable 140.Pq Vt bool 141If set to 142.Dq Li YES , 143enable support for Automatic Power Management with 144the 145.Xr apm 8 146command. 147.It Va apmd_enable 148.Pq Vt bool 149Run 150.Xr apmd 8 151to handle APM event from userland. 152This also enables support for APM. 153.It Va apmd_flags 154.Pq Vt str 155If 156.Va apmd_enable 157is set to 158.Dq Li YES , 159these are the flags to pass to the 160.Xr apmd 8 161daemon. 162.It Va devd_enable 163.Pq Vt bool 164Run 165.Xr devd 8 166to handle device added, removed or unknown events from the kernel. 167.It Va ddb_enable 168.Pq Vt bool 169Run 170.Xr ddb 8 171to install 172.Xr ddb 4 173scripts at boot time. 174.It Va ddb_config 175.Pq Vt str 176Configuration file for 177.Xr ddb 8 . 178Default 179.Pa /etc/ddb.conf . 180.It Va kldxref_enable 181.Pq Vt bool 182Set to 183.Dq Li NO 184by default. 185Set to 186.Dq Li YES 187to automatically rebuild 188.Pa linker.hints 189files with 190.Xr kldxref 8 191at boot time. 192.It Va kldxref_clobber 193.Pq Vt bool 194Set to 195.Dq Li NO 196by default. 197If 198.Va kldxref_enable 199is true, 200setting to 201.Dq Li YES 202will overwrite existing 203.Pa linker.hints 204files at boot time. 205Otherwise, 206only missing 207.Pa linker.hints 208files are generated. 209.It Va kldxref_module_path 210.Pq Vt str 211Empty by default. 212A semi-colon 213.Pq Ql \&; 214delimited list of paths containing 215.Xr kld 4 216modules. 217If empty, 218the contents of the 219.Va kern.module_path 220.Xr sysctl 8 221are used. 222.It Va powerd_enable 223.Pq Vt bool 224If set to 225.Dq Li YES , 226enable the system power control facility with the 227.Xr powerd 8 228daemon. 229.It Va powerd_flags 230.Pq Vt str 231If 232.Va powerd_enable 233is set to 234.Dq Li YES , 235these are the flags to pass to the 236.Xr powerd 8 237daemon. 238.It Va tmpmfs 239Controls the creation of a 240.Pa /tmp 241memory file system. 242Always happens if set to 243.Dq Li YES 244and never happens if set to 245.Dq Li NO . 246If set to anything else, a memory file system is created if 247.Pa /tmp 248is not writable. 249.It Va tmpsize 250Controls the size of a created 251.Pa /tmp 252memory file system. 253.It Va tmpmfs_flags 254Extra options passed to the 255.Xr mdmfs 8 256utility when the memory file system for 257.Pa /tmp 258is created. 259The default is 260.Dq Li "-S" , 261which inhibits the use of softupdates on 262.Pa /tmp 263so that file system space is freed without delay 264after file truncation or deletion. 265See 266.Xr mdmfs 8 267for other options you can use in 268.Va tmpmfs_flags . 269.It Va varmfs 270Controls the creation of a 271.Pa /var 272memory file system. 273Always happens if set to 274.Dq Li YES 275and never happens if set to 276.Dq Li NO . 277If set to anything else, a memory file system is created if 278.Pa /var 279is not writable. 280.It Va varsize 281Controls the size of a created 282.Pa /var 283memory file system. 284.It Va varmfs_flags 285Extra options passed to the 286.Xr mdmfs 8 287utility when the memory file system for 288.Pa /var 289is created. 290The default is 291.Dq Li "-S" , 292which inhibits the use of softupdates on 293.Pa /var 294so that file system space is freed without delay 295after file truncation or deletion. 296See 297.Xr mdmfs 8 298for other options you can use in 299.Va varmfs_flags . 300.It Va populate_var 301Controls the automatic population of the 302.Pa /var 303file system. 304Always happens if set to 305.Dq Li YES 306and never happens if set to 307.Dq Li NO . 308If set to anything else, a memory file system is created if 309.Pa /var 310is not writable. 311Note that this process requires access to certain commands in 312.Pa /usr 313before 314.Pa /usr 315is mounted on normal systems. 316.It Va cleanvar_enable 317.Pq Vt bool 318Clean the 319.Pa /var 320directory. 321.It Va local_startup 322.Pq Vt str 323List of directories to search for startup script files. 324.It Va script_name_sep 325.Pq Vt str 326The field separator to use for breaking down the list of startup script files 327into individual filenames. 328The default is a space. 329It is not necessary to change this unless there are startup scripts with names 330containing spaces. 331.It Va hostapd_enable 332.Pq Vt bool 333Set to 334.Dq Li YES 335to start 336.Xr hostapd 8 337at system boot time. 338.It Va hostname 339.Pq Vt str 340The fully qualified domain name (FQDN) of this host on the network. 341This should almost certainly be set to something meaningful, even if 342there is no network connection. 343If 344.Xr dhclient 8 345is used to set the hostname via DHCP, 346this variable should be set to an empty string. 347.It Va ipv6_enable 348.Pq Vt bool 349Enable support for IPv6 networking. 350Note that this requires that the kernel has been compiled with 351.Cd "options INET6" . 352.It Va nisdomainname 353.Pq Vt str 354The NIS domain name of this host, or 355.Dq Li NO 356if NIS is not used. 357.It Va dhclient_program 358.Pq Vt str 359Path to the DHCP client program 360.Pa ( /sbin/dhclient , 361the 362.Ox 363DHCP client, 364is the default). 365.It Va dhclient_flags 366.Pq Vt str 367Additional flags to pass to the DHCP client program. 368For the 369.Ox 370DHCP client, see the 371.Xr dhclient 8 372manpage for a description of the command line options available. 373.It Va dhclient_flags_ Ns Aq Ar iface 374Additional flags to pass to the DHCP client program running on 375.Ar iface 376only. 377When specified, this variable overrides 378.Va dhclient_flags . 379.It Va background_dhclient 380.Pq Vt bool 381Set to 382.Dq Li YES 383to start the DHCP client in background. 384This can cause trouble with applications depending on 385a working network, but it will provide a faster startup 386in many cases. 387.It Va background_dhclient_ Ns Aq Ar iface 388When specified, this variable overrides the 389.Va background_dhclient 390variable for interface 391.Ar iface 392only. 393.It Va synchronous_dhclient 394.Pq Bt bool 395Set to 396.Dq Li NO 397to start 398.Xr dhclient 8 399only in response to interface events and not synchronously at startup. 400This behavior can be overridden on a per-interface basis by replacing 401the 402.Dq Li DHCP 403keyword in the 404.Va ifconfig_ Ns Aq Ar interface 405variable with 406.Dq Li SYNCDHCP 407or 408.Dq Li NOSYNCDHCP . 409.It Va firewall_enable 410.Pq Vt bool 411Set to 412.Dq Li YES 413to load firewall rules at startup. 414If the kernel was not built with 415.Cd "options IPFIREWALL" , 416the 417.Pa ipfw.ko 418kernel module will be loaded. 419See also 420.Va ipfilter_enable . 421.It Va ipv6_firewall_enable 422.Pq Vt bool 423The IPv6 equivalent of 424.Va firewall_enable . 425Set to 426.Dq Li YES 427to load IPv6 firewall rules at startup. 428If the kernel was not built with 429.Cd "options IPV6FIREWALL" , 430the 431.Pa ipfw.ko 432kernel module will be loaded. 433.It Va firewall_script 434.Pq Vt str 435This variable specifies the full path to the firewall script to run. 436The default is 437.Pa /etc/rc.firewall . 438.It Va ipv6_firewall_script 439.Pq Vt str 440The IPv6 equivalent of 441.Va firewall_script . 442.It Va firewall_type 443.Pq Vt str 444Names the firewall type from the selection in 445.Pa /etc/rc.firewall , 446or the file which contains the local firewall ruleset. 447Valid selections from 448.Pa /etc/rc.firewall 449are: 450.Pp 451.Bl -tag -width ".Li simple" -compact 452.It Li open 453unrestricted IP access 454.It Li closed 455all IP services disabled, except via 456.Dq Li lo0 457.It Li client 458basic protection for a workstation 459.It Li simple 460basic protection for a LAN. 461.El 462.Pp 463If a filename is specified, the full path 464must be given. 465.It Va ipv6_firewall_type 466.Pq Vt str 467The IPv6 equivalent of 468.Va firewall_type . 469.It Va firewall_quiet 470.Pq Vt bool 471Set to 472.Dq Li YES 473to disable the display of firewall rules on the console during boot. 474.It Va ipv6_firewall_quiet 475.Pq Vt bool 476The IPv6 equivalent of 477.Va firewall_quiet . 478.It Va firewall_logging 479.Pq Vt bool 480Set to 481.Dq Li YES 482to enable firewall event logging. 483This is equivalent to the 484.Dv IPFIREWALL_VERBOSE 485kernel option. 486.It Va ipv6_firewall_logging 487.Pq Vt bool 488The IPv6 equivalent of 489.Va firewall_logging . 490.It Va firewall_flags 491.Pq Vt str 492Flags passed to 493.Xr ipfw 8 494if 495.Va firewall_type 496specifies a filename. 497.It Va ipv6_firewall_flags 498.Pq Vt str 499The IPv6 equivalent of 500.Va firewall_flags . 501.\" ----- firewall_nat_enable setting -------------------------------- 502.It Va firewall_nat_enable 503.Pq Vt bool 504The 505.Xr ipfw 8 506equivalent of 507.Va natd_enable . 508Setting this to 509.Dq Li YES 510enables kernel NAT. 511.Va firewall_enable 512must also be set to 513.Dq Li YES . 514.It Va firewall_nat_interface 515.Pq Vt str 516The 517.Xr ipfw 8 518equivalent of 519.Va natd_interface . 520This is the name of the public interface or IP address on which 521kernel NAT should run. 522.It Va firewall_nat_flags 523.Pq Vt str 524Additional configuration parameters for kernel NAT should be placed here. 525.It Va dummynet_enable 526.Pq Vt bool 527Setting this to 528.Dq Li YES 529will automatically load the 530.Xr dummynet 4 531module if 532.Va firewall_enable 533is also set to 534.Dq Li YES . 535.\" ------------------------------------------------------------------- 536.It Va natd_program 537.Pq Vt str 538Path to 539.Xr natd 8 . 540.It Va natd_enable 541.Pq Vt bool 542Set to 543.Dq Li YES 544to enable 545.Xr natd 8 . 546.Va firewall_enable 547must also be set to 548.Dq Li YES , 549and 550.Xr divert 4 551sockets must be enabled in the kernel. 552If the kernel was not built with 553.Cd "options IPDIVERT" , 554the 555.Pa ipdivert.ko 556kernel module will be loaded. 557.It Va natd_interface 558.Pq Vt str 559This is the name of the public interface on which 560.Xr natd 8 561should run. 562The interface may be given as an interface name or as an IP address. 563.It Va natd_flags 564.Pq Vt str 565Additional 566.Xr natd 8 567flags should be placed here. 568The 569.Fl n 570or 571.Fl a 572flag is automatically added with the above 573.Va natd_interface 574as an argument. 575.\" ----- ipfilter_enable setting -------------------------------- 576.It Va ipfilter_enable 577.Pq Vt bool 578Set to 579.Dq Li NO 580by default. 581Setting this to 582.Dq Li YES 583enables 584.Xr ipf 8 585packet filtering. 586.Pp 587Typical usage will require putting 588.Bd -literal 589ipfilter_enable="YES" 590ipnat_enable="YES" 591ipmon_enable="YES" 592ipfs_enable="YES" 593.Ed 594.Pp 595into 596.Pa /etc/rc.conf 597and editing 598.Pa /etc/ipf.rules 599and 600.Pa /etc/ipnat.rules 601appropriately. 602.Pp 603Note that 604.Va ipfilter_enable 605and 606.Va ipnat_enable 607can be enabled independently. 608.Va ipmon_enable 609and 610.Va ipfs_enable 611both require at least one of 612.Va ipfilter_enable 613and 614.Va ipnat_enable 615to be enabled. 616.Pp 617Having 618.Bd -literal 619options IPFILTER 620options IPFILTER_LOG 621options IPFILTER_DEFAULT_BLOCK 622.Ed 623.Pp 624in the kernel configuration file is a good idea, too. 625.\" ----- ipfilter_program setting ------------------------------ 626.It Va ipfilter_program 627.Pq Vt str 628Path to 629.Xr ipf 8 630(default 631.Pa /sbin/ipf ) . 632.\" ----- ipfilter_rules setting -------------------------------- 633.It Va ipfilter_rules 634.Pq Vt str 635Set to 636.Pa /etc/ipf.rules 637by default. 638This variable contains the name of the filter rule definition file. 639The file is expected to be readable for the 640.Xr ipf 8 641command to execute. 642.\" ----- ipv6_ipfilter_rules setting --------------------------- 643.It Va ipv6_ipfilter_rules 644.Pq Vt str 645Set to 646.Pa /etc/ipf6.rules 647by default. 648This variable contains the IPv6 filter rule definition file. 649The file is expected to be readable for the 650.Xr ipf 8 651command to execute. 652.\" ----- ipfilter_flags setting -------------------------------- 653.It Va ipfilter_flags 654.Pq Vt str 655Empty by default. 656This variable contains flags passed to the 657.Xr ipf 8 658program. 659.\" ----- ipnat_enable setting ---------------------------------- 660.It Va ipnat_enable 661.Pq Vt bool 662Set to 663.Dq Li NO 664by default. 665Set it to 666.Dq Li YES 667to enable 668.Xr ipnat 8 669network address translation. 670See 671.Va ipfilter_enable 672for a detailed discussion. 673.\" ----- ipnat_program setting --------------------------------- 674.It Va ipnat_program 675.Pq Vt str 676Path to 677.Xr ipnat 8 678(default 679.Pa /sbin/ipnat ) . 680.\" ----- ipnat_rules setting ----------------------------------- 681.It Va ipnat_rules 682.Pq Vt str 683Set to 684.Pa /etc/ipnat.rules 685by default. 686This variable contains the name of the file 687holding the network address translation definition. 688This file is expected to be readable for the 689.Xr ipnat 8 690command to execute. 691.\" ----- ipnat_flags setting ----------------------------------- 692.It Va ipnat_flags 693.Pq Vt str 694Empty by default. 695This variable contains flags passed to the 696.Xr ipnat 8 697program. 698.\" ----- ipmon_enable setting ---------------------------------- 699.It Va ipmon_enable 700.Pq Vt bool 701Set to 702.Dq Li NO 703by default. 704Set it to 705.Dq Li YES 706to enable 707.Xr ipmon 8 708monitoring (logging 709.Xr ipf 8 710and 711.Xr ipnat 8 712events). 713Setting this variable needs setting 714.Va ipfilter_enable 715or 716.Va ipnat_enable 717too. 718See 719.Va ipfilter_enable 720for a detailed discussion. 721.\" ----- ipmon_program setting --------------------------------- 722.It Va ipmon_program 723.Pq Vt str 724Path to 725.Xr ipmon 8 726(default 727.Pa /sbin/ipmon ) . 728.\" ----- ipmon_flags setting ----------------------------------- 729.It Va ipmon_flags 730.Pq Vt str 731Set to 732.Dq Li -Ds 733by default. 734This variable contains flags passed to the 735.Xr ipmon 8 736program. 737Another typical example would be 738.Dq Fl D Pa /var/log/ipflog 739to have 740.Xr ipmon 8 741log directly to a file bypassing 742.Xr syslogd 8 . 743Make sure to adjust 744.Pa /etc/newsyslog.conf 745in such case like this: 746.Bd -literal 747/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 748.Ed 749.\" ----- ipfs_enable setting ----------------------------------- 750.It Va ipfs_enable 751.Pq Vt bool 752Set to 753.Dq Li NO 754by default. 755Set it to 756.Dq Li YES 757to enable 758.Xr ipfs 8 759saving the filter and NAT state tables during shutdown 760and reloading them during startup again. 761Setting this variable needs setting 762.Va ipfilter_enable 763or 764.Va ipnat_enable 765to 766.Dq Li YES 767too. 768See 769.Va ipfilter_enable 770for a detailed discussion. 771Note that if 772.Va kern_securelevel 773is set to 3, 774.Va ipfs_enable 775cannot be used 776because the raised securelevel will prevent 777.Xr ipfs 8 778from saving the state tables at shutdown time. 779.\" ----- ipfs_program setting ---------------------------------- 780.It Va ipfs_program 781.Pq Vt str 782Path to 783.Xr ipfs 8 784(default 785.Pa /sbin/ipfs ) . 786.\" ----- ipfs_flags setting ------------------------------------ 787.It Va ipfs_flags 788.Pq Vt str 789Empty by default. 790This variable contains flags passed to the 791.Xr ipfs 8 792program. 793.\" ----- end of added ipf hook --------------------------------- 794.It Va pf_enable 795.Pq Vt bool 796Set to 797.Dq Li NO 798by default. 799Setting this to 800.Dq Li YES 801enables 802.Xr pf 4 803packet filtering. 804.Pp 805Typical usage will require putting 806.Pp 807.Dl pf_enable="YES" 808.Pp 809into 810.Pa /etc/rc.conf 811and editing 812.Pa /etc/pf.conf 813appropriately. 814Adding 815.Pp 816.Dl "device pf" 817.Pp 818builds support for 819.Xr pf 4 820into the kernel, otherwise the 821kernel module will be loaded. 822.It Va pf_rules 823.Pq Vt str 824Path to 825.Xr pf 4 826ruleset configuration file 827(default 828.Pa /etc/pf.conf ) . 829.It Va pf_program 830.Pq Vt str 831Path to 832.Xr pfctl 8 833(default 834.Pa /sbin/pfctl ) . 835.It Va pf_flags 836.Pq Vt str 837If 838.Va pf_enable 839is set to 840.Dq Li YES , 841these flags are passed to the 842.Xr pfctl 8 843program when loading the ruleset. 844.It Va pflog_enable 845.Pq Vt bool 846Set to 847.Dq Li NO 848by default. 849Setting this to 850.Dq Li YES 851enables 852.Xr pflogd 8 853which logs packets from the 854.Xr pf 4 855packet filter. 856.It Va pflog_logfile 857.Pq Vt str 858If 859.Va pflog_enable 860is set to 861.Dq Li YES 862this controls where 863.Xr pflogd 8 864stores the logfile 865(default 866.Pa /var/log/pflog ) . 867Check 868.Pa /etc/newsyslog.conf 869to adjust logfile rotation for this. 870.It Va pflog_program 871.Pq Vt str 872Path to 873.Xr pflogd 8 874(default 875.Pa /sbin/pflogd ) . 876.It Va pflog_flags 877.Pq Vt str 878Empty by default. 879This variable contains additional flags passed to the 880.Xr pflogd 8 881program. 882.It Va ftpproxy_enable 883.Pq Vt bool 884Set to 885.Dq Li NO 886by default. 887Setting this to 888.Dq Li YES 889enables 890.Xr ftp-proxy 8 891which supports the 892.Xr pf 4 893packet filter in translating ftp connections. 894.It Va ftpproxy_flags 895.Pq Vt str 896Empty by default. 897This variable contains additional flags passed to the 898.Xr ftp-proxy 8 899program. 900.It Va pfsync_enable 901.Pq Vt bool 902Set to 903.Dq Li NO 904by default. 905Setting this to 906.Dq Li YES 907enables exposing 908.Xr pf 4 909state changes to other hosts over the network by means of 910.Xr pfsync 4 . 911The 912.Va pfsync_syncdev 913variable 914must also be set then. 915.It Va pfsync_syncdev 916.Pq Vt str 917Empty by default. 918This variable specifies the name of the network interface 919.Xr pfsync 4 920should operate through. 921It must be set accordingly if 922.Va pfsync_enable 923is set to 924.Dq Li YES . 925.It Va pfsync_syncpeer 926.Pq Vt str 927Empty by default. 928This variable is optional. 929By default, state change messages are sent out on the synchronisation 930interface using IP multicast packets. 931The protocol is IP protocol 240, PFSYNC, and the multicast group used is 932224.0.0.240. 933When a peer address is specified using the 934.Va pfsync_syncpeer 935option, the peer address is used as a destination for the pfsync 936traffic, and the traffic can then be protected using 937.Xr ipsec 4 . 938See the 939.Xr pfsync 4 940manpage for more details about using 941.Xr ipsec 4 942with 943.Xr pfsync 4 944interfaces. 945.It Va pfsync_ifconfig 946.Pq Vt str 947Empty by default. 948This variable can contain additional options to be passed to the 949.Xr ifconfig 8 950command used to set up 951.Xr pfsync 4 . 952.It Va tcp_extensions 953.Pq Vt bool 954Set to 955.Dq Li YES 956by default. 957Setting this to 958.Dq Li NO 959disables certain TCP options as described by 960.Rs 961.%T "RFC 1323" 962.Re 963Setting this to 964.Dq Li NO 965might help remedy such problems with connections as randomly hanging 966or other weird behavior. 967Some network devices are known 968to be broken with respect to these options. 969.It Va log_in_vain 970.Pq Vt int 971Set to 0 by default. 972The 973.Xr sysctl 8 974variables, 975.Va net.inet.tcp.log_in_vain 976and 977.Va net.inet.udp.log_in_vain , 978as described in 979.Xr tcp 4 980and 981.Xr udp 4 , 982are set to the given value. 983.It Va tcp_keepalive 984.Pq Vt bool 985Set to 986.Dq Li YES 987by default. 988Setting to 989.Dq Li NO 990will disable probing idle TCP connections to verify that the 991peer is still up and reachable. 992.It Va tcp_drop_synfin 993.Pq Vt bool 994Set to 995.Dq Li NO 996by default. 997Setting to 998.Dq Li YES 999will cause the kernel to ignore TCP frames that have both 1000the SYN and FIN flags set. 1001This prevents OS fingerprinting, but may 1002break some legitimate applications. 1003.It Va icmp_drop_redirect 1004.Pq Vt bool 1005Set to 1006.Dq Li NO 1007by default. 1008Setting to 1009.Dq Li YES 1010will cause the kernel to ignore ICMP REDIRECT packets. 1011Refer to 1012.Xr icmp 4 1013for more information. 1014.It Va icmp_log_redirect 1015.Pq Vt bool 1016Set to 1017.Dq Li NO 1018by default. 1019Setting to 1020.Dq Li YES 1021will cause the kernel to log ICMP REDIRECT packets. 1022Note that 1023the log messages are not rate-limited, so this option should only be used 1024for troubleshooting networks. 1025Refer to 1026.Xr icmp 4 1027for more information. 1028.It Va icmp_bmcastecho 1029.Pq Vt bool 1030Set to 1031.Dq Li YES 1032to respond to broadcast or multicast ICMP ping packets. 1033Refer to 1034.Xr icmp 4 1035for more information. 1036.It Va ip_portrange_first 1037.Pq Vt int 1038If not set to 1039.Dq Li NO , 1040this is the first port in the default portrange. 1041Refer to 1042.Xr ip 4 1043for more information. 1044.It Va ip_portrange_last 1045.Pq Vt int 1046If not set to 1047.Dq Li NO , 1048this is the last port in the default portrange. 1049Refer to 1050.Xr ip 4 1051for more information. 1052.It Va network_interfaces 1053.Pq Vt str 1054Set to the list of network interfaces to configure on this host or 1055.Dq Li AUTO 1056(the default) for all current interfaces. 1057Setting the 1058.Va network_interfaces 1059variable to anything other than the default is deprecated. 1060Interfaces that the administrator wishes to store configuration for, 1061but not start at boot should be configured with the 1062.Dq Li NOAUTO 1063keyword in their 1064.Va ifconfig_ Ns Aq Ar interface 1065variables as described below. 1066.Pp 1067An 1068.Va ifconfig_ Ns Aq Ar interface 1069variable is also assumed to exist for each value of 1070.Ar interface . 1071When an interface name contains any of the characters 1072.Dq Li .-/+ 1073they are translated to 1074.Dq Li _ 1075before lookup. 1076The variable can contain arguments to 1077.Xr ifconfig 8 , 1078as well as special case-insensitive keywords described below. 1079Such keywords are removed before passing the value to 1080.Xr ifconfig 8 1081while the order of the other arguments is preserved. 1082.Pp 1083One can configure more than one IPv4 address with the 1084.Va ipv4_addrs_ Ns Aq Ar interface 1085variable. 1086One or more IP addresses must be provided in Classless Inter-Domain 1087Routing (CIDR) address notation, whose last byte can be a range like 1088192.168.0.5-23/24. 1089In this case the address 192.168.0.5 will be configured with the 1090netmask /24 and the addresses 192.168.0.6 to 192.168.0.23 with 1091the non-conflicting netmask /32 as explained in the 1092.Xr ifconfig 8 1093alias section. 1094With the interface in question being 1095.Li ed0 , 1096an example could look like: 1097.Bd -literal 1098ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28" 1099.Ed 1100.Pp 1101It is also possible to add IP alias entries using 1102.Xr ifconfig 8 1103syntax. 1104Assuming that the interface in question was 1105.Li ed0 , 1106it might look 1107something like this: 1108.Bd -literal 1109ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1110ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1111.Ed 1112.Pp 1113And so on. 1114For each 1115.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1116entry that is found, 1117its contents are passed to 1118.Xr ifconfig 8 . 1119Execution stops at the first unsuccessful access, so if 1120something like this is present: 1121.Bd -literal 1122ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1123ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1124ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1125ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1126.Ed 1127.Pp 1128Then note that alias4 would 1129.Em not 1130be added since the search would 1131stop with the missing 1132.Dq Li alias3 1133entry. 1134Due to this difficult to manage behavior, the 1135.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1136form is deprecated. 1137.Pp 1138If the 1139.Pa /etc/start_if. Ns Aq Ar interface 1140file is present, it is read and executed by the 1141.Xr sh 1 1142interpreter 1143before configuring the interface as specified in the 1144.Va ifconfig_ Ns Aq Ar interface 1145and 1146.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1147variables. 1148.Pp 1149If the 1150.Va ifconfig_ Ns Aq Ar interface 1151contains the keyword 1152.Dq Li NOAUTO 1153then the interface will not be configured 1154at boot or by 1155.Pa /etc/pccard_ether 1156when 1157.Va network_interfaces 1158is set to 1159.Dq Li AUTO . 1160.Pp 1161It is possible to bring up an interface with DHCP by adding 1162.Dq Li DHCP 1163to the 1164.Va ifconfig_ Ns Aq Ar interface 1165variable. 1166For instance, to initialize the 1167.Li ed0 1168device via DHCP, 1169it is possible to use something like: 1170.Bd -literal 1171ifconfig_ed0="DHCP" 1172.Ed 1173.Pp 1174Also, if you want to configure your wireless interface with 1175.Xr wpa_supplicant 8 1176for use with WPA, EAP/LEAP or WEP, you need to add 1177.Dq Li WPA 1178to the 1179.Va ifconfig_ Ns Aq Ar interface 1180variable. 1181.Pp 1182Finally, you can add 1183.Xr ifconfig 8 1184options in this variable, in addition to the 1185.Pa /etc/start_if. Ns Aq Ar interface 1186file. 1187For instance, to initialize the 1188.Li wi0 1189device via DHCP, using WPA authentication and 802.11b mode, it is 1190possible to use something like: 1191.Bd -literal 1192ifconfig_wi0="DHCP WPA mode 11b" 1193.Ed 1194.Pp 1195In addition to the 1196.Va ifconfig_ Ns Aq Ar interface 1197form, a fallback variable 1198.Va ifconfig_DEFAULT 1199may be configured. 1200It will be used for all interfaces with no 1201.Va ifconfig_ Ns Aq Ar interface 1202variable. 1203This is intended to replace the no longer supported 1204.Va pccard_ifconfig 1205variable. 1206.Pp 1207It is also possible to rename interface by doing: 1208.Bd -literal 1209ifconfig_ed0_name="net0" 1210ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000" 1211.Ed 1212.It Va ipv6_network_interfaces 1213.Pq Vt str 1214This is the IPv6 equivalent of 1215.Va network_interfaces . 1216Instead of setting the ifconfig variables as 1217.Va ifconfig_ Ns Aq Ar interface 1218they should be set as 1219.Va ipv6_ifconfig_ Ns Aq Ar interface . 1220Aliases should be set as 1221.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . 1222.Va ipv6_prefix_ Ns Aq Ar interface 1223does something. 1224Interfaces that do not have a 1225.Va ipv6_ifconfig_ Ns Aq Ar interface 1226setting will be auto configured by 1227.Xr rtsol 8 1228if the 1229.Va ipv6_gateway_enable 1230is set to 1231.Dq Li NO . 1232Note that the IPv6 networking code does not support the 1233.Pa /etc/start_if. Ns Aq Ar interface 1234files. 1235.It Va ipv6_default_interface 1236.Pq Vt str 1237If not set to 1238.Dq Li NO , 1239this is the default output interface for scoped addresses. 1240Now this works only for IPv6 link local multicast addresses. 1241.It Va cloned_interfaces 1242.Pq Vt str 1243Set to the list of clonable network interfaces to create on this host. 1244Entries in 1245.Va cloned_interfaces 1246are automatically appended to 1247.Va network_interfaces 1248for configuration. 1249.It Va fec_interfaces 1250.Pq Vt str 1251Set to the list of 1252.Xr ng_fec 4 1253Fast EtherChannel interfaces to configure on this host. 1254A 1255.Va fecconfig_ Ns Aq Ar interface 1256variable is assumed to exist for each value of 1257.Ar interface . 1258The value of this variable is used to configure link aggregated interfaces 1259according to the syntax of the 1260.Cm NGM_FEC_ADD_IFACE 1261to 1262.Xr ngctl 8 1263msg. 1264Additionally, this option ensures that each listed interface is created 1265via the 1266.Cm mkpeer 1267command to 1268.Xr ngctl 8 1269before attempting to configure it. 1270For example: 1271.Bd -literal 1272fec_interfaces="fec0" 1273fecconfig_fec0="em0 em1" 1274ifconfig_fec0="DHCP" 1275.Ed 1276.It Va gif_interfaces 1277.Pq Vt str 1278Set to the list of 1279.Xr gif 4 1280tunnel interfaces to configure on this host. 1281A 1282.Va gifconfig_ Ns Aq Ar interface 1283variable is assumed to exist for each value of 1284.Ar interface . 1285The value of this variable is used to configure the link layer of the 1286tunnel according to the syntax of the 1287.Cm tunnel 1288option to 1289.Xr ifconfig 8 . 1290Additionally, this option ensures that each listed interface is created 1291via the 1292.Cm create 1293option to 1294.Xr ifconfig 8 1295before attempting to configure it. 1296.It Va sppp_interfaces 1297.Pq Vt str 1298Set to the list of 1299.Xr sppp 4 1300interfaces to configure on this host. 1301A 1302.Va spppconfig_ Ns Aq Ar interface 1303variable is assumed to exist for each value of 1304.Ar interface . 1305Each interface should also be configured by a general 1306.Va ifconfig_ Ns Aq Ar interface 1307setting. 1308Refer to 1309.Xr spppcontrol 8 1310for more information about available options. 1311.It Va ppp_enable 1312.Pq Vt bool 1313If set to 1314.Dq Li YES , 1315run the 1316.Xr ppp 8 1317daemon. 1318.It Va ppp_profile 1319.Pq Vt str 1320The name of the profile to use from 1321.Pa /etc/ppp/ppp.conf . 1322Also used for per-profile overrides of 1323.Va ppp_mode 1324and 1325.Va ppp_nat , 1326and 1327.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1328When the profile name contains any of the characters 1329.Dq Li .-/+ 1330they are translated to 1331.Dq Li _ 1332for the proposes of the override variable names. 1333.It Va ppp_mode 1334.Pq Vt str 1335Mode in which to run the 1336.Xr ppp 8 1337daemon. 1338.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1339.Pq Vt str 1340Overrides the global 1341.Va ppp_mode 1342for 1343.Ar profile . 1344Accepted modes are 1345.Dq Li auto , 1346.Dq Li ddial , 1347.Dq Li direct 1348and 1349.Dq Li dedicated . 1350See the manual for a full description. 1351.It Va ppp_nat 1352.Pq Vt bool 1353If set to 1354.Dq Li YES , 1355enables network address translation. 1356Used in conjunction with 1357.Va gateway_enable 1358allows hosts on private network addresses access to the Internet using 1359this host as a network address translating router. 1360.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1361.Pq Vt str 1362Overrides the global 1363.Va ppp_nat 1364for 1365.Ar profile . 1366.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1367.Pq Vt int 1368Set the unit number to be used for this profile. 1369See the manual description of 1370.Fl unit Ns Ar N 1371for details. 1372.It Va ppp_user 1373.Pq Vt str 1374The name of the user under which 1375.Xr ppp 8 1376should be started. 1377By 1378default, 1379.Xr ppp 8 1380is started as 1381.Dq Li root . 1382.It Va rc_conf_files 1383.Pq Vt str 1384This option is used to specify a list of files that will override 1385the settings in 1386.Pa /etc/defaults/rc.conf . 1387The files will be read in the order in which they are specified and should 1388include the full path to the file. 1389By default, the files specified are 1390.Pa /etc/rc.conf 1391and 1392.Pa /etc/rc.conf.local 1393.It Va zfs_enable 1394.Pq Vt bool 1395If set to 1396.Dq Li YES , 1397.Pa /etc/rc.d/zfs 1398will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1399(ZVOLs). 1400.It Va gbde_autoattach_all 1401.Pq Vt bool 1402If set to 1403.Dq Li YES , 1404.Pa /etc/rc.d/gbde 1405will attempt to automatically initialize your .bde devices in 1406.Pa /etc/fstab . 1407.It Va gbde_devices 1408.Pq Vt str 1409List the devices that the script should try to attach, 1410or 1411.Dq Li AUTO . 1412.It Va gbde_lockdir 1413.Pq Vt str 1414The directory where the 1415.Xr gbde 4 1416lockfiles are located. 1417The default lockfile directory is 1418.Pa /etc . 1419.Pp 1420The lockfile for each individual 1421.Xr gbde 4 1422device can be overridden by setting the variable 1423.Va gbde_lock_ Ns Aq Ar device , 1424where 1425.Ar device 1426is the encrypted device without the 1427.Dq Pa /dev/ 1428and 1429.Dq Pa .bde 1430parts. 1431.It Va gbde_attach_attempts 1432.Pq Vt int 1433Number of times to attempt attaching to a 1434.Xr gbde 4 1435device, i.e., how many times the user is asked for the pass-phrase. 1436Default is 3. 1437.It Va geli_devices 1438.Pq Vt str 1439List of devices to automatically attach on boot. 1440Note that .eli devices from 1441.Pa /etc/fstab 1442are automatically appended to this list. 1443.It Va geli_tries 1444.Pq Vt int 1445Number of times user is asked for the pass-phrase. 1446If empty, it will be taken from 1447.Va kern.geom.eli.tries 1448sysctl variable. 1449.It Va geli_default_flags 1450.Pq Vt str 1451Default flags to use by 1452.Xr geli 8 1453when configuring disk encryption. 1454Flags can be configured for every device separately by defining 1455.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1456variable. 1457.It Va geli_autodetach 1458.Pq Vt str 1459Specifies if GELI devices should be marked for detach on last close after 1460file systems are mounted. 1461Default is 1462.Dq Li YES . 1463This can be changed for every device separately by defining 1464.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1465variable. 1466.It Va geli_swap_flags 1467Options passed to the 1468.Xr geli 8 1469utility when encrypted GEOM providers for swap partitions are created. 1470The default is 1471.Dq Li "-a aes -l 256 -s 4096 -d" . 1472.It Va root_rw_mount 1473.Pq Vt bool 1474Set to 1475.Dq Li YES 1476by default. 1477After the file systems are checked at boot time, the root file system 1478is remounted as read-write if this is set to 1479.Dq Li YES . 1480Diskless systems that mount their root file system from a read-only remote 1481NFS share should set this to 1482.Dq Li NO 1483in their 1484.Pa rc.conf . 1485.It Va fsck_y_enable 1486.Pq Vt bool 1487If set to 1488.Dq Li YES , 1489.Xr fsck 8 1490will be run with the 1491.Fl y 1492flag if the initial preen 1493of the file systems fails. 1494.It Va background_fsck 1495.Pq Vt bool 1496If set to 1497.Dq Li YES , 1498the system will attempt to run 1499.Xr fsck 8 1500in the background where possible. 1501.It Va background_fsck_delay 1502.Pq Vt int 1503The amount of time in seconds to sleep before starting a background 1504.Xr fsck 8 . 1505It defaults to sixty seconds to allow large applications such as 1506the X server to start before disk I/O bandwidth is monopolized by 1507.Xr fsck 8 . 1508If set to a negative number, the background file system check will be 1509delayed indefinitely to allow the administrator to run it at a more 1510convenient time. 1511For example it may be run from 1512.Xr cron 8 1513by adding a line like 1514.Pp 1515.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1516.Pp 1517to 1518.Pa /etc/crontab . 1519.It Va netfs_types 1520.Pq Vt str 1521List of file system types that are network-based. 1522This list should generally not be modified by end users. 1523Use 1524.Va extra_netfs_types 1525instead. 1526.It Va extra_netfs_types 1527.Pq Vt str 1528If set to something other than 1529.Dq Li NO 1530(the default), 1531this variable extends the list of file system types 1532for which automatic mounting at startup by 1533.Xr rc 8 1534should be delayed until the network is initialized. 1535It should contain 1536a whitespace-separated list of network file system descriptor pairs, 1537each consisting of a file system type as passed to 1538.Xr mount 8 1539and a human-readable, one-word description, 1540joined with a colon 1541.Pq Ql \&: . 1542Extending the default list in this way is only necessary 1543when third party file system types are used. 1544.It Va syslogd_enable 1545.Pq Vt bool 1546If set to 1547.Dq Li YES , 1548run the 1549.Xr syslogd 8 1550daemon. 1551.It Va syslogd_program 1552.Pq Vt str 1553Path to 1554.Xr syslogd 8 1555(default 1556.Pa /usr/sbin/syslogd ) . 1557.It Va syslogd_flags 1558.Pq Vt str 1559If 1560.Va syslogd_enable 1561is set to 1562.Dq Li YES , 1563these are the flags to pass to 1564.Xr syslogd 8 . 1565.It Va inetd_enable 1566.Pq Vt bool 1567If set to 1568.Dq Li YES , 1569run the 1570.Xr inetd 8 1571daemon. 1572.It Va inetd_program 1573.Pq Vt str 1574Path to 1575.Xr inetd 8 1576(default 1577.Pa /usr/sbin/inetd ) . 1578.It Va inetd_flags 1579.Pq Vt str 1580If 1581.Va inetd_enable 1582is set to 1583.Dq Li YES , 1584these are the flags to pass to 1585.Xr inetd 8 . 1586.It Va named_enable 1587.Pq Vt bool 1588If set to 1589.Dq Li YES , 1590run the 1591.Xr named 8 1592daemon. 1593.It Va named_program 1594.Pq Vt str 1595Path to 1596.Xr named 8 1597(default 1598.Pa /usr/sbin/named ) . 1599.It Va named_flags 1600.Pq Vt str 1601If 1602.Va named_enable 1603is set to 1604.Dq Li YES , 1605these are the flags to pass to 1606.Xr named 8 . 1607.It Va named_pidfile 1608.Pq Vt str 1609This is the default path to the 1610.Xr named 8 1611daemon's PID file. 1612This must match the location in 1613.Xr named.conf 5 . 1614.It Va named_uid 1615.Pq Vt str 1616The user that the 1617.Xr named 8 1618process should be run as. 1619.It Va named_chrootdir 1620.Pq Vt str 1621The root directory for a name server run in a 1622.Xr chroot 8 1623environment (default 1624.Pa /var/named ) . 1625If left empty 1626.Xr named 8 1627will not be run in a 1628.Xr chroot 8 1629environment. 1630.It Va named_chroot_autoupdate 1631.Pq Vt bool 1632Set to 1633.Dq Li NO 1634to disable automatic update of the 1635.Xr chroot 8 1636environment. 1637.It Va named_symlink_enable 1638.Pq Vt bool 1639Set to 1640.Dq Li NO 1641to disable symlinking of 1642daemon's PID file 1643into the 1644.Xr chroot 8 1645environment. 1646.It Va kerberos5_server_enable 1647.Pq Vt bool 1648Set to 1649.Dq Li YES 1650to start a Kerberos 5 authentication server 1651at boot time. 1652.It Va kerberos5_server 1653.Pq Vt str 1654If 1655.Va kerberos5_server_enable 1656is set to 1657.Dq Li YES 1658this is the path to Kerberos 5 Authentication Server. 1659.It Va kerberos5_server_flags 1660.Pq Vt str 1661Empty by default. 1662This variable contains additional flags to be passed to the Kerberos 5 1663authentication server. 1664.It Va kadmind5_server_enable 1665.Pq Vt bool 1666Set to 1667.Dq Li YES 1668to start 1669.Xr kadmind 8 , 1670the Kerberos 5 Administration Daemon; set to 1671.Dq Li NO 1672on a slave server. 1673.It Va kadmind5_server 1674.Pq Vt str 1675If 1676.Va kadmind5_server_enable 1677is set to 1678.Dq Li YES 1679this is the path to Kerberos 5 Administration Daemon. 1680.It Va kpasswdd_server_enable 1681.Pq Vt bool 1682Set to 1683.Dq Li YES 1684to start 1685.Xr kpasswdd 8 , 1686the Kerberos 5 Password-Changing Daemon; set to 1687.Dq Li NO 1688on a slave server. 1689.It Va kpasswdd_server 1690.Pq Vt str 1691If 1692.Va kpasswdd_server_enable 1693is set to 1694.Dq Li YES 1695this is the path to Kerberos 5 Password-Changing Daemon. 1696.It Va rwhod_enable 1697.Pq Vt bool 1698If set to 1699.Dq Li YES , 1700run the 1701.Xr rwhod 8 1702daemon at boot time. 1703.It Va rwhod_flags 1704.Pq Vt str 1705If 1706.Va rwhod_enable 1707is set to 1708.Dq Li YES , 1709these are the flags to pass to it. 1710.It Va amd_enable 1711.Pq Vt bool 1712If set to 1713.Dq Li YES , 1714run the 1715.Xr amd 8 1716daemon at boot time. 1717.It Va amd_flags 1718.Pq Vt str 1719If 1720.Va amd_enable 1721is set to 1722.Dq Li YES , 1723these are the flags to pass to it. 1724See the 1725.Xr amd 8 1726manpage for more information. 1727.It Va amd_map_program 1728.Pq Vt str 1729If set, 1730the specified program is run to get the list of 1731.Xr amd 8 1732maps. 1733For example, if the 1734.Xr amd 8 1735maps are stored in NIS, one can set this to 1736run 1737.Xr ypcat 1 1738to get a list of 1739.Xr amd 8 1740maps from the 1741.Pa amd.master 1742NIS map. 1743.It Va update_motd 1744.Pq Vt bool 1745If set to 1746.Dq Li YES , 1747.Pa /etc/motd 1748will be updated at boot time to reflect the kernel release 1749being run. 1750If set to 1751.Dq Li NO , 1752.Pa /etc/motd 1753will not be updated. 1754.It Va nfs_client_enable 1755.Pq Vt bool 1756If set to 1757.Dq Li YES , 1758run the NFS client daemons at boot time. 1759.It Va nfs_access_cache 1760.Pq Vt int 1761If 1762.Va nfs_client_enable 1763is set to 1764.Dq Li YES , 1765this can be set to 1766.Dq Li 0 1767to disable NFS ACCESS RPC caching, or to the number of seconds for which 1768NFS ACCESS 1769results should be cached. 1770A value of 2-10 seconds will substantially reduce network 1771traffic for many NFS operations. 1772.It Va nfs_server_enable 1773.Pq Vt bool 1774If set to 1775.Dq Li YES , 1776run the NFS server daemons at boot time. 1777.It Va nfs_server_flags 1778.Pq Vt str 1779If 1780.Va nfs_server_enable 1781is set to 1782.Dq Li YES , 1783these are the flags to pass to the 1784.Xr nfsd 8 1785daemon. 1786.It Va idmapd_enable 1787.Pq Vt bool 1788If set to 1789.Dq Li YES , 1790run the ID mapping daemon for NFS version 4. 1791.It Va idmapd_flags 1792.Pq Vt str 1793If 1794.Va idmapd_enable 1795is set to 1796.Dq Li YES , 1797these are the flags to pass to the 1798.Xr idmapd 8 1799daemon. 1800.It Va mountd_enable 1801.Pq Vt bool 1802If set to 1803.Dq Li YES , 1804and no 1805.Va nfs_server_enable 1806is set, start 1807.Xr mountd 8 , 1808but not 1809.Xr nfsd 8 1810daemon. 1811It is commonly needed to run CFS without real NFS used. 1812.It Va mountd_flags 1813.Pq Vt str 1814If 1815.Va mountd_enable 1816is set to 1817.Dq Li YES , 1818these are the flags to pass to the 1819.Xr mountd 8 1820daemon. 1821.It Va weak_mountd_authentication 1822.Pq Vt bool 1823If set to 1824.Dq Li YES , 1825allow services like PCNFSD to make non-privileged mount 1826requests. 1827.It Va nfs_reserved_port_only 1828.Pq Vt bool 1829If set to 1830.Dq Li YES , 1831provide NFS services only on a secure port. 1832.It Va nfs_bufpackets 1833.Pq Vt int 1834If set to a number, indicates the number of packets worth of 1835socket buffer space to reserve on an NFS client. 1836The kernel default is typically 4. 1837Using a higher number may be 1838useful on gigabit networks to improve performance. 1839The minimum value is 18402 and the maximum is 64. 1841.It Va rpc_lockd_enable 1842.Pq Vt bool 1843If set to 1844.Dq Li YES 1845and also an NFS server or client, run 1846.Xr rpc.lockd 8 1847at boot time. 1848.It Va rpc_lockd_flags 1849.Pq Vt str 1850If 1851.Va rpc_lockd_enable 1852is set to 1853.Dq Li YES , 1854these are the flags to pass to the 1855.Xr rpc.lockd 8 1856daemon. 1857.It Va rpc_statd_enable 1858.Pq Vt bool 1859If set to 1860.Dq Li YES 1861and also an NFS server or client, run 1862.Xr rpc.statd 8 1863at boot time. 1864.It Va rpc_statd_flags 1865.Pq Vt str 1866If 1867.Va rpc_statd_enable 1868is set to 1869.Dq Li YES , 1870these are the flags to pass to the 1871.Xr rpc.statd 8 1872daemon. 1873.It Va rpcbind_program 1874.Pq Vt str 1875Path to 1876.Xr rpcbind 8 1877(default 1878.Pa /usr/sbin/rpcbind ) . 1879.It Va rpcbind_enable 1880.Pq Vt bool 1881If set to 1882.Dq Li YES , 1883run the 1884.Xr rpcbind 8 1885service at boot time. 1886.It Va rpcbind_flags 1887.Pq Vt str 1888If 1889.Va rpcbind_enable 1890is set to 1891.Dq Li YES , 1892these are the flags to pass to the 1893.Xr rpcbind 8 1894daemon. 1895.It Va keyserv_enable 1896.Pq Vt bool 1897If set to 1898.Dq Li YES , 1899run the 1900.Xr keyserv 8 1901daemon on boot for running Secure RPC. 1902.It Va keyserv_flags 1903.Pq Vt str 1904If 1905.Va keyserv_enable 1906is set to 1907.Dq Li YES , 1908these are the flags to pass to 1909.Xr keyserv 8 1910daemon. 1911.It Va pppoed_enable 1912.Pq Vt bool 1913If set to 1914.Dq Li YES , 1915run the 1916.Xr pppoed 8 1917daemon at boot time to provide PPP over Ethernet services. 1918.It Va pppoed_ Ns Aq Ar provider 1919.Pq Vt str 1920.Xr pppoed 8 1921listens to requests to this 1922.Ar provider 1923and ultimately runs 1924.Xr ppp 8 1925with a 1926.Ar system 1927argument of the same name. 1928.It Va pppoed_flags 1929.Pq Vt str 1930Additional flags to pass to 1931.Xr pppoed 8 . 1932.It Va pppoed_interface 1933.Pq Vt str 1934The network interface to run 1935.Xr pppoed 8 1936on. 1937This is mandatory when 1938.Va pppoed_enable 1939is set to 1940.Dq Li YES . 1941.It Va timed_enable 1942.Pq Vt bool 1943If set to 1944.Dq Li YES , 1945run the 1946.Xr timed 8 1947service at boot time. 1948This command is intended for networks of 1949machines where a consistent 1950.Dq "network time" 1951for all hosts must be established. 1952This is often useful in large NFS 1953environments where time stamps on files are expected to be consistent 1954network-wide. 1955.It Va timed_flags 1956.Pq Vt str 1957If 1958.Va timed_enable 1959is set to 1960.Dq Li YES , 1961these are the flags to pass to the 1962.Xr timed 8 1963service. 1964.It Va ntpdate_enable 1965.Pq Vt bool 1966If set to 1967.Dq Li YES , 1968run 1969.Xr ntpdate 8 1970at system startup. 1971This command is intended to 1972synchronize the system clock only 1973.Em once 1974from some standard reference. 1975An option to set this up initially 1976(from a list of known servers) is also provided by the 1977.Xr sysinstall 8 1978program when the system is first installed. 1979.It Va ntpdate_config 1980.Pq Vt str 1981Configuration file for 1982.Xr ntpdate 8 . 1983Default 1984.Pa /etc/ntp.conf . 1985.It Va ntpdate_hosts 1986.Pq Vt str 1987A whitespace-separated list of NTP servers to synchronize with at startup. 1988The default is to use the servers listed in 1989.Va ntpdate_config , 1990if that file exists. 1991.It Va ntpdate_program 1992.Pq Vt str 1993Path to 1994.Xr ntpdate 8 1995(default 1996.Pa /usr/sbin/ntpdate ) . 1997.It Va ntpdate_flags 1998.Pq Vt str 1999If 2000.Va ntpdate_enable 2001is set to 2002.Dq Li YES , 2003these are the flags to pass to the 2004.Xr ntpdate 8 2005command (typically a hostname). 2006.It Va ntpd_enable 2007.Pq Vt bool 2008If set to 2009.Dq Li YES , 2010run the 2011.Xr ntpd 8 2012command at boot time. 2013.It Va ntpd_program 2014.Pq Vt str 2015Path to 2016.Xr ntpd 8 2017(default 2018.Pa /usr/sbin/ntpd ) . 2019.It Va ntpd_config 2020.Pq Vt str 2021Path to 2022.Xr ntpd 8 2023configuration file. 2024Default 2025.Pa /etc/ntp.conf . 2026.It Va ntpd_flags 2027.Pq Vt str 2028If 2029.Va ntpd_enable 2030is set to 2031.Dq Li YES , 2032these are the flags to pass to the 2033.Xr ntpd 8 2034daemon. 2035.It Va ntpd_sync_on_start 2036.Pq Vt bool 2037If set to 2038.Dq Li YES , 2039.Xr ntpd 8 2040is run with the 2041.Fl g 2042flag, which syncs the system's clock on startup. 2043See 2044.Xr ntpd 8 2045for more information regarding the 2046.Fl g 2047option. 2048This is a preferred alternative to using 2049.Xr ntpdate 8 2050or specifying the 2051.Va ntpdate_enable 2052variable. 2053.It Va nis_client_enable 2054.Pq Vt bool 2055If set to 2056.Dq Li YES , 2057run the 2058.Xr ypbind 8 2059service at system boot time. 2060.It Va nis_client_flags 2061.Pq Vt str 2062If 2063.Va nis_client_enable 2064is set to 2065.Dq Li YES , 2066these are the flags to pass to the 2067.Xr ypbind 8 2068service. 2069.It Va nis_ypset_enable 2070.Pq Vt bool 2071If set to 2072.Dq Li YES , 2073run the 2074.Xr ypset 8 2075daemon at system boot time. 2076.It Va nis_ypset_flags 2077.Pq Vt str 2078If 2079.Va nis_ypset_enable 2080is set to 2081.Dq Li YES , 2082these are the flags to pass to the 2083.Xr ypset 8 2084daemon. 2085.It Va nis_server_enable 2086.Pq Vt bool 2087If set to 2088.Dq Li YES , 2089run the 2090.Xr ypserv 8 2091daemon at system boot time. 2092.It Va nis_server_flags 2093.Pq Vt str 2094If 2095.Va nis_server_enable 2096is set to 2097.Dq Li YES , 2098these are the flags to pass to the 2099.Xr ypserv 8 2100daemon. 2101.It Va nis_ypxfrd_enable 2102.Pq Vt bool 2103If set to 2104.Dq Li YES , 2105run the 2106.Xr rpc.ypxfrd 8 2107daemon at system boot time. 2108.It Va nis_ypxfrd_flags 2109.Pq Vt str 2110If 2111.Va nis_ypxfrd_enable 2112is set to 2113.Dq Li YES , 2114these are the flags to pass to the 2115.Xr rpc.ypxfrd 8 2116daemon. 2117.It Va nis_yppasswdd_enable 2118.Pq Vt bool 2119If set to 2120.Dq Li YES , 2121run the 2122.Xr rpc.yppasswdd 8 2123daemon at system boot time. 2124.It Va nis_yppasswdd_flags 2125.Pq Vt str 2126If 2127.Va nis_yppasswdd_enable 2128is set to 2129.Dq Li YES , 2130these are the flags to pass to the 2131.Xr rpc.yppasswdd 8 2132daemon. 2133.It Va rpc_ypupdated_enable 2134.Pq Vt bool 2135If set to 2136.Dq Li YES , 2137run the 2138.Nm rpc.ypupdated 2139daemon at system boot time. 2140.It Va bsnmpd_enable 2141.Pq Vt bool 2142If set to 2143.Dq Li YES , 2144run the 2145.Xr bsnmpd 1 2146daemon at system boot time. 2147Be sure to understand the security implications of running SNMP daemon 2148on your host. 2149.It Va bsnmpd_flags 2150.Pq Vt str 2151If 2152.Va bsnmpd_enable 2153is set to 2154.Dq Li YES , 2155these are the flags to pass to the 2156.Xr bsnmpd 1 2157daemon. 2158.It Va defaultrouter 2159.Pq Vt str 2160If not set to 2161.Dq Li NO , 2162create a default route to this host name or IP address 2163(use an IP address if this router is also required to get to the 2164name server!). 2165.It Va ipv6_defaultrouter 2166.Pq Vt str 2167The IPv6 equivalent of 2168.Va defaultrouter . 2169.It Va static_routes 2170.Pq Vt str 2171Set to the list of static routes that are to be added at system 2172boot time. 2173If not set to 2174.Dq Li NO 2175then for each whitespace separated 2176.Ar element 2177in the value, a 2178.Va route_ Ns Aq Ar element 2179variable is assumed to exist 2180whose contents will later be passed to a 2181.Dq Nm route Cm add 2182operation. 2183For example: 2184.Bd -literal 2185static_routes="mcast gif0local" 2186route_mcast="-net 224.0.0.0/4 -iface gif0" 2187route_gif0local="-host 169.254.1.1 -iface lo0" 2188.Ed 2189.It Va ipv6_static_routes 2190.Pq Vt str 2191The IPv6 equivalent of 2192.Va static_routes . 2193If not set to 2194.Dq Li NO 2195then for each whitespace separated 2196.Ar element 2197in the value, a 2198.Va ipv6_route_ Ns Aq Ar element 2199variable is assumed to exist 2200whose contents will later be passed to a 2201.Dq Nm route Cm add Fl inet6 2202operation. 2203.It Va natm_static_routes 2204.Pq Vt str 2205The 2206.Xr natmip 4 2207equivalent of 2208.Va static_routes . 2209If not empty then for each whitespace separated 2210.Ar element 2211in the value, a 2212.Va route_ Ns Aq Ar element 2213variable is assumed to exist whose contents will later be passed to a 2214.Dq Nm atmconfig Cm natm Cm add 2215operation. 2216.It Va gateway_enable 2217.Pq Vt bool 2218If set to 2219.Dq Li YES , 2220configure host to act as an IP router, e.g.\& to forward packets 2221between interfaces. 2222.It Va ipv6_gateway_enable 2223.Pq Vt bool 2224The IPv6 equivalent of 2225.Va gateway_enable . 2226.It Va router_enable 2227.Pq Vt bool 2228If set to 2229.Dq Li YES , 2230run a routing daemon of some sort, based on the 2231settings of 2232.Va router 2233and 2234.Va router_flags . 2235.It Va ipv6_router_enable 2236.Pq Vt bool 2237The IPv6 equivalent of 2238.Va router_enable . 2239If set to 2240.Dq Li YES , 2241run a routing daemon of some sort, based on the 2242settings of 2243.Va ipv6_router 2244and 2245.Va ipv6_router_flags . 2246.It Va router 2247.Pq Vt str 2248If 2249.Va router_enable 2250is set to 2251.Dq Li YES , 2252this is the name of the routing daemon to use. 2253.It Va ipv6_router 2254.Pq Vt str 2255The IPv6 equivalent of 2256.Va router . 2257.It Va router_flags 2258.Pq Vt str 2259If 2260.Va router_enable 2261is set to 2262.Dq Li YES , 2263these are the flags to pass to the routing daemon. 2264.It Va ipv6_router_flags 2265.Pq Vt str 2266The IPv6 equivalent of 2267.Va router_flags . 2268.It Va mrouted_enable 2269.Pq Vt bool 2270If set to 2271.Dq Li YES , 2272run the multicast routing daemon, 2273.Xr mrouted 8 . 2274.It Va mroute6d_enable 2275.Pq Vt bool 2276The IPv6 equivalent of 2277.Va mrouted_enable . 2278If set to 2279.Dq Li YES , 2280run the IPv6 multicast routing daemon. 2281.Pp 2282Note that multicast routing daemons are no longer included in the 2283.Fx 2284base system, however, both 2285.Xr mrouted 8 2286and 2287.Xr pim6dd 8 2288may be installed from the 2289.Fx 2290Ports Collection. 2291.It Va mrouted_flags 2292.Pq Vt str 2293If 2294.Va mrouted_enable 2295is set to 2296.Dq Li YES , 2297these are the flags to pass to the 2298.Xr mrouted 8 2299daemon. 2300.It Va mroute6d_flags 2301.Pq Vt str 2302The IPv6 equivalent of 2303.Va mrouted_flags . 2304If 2305.Va mroute6d_enable 2306is set to 2307.Dq Li YES , 2308these are the flags passed to the IPv6 multicast routing daemon. 2309.It Va mroute6d_program 2310.Pq Vt str 2311If 2312.Va mroute6d_enable 2313is set to 2314.Dq Li YES , 2315this is the path to the IPv6 multicast routing daemon. 2316.It Va rtadvd_enable 2317.Pq Vt bool 2318If set to 2319.Dq Li YES , 2320run the 2321.Xr rtadvd 8 2322daemon at boot time. 2323.Xr rtadvd 8 2324will only run if 2325.Va ipv6_gateway_enable 2326is also set to 2327.Dq Li YES . 2328The 2329.Xr rtadvd 8 2330utility sends router advertisement packets to the interfaces specified in 2331.Va rtadvd_interfaces 2332and should only be enabled with great care. 2333You may want to fine-tune 2334.Xr rtadvd.conf 5 . 2335.It Va rtadvd_interfaces 2336.Pq Vt str 2337If 2338.Va rtadvd_enable 2339is set to 2340.Dq Li YES 2341this is the list of interfaces to use. 2342.It Va ipxgateway_enable 2343.Pq Vt bool 2344If set to 2345.Dq Li YES , 2346enable the routing of IPX traffic. 2347.It Va ipxrouted_enable 2348.Pq Vt bool 2349If set to 2350.Dq Li YES , 2351run the 2352.Xr IPXrouted 8 2353daemon at system boot time. 2354.It Va ipxrouted_flags 2355.Pq Vt str 2356If 2357.Va ipxrouted_enable 2358is set to 2359.Dq Li YES , 2360these are the flags to pass to the 2361.Xr IPXrouted 8 2362daemon. 2363.It Va arpproxy_all 2364.Pq Vt bool 2365If set to 2366.Dq Li YES , 2367enable global proxy ARP. 2368.It Va forward_sourceroute 2369.Pq Vt bool 2370If set to 2371.Dq Li YES 2372and 2373.Va gateway_enable 2374is also set to 2375.Dq Li YES , 2376source-routed packets are forwarded. 2377.It Va accept_sourceroute 2378.Pq Vt bool 2379If set to 2380.Dq Li YES , 2381the system will accept source-routed packets directed at it. 2382.It Va rarpd_enable 2383.Pq Vt bool 2384If set to 2385.Dq Li YES , 2386run the 2387.Xr rarpd 8 2388daemon at system boot time. 2389.It Va rarpd_flags 2390.Pq Vt str 2391If 2392.Va rarpd_enable 2393is set to 2394.Dq Li YES , 2395these are the flags to pass to the 2396.Xr rarpd 8 2397daemon. 2398.It Va bootparamd_enable 2399.Pq Vt bool 2400If set to 2401.Dq Li YES , 2402run the 2403.Xr bootparamd 8 2404daemon at system boot time. 2405.It Va bootparamd_flags 2406.Pq Vt str 2407If 2408.Va bootparamd_enable 2409is set to 2410.Dq Li YES , 2411these are the flags to pass to the 2412.Xr bootparamd 8 2413daemon. 2414.It Va stf_interface_ipv4addr 2415.Pq Vt str 2416If not set to 2417.Dq Li NO , 2418this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2419interface). 2420Specify this entry to enable the 6to4 interface. 2421.It Va stf_interface_ipv4plen 2422.Pq Vt int 2423Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2424An effective value is 0-31. 2425.It Va stf_interface_ipv6_ifid 2426.Pq Vt str 2427IPv6 interface ID for 2428.Xr stf 4 . 2429This can be set to 2430.Dq Li AUTO . 2431.It Va stf_interface_ipv6_slaid 2432.Pq Vt str 2433IPv6 Site Level Aggregator for 2434.Xr stf 4 . 2435.It Va ipv6_faith_prefix 2436.Pq Vt str 2437If not set to 2438.Dq Li NO , 2439this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2440translator. 2441You also need 2442.Xr faithd 8 2443setup. 2444.It Va ipv6_ipv4mapping 2445.Pq Vt bool 2446If set to 2447.Dq Li YES 2448this enables IPv4 mapped IPv6 address communication (like 2449.Li ::ffff:a.b.c.d ) . 2450.It Va atm_enable 2451.Pq Vt bool 2452Set to 2453.Dq Li YES 2454to enable the configuration of ATM interfaces at system boot time. 2455For all of the ATM variables described below, please refer to the 2456.Xr atm 8 2457manual page for further details on the available command parameters. 2458Also refer to the files in 2459.Pa /usr/share/examples/atm 2460for more detailed configuration information. 2461.It Va atm_load 2462.Pq Vt str 2463This is a list of physical ATM interface drivers to load. 2464Typical values are 2465.Dq Li hfa_pci 2466and/or 2467.Dq Li hea_pci . 2468.It Va atm_netif_ Ns Aq Ar intf 2469.Pq Vt str 2470For the ATM physical interface 2471.Ar intf , 2472this variable defines the name prefix and count for the ATM network 2473interfaces to be created. 2474The value will be passed as the parameters of an 2475.Dq Nm atm Cm "set netif" Ar intf 2476command. 2477.It Va atm_sigmgr_ Ns Aq Ar intf 2478.Pq Vt str 2479For the ATM physical interface 2480.Ar intf , 2481this variable defines the ATM signalling manager to be used. 2482The value will be passed as the parameters of an 2483.Dq Nm atm Cm attach Ar intf 2484command. 2485.It Va atm_prefix_ Ns Aq Ar intf 2486.Pq Vt str 2487For the ATM physical interface 2488.Ar intf , 2489this variable defines the NSAP prefix for interfaces using a UNI signalling 2490manager. 2491If set to 2492.Dq Li ILMI , 2493the prefix will automatically be set via the 2494.Xr ilmid 8 2495daemon. 2496Otherwise, the value will be passed as the parameters of an 2497.Dq Nm atm Cm "set prefix" Ar intf 2498command. 2499.It Va atm_macaddr_ Ns Aq Ar intf 2500.Pq Vt str 2501For the ATM physical interface 2502.Ar intf , 2503this variable defines the MAC address for interfaces using a UNI signalling 2504manager. 2505If set to 2506.Dq Li NO , 2507the hardware MAC address contained in the ATM interface card will be used. 2508Otherwise, the value will be passed as the parameters of an 2509.Dq Nm atm Cm "set mac" Ar intf 2510command. 2511.It Va atm_arpserver_ Ns Aq Ar netif 2512.Pq Vt str 2513For the ATM network interface 2514.Ar netif , 2515this variable defines the ATM address for a host which is to provide ATMARP 2516service. 2517This variable is only applicable to interfaces using a UNI signalling 2518manager. 2519If set to 2520.Dq Li local , 2521this host will become an ATMARP server. 2522The value will be passed as the parameters of an 2523.Dq Nm atm Cm "set arpserver" Ar netif 2524command. 2525.It Va atm_scsparp_ Ns Aq Ar netif 2526.Pq Vt bool 2527If set to 2528.Dq Li YES , 2529SCSP/ATMARP service for the network interface 2530.Ar netif 2531will be initiated using the 2532.Xr scspd 8 2533and 2534.Xr atmarpd 8 2535daemons. 2536This variable is only applicable if 2537.Va atm_arpserver_ Ns Aq Ar netif 2538is set to 2539.Dq Li local . 2540.It Va atm_pvcs 2541.Pq Vt str 2542Set to the list of ATM PVCs to be added at system 2543boot time. 2544For each whitespace separated 2545.Ar element 2546in the value, an 2547.Va atm_pvc_ Ns Aq Ar element 2548variable is assumed to exist. 2549The value of each of these variables 2550will be passed as the parameters of an 2551.Dq Nm atm Cm "add pvc" 2552command. 2553.It Va atm_arps 2554.Pq Vt str 2555Set to the list of permanent ATM ARP entries to be added 2556at system boot time. 2557For each whitespace separated 2558.Ar element 2559in the value, an 2560.Va atm_arp_ Ns Aq Ar element 2561variable is assumed to exist. 2562The value of each of these variables 2563will be passed as the parameters of an 2564.Dq Nm atm Cm "add arp" 2565command. 2566.It Va natm_interfaces 2567.Pq Vt str 2568Set to the list of 2569.Xr natm 4 2570interfaces that will also be used for HARP through 2571.Xr harp 4 . 2572If this list is not empty all interfaces in the list will be brought up 2573with 2574.Xr ifconfig 8 2575and 2576.Xr harp 4 2577will be loaded. 2578For this to work the interface drivers must be either compiled into the 2579kernel or must reside on the root partition. 2580.It Va keybell 2581.Pq Vt str 2582The keyboard bell sound. 2583Set to 2584.Dq Li normal , 2585.Dq Li visual , 2586.Dq Li off , 2587or 2588.Dq Li NO 2589if the default behavior is desired. 2590For details, refer to the 2591.Xr kbdcontrol 1 2592manpage. 2593.It Va keyboard 2594.Pq Vt str 2595If set to a non-null string, the virtual console's keyboard input is 2596set to this device. 2597.It Va keymap 2598.Pq Vt str 2599If set to 2600.Dq Li NO , 2601no keymap is installed, otherwise the value is used to install 2602the keymap file in 2603.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 2604.It Va keyrate 2605.Pq Vt str 2606The keyboard repeat speed. 2607Set to 2608.Dq Li slow , 2609.Dq Li normal , 2610.Dq Li fast , 2611or 2612.Dq Li NO 2613if the default behavior is desired. 2614.It Va keychange 2615.Pq Vt str 2616If not set to 2617.Dq Li NO , 2618attempt to program the function keys with the value. 2619The value should 2620be a single string of the form: 2621.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 2622.It Va cursor 2623.Pq Vt str 2624Can be set to the value of 2625.Dq Li normal , 2626.Dq Li blink , 2627.Dq Li destructive , 2628or 2629.Dq Li NO 2630to set the cursor behavior explicitly or choose the default behavior. 2631.It Va scrnmap 2632.Pq Vt str 2633If set to 2634.Dq Li NO , 2635no screen map is installed, otherwise the value is used to install 2636the screen map file in 2637.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 2638.It Va font8x16 2639.Pq Vt str 2640If set to 2641.Dq Li NO , 2642the default 8x16 font value is used for screen size requests, otherwise 2643the value in 2644.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2645is used. 2646.It Va font8x14 2647.Pq Vt str 2648If set to 2649.Dq Li NO , 2650the default 8x14 font value is used for screen size requests, otherwise 2651the value in 2652.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2653is used. 2654.It Va font8x8 2655.Pq Vt str 2656If set to 2657.Dq Li NO , 2658the default 8x8 font value is used for screen size requests, otherwise 2659the value in 2660.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2661is used. 2662.It Va blanktime 2663.Pq Vt int 2664If set to 2665.Dq Li NO , 2666the default screen blanking interval is used, otherwise it is set 2667to 2668.Ar value 2669seconds. 2670.It Va saver 2671.Pq Vt str 2672If not set to 2673.Dq Li NO , 2674this is the actual screen saver to use 2675.Li ( blank , snake , daemon , 2676etc). 2677.It Va moused_nondefault_enable 2678.Pq Vt str 2679If set to 2680.Dq Li NO , 2681the mouse device specified on 2682the command line is not automatically treated as enabled by the 2683.Pa /etc/rc.d/moused 2684script. 2685Having this variable set to 2686.Dq Li YES 2687allows a 2688.Xr usb 4 2689mouse, 2690for example, 2691to be enabled as soon as it is plugged in. 2692.It Va moused_enable 2693.Pq Vt str 2694If set to 2695.Dq Li YES , 2696the 2697.Xr moused 8 2698daemon is started for doing cut/paste selection on the console. 2699.It Va moused_type 2700.Pq Vt str 2701This is the protocol type of the mouse connected to this host. 2702This variable must be set if 2703.Va moused_enable 2704is set to 2705.Dq Li YES . 2706The 2707.Xr moused 8 2708daemon 2709is able to detect the appropriate mouse type automatically in many cases. 2710Set this variable to 2711.Dq Li auto 2712to let the daemon detect it, or 2713select one from the following list if the automatic detection fails. 2714.Pp 2715If the mouse is attached to the PS/2 mouse port, choose 2716.Dq Li auto 2717or 2718.Dq Li ps/2 , 2719regardless of the brand and model of the mouse. 2720Likewise, if the 2721mouse is attached to the bus mouse port, choose 2722.Dq Li auto 2723or 2724.Dq Li busmouse . 2725All other protocols are for serial mice and will not work with 2726the PS/2 and bus mice. 2727If this is a USB mouse, 2728.Dq Li auto 2729is the only protocol type which will work. 2730.Pp 2731.Bl -tag -width ".Li x10mouseremote" -compact 2732.It Li microsoft 2733Microsoft mouse (serial) 2734.It Li intellimouse 2735Microsoft IntelliMouse (serial) 2736.It Li mousesystems 2737Mouse systems Corp.\& mouse (serial) 2738.It Li mmseries 2739MM Series mouse (serial) 2740.It Li logitech 2741Logitech mouse (serial) 2742.It Li busmouse 2743A bus mouse 2744.It Li mouseman 2745Logitech MouseMan and TrackMan (serial) 2746.It Li glidepoint 2747ALPS GlidePoint (serial) 2748.It Li thinkingmouse 2749Kensington ThinkingMouse (serial) 2750.It Li ps/2 2751PS/2 mouse 2752.It Li mmhittab 2753MM HitTablet (serial) 2754.It Li x10mouseremote 2755X10 MouseRemote (serial) 2756.It Li versapad 2757Interlink VersaPad (serial) 2758.El 2759.Pp 2760Even if the mouse is not in the above list, it may be compatible 2761with one in the list. 2762Refer to the manual page for 2763.Xr moused 8 2764for compatibility information. 2765.Pp 2766It should also be noted that while this is enabled, any 2767other client of the mouse (such as an X server) should access 2768the mouse through the virtual mouse device, 2769.Pa /dev/sysmouse , 2770and configure it as a 2771.Dq Li sysmouse 2772type mouse, since all 2773mouse data is converted to this single canonical format when 2774using 2775.Xr moused 8 . 2776If the client program does not support the 2777.Dq Li sysmouse 2778type, 2779specify the 2780.Dq Li mousesystems 2781type. 2782It is the second preferred type. 2783.It Va moused_port 2784.Pq Vt str 2785If 2786.Va moused_enable 2787is set to 2788.Dq Li YES , 2789this is the actual port the mouse is on. 2790It might be 2791.Pa /dev/cuad0 2792for a COM1 serial mouse, 2793.Pa /dev/psm0 2794for a PS/2 mouse or 2795.Pa /dev/mse0 2796for a bus mouse, for example. 2797.It Va moused_flags 2798.Pq Vt str 2799If 2800.Va moused_flags 2801is set, its value is used as an additional set of flags to pass to the 2802.Xr moused 8 2803daemon. 2804.It Va "moused_" Ns Ar XXX Ns Va "_flags" 2805When 2806.Va moused_nondefault_enable 2807is enabled, and a 2808.Xr moused 8 2809daemon is started for a non-default port, the 2810.Va "moused_" Ns Ar XXX Ns Va "_flags" 2811set of options has precedence over and replaces the default 2812.Va moused_flags (where 2813.Ar XXX 2814is the name of the non-default port, i.e.\& 2815.Ar ums0 ) . 2816By setting 2817.Va "moused_" Ns Ar XXX Ns Va "_flags" 2818it is possible to set up a different set of default flags for each 2819.Xr moused 8 2820instance. 2821For example, you can use 2822.Dq Li "-3" 2823for the default 2824.Va moused_flags 2825to make your laptop's touchpad more comfortable to use, 2826but an empty set of options for 2827.Va moused_ums0_flags 2828when your 2829.Xr usb 4 2830mouse has three or more buttons. 2831.It Va mousechar_start 2832.Pq Vt int 2833If set to 2834.Dq Li NO , 2835the default mouse cursor character range 2836.Li 0xd0 Ns - Ns Li 0xd3 2837is used, 2838otherwise the range start is set 2839to 2840.Ar value 2841character, see 2842.Xr vidcontrol 1 . 2843Use if the default range is occupied in the language code table. 2844.It Va allscreens_flags 2845.Pq Vt str 2846If set, 2847.Xr vidcontrol 1 2848is run with these options for each of the virtual terminals 2849.Pq Pa /dev/ttyv* . 2850For example, 2851.Dq Fl m Cm on 2852will enable the mouse pointer on all virtual terminals 2853if 2854.Va moused_enable 2855is set to 2856.Dq Li YES . 2857.It Va allscreens_kbdflags 2858.Pq Vt str 2859If set, 2860.Xr kbdcontrol 1 2861is run with these options for each of the virtual terminals 2862.Pq Pa /dev/ttyv* . 2863For example, 2864.Dq Fl h Li 200 2865will set the 2866.Xr syscons 4 2867scrollback (history) buffer to 200 lines. 2868.It Va cron_enable 2869.Pq Vt bool 2870If set to 2871.Dq Li YES , 2872run the 2873.Xr cron 8 2874daemon at system boot time. 2875.It Va cron_program 2876.Pq Vt str 2877Path to 2878.Xr cron 8 2879(default 2880.Pa /usr/sbin/cron ) . 2881.It Va cron_flags 2882.Pq Vt str 2883If 2884.Va cron_enable 2885is set to 2886.Dq Li YES , 2887these are the flags to pass to 2888.Xr cron 8 . 2889.It Va cron_dst 2890.Pq Vt bool 2891If set to 2892.Dq Li YES , 2893enable the special handling of transitions to and from the 2894Daylight Saving Time in 2895.Xr cron 8 2896(equivalent to using the flag 2897.Fl s ) . 2898.It Va lpd_program 2899.Pq Vt str 2900Path to 2901.Xr lpd 8 2902(default 2903.Pa /usr/sbin/lpd ) . 2904.It Va lpd_enable 2905.Pq Vt bool 2906If set to 2907.Dq Li YES , 2908run the 2909.Xr lpd 8 2910daemon at system boot time. 2911.It Va lpd_flags 2912.Pq Vt str 2913If 2914.Va lpd_enable 2915is set to 2916.Dq Li YES , 2917these are the flags to pass to the 2918.Xr lpd 8 2919daemon. 2920.It Va chkprintcap_enable 2921.Pq Vt bool 2922If set to 2923.Dq Li YES , 2924run the 2925.Xr chkprintcap 8 2926command before starting the 2927.Xr lpd 8 2928daemon. 2929.It Va chkprintcap_flags 2930.Pq Vt str 2931If 2932.Va lpd_enable 2933and 2934.Va chkprintcap_enable 2935are set to 2936.Dq Li YES , 2937these are the flags to pass to the 2938.Xr chkprintcap 8 2939program. 2940The default is 2941.Dq Li -d , 2942which causes missing directories to be created. 2943.It Va mta_start_script 2944.Pq Vt str 2945This variable specifies the full path to the script to run to start 2946a mail transfer agent. 2947The default is 2948.Pa /etc/rc.sendmail . 2949The 2950.Va sendmail_* 2951variables which 2952.Pa /etc/rc.sendmail 2953uses are documented in the 2954.Xr rc.sendmail 8 2955manual page. 2956.It Va dumpdev 2957.Pq Vt str 2958Indicates the device (usually a swap partition) to which a crash dump 2959should be written in the event of a system crash. 2960If the value of this variable is 2961.Dq Li AUTO , 2962the first suitable swap device listed in 2963.Pa /etc/fstab 2964will be used as dump device. 2965Otherwise, the value of this variable is passed as the argument to 2966.Xr dumpon 8 . 2967To disable crash dumps, set this variable to 2968.Dq Li NO . 2969.It Va dumpdir 2970.Pq Vt str 2971When the system reboots after a crash and a crash dump is found on the 2972device specified by the 2973.Va dumpdev 2974variable, 2975.Xr savecore 8 2976will save that crash dump and a copy of the kernel to the directory 2977specified by the 2978.Va dumpdir 2979variable. 2980The default value is 2981.Pa /var/crash . 2982Set to 2983.Dq Li NO 2984to not run 2985.Xr savecore 8 2986at boot time when 2987.Va dumpdir 2988is set. 2989.It Va savecore_flags 2990.Pq Vt str 2991If crash dumps are enabled, these are the flags to pass to the 2992.Xr savecore 8 2993utility. 2994.It Va enable_quotas 2995.Pq Vt bool 2996Set to 2997.Dq Li YES 2998to turn on user and group disk quotas on system startup via the 2999.Xr quotaon 8 3000command for all file systems marked as having quotas enabled in 3001.Pa /etc/fstab . 3002The kernel must be built with 3003.Cd "options QUOTA" 3004for disk quotas to function. 3005.It Va check_quotas 3006.Pq Vt bool 3007Set to 3008.Dq Li YES 3009to enable user and group disk quota checking via the 3010.Xr quotacheck 8 3011command. 3012.It Va quotacheck_flags 3013.Pq Vt str 3014If 3015.Va enable_quotas 3016is set to 3017.Dq Li YES , 3018and 3019.Va check_quotas 3020is set to 3021.Dq Li YES , 3022these are the flags to pass to the 3023.Xr quotacheck 8 3024utility. 3025The default is 3026.Dq Li "-a" , 3027which checks quotas for all file systems with quotas enabled in 3028.Pa /etc/fstab . 3029.It Va quotaon_flags 3030.Pq Vt str 3031If 3032.Va enable_quotas 3033is set to 3034.Dq Li YES , 3035these are the flags to pass to the 3036.Xr quotaon 8 3037utility. 3038The default is 3039.Dq Li "-a" , 3040which enables quotas for all file systems with quotas enabled in 3041.Pa /etc/fstab . 3042.It Va quotaoff_flags 3043.Pq Vt str 3044If 3045.Va enable_quotas 3046is set to 3047.Dq Li YES , 3048these are the flags to pass to the 3049.Xr quotaoff 8 3050utility when shutting down the quota system. 3051The default is 3052.Dq Li "-a" , 3053which disables quotas for all file systems with quotas enabled in 3054.Pa /etc/fstab . 3055.It Va accounting_enable 3056.Pq Vt bool 3057Set to 3058.Dq Li YES 3059to enable system accounting through the 3060.Xr accton 8 3061facility. 3062.It Va ibcs2_enable 3063.Pq Vt bool 3064Set to 3065.Dq Li YES 3066to enable iBCS2 (SCO) binary emulation at system initial boot 3067time. 3068.It Va ibcs2_loaders 3069.Pq Vt str 3070If not set to 3071.Dq Li NO 3072and if 3073.Va ibcs2_enable 3074is set to 3075.Dq Li YES , 3076this specifies a list of additional iBCS2 loaders to enable. 3077.It Va linux_enable 3078.Pq Vt bool 3079Set to 3080.Dq Li YES 3081to enable Linux/ELF binary emulation at system initial 3082boot time. 3083.It Va svr4_enable 3084.Pq Vt bool 3085If set to 3086.Dq Li YES , 3087enable SysVR4 emulation at boot time. 3088.It Va sysvipc_enable 3089.Pq Vt bool 3090If set to 3091.Dq Li YES , 3092load System V IPC primitives at boot time. 3093.It Va clear_tmp_enable 3094.Pq Vt bool 3095Set to 3096.Dq Li YES 3097to have 3098.Pa /tmp 3099cleaned at startup. 3100.It Va clear_tmp_X 3101.Pq Vt bool 3102Set to 3103.Dq Li NO 3104to disable removing of X11 lock files, 3105and the removal and (secure) recreation 3106of the various socket directories for X11 3107related programs. 3108.It Va ldconfig_paths 3109.Pq Vt str 3110Set to the list of shared library paths to use with 3111.Xr ldconfig 8 . 3112NOTE: 3113.Pa /usr/lib 3114will always be added first, so it need not appear in this list. 3115.It Va ldconfig32_paths 3116.Pq Vt str 3117Set to the list of 32-bit compatibility shared library paths to 3118use with 3119.Xr ldconfig 8 . 3120.It Va ldconfig_paths_aout 3121.Pq Vt str 3122Set to the list of shared library paths to use with 3123.Xr ldconfig 8 3124legacy 3125.Xr a.out 5 3126support. 3127.It Va ldconfig_insecure 3128.Pq Vt bool 3129The 3130.Xr ldconfig 8 3131utility normally refuses to use directories 3132which are writable by anyone except root. 3133Set this variable to 3134.Dq Li YES 3135to disable that security check during system startup. 3136.It Va ldconfig_local_dirs 3137.Pq Vt str 3138Set to the list of local 3139.Xr ldconfig 8 3140directories. 3141The names of all files in the directories listed will be 3142passed as arguments to 3143.Xr ldconfig 8 . 3144.It Va ldconfig_local32_dirs 3145.Pq Vt str 3146Set to the list of local 32-bit compatibility 3147.Xr ldconfig 8 3148directories. 3149The names of all files in the directories listed will be 3150passed as arguments to 3151.Dq Nm ldconfig Fl 32 . 3152.It Va kern_securelevel_enable 3153.Pq Vt bool 3154Set to 3155.Dq Li YES 3156to set the kernel security level at system startup. 3157.It Va kern_securelevel 3158.Pq Vt int 3159The kernel security level to set at startup. 3160The allowed range of 3161.Ar value 3162ranges from \-1 (the compile time default) to 3 (the 3163most secure). 3164See 3165.Xr init 8 3166for the list of possible security levels and their effect 3167on system operation. 3168.It Va sshd_program 3169.Pq Vt str 3170Path to the SSH server program 3171.Pa ( /usr/sbin/sshd 3172is the default). 3173.It Va sshd_enable 3174.Pq Vt bool 3175Set to 3176.Dq Li YES 3177to start 3178.Xr sshd 8 3179at system boot time. 3180.It Va sshd_flags 3181.Pq Vt str 3182If 3183.Va sshd_enable 3184is set to 3185.Dq Li YES , 3186these are the flags to pass to the 3187.Xr sshd 8 3188daemon. 3189.It Va ftpd_program 3190.Pq Vt str 3191Path to the FTP server program 3192.Pa ( /usr/libexec/ftpd 3193is the default). 3194.It Va ftpd_enable 3195.Pq Vt bool 3196Set to 3197.Dq Li YES 3198to start 3199.Xr ftpd 8 3200as a stand-alone daemon at system boot time. 3201.It Va ftpd_flags 3202.Pq Vt str 3203If 3204.Va ftpd_enable 3205is set to 3206.Dq Li YES , 3207these are the additional flags to pass to the 3208.Xr ftpd 8 3209daemon. 3210.It Va watchdogd_enable 3211.Pq Vt bool 3212If set to 3213.Dq Li YES , 3214start the 3215.Xr watchdogd 8 3216daemon at boot time. 3217This requires that the kernel have been compiled with a 3218.Xr watchdog 4 3219compatible device. 3220.It Va watchdogd_flags 3221.Pq Vt str 3222If 3223.Va watchdogd_enable 3224is set to 3225.Dq Li YES , 3226these are the flags passed to the 3227.Xr watchdogd 8 3228daemon. 3229.It Va performance_cx_lowest 3230.Pq Vt str 3231CPU idle state to use while on AC power. 3232The string 3233.Dq Li LOW 3234indicates that 3235.Xr acpi 4 3236should use the lowest power state available while 3237.Dq Li HIGH 3238indicates that the lowest latency state (less power savings) should be used. 3239.It Va performance_cpu_freq 3240.Pq Vt str 3241CPU clock frequency to use while on AC power. 3242The string 3243.Dq Li LOW 3244indicates that 3245.Xr cpufreq 4 3246should use the lowest frequency available while 3247.Dq Li HIGH 3248indicates that the highest frequency (less power savings) should be used. 3249.It Va economy_cx_lowest 3250.Pq Vt str 3251CPU idle state to use when off AC power. 3252The string 3253.Dq Li LOW 3254indicates that 3255.Xr acpi 4 3256should use the lowest power state available while 3257.Dq Li HIGH 3258indicates that the lowest latency state (less power savings) should be used. 3259.It Va economy_cpu_freq 3260.Pq Vt str 3261CPU clock frequency to use when off AC power. 3262The string 3263.Dq Li LOW 3264indicates that 3265.Xr cpufreq 4 3266should use the lowest frequency available while 3267.Dq Li HIGH 3268indicates that the highest frequency (less power savings) should be used. 3269.It Va jail_enable 3270.Pq Vt bool 3271If set to 3272.Dq Li NO , 3273any configured jails will not be started. 3274.It Va jail_list 3275.Pq Vt str 3276A space separated list of names for jails. 3277This is purely a configuration aid to help identify and 3278configure multiple jails. 3279The names specified in this list will be used to 3280identify settings common to an instance of a jail. 3281Assuming that the jail in question was named 3282.Li vjail , 3283you would have the following dependent variables: 3284.Bd -literal 3285jail_vjail_hostname="jail.example.com" 3286jail_vjail_ip="192.168.1.100" 3287jail_vjail_rootdir="/var/jails/vjail/root" 3288.Ed 3289.Pp 3290.It Va jail_flags 3291.Pq Vt str 3292Unset by default. 3293When set, use as default value for 3294.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3295for every jail in 3296.Va jail_list . 3297.It Va jail_interface 3298.Pq Vt str 3299Unset by default. 3300When set, use as default value for 3301.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3302for every jail in 3303.Va jail_list . 3304.It Va jail_fstab 3305.Pq Vt str 3306Unset by default. 3307When set, use as default value for 3308.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3309for every jail in 3310.Va jail_list . 3311.It Va jail_mount_enable 3312.Pq Vt bool 3313Set to 3314.Dq Li NO 3315by default. 3316When set to 3317.Dq Li YES , 3318sets 3319.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3320to 3321.Dq Li YES 3322by default for every jail in 3323.Va jail_list . 3324.It Va jail_devfs_ruleset 3325.Pq Vt str 3326Unset by default. 3327When set, sets 3328.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3329to given value for every jail in 3330.Va jail_list . 3331.It Va jail_devfs_enable 3332.Pq Vt bool 3333Set to 3334.Dq Li NO 3335by default. 3336When set to 3337.Dq Li YES , 3338sets 3339.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3340to 3341.Dq Li YES 3342by default for every jail in 3343.Va jail_list . 3344.It Va jail_fdescfs_enable 3345.Pq Vt bool 3346Set to 3347.Dq Li NO 3348by default. 3349When set to 3350.Dq Li YES , 3351sets 3352.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3353to 3354.Dq Li YES 3355by default for every jail in 3356.Va jail_list . 3357.It Va jail_procfs_enable 3358.Pq Vt bool 3359Set to 3360.Dq Li NO 3361by default. 3362When set to 3363.Dq Li YES , 3364sets 3365.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3366to 3367.Dq Li YES 3368by default for every jail in 3369.Va jail_list . 3370.It Va jail_exec_start 3371.Pq Vt str 3372Unset by default. 3373When set, use as default value for 3374.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3375for every jail in 3376.Va jail_list . 3377.It Va jail_exec_afterstart Ns Aq Ar N 3378.Pq Vt str 3379Unset by default. 3380When set, use as default value for 3381.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3382for every jail in 3383.Va jail_list . 3384.It Va jail_exec_stop 3385Unset by default. 3386When set, use as default value for 3387.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3388for every jail in 3389.Va jail_list . 3390.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3391.Pq Vt str 3392Unset by default. 3393Set to the root directory used by jail 3394.Va jname . 3395.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3396.Pq Vt str 3397Unset by default. 3398Set to the fully qualified domain name (FQDN) assigned to jail 3399.Va jname . 3400.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3401.Pq Vt str 3402Unset by default. 3403Set to the IP address assigned to jail 3404.Va jname . 3405.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3406.Pq Vt str 3407Set to 3408.Dq Li -l -U root 3409by default. 3410These are flags to pass to 3411.Xr jail . 3412.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3413.Pq Vt str 3414Unset by default. 3415When set, sets the interface to use when setting IP address alias. 3416Note that the alias is created at jail startup and removed at jail shutdown. 3417.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3418.Pq Vt str 3419Set to 3420.Pa /etc/fstab. Ns Aq Ar jname 3421by default. 3422This is the file system information file to use for jail 3423.Va jname . 3424.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3425.Pq Vt bool 3426Set to 3427.Dq Li NO 3428by default. 3429When set to 3430.Dq Li YES , 3431mount all file systems from 3432.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3433at jail startup. 3434.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3435.Pq Vt str 3436Unset by default. 3437When set, defines the device file system ruleset file to use for jail 3438.Va jname . 3439.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3440.Pq Vt bool 3441Set to 3442.Dq Li NO 3443by default. 3444When set to 3445.Dq Li YES , 3446mount the device file system inside jail 3447.Ar jname 3448at jail startup. 3449.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3450.Pq Vt bool 3451Set to 3452.Dq Li NO 3453by default. 3454When set to 3455.Dq Li YES , 3456mount the file-descriptor file system inside jail 3457.Ar jname 3458at jail startup. 3459.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 3460.Pq Vt bool 3461Set to 3462.Dq Li NO 3463by default. 3464When set to 3465.Dq Li YES , 3466mount the process file system inside jail 3467.Ar jname 3468at jail startup. 3469.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3470.Pq Vt str 3471Set to 3472.Dq Li /bin/sh /etc/rc 3473by default. 3474This is the command executed at jail startup. 3475.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3476.Pq Vt str 3477Unset by default. 3478This is the command run as 3479.Ar N Ns 3480th command 3481after jail startup, where 3482.Ar N 3483is 1, 2, and so on. 3484.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3485.Pq Vt str 3486Set to 3487.Dq Li /bin/sh /etc/rc.shutdown 3488by default. 3489This is the command executed at jail shutdown. 3490.It Va jail_set_hostname_allow 3491.Pq Vt bool 3492If set to 3493.Dq Li NO , 3494do not allow the root user in a jail to set its hostname. 3495.It Va jail_socket_unixiproute_only 3496.Pq Vt bool 3497If set to 3498.Dq Li YES , 3499do not allow any sockets, 3500besides UNIX/IP/route sockets, 3501to be used within a jail. 3502.It Va jail_sysvipc_allow 3503.Pq Vt bool 3504If set to 3505.Dq Li YES , 3506allow applications within a jail to use System V IPC. 3507.\" ----- ISDN settings --------------------------------- 3508.It Va isdn_enable 3509.Pq Vt bool 3510Set to 3511.Dq Li NO 3512by default. 3513When set to 3514.Dq Li YES , 3515starts the 3516.Xr isdnd 8 3517daemon 3518at system boot time. 3519.It Va isdn_flags 3520.Pq Vt str 3521Set to 3522.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9 3523by default. 3524Additional flags to pass to 3525.Xr isdnd 8 3526(but see 3527.Va isdn_fsdev 3528and 3529.Va isdn_ttype 3530for certain tunable parameters). 3531.It Va isdn_ttype 3532.Pq Vt str 3533Set to 3534.Dq Li cons25 3535by default. 3536The terminal type of the output device when 3537.Xr isdnd 8 3538operates in full-screen mode. 3539.It Va isdn_screenflags 3540.Pq Vt str 3541Set to 3542.Dq Li NO 3543by default. 3544The video mode for full-screen mode (only for 3545.Xr syscons 4 3546console driver, see 3547.Xr vidcontrol 1 3548for valid modes). 3549.It Va isdn_fsdev 3550.Pq Vt str 3551Set to 3552.Dq Li NO 3553by default. 3554The output device for 3555.Xr isdnd 8 3556in full-screen mode (or 3557.Dq Li NO 3558for daemon mode). 3559.It Va isdn_trace 3560.Pq Vt bool 3561Set to 3562.Dq Li NO 3563by default. 3564When set to 3565.Dq Li YES , 3566enables the ISDN protocol trace utility 3567.Xr isdntrace 8 3568at system boot time. 3569.It Va isdn_traceflags 3570.Pq Vt str 3571Set to 3572.Dq Fl f Pa /var/tmp/isdntrace0 3573by default. 3574Flags for 3575.Xr isdntrace 8 . 3576.\" ----------------------------------------------------- 3577.It Va harvest_interrupt 3578.Pq Vt bool 3579Set to 3580.Dq Li YES 3581to use hardware interrupts as an entropy source. 3582Refer to 3583.Xr random 4 3584for more information. 3585.It Va harvest_ethernet 3586.Pq Vt bool 3587Set to 3588.Dq Li YES 3589to use LAN traffic as an entropy source. 3590Refer to 3591.Xr random 4 3592for more information. 3593.It Va harvest_p_to_p 3594.Pq Vt bool 3595Set to 3596.Dq Li YES 3597to use serial line traffic as an entropy source. 3598Refer to 3599.Xr random 4 3600for more information. 3601.It Va entropy_dir 3602.Pq Vt str 3603Set to 3604.Dq Li NO 3605to disable caching entropy via 3606.Xr cron 8 . 3607Otherwise set to the directory used to store entropy files in. 3608.It Va entropy_file 3609.Pq Vt str 3610Set to 3611.Dq Li NO 3612to disable caching entropy through reboots. 3613Otherwise set to the filename used to store cached entropy through 3614reboots. 3615This file should be located on the root file system to seed the 3616.Xr random 4 3617device as early as possible in the boot process. 3618.It Va entropy_save_sz 3619.Pq Vt int 3620Size of the entropy cache files saved by 3621.Nm save-entropy 3622periodically. 3623.It Va entropy_save_num 3624.Pq Vt int 3625Number of entropy cache files to save by 3626.Nm save-entropy 3627periodically. 3628.It Va ipsec_enable 3629.Pq Vt bool 3630Set to 3631.Dq Li YES 3632to run 3633.Xr setkey 8 3634on 3635.Va ipsec_file 3636at boot time. 3637.It Va ipsec_file 3638.Pq Vt str 3639Configuration file for 3640.Xr setkey 8 . 3641.It Va dmesg_enable 3642.Pq Vt bool 3643Set to 3644.Dq Li YES 3645to save 3646.Xr dmesg 8 3647to 3648.Pa /var/run/dmesg.boot 3649on boot. 3650.It Va rcshutdown_timeout 3651.Pq Vt int 3652If set, start a watchdog timer in the background which will terminate 3653.Pa rc.shutdown 3654if 3655.Xr shutdown 8 3656has not completed within the specified time (in seconds). 3657Notice that in addition to this soft timeout, 3658.Xr init 8 3659also applies a hard timeout for the execution of 3660.Pa rc.shutdown . 3661This is configured via 3662.Xr sysctl 8 3663variable 3664.Va kern.init_shutdown_timeout 3665and defaults to 120 seconds. 3666Setting the value of 3667.Va rcshutdown_timeout 3668to more than 120 seconds will have no effect until the 3669.Xr sysctl 8 3670variable 3671.Va kern.init_shutdown_timeout 3672is also increased. 3673.It Va virecover_enable 3674.Pq Vt bool 3675Set to 3676.Dq Li NO 3677to prevent the system from trying to 3678recover pre-maturely terminated 3679.Xr vi 1 3680sessions. 3681.It Va ugidfw_enable 3682.Pq Vt bool 3683Set to 3684.Dq Li YES 3685to load the 3686.Xr mac_bsdextended 4 3687module upon system initialization and load a default 3688ruleset file. 3689.It Va bsdextended_script 3690.Pq Vt str 3691The default 3692.Xr mac_bsdextended 4 3693ruleset file to load. 3694The default value of this variable is 3695.Pa /etc/rc.bsdextended . 3696.It Va newsyslog_enable 3697.Pq Vt bool 3698If set to 3699.Dq Li YES , 3700run 3701.Xr newsyslog 8 3702command at startup. 3703.It Va newsyslog_flags 3704.Pq Vt str 3705If 3706.Va newsyslog_enable 3707is set to 3708.Dq Li YES , 3709these are the flags to pass to the 3710.Xr newsyslog 8 3711program. 3712The default is 3713.Dq Li -CN , 3714which causes log files flagged with a 3715.Cm C 3716to be created. 3717.It Va mdconfig_md Ns Aq Ar X 3718.Pq Vt str 3719Arguments to 3720.Xr mdconfig 8 3721for 3722.Xr md 4 3723device 3724.Ar X . 3725At minimum a 3726.Fl t Ar type 3727must be specified and either a 3728.Fl s Ar size 3729for malloc or swap backed 3730.Xr md 4 3731devices or a 3732.Fl f Ar file 3733for vnode backed 3734.Xr md 4 3735devices. 3736Note that 3737.Va mdconfig_md Ns Aq Ar X 3738variables are evaluated until one variable is unset or null. 3739.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 3740.Pq Vt str 3741Optional arguments passed to 3742.Xr newfs 8 3743to initialize 3744.Xr md 4 3745device 3746.Ar X . 3747.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 3748.Pq Vt str 3749An ownership specification passed to 3750.Xr chown 8 3751after the specified 3752.Xr md 4 3753device 3754.Ar X 3755has been mounted. 3756Both the 3757.Xr md 4 3758device and the mount point will be changed. 3759.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 3760.Pq Vt str 3761A mode string passed to 3762.Xr chmod 1 3763after the specified 3764.Xr md 4 3765device 3766.Ar X 3767has been mounted. 3768Both the 3769.Xr md 4 3770device and the mount point will be changed. 3771.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 3772.Pq Vt str 3773Files to be copied to the mount point of the 3774.Xr md 4 3775device 3776.Ar X 3777after it has been mounted. 3778.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 3779.Pq Vt str 3780Command to execute after the specified 3781.Xr md 4 3782device 3783.Ar X 3784has been mounted. 3785Note that the command is passed to 3786.Ic eval 3787and that both 3788.Va _dev 3789and 3790.Va _mp 3791variables can be used to reference respectively the 3792.Xr md 4 3793device and the mount point. 3794Assuming that the 3795.Xr md 4 3796device is 3797.Li md0 , 3798one could set the following: 3799.Bd -literal 3800mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 3801.Ed 3802.It Va ramdisk_units 3803.Pq Vt str 3804A list of one or more ramdisk units to configure with 3805.Xr mdconfig 8 3806and 3807.Xr newfs 8 3808in time to be mounted from 3809.Xr fstab 5 . 3810Each listed unit 3811.Ar X 3812must specify at least a 3813.Ar type 3814in a 3815.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3816variable. 3817Note that this way to configure ramdisks has been deprecated 3818in favor of new 3819.Va mdconfig_md* 3820variables (see above). 3821.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3822.Pq Vt str 3823Arguments to 3824.Xr mdconfig 8 3825for ramdisk 3826.Ar X . 3827At minimum a 3828.Fl t Ar type 3829must be specified, where 3830.Ar type 3831must be one of 3832.Cm malloc 3833or 3834.Cm swap . 3835.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs 3836.Pq Vt str 3837Optional arguments passed to 3838.Xr newfs 8 3839to initialize ramdisk 3840.Ar X . 3841.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner 3842.Pq Vt str 3843An ownership specification passed to 3844.Xr chown 8 3845after the specified ramdisk unit 3846.Ar X 3847has been mounted. 3848Both the 3849.Xr md 4 3850device and the mount point will be changed. 3851.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms 3852.Pq Vt str 3853A mode string passed to 3854.Xr chmod 1 3855after the specified ramdisk unit 3856.Ar X 3857has been mounted. 3858Both the 3859.Xr md 4 3860device and the mount point will be changed. 3861.It Va autobridge_interfaces 3862.Pq Vt str 3863Set to the list of bridge interfaces that will have newly arriving interfaces 3864checked against to be automatically added. 3865If not set to 3866.Dq Li NO 3867then for each whitespace separated 3868.Ar element 3869in the value, a 3870.Va autobridge_ Ns Aq Ar element 3871variable is assumed to exist which has a whitespace separated list of interface 3872names to match, these names can use wildcards. 3873For example: 3874.Bd -literal 3875autobridge_interfaces="bridge0" 3876autobridge_bridge0="tap* dc0 vlan[345]" 3877.Ed 3878.It Va mixer_enable 3879.Pq Vt bool 3880If set to 3881.Dq Li YES , 3882enable support for sound mixer. 3883.It Va hcsecd_enable 3884.Pq Vt bool 3885If set to 3886.Dq Li YES , 3887enable Bluetooth security daemon. 3888.It Va hcsecd_config 3889.Pq Vt str 3890Configuration file for 3891.Xr hcsecd 8 . 3892Default 3893.Pa /etc/bluetooth/hcsecd.conf . 3894.It Va sdpd_enable 3895.Pq Vt bool 3896If set to 3897.Dq Li YES , 3898enable Bluetooth Service Discovery Protocol daemon. 3899.It Va sdpd_control 3900.Pq Vt str 3901Path to 3902.Xr sdpd 8 3903control socket. 3904Default 3905.Pa /var/run/sdp . 3906.It Va sdpd_groupname 3907.Pq Vt str 3908Sets 3909.Xr sdpd 8 3910group to run as after it initializes. 3911Default 3912.Dq Li nobody . 3913.It Va sdpd_username 3914.Pq Vt str 3915Sets 3916.Xr sdpd 8 3917user to run as after it initializes. 3918Default 3919.Dq Li nobody . 3920.It Va bthidd_enable 3921.Pq Vt bool 3922If set to 3923.Dq Li YES , 3924enable Bluetooth Human Interface Device daemon. 3925.It Va bthidd_config 3926.Pq Vt str 3927Configuration file for 3928.Xr bthidd 8 . 3929Default 3930.Pa /etc/bluetooth/bthidd.conf . 3931.It Va bthidd_hids 3932.Pq Vt str 3933Path to a file, where 3934.Xr bthidd 8 3935will store information about known HID devices. 3936Default 3937.Pa /var/db/bthidd.hids . 3938.It Va rfcomm_pppd_server_enable 3939.Pq Vt bool 3940If set to 3941.Dq Li YES , 3942enable Bluetooth RFCOMM PPP wrapper daemon. 3943.It Va rfcomm_pppd_server_profile 3944.Pq Vt str 3945The name of the profile to use from 3946.Pa /etc/ppp/ppp.conf . 3947Multiple profiles can be specified here. 3948Also used to specify per-profile overrides. 3949When the profile name contains any of the characters 3950.Dq Li .-/+ 3951they are translated to 3952.Dq Li _ 3953for the proposes of the override variable names. 3954.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 3955.Pq Vt str 3956Overrides local address to listen on. 3957By default 3958.Xr rfcomm_pppd 8 3959will listen on 3960.Dq Li ANY 3961address. 3962The address can be specified as BD_ADDR or name. 3963.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 3964.Pq Vt str 3965Overrides local RFCOMM channel to listen on. 3966By default 3967.Xr rfcomm_pppd 8 3968will listen on RFCOMM channel 1. 3969Must set properly if multiple profiles used in the same time. 3970.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 3971.Pq Vt bool 3972Tells 3973.Xr rfcomm_pppd 8 3974if it should register Serial Port service on the speficied RFCOMM channel. 3975Default 3976.Dq Li NO . 3977.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 3978.Pq Vt bool 3979Tells 3980.Xr rfcomm_pppd 8 3981if it should register Dial-Up Networking service on the speficied 3982RFCOMM channel. 3983Default 3984.Dq Li NO . 3985.El 3986.Sh FILES 3987.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 3988.It Pa /etc/defaults/rc.conf 3989.It Pa /etc/rc.conf 3990.It Pa /etc/rc.conf.local 3991.El 3992.Sh SEE ALSO 3993.Xr catman 1 , 3994.Xr chmod 1 , 3995.Xr gdb 1 , 3996.Xr info 1 , 3997.Xr kbdcontrol 1 , 3998.Xr makewhatis 1 , 3999.Xr sh 1 , 4000.Xr vi 1 , 4001.Xr vidcontrol 1 , 4002.Xr bridge 4 , 4003.Xr dummynet 4 , 4004.Xr ip 4 , 4005.Xr ipf 4 , 4006.Xr ipfw 4 , 4007.Xr ipnat 4 , 4008.Xr kld 4 , 4009.Xr pf 4 , 4010.Xr pflog 4 , 4011.Xr pfsync 4 , 4012.Xr tcp 4 , 4013.Xr udp 4 , 4014.Xr exports 5 , 4015.Xr fstab 5 , 4016.Xr ipf 5 , 4017.Xr ipnat 5 , 4018.Xr motd 5 , 4019.Xr newsyslog.conf 5 , 4020.Xr pf.conf 5 , 4021.Xr accton 8 , 4022.Xr amd 8 , 4023.Xr apm 8 , 4024.Xr atm 8 , 4025.Xr bthidd 8 , 4026.Xr chkprintcap 8 , 4027.Xr chown 8 , 4028.Xr cron 8 , 4029.Xr dhclient 8 , 4030.Xr ftpd 8 , 4031.Xr geli 8 , 4032.Xr hcsecd 8 , 4033.Xr ifconfig 8 , 4034.Xr inetd 8 , 4035.Xr ipf 8 , 4036.Xr ipfw 8 , 4037.Xr ipnat 8 , 4038.Xr isdnd 8 , 4039.Xr isdntrace 8 , 4040.Xr jail 8 , 4041.Xr kldxref 8 , 4042.Xr lpd 8 , 4043.Xr mdconfig 8 , 4044.Xr mdmfs 8 , 4045.Xr mixer 8 , 4046.Xr mountd 8 , 4047.Xr moused 8 , 4048.Xr mrouted 8 , 4049.Xr named 8 , 4050.Xr newfs 8 , 4051.Xr newsyslog 8 , 4052.Xr nfsd 8 , 4053.Xr ntpd 8 , 4054.Xr ntpdate 8 , 4055.Xr pfctl 8 , 4056.Xr pflogd 8 , 4057.Xr powerd 8 , 4058.Xr quotacheck 8 , 4059.Xr quotaon 8 , 4060.Xr rc 8 , 4061.Xr rc.sendmail 8 , 4062.Xr rfcomm_pppd 8 , 4063.Xr route 8 , 4064.Xr routed 8 , 4065.Xr rpcbind 8 , 4066.Xr rpc.lockd 8 , 4067.Xr rpc.statd 8 , 4068.Xr rwhod 8 , 4069.Xr savecore 8 , 4070.Xr sdpd 8 , 4071.Xr sshd 8 , 4072.Xr swapon 8 , 4073.Xr sysctl 8 , 4074.Xr syslogd 8 , 4075.Xr timed 8 , 4076.Xr yp 8 , 4077.Xr ypbind 8 , 4078.Xr ypserv 8 , 4079.Xr ypset 8 4080.Sh HISTORY 4081The 4082.Nm 4083file appeared in 4084.Fx 2.2.2 . 4085.Sh AUTHORS 4086.An Jordan K. Hubbard . 4087