4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the system installation utility,
46 is not to run commands or perform system startup actions
48 Instead, it is included by the
49 various generic startup scripts in
51 which conditionalize their
52 internal actions according to the settings found there.
56 file is included from the file
57 .Pa /etc/defaults/rc.conf ,
58 which specifies the default settings for all the available options.
59 Options need only be specified in
61 when the system administrator wishes to override these defaults.
63 .Pa /etc/rc.conf.local
64 is used to override settings in
66 for historical reasons.
72 .Dq Ar name Ns Li = Ns Ar value
76 The following list provides a name and short description for each
77 variable that can be set in the
80 .Bl -tag -width indent-two
85 enable output of debug messages from rc scripts.
86 This variable can be helpful in diagnosing mistakes when
87 editing or integrating new scripts.
88 Beware that this produces copious output to the terminal and
94 disable informational messages from the rc scripts.
95 Informational messages are displayed when
96 a condition that is not serious enough to warrant a warning or
104 when faststart is used (e.g., at boot time).
105 .It Va early_late_divider
107 The name of the script that should be used as the
108 delimiter between the
112 stages of the boot process.
113 The early stage should contain all the services needed to
114 get the disks (local or remote) mounted so that the late
115 stage can include scripts contained in the directories
118 variable (see below).
119 Thus, the two likely candidates for this value are
121 for the typical system, and
123 if the system needs remote file
124 systems mounted to get access to the
126 directories; for example when
134 is likely to be an appropriate value.
135 Extreme care should be taken when changing this value,
136 and before changing it one should ensure that there are
137 adequate provisions to recover from a failed boot
138 (such as physical contact with the machine,
139 or reliable remote console access).
144 no swapfile is installed, otherwise the value is used as the full
145 pathname to a file to use for additional swap space.
150 enable support for Automatic Power Management with
158 to handle APM event from userland.
159 This also enables support for APM.
166 these are the flags to pass to the
173 to handle device added, removed or unknown events from the kernel.
180 scripts at boot time.
183 Configuration file for
187 .It Va kldxref_enable
194 to automatically rebuild
199 .It Va kldxref_clobber
209 will overwrite existing
216 .It Va kldxref_module_path
221 delimited list of paths containing
233 enable the system power control facility with the
242 these are the flags to pass to the
246 Controls the creation of a
249 Always happens if set to
251 and never happens if set to
253 If set to anything else, a memory file system is created if
257 Controls the size of a created
261 Extra options passed to the
263 utility when the memory file system for
268 which inhibits the use of softupdates on
270 so that file system space is freed without delay
271 after file truncation or deletion.
274 for other options you can use in
277 Controls the creation of a
280 Always happens if set to
282 and never happens if set to
284 If set to anything else, a memory file system is created if
288 Controls the size of a created
292 Extra options passed to the
294 utility when the memory file system for
299 which inhibits the use of softupdates on
301 so that file system space is freed without delay
302 after file truncation or deletion.
305 for other options you can use in
308 Controls the automatic population of the
311 Always happens if set to
313 and never happens if set to
315 If set to anything else, a memory file system is created if
318 Note that this process requires access to certain commands in
322 is mounted on normal systems.
323 .It Va cleanvar_enable
330 List of directories to search for startup script files.
331 .It Va script_name_sep
333 The field separator to use for breaking down the list of startup script files
334 into individual filenames.
335 The default is a space.
336 It is not necessary to change this unless there are startup scripts with names
338 .It Va hostapd_enable
347 The fully qualified domain name (FQDN) of this host on the network.
348 This should almost certainly be set to something meaningful, even if
349 there is no network connection.
352 is used to set the hostname via DHCP,
353 this variable should be set to an empty string.
354 If this value remains unset when the system is done booting
355 your console login will display the default hostname of
359 Enable support for IPv6 networking.
360 Note that this requires that the kernel has been compiled with
361 .Cd "options INET6" .
364 The NIS domain name of this host, or
367 .It Va dhclient_program
369 Path to the DHCP client program
370 .Pa ( /sbin/dhclient ,
375 .It Va dhclient_flags
377 Additional flags to pass to the DHCP client program.
382 manpage for a description of the command line options available.
383 .It Va dhclient_flags_ Ns Aq Ar iface
384 Additional flags to pass to the DHCP client program running on
387 When specified, this variable overrides
389 .It Va background_dhclient
393 to start the DHCP client in background.
394 This can cause trouble with applications depending on
395 a working network, but it will provide a faster startup
397 .It Va background_dhclient_ Ns Aq Ar iface
398 When specified, this variable overrides the
399 .Va background_dhclient
400 variable for interface
403 .It Va synchronous_dhclient
409 synchronously at startup.
410 This behavior can be overridden on a per-interface basis by replacing
414 .Va ifconfig_ Ns Aq Ar interface
419 .It Va defaultroute_delay
421 When set to a positive value, wait up to this long after configuring
422 DHCP interfaces at startup to give the interfaces time to receive a lease.
423 .It Va firewall_enable
427 to load firewall rules at startup.
428 If the kernel was not built with
429 .Cd "options IPFIREWALL" ,
432 kernel module will be loaded.
434 .Va ipfilter_enable .
435 .It Va firewall_script
437 This variable specifies the full path to the firewall script to run.
439 .Pa /etc/rc.firewall .
442 Names the firewall type from the selection in
443 .Pa /etc/rc.firewall ,
444 or the file which contains the local firewall ruleset.
445 Valid selections from
449 .Bl -tag -width ".Li simple" -compact
451 unrestricted IP access
453 all IP services disabled, except via
456 basic protection for a workstation
458 basic protection for a LAN.
461 If a filename is specified, the full path
463 .It Va firewall_quiet
467 to disable the display of firewall rules on the console during boot.
468 .It Va firewall_logging
472 to enable firewall event logging.
473 This is equivalent to the
474 .Dv IPFIREWALL_VERBOSE
476 .It Va firewall_flags
482 specifies a filename.
483 .It Va firewall_coscripts
485 List of executables and/or rc scripts to run after firewall starts/stops.
487 .\" ----- firewall_nat_enable setting --------------------------------
488 .It Va firewall_nat_enable
500 .It Va firewall_nat_interface
506 This is the name of the public interface or IP address on which
507 kernel NAT should run.
508 .It Va firewall_nat_flags
510 Additional configuration parameters for kernel NAT should be placed here.
511 .It Va dummynet_enable
515 will automatically load the
521 .\" -------------------------------------------------------------------
537 sockets must be enabled in the kernel.
538 If the kernel was not built with
539 .Cd "options IPDIVERT" ,
542 kernel module will be loaded.
543 .It Va natd_interface
545 This is the name of the public interface on which
548 The interface may be given as an interface name or as an IP address.
553 flags should be placed here.
558 flag is automatically added with the above
561 .\" ----- ipfilter_enable setting --------------------------------
562 .It Va ipfilter_enable
573 Typical usage will require putting
575 ipfilter_enable="YES"
593 can be enabled independently.
597 both require at least one of
607 options IPFILTER_DEFAULT_BLOCK
610 in the kernel configuration file is a good idea, too.
611 .\" ----- ipfilter_program setting ------------------------------
612 .It Va ipfilter_program
618 .\" ----- ipfilter_rules setting --------------------------------
619 .It Va ipfilter_rules
624 This variable contains the name of the filter rule definition file.
625 The file is expected to be readable for the
628 .\" ----- ipv6_ipfilter_rules setting ---------------------------
629 .It Va ipv6_ipfilter_rules
634 This variable contains the IPv6 filter rule definition file.
635 The file is expected to be readable for the
638 .\" ----- ipfilter_flags setting --------------------------------
639 .It Va ipfilter_flags
642 This variable contains flags passed to the
645 .\" ----- ipnat_enable setting ----------------------------------
655 network address translation.
658 for a detailed discussion.
659 .\" ----- ipnat_program setting ---------------------------------
666 .\" ----- ipnat_rules setting -----------------------------------
672 This variable contains the name of the file
673 holding the network address translation definition.
674 This file is expected to be readable for the
677 .\" ----- ipnat_flags setting -----------------------------------
681 This variable contains flags passed to the
684 .\" ----- ipmon_enable setting ----------------------------------
699 Setting this variable needs setting
706 for a detailed discussion.
707 .\" ----- ipmon_program setting ---------------------------------
714 .\" ----- ipmon_flags setting -----------------------------------
720 This variable contains flags passed to the
723 Another typical example would be
724 .Dq Fl D Pa /var/log/ipflog
727 log directly to a file bypassing
730 .Pa /etc/newsyslog.conf
731 in such case like this:
733 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
735 .\" ----- ipfs_enable setting -----------------------------------
745 saving the filter and NAT state tables during shutdown
746 and reloading them during startup again.
747 Setting this variable needs setting
756 for a detailed discussion.
762 because the raised securelevel will prevent
764 from saving the state tables at shutdown time.
765 .\" ----- ipfs_program setting ----------------------------------
772 .\" ----- ipfs_flags setting ------------------------------------
776 This variable contains flags passed to the
779 .\" ----- end of added ipf hook ---------------------------------
791 Typical usage will require putting
806 into the kernel, otherwise the
807 kernel module will be loaded.
812 ruleset configuration file
827 these flags are passed to the
829 program when loading the ruleset.
839 which logs packets from the
852 .Pa /var/log/pflog ) .
854 .Pa /etc/newsyslog.conf
855 to adjust logfile rotation for this.
865 This variable contains additional flags passed to the
868 .It Va ftpproxy_enable
879 packet filter in translating ftp connections.
880 .It Va ftpproxy_flags
883 This variable contains additional flags passed to the
895 state changes to other hosts over the network by means of
900 must also be set then.
901 .It Va pfsync_syncdev
904 This variable specifies the name of the network interface
906 should operate through.
907 It must be set accordingly if
911 .It Va pfsync_syncpeer
914 This variable is optional.
915 By default, state change messages are sent out on the synchronisation
916 interface using IP multicast packets.
917 The protocol is IP protocol 240, PFSYNC, and the multicast group used is
919 When a peer address is specified using the
921 option, the peer address is used as a destination for the pfsync
922 traffic, and the traffic can then be protected using
926 manpage for more details about using
931 .It Va pfsync_ifconfig
934 This variable can contain additional options to be passed to the
936 command used to set up
938 .It Va tcp_extensions
945 disables certain TCP options as described by
951 might help remedy such problems with connections as randomly hanging
952 or other weird behavior.
953 Some network devices are known
954 to be broken with respect to these options.
961 .Va net.inet.tcp.log_in_vain
963 .Va net.inet.udp.log_in_vain ,
968 are set to the given value.
976 will disable probing idle TCP connections to verify that the
977 peer is still up and reachable.
978 .It Va tcp_drop_synfin
985 will cause the kernel to ignore TCP frames that have both
986 the SYN and FIN flags set.
987 This prevents OS fingerprinting, but may
988 break some legitimate applications.
989 .It Va icmp_drop_redirect
996 will cause the kernel to ignore ICMP REDIRECT packets.
999 for more information.
1000 .It Va icmp_log_redirect
1007 will cause the kernel to log ICMP REDIRECT packets.
1009 the log messages are not rate-limited, so this option should only be used
1010 for troubleshooting networks.
1013 for more information.
1014 .It Va icmp_bmcastecho
1018 to respond to broadcast or multicast ICMP ping packets.
1021 for more information.
1022 .It Va ip_portrange_first
1026 this is the first port in the default portrange.
1029 for more information.
1030 .It Va ip_portrange_last
1034 this is the last port in the default portrange.
1037 for more information.
1038 .It Va network_interfaces
1040 Set to the list of network interfaces to configure on this host or
1042 (the default) for all current interfaces.
1044 .Va network_interfaces
1045 variable to anything other than the default is deprecated.
1046 Interfaces that the administrator wishes to store configuration for,
1047 but not start at boot should be configured with the
1050 .Va ifconfig_ Ns Aq Ar interface
1051 variables as described below.
1054 .Va ifconfig_ Ns Aq Ar interface
1055 variable is also assumed to exist for each value of
1057 When an interface name contains any of the characters
1059 they are translated to
1062 The variable can contain arguments to
1064 as well as special case-insensitive keywords described below.
1065 Such keywords are removed before passing the value to
1067 while the order of the other arguments is preserved.
1069 One can configure more than one IPv4 address with the
1070 .Va ipv4_addrs_ Ns Aq Ar interface
1072 One or more IP addresses must be provided in Classless Inter-Domain
1073 Routing (CIDR) address notation, whose last byte can be a range like
1075 In this case the address 192.0.2.5 will be configured with the
1076 netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1077 the non-conflicting netmask /32 as explained in the
1080 With the interface in question being
1082 an example could look like:
1084 ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28"
1087 It is also possible to add IP alias entries using
1090 Assuming that the interface in question was
1093 something like this:
1095 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1096 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1101 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1102 entry that is found,
1103 its contents are passed to
1105 Execution stops at the first unsuccessful access, so if
1106 something like this is present:
1108 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1109 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1110 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1111 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1114 Then note that alias4 would
1116 be added since the search would
1117 stop with the missing
1120 Due to this difficult to manage behavior, the
1121 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1125 .Pa /etc/start_if. Ns Aq Ar interface
1126 file is present, it is read and executed by the
1129 before configuring the interface as specified in the
1130 .Va ifconfig_ Ns Aq Ar interface
1132 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1136 .Va vlans_ Ns Aq Ar interface
1140 interface will be created for each item in the list with the
1144 If a vlan interface's name is a number,
1145 then that number is used as the vlan tag and the new vlan interface is
1147 .Ar interface . Ns Ar tag .
1149 the vlan tag must be specified via a
1152 .Va create_args_ Ns Aq Ar interface
1155 To create a vlan device named
1159 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1162 ifconfig_em0_101="inet 192.0.2.1/24"
1165 To create a vlan device named
1169 with the vlan tag 102:
1172 create_args_myvlan="vlan 102"
1176 .Va wlans_ Ns Aq Ar interface
1180 interface will be created for each item in the list with the
1184 Further wlan cloning arguments may be passed to the
1187 command by setting the
1188 .Va create_args_ Ns Aq Ar interface
1192 devices must be created for each wireless devices as of
1198 may be specified with an
1199 .Va wlandebug_ Ns Aq Ar interface
1201 The contents of this variable will be passed directly to
1205 .Va ifconfig_ Ns Aq Ar interface
1206 contains the keyword
1208 then the interface will not be configured
1210 .Pa /etc/pccard_ether
1212 .Va network_interfaces
1216 It is possible to bring up an interface with DHCP by adding
1219 .Va ifconfig_ Ns Aq Ar interface
1221 For instance, to initialize the
1224 it is possible to use something like:
1229 Also, if you want to configure your wireless interface with
1230 .Xr wpa_supplicant 8
1231 for use with WPA, EAP/LEAP or WEP, you need to add
1234 .Va ifconfig_ Ns Aq Ar interface
1237 Finally, you can add
1239 options in this variable, in addition to the
1240 .Pa /etc/start_if. Ns Aq Ar interface
1242 For instance, to configure an
1244 wireless device in station mode with an address obtained
1245 via DHCP, using WPA authentication and 802.11b mode, it is
1246 possible to use something like:
1249 ifconfig_wlan0="DHCP WPA mode 11b"
1253 .Va ifconfig_ Ns Aq Ar interface
1254 form, a fallback variable
1255 .Va ifconfig_DEFAULT
1257 It will be used for all interfaces with no
1258 .Va ifconfig_ Ns Aq Ar interface
1260 This is intended to replace the no longer supported
1264 It is also possible to rename an interface by doing:
1266 ifconfig_ed0_name="net0"
1267 ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1269 .It Va ipv6_network_interfaces
1271 This is the IPv6 equivalent of
1272 .Va network_interfaces .
1273 Instead of setting the ifconfig variables as
1274 .Va ifconfig_ Ns Aq Ar interface
1275 they should be set as
1276 .Va ipv6_ifconfig_ Ns Aq Ar interface .
1277 Aliases should be set as
1278 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
1279 .Va ipv6_prefix_ Ns Aq Ar interface
1281 Interfaces that do not have a
1282 .Va ipv6_ifconfig_ Ns Aq Ar interface
1283 setting will be auto configured by
1286 .Va ipv6_gateway_enable
1289 Note that the IPv6 networking code does not support the
1290 .Pa /etc/start_if. Ns Aq Ar interface
1292 .It Va ipv6_default_interface
1296 this is the default output interface for scoped addresses.
1297 Now this works only for IPv6 link local multicast addresses.
1298 .It Va cloned_interfaces
1300 Set to the list of clonable network interfaces to create on this host.
1301 Further cloning arguments may be passed to the
1304 command for each interface by setting the
1305 .Va create_args_ Ns Aq Ar interface
1308 .Va cloned_interfaces
1309 are automatically appended to
1310 .Va network_interfaces
1312 .It Va fec_interfaces
1316 Fast EtherChannel interfaces to configure on this host.
1318 .Va fecconfig_ Ns Aq Ar interface
1319 variable is assumed to exist for each value of
1321 The value of this variable is used to configure link aggregated interfaces
1322 according to the syntax of the
1323 .Cm NGM_FEC_ADD_IFACE
1327 Additionally, this option ensures that each listed interface is created
1332 before attempting to configure it.
1335 fec_interfaces="fec0"
1336 fecconfig_fec0="em0 em1"
1337 ifconfig_fec0="DHCP"
1339 .It Va gif_interfaces
1343 tunnel interfaces to configure on this host.
1345 .Va gifconfig_ Ns Aq Ar interface
1346 variable is assumed to exist for each value of
1348 The value of this variable is used to configure the link layer of the
1349 tunnel according to the syntax of the
1353 Additionally, this option ensures that each listed interface is created
1358 before attempting to configure it.
1359 .It Va sppp_interfaces
1363 interfaces to configure on this host.
1365 .Va spppconfig_ Ns Aq Ar interface
1366 variable is assumed to exist for each value of
1368 Each interface should also be configured by a general
1369 .Va ifconfig_ Ns Aq Ar interface
1373 for more information about available options.
1383 The name of the profile to use from
1384 .Pa /etc/ppp/ppp.conf .
1385 Also used for per-profile overrides of
1390 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1391 When the profile name contains any of the characters
1393 they are translated to
1395 for the proposes of the override variable names.
1398 Mode in which to run the
1401 .It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1403 Overrides the global
1413 See the manual for a full description.
1418 enables network address translation.
1419 Used in conjunction with
1421 allows hosts on private network addresses access to the Internet using
1422 this host as a network address translating router.
1423 .It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1425 Overrides the global
1429 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1431 Set the unit number to be used for this profile.
1432 See the manual description of
1437 The name of the user under which
1445 .It Va rc_conf_files
1447 This option is used to specify a list of files that will override
1449 .Pa /etc/defaults/rc.conf .
1450 The files will be read in the order in which they are specified and should
1451 include the full path to the file.
1452 By default, the files specified are
1455 .Pa /etc/rc.conf.local
1461 will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1463 .It Va gbde_autoattach_all
1468 will attempt to automatically initialize your .bde devices in
1472 List the devices that the script should try to attach,
1477 The directory where the
1479 lockfiles are located.
1480 The default lockfile directory is
1483 The lockfile for each individual
1485 device can be overridden by setting the variable
1486 .Va gbde_lock_ Ns Aq Ar device ,
1489 is the encrypted device without the
1494 .It Va gbde_attach_attempts
1496 Number of times to attempt attaching to a
1498 device, i.e., how many times the user is asked for the pass-phrase.
1502 List of devices to automatically attach on boot.
1503 Note that .eli devices from
1505 are automatically appended to this list.
1508 Number of times user is asked for the pass-phrase.
1509 If empty, it will be taken from
1510 .Va kern.geom.eli.tries
1512 .It Va geli_default_flags
1514 Default flags to use by
1516 when configuring disk encryption.
1517 Flags can be configured for every device separately by defining
1518 .Va geli_ Ns Ao Ar device Ac Ns Va _flags
1520 .It Va geli_autodetach
1522 Specifies if GELI devices should be marked for detach on last close after
1523 file systems are mounted.
1526 This can be changed for every device separately by defining
1527 .Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1529 .It Va geli_swap_flags
1530 Options passed to the
1532 utility when encrypted GEOM providers for swap partitions are created.
1534 .Dq Li "-e aes -l 256 -s 4096 -d" .
1535 .It Va root_rw_mount
1540 After the file systems are checked at boot time, the root file system
1541 is remounted as read-write if this is set to
1543 Diskless systems that mount their root file system from a read-only remote
1544 NFS share should set this to
1548 .It Va fsck_y_enable
1553 will be run with the
1555 flag if the initial preen
1556 of the file systems fails.
1557 .It Va background_fsck
1561 the system will attempt to run
1563 in the background where possible.
1564 .It Va background_fsck_delay
1566 The amount of time in seconds to sleep before starting a background
1568 It defaults to sixty seconds to allow large applications such as
1569 the X server to start before disk I/O bandwidth is monopolized by
1571 If set to a negative number, the background file system check will be
1572 delayed indefinitely to allow the administrator to run it at a more
1574 For example it may be run from
1576 by adding a line like
1578 .Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
1584 List of file system types that are network-based.
1585 This list should generally not be modified by end users.
1587 .Va extra_netfs_types
1589 .It Va extra_netfs_types
1591 If set to something other than
1594 this variable extends the list of file system types
1595 for which automatic mounting at startup by
1597 should be delayed until the network is initialized.
1599 a whitespace-separated list of network file system descriptor pairs,
1600 each consisting of a file system type as passed to
1602 and a human-readable, one-word description,
1605 Extending the default list in this way is only necessary
1606 when third party file system types are used.
1607 .It Va syslogd_enable
1614 .It Va syslogd_program
1619 .Pa /usr/sbin/syslogd ) .
1620 .It Va syslogd_flags
1626 these are the flags to pass to
1635 .It Va inetd_program
1640 .Pa /usr/sbin/inetd ) .
1647 these are the flags to pass to
1656 .It Va hastd_program
1668 these are the flags to pass to
1677 .It Va named_program
1682 .Pa /usr/sbin/named ) .
1687 configuration file, (default
1688 .Pa /etc/namedb/named.conf ) .
1695 these are the flags to pass to
1697 .It Va named_pidfile
1699 This is the default path to the
1702 This must match the location in
1708 process should be run as.
1709 .It Va named_chrootdir
1711 The root directory for a name server run in a
1713 environment (default
1717 will not be run in a
1720 .It Va named_chroot_autoupdate
1724 to disable automatic update of the
1727 .It Va named_symlink_enable
1731 to disable symlinking of
1740 loop until working name service is established.
1741 .It Va named_wait_host
1743 Name of host to lookup for the named_wait option.
1745 .It Va named_auto_forward
1747 Set to enable automatic creation of a forwarder
1748 configuration file derived from
1749 .Pa /etc/resolv.conf .
1750 .It Va named_auto_forward_only
1752 Set to change the default forwarder configuration from
1756 .It Va kerberos5_server_enable
1760 to start a Kerberos 5 authentication server
1762 .It Va kerberos5_server
1765 .Va kerberos5_server_enable
1768 this is the path to Kerberos 5 Authentication Server.
1769 .It Va kerberos5_server_flags
1772 This variable contains additional flags to be passed to the Kerberos 5
1773 authentication server.
1774 .It Va kadmind5_server_enable
1780 the Kerberos 5 Administration Daemon; set to
1783 .It Va kadmind5_server
1786 .Va kadmind5_server_enable
1789 this is the path to Kerberos 5 Administration Daemon.
1790 .It Va kpasswdd_server_enable
1796 the Kerberos 5 Password-Changing Daemon; set to
1799 .It Va kpasswdd_server
1802 .Va kpasswdd_server_enable
1805 this is the path to Kerberos 5 Password-Changing Daemon.
1812 daemon at boot time.
1819 these are the flags to pass to it.
1826 daemon at boot time.
1833 these are the flags to pass to it.
1836 manpage for more information.
1837 .It Va amd_map_program
1840 the specified program is run to get the list of
1845 maps are stored in NIS, one can set this to
1858 will be updated at boot time to reflect the kernel release
1863 will not be updated.
1864 .It Va nfs_client_enable
1868 run the NFS client daemons at boot time.
1869 .It Va nfs_access_cache
1872 .Va nfs_client_enable
1877 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1879 results should be cached.
1880 A value of 2-10 seconds will substantially reduce network
1881 traffic for many NFS operations.
1882 .It Va nfs_server_enable
1886 run the NFS server daemons at boot time.
1887 .It Va nfs_server_flags
1890 .Va nfs_server_enable
1893 these are the flags to pass to the
1896 .It Va idmapd_enable
1900 run the ID mapping daemon for NFS version 4.
1907 these are the flags to pass to the
1910 .It Va mountd_enable
1915 .Va nfs_server_enable
1921 It is commonly needed to run CFS without real NFS used.
1928 these are the flags to pass to the
1931 .It Va weak_mountd_authentication
1935 allow services like PCNFSD to make non-privileged mount
1937 .It Va nfs_reserved_port_only
1941 provide NFS services only on a secure port.
1942 .It Va nfs_bufpackets
1944 If set to a number, indicates the number of packets worth of
1945 socket buffer space to reserve on an NFS client.
1946 The kernel default is typically 4.
1947 Using a higher number may be
1948 useful on gigabit networks to improve performance.
1949 The minimum value is
1950 2 and the maximum is 64.
1951 .It Va rpc_lockd_enable
1955 and also an NFS server or client, run
1958 .It Va rpc_lockd_flags
1961 .Va rpc_lockd_enable
1964 these are the flags to pass to the
1967 .It Va rpc_statd_enable
1971 and also an NFS server or client, run
1974 .It Va rpc_statd_flags
1977 .Va rpc_statd_enable
1980 these are the flags to pass to the
1983 .It Va rpcbind_program
1988 .Pa /usr/sbin/rpcbind ) .
1989 .It Va rpcbind_enable
1995 service at boot time.
1996 .It Va rpcbind_flags
2002 these are the flags to pass to the
2005 .It Va keyserv_enable
2011 daemon on boot for running Secure RPC.
2012 .It Va keyserv_flags
2018 these are the flags to pass to
2021 .It Va pppoed_enable
2027 daemon at boot time to provide PPP over Ethernet services.
2028 .It Va pppoed_ Ns Aq Ar provider
2031 listens to requests to this
2037 argument of the same name.
2040 Additional flags to pass to
2042 .It Va pppoed_interface
2044 The network interface to run
2047 This is mandatory when
2057 service at boot time.
2058 This command is intended for networks of
2059 machines where a consistent
2061 for all hosts must be established.
2062 This is often useful in large NFS
2063 environments where time stamps on files are expected to be consistent
2071 these are the flags to pass to the
2074 .It Va ntpdate_enable
2081 This command is intended to
2082 synchronize the system clock only
2084 from some standard reference.
2085 An option to set this up initially
2086 (from a list of known servers) is also provided by the
2088 program when the system is first installed.
2089 .It Va ntpdate_config
2091 Configuration file for
2095 .It Va ntpdate_hosts
2097 A whitespace-separated list of NTP servers to synchronize with at startup.
2098 The default is to use the servers listed in
2099 .Va ntpdate_config ,
2100 if that file exists.
2101 .It Va ntpdate_program
2106 .Pa /usr/sbin/ntpdate ) .
2107 .It Va ntpdate_flags
2113 these are the flags to pass to the
2115 command (typically a hostname).
2122 command at boot time.
2128 .Pa /usr/sbin/ntpd ) .
2142 these are the flags to pass to the
2145 .It Va ntpd_sync_on_start
2152 flag, which syncs the system's clock on startup.
2155 for more information regarding the
2158 This is a preferred alternative to using
2163 .It Va nis_client_enable
2169 service at system boot time.
2170 .It Va nis_client_flags
2173 .Va nis_client_enable
2176 these are the flags to pass to the
2179 .It Va nis_ypset_enable
2185 daemon at system boot time.
2186 .It Va nis_ypset_flags
2189 .Va nis_ypset_enable
2192 these are the flags to pass to the
2195 .It Va nis_server_enable
2201 daemon at system boot time.
2202 .It Va nis_server_flags
2205 .Va nis_server_enable
2208 these are the flags to pass to the
2211 .It Va nis_ypxfrd_enable
2217 daemon at system boot time.
2218 .It Va nis_ypxfrd_flags
2221 .Va nis_ypxfrd_enable
2224 these are the flags to pass to the
2227 .It Va nis_yppasswdd_enable
2233 daemon at system boot time.
2234 .It Va nis_yppasswdd_flags
2237 .Va nis_yppasswdd_enable
2240 these are the flags to pass to the
2243 .It Va rpc_ypupdated_enable
2249 daemon at system boot time.
2250 .It Va bsnmpd_enable
2256 daemon at system boot time.
2257 Be sure to understand the security implications of running SNMP daemon
2265 these are the flags to pass to the
2268 .It Va defaultrouter
2272 create a default route to this host name or IP address
2273 (use an IP address if this router is also required to get to the
2275 .It Va ipv6_defaultrouter
2277 The IPv6 equivalent of
2279 .It Va static_arp_pairs
2281 Set to the list of static ARP pairs that are to be added at system
2283 For each whitespace separated
2286 .Va static_arp_ Ns Aq Ar element
2287 variable is assumed to exist whose contents will later be passed to a
2292 static_arp_pairs="gw"
2293 static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2295 .It Va static_routes
2297 Set to the list of static routes that are to be added at system
2301 then for each whitespace separated
2304 .Va route_ Ns Aq Ar element
2305 variable is assumed to exist
2306 whose contents will later be passed to a
2311 static_routes="mcast gif0local"
2312 route_mcast="-net 224.0.0.0/4 -iface gif0"
2313 route_gif0local="-host 169.254.1.1 -iface lo0"
2315 .It Va ipv6_static_routes
2317 The IPv6 equivalent of
2321 then for each whitespace separated
2324 .Va ipv6_route_ Ns Aq Ar element
2325 variable is assumed to exist
2326 whose contents will later be passed to a
2327 .Dq Nm route Cm add Fl inet6
2329 .It Va natm_static_routes
2335 If not empty then for each whitespace separated
2338 .Va route_ Ns Aq Ar element
2339 variable is assumed to exist whose contents will later be passed to a
2340 .Dq Nm atmconfig Cm natm Cm add
2342 .It Va gateway_enable
2346 configure host to act as an IP router, e.g.\& to forward packets
2348 .It Va ipv6_gateway_enable
2350 The IPv6 equivalent of
2351 .Va gateway_enable .
2352 .It Va router_enable
2356 run a routing daemon of some sort, based on the
2361 .It Va ipv6_router_enable
2363 The IPv6 equivalent of
2367 run a routing daemon of some sort, based on the
2371 .Va ipv6_router_flags .
2378 this is the name of the routing daemon to use.
2381 The IPv6 equivalent of
2389 these are the flags to pass to the routing daemon.
2390 .It Va ipv6_router_flags
2392 The IPv6 equivalent of
2394 .It Va mrouted_enable
2398 run the multicast routing daemon,
2400 .It Va mroute6d_enable
2402 The IPv6 equivalent of
2403 .Va mrouted_enable .
2406 run the IPv6 multicast routing daemon.
2408 Note that multicast routing daemons are no longer included in the
2410 base system, however, both
2414 may be installed from the
2417 .It Va mrouted_flags
2423 these are the flags to pass to the
2426 .It Va mroute6d_flags
2428 The IPv6 equivalent of
2434 these are the flags passed to the IPv6 multicast routing daemon.
2435 .It Va mroute6d_program
2441 this is the path to the IPv6 multicast routing daemon.
2442 .It Va rtadvd_enable
2448 daemon at boot time.
2451 .Va ipv6_gateway_enable
2456 utility sends router advertisement packets to the interfaces specified in
2457 .Va rtadvd_interfaces
2458 and should only be enabled with great care.
2459 You may want to fine-tune
2461 .It Va rtadvd_interfaces
2467 this is the list of interfaces to use.
2468 .It Va ipxgateway_enable
2472 enable the routing of IPX traffic.
2473 .It Va ipxrouted_enable
2479 daemon at system boot time.
2480 .It Va ipxrouted_flags
2483 .Va ipxrouted_enable
2486 these are the flags to pass to the
2493 enable global proxy ARP.
2494 .It Va forward_sourceroute
2502 source-routed packets are forwarded.
2503 .It Va accept_sourceroute
2507 the system will accept source-routed packets directed at it.
2514 daemon at system boot time.
2521 these are the flags to pass to the
2524 .It Va bootparamd_enable
2530 daemon at system boot time.
2531 .It Va bootparamd_flags
2534 .Va bootparamd_enable
2537 these are the flags to pass to the
2540 .It Va stf_interface_ipv4addr
2544 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2546 Specify this entry to enable the 6to4 interface.
2547 .It Va stf_interface_ipv4plen
2549 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2550 An effective value is 0-31.
2551 .It Va stf_interface_ipv6_ifid
2553 IPv6 interface ID for
2557 .It Va stf_interface_ipv6_slaid
2559 IPv6 Site Level Aggregator for
2561 .It Va ipv6_faith_prefix
2565 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
2570 .It Va ipv6_ipv4mapping
2574 this enables IPv4 mapped IPv6 address communication (like
2575 .Li ::ffff:a.b.c.d ) .
2580 to enable the configuration of ATM interfaces at system boot time.
2581 For all of the ATM variables described below, please refer to the
2583 manual page for further details on the available command parameters.
2584 Also refer to the files in
2585 .Pa /usr/share/examples/atm
2586 for more detailed configuration information.
2589 This is a list of physical ATM interface drivers to load.
2594 .It Va atm_netif_ Ns Aq Ar intf
2596 For the ATM physical interface
2598 this variable defines the name prefix and count for the ATM network
2599 interfaces to be created.
2600 The value will be passed as the parameters of an
2601 .Dq Nm atm Cm "set netif" Ar intf
2603 .It Va atm_sigmgr_ Ns Aq Ar intf
2605 For the ATM physical interface
2607 this variable defines the ATM signalling manager to be used.
2608 The value will be passed as the parameters of an
2609 .Dq Nm atm Cm attach Ar intf
2611 .It Va atm_prefix_ Ns Aq Ar intf
2613 For the ATM physical interface
2615 this variable defines the NSAP prefix for interfaces using a UNI signalling
2619 the prefix will automatically be set via the
2622 Otherwise, the value will be passed as the parameters of an
2623 .Dq Nm atm Cm "set prefix" Ar intf
2625 .It Va atm_macaddr_ Ns Aq Ar intf
2627 For the ATM physical interface
2629 this variable defines the MAC address for interfaces using a UNI signalling
2633 the hardware MAC address contained in the ATM interface card will be used.
2634 Otherwise, the value will be passed as the parameters of an
2635 .Dq Nm atm Cm "set mac" Ar intf
2637 .It Va atm_arpserver_ Ns Aq Ar netif
2639 For the ATM network interface
2641 this variable defines the ATM address for a host which is to provide ATMARP
2643 This variable is only applicable to interfaces using a UNI signalling
2647 this host will become an ATMARP server.
2648 The value will be passed as the parameters of an
2649 .Dq Nm atm Cm "set arpserver" Ar netif
2651 .It Va atm_scsparp_ Ns Aq Ar netif
2655 SCSP/ATMARP service for the network interface
2657 will be initiated using the
2662 This variable is only applicable if
2663 .Va atm_arpserver_ Ns Aq Ar netif
2668 Set to the list of ATM PVCs to be added at system
2670 For each whitespace separated
2673 .Va atm_pvc_ Ns Aq Ar element
2674 variable is assumed to exist.
2675 The value of each of these variables
2676 will be passed as the parameters of an
2677 .Dq Nm atm Cm "add pvc"
2681 Set to the list of permanent ATM ARP entries to be added
2682 at system boot time.
2683 For each whitespace separated
2686 .Va atm_arp_ Ns Aq Ar element
2687 variable is assumed to exist.
2688 The value of each of these variables
2689 will be passed as the parameters of an
2690 .Dq Nm atm Cm "add arp"
2692 .It Va natm_interfaces
2696 interfaces that will also be used for HARP through
2698 If this list is not empty all interfaces in the list will be brought up
2704 For this to work the interface drivers must be either compiled into the
2705 kernel or must reside on the root partition.
2708 The keyboard bell sound.
2715 if the default behavior is desired.
2716 For details, refer to the
2721 If set to a non-null string, the virtual console's keyboard input is
2727 no keymap is installed, otherwise the value is used to install
2729 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
2732 The keyboard repeat speed.
2739 if the default behavior is desired.
2744 attempt to program the function keys with the value.
2746 be a single string of the form:
2747 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
2750 Can be set to the value of
2753 .Dq Li destructive ,
2756 to set the cursor behavior explicitly or choose the default behavior.
2761 no screen map is installed, otherwise the value is used to install
2762 the screen map file in
2763 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
2768 the default 8x16 font value is used for screen size requests, otherwise
2770 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2776 the default 8x14 font value is used for screen size requests, otherwise
2778 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2784 the default 8x8 font value is used for screen size requests, otherwise
2786 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2792 the default screen blanking interval is used, otherwise it is set
2800 this is the actual screen saver to use
2801 .Li ( blank , snake , daemon ,
2803 .It Va moused_nondefault_enable
2807 the mouse device specified on
2808 the command line is not automatically treated as enabled by the
2809 .Pa /etc/rc.d/moused
2811 Having this variable set to
2817 to be enabled as soon as it is plugged in.
2818 .It Va moused_enable
2824 daemon is started for doing cut/paste selection on the console.
2827 This is the protocol type of the mouse connected to this host.
2828 This variable must be set if
2835 is able to detect the appropriate mouse type automatically in many cases.
2836 Set this variable to
2838 to let the daemon detect it, or
2839 select one from the following list if the automatic detection fails.
2841 If the mouse is attached to the PS/2 mouse port, choose
2845 regardless of the brand and model of the mouse.
2847 mouse is attached to the bus mouse port, choose
2851 All other protocols are for serial mice and will not work with
2852 the PS/2 and bus mice.
2853 If this is a USB mouse,
2855 is the only protocol type which will work.
2857 .Bl -tag -width ".Li x10mouseremote" -compact
2859 Microsoft mouse (serial)
2861 Microsoft IntelliMouse (serial)
2863 Mouse systems Corp.\& mouse (serial)
2865 MM Series mouse (serial)
2867 Logitech mouse (serial)
2871 Logitech MouseMan and TrackMan (serial)
2873 ALPS GlidePoint (serial)
2874 .It Li thinkingmouse
2875 Kensington ThinkingMouse (serial)
2879 MM HitTablet (serial)
2880 .It Li x10mouseremote
2881 X10 MouseRemote (serial)
2883 Interlink VersaPad (serial)
2886 Even if the mouse is not in the above list, it may be compatible
2887 with one in the list.
2888 Refer to the manual page for
2890 for compatibility information.
2892 It should also be noted that while this is enabled, any
2893 other client of the mouse (such as an X server) should access
2894 the mouse through the virtual mouse device,
2896 and configure it as a
2898 type mouse, since all
2899 mouse data is converted to this single canonical format when
2902 If the client program does not support the
2908 It is the second preferred type.
2915 this is the actual port the mouse is on.
2918 for a COM1 serial mouse,
2922 for a bus mouse, for example.
2927 is set, its value is used as an additional set of flags to pass to the
2930 .It Va "moused_" Ns Ar XXX Ns Va "_flags"
2932 .Va moused_nondefault_enable
2935 daemon is started for a non-default port, the
2936 .Va "moused_" Ns Ar XXX Ns Va "_flags"
2937 set of options has precedence over and replaces the default
2938 .Va moused_flags (where
2940 is the name of the non-default port, i.e.\&
2943 .Va "moused_" Ns Ar XXX Ns Va "_flags"
2944 it is possible to set up a different set of default flags for each
2947 For example, you can use
2951 to make your laptop's touchpad more comfortable to use,
2952 but an empty set of options for
2953 .Va moused_ums0_flags
2956 mouse has three or more buttons.
2957 .It Va mousechar_start
2961 the default mouse cursor character range
2962 .Li 0xd0 Ns - Ns Li 0xd3
2964 otherwise the range start is set
2969 Use if the default range is occupied in the language code table.
2970 .It Va allscreens_flags
2974 is run with these options for each of the virtual terminals
2978 will enable the mouse pointer on all virtual terminals
2983 .It Va allscreens_kbdflags
2987 is run with these options for each of the virtual terminals
2993 scrollback (history) buffer to 200 lines.
3000 daemon at system boot time.
3006 .Pa /usr/sbin/cron ) .
3013 these are the flags to pass to
3019 enable the special handling of transitions to and from the
3020 Daylight Saving Time in
3022 (equivalent to using the flag
3029 .Pa /usr/sbin/lpd ) .
3036 daemon at system boot time.
3043 these are the flags to pass to the
3046 .It Va chkprintcap_enable
3052 command before starting the
3055 .It Va chkprintcap_flags
3060 .Va chkprintcap_enable
3063 these are the flags to pass to the
3068 which causes missing directories to be created.
3069 .It Va mta_start_script
3071 This variable specifies the full path to the script to run to start
3072 a mail transfer agent.
3074 .Pa /etc/rc.sendmail .
3078 .Pa /etc/rc.sendmail
3079 uses are documented in the
3084 Indicates the device (usually a swap partition) to which a crash dump
3085 should be written in the event of a system crash.
3086 If the value of this variable is
3088 the first suitable swap device listed in
3090 will be used as dump device.
3091 Otherwise, the value of this variable is passed as the argument to
3093 To disable crash dumps, set this variable to
3097 When the system reboots after a crash and a crash dump is found on the
3098 device specified by the
3102 will save that crash dump and a copy of the kernel to the directory
3106 The default value is
3115 .It Va savecore_flags
3117 If crash dumps are enabled, these are the flags to pass to the
3124 to turn on user and group disk quotas on system startup via the
3126 command for all file systems marked as having quotas enabled in
3128 The kernel must be built with
3130 for disk quotas to function.
3135 to enable user and group disk quota checking via the
3138 .It Va quotacheck_flags
3148 these are the flags to pass to the
3153 which checks quotas for all file systems with quotas enabled in
3155 .It Va quotaon_flags
3161 these are the flags to pass to the
3166 which enables quotas for all file systems with quotas enabled in
3168 .It Va quotaoff_flags
3174 these are the flags to pass to the
3176 utility when shutting down the quota system.
3179 which disables quotas for all file systems with quotas enabled in
3181 .It Va accounting_enable
3185 to enable system accounting through the
3192 to enable iBCS2 (SCO) binary emulation at system initial boot
3194 .It Va ibcs2_loaders
3202 this specifies a list of additional iBCS2 loaders to enable.
3207 to enable Linux/ELF binary emulation at system initial
3213 enable SysVR4 emulation at boot time.
3214 .It Va sysvipc_enable
3218 load System V IPC primitives at boot time.
3219 .It Va clear_tmp_enable
3230 to disable removing of X11 lock files,
3231 and the removal and (secure) recreation
3232 of the various socket directories for X11
3234 .It Va ldconfig_paths
3236 Set to the list of shared library paths to use with
3240 will always be added first, so it need not appear in this list.
3241 .It Va ldconfig32_paths
3243 Set to the list of 32-bit compatibility shared library paths to
3246 .It Va ldconfig_paths_aout
3248 Set to the list of shared library paths to use with
3253 .It Va ldconfig_insecure
3257 utility normally refuses to use directories
3258 which are writable by anyone except root.
3259 Set this variable to
3261 to disable that security check during system startup.
3262 .It Va ldconfig_local_dirs
3264 Set to the list of local
3267 The names of all files in the directories listed will be
3268 passed as arguments to
3270 .It Va ldconfig_local32_dirs
3272 Set to the list of local 32-bit compatibility
3275 The names of all files in the directories listed will be
3276 passed as arguments to
3277 .Dq Nm ldconfig Fl 32 .
3278 .It Va kern_securelevel_enable
3282 to set the kernel security level at system startup.
3283 .It Va kern_securelevel
3285 The kernel security level to set at startup.
3286 The allowed range of
3288 ranges from \-1 (the compile time default) to 3 (the
3292 for the list of possible security levels and their effect
3293 on system operation.
3296 Path to the SSH server program
3297 .Pa ( /usr/sbin/sshd
3305 at system boot time.
3312 these are the flags to pass to the
3317 Path to the FTP server program
3318 .Pa ( /usr/libexec/ftpd
3326 as a stand-alone daemon at system boot time.
3333 these are the additional flags to pass to the
3336 .It Va watchdogd_enable
3342 daemon at boot time.
3343 This requires that the kernel have been compiled with a
3346 .It Va watchdogd_flags
3349 .Va watchdogd_enable
3352 these are the flags passed to the
3355 .It Va performance_cx_lowest
3357 CPU idle state to use while on AC power.
3362 should use the lowest power state available while
3364 indicates that the lowest latency state (less power savings) should be used.
3365 .It Va performance_cpu_freq
3367 CPU clock frequency to use while on AC power.
3372 should use the lowest frequency available while
3374 indicates that the highest frequency (less power savings) should be used.
3375 .It Va economy_cx_lowest
3377 CPU idle state to use when off AC power.
3382 should use the lowest power state available while
3384 indicates that the lowest latency state (less power savings) should be used.
3385 .It Va economy_cpu_freq
3387 CPU clock frequency to use when off AC power.
3392 should use the lowest frequency available while
3394 indicates that the highest frequency (less power savings) should be used.
3399 any configured jails will not be started.
3402 A space separated list of names for jails.
3403 This is purely a configuration aid to help identify and
3404 configure multiple jails.
3405 The names specified in this list will be used to
3406 identify settings common to an instance of a jail,
3407 and should contain alphanumeric characters only.
3408 Assuming that the jail in question was named
3410 you would have the following dependent variables:
3412 jail_vjail_hostname="jail.example.com"
3413 jail_vjail_ip="192.0.2.100"
3414 jail_vjail_rootdir="/var/jails/vjail/root"
3420 When set, use as default value for
3421 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3424 .It Va jail_interface
3427 When set, use as default value for
3428 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3434 When set, use as default value for
3435 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3438 .It Va jail_mount_enable
3446 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3449 by default for every jail in
3451 .It Va jail_devfs_ruleset
3455 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3456 to given value for every jail in
3458 .It Va jail_devfs_enable
3466 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3469 by default for every jail in
3471 .It Va jail_fdescfs_enable
3479 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3482 by default for every jail in
3484 .It Va jail_procfs_enable
3492 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3495 by default for every jail in
3497 .It Va jail_exec_prestart Ns Aq Ar N
3500 When set, use as default value for
3501 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N
3504 .It Va jail_exec_start
3507 When set, use as default value for
3508 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3511 .It Va jail_exec_afterstart Ns Aq Ar N
3514 When set, use as default value for
3515 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3518 .It Va jail_exec_poststart Ns Aq Ar N
3521 When set, use as default value for
3522 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N
3525 .It Va jail_exec_prestop Ns Aq Ar N
3528 When set, use as default value for
3529 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N
3532 .It Va jail_exec_stop
3534 When set, use as default value for
3535 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3538 .It Va jail_exec_poststop Ns Aq Ar N
3541 When set, use as default value for
3542 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N
3545 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3548 Set to the root directory used by jail
3550 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3553 Set to the fully qualified domain name (FQDN) assigned to jail
3555 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3558 Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail.
3559 The argument can be a sole address or a comma separated list of addresses.
3560 Additionally each address can be prefixed by the name of an interface
3561 followed by a pipe to overwrite
3562 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3565 and/or suffixed by a netmask, prefixlen or prefix.
3566 In case no netmask, prefixlen or prefix is given,
3568 will be used for IPv4 and
3570 will be used for an IPv6 address.
3571 If no address is given for the jail then the jail will be started with
3572 no networking support.
3573 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3576 Set additional IPv4 and/or IPv6 address(es) assigned to the jail.
3577 The sequence starts with
3579 and the numbers have to be strictly ascending.
3580 These entries follow the same syntax as their primary
3581 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3583 The order of the entries can be important as the first address for
3584 each address family found will be the primary address of the jail.
3590 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3595 These are flags to pass to
3597 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3600 When set, sets the interface to use when setting IP address alias.
3601 Note that the alias is created at jail startup and removed at jail shutdown.
3602 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3605 When set, the jail is started with the specified forwarding table (sometimes
3606 referred to as a routing table) via
3608 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3611 .Pa /etc/fstab. Ns Aq Ar jname
3613 This is the file system information file to use for jail
3615 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3622 mount all file systems from
3623 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3625 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3628 When set, defines the device file system ruleset file to use for jail
3630 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3637 mount the device file system inside jail
3640 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3647 mount the file-descriptor file system inside jail
3650 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
3657 mount the process file system inside jail
3660 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N
3663 This is the command run as
3666 before jail startup, where
3669 It is run outside the jail.
3670 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3673 .Dq Li /bin/sh /etc/rc
3675 This is the command executed in a jail at jail startup.
3676 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3679 This is the command run as
3683 after jail startup, where
3686 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N
3689 This is the command run as
3692 after jail startup, where
3695 It is run outside the jail.
3696 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N
3699 This is the command run as
3702 before jail shutdown, where
3705 It is run outside the jail.
3706 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3709 .Dq Li /bin/sh /etc/rc.shutdown
3711 This is the command executed in a jail at jail shutdown.
3712 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N
3715 This is the command run as
3718 after jail shutdown, where
3721 It is run outside the jail.
3722 .It Va jail_set_hostname_allow
3726 do not allow the root user in a jail to set its hostname.
3727 .It Va jail_socket_unixiproute_only
3731 do not allow any sockets,
3732 besides UNIX/IP/route sockets,
3733 to be used within a jail.
3734 .It Va jail_sysvipc_allow
3738 allow applications within a jail to use System V IPC.
3739 .\" -----------------------------------------------------
3740 .It Va harvest_interrupt
3744 to use hardware interrupts as an entropy source.
3747 for more information.
3748 .It Va harvest_ethernet
3752 to use LAN traffic as an entropy source.
3755 for more information.
3756 .It Va harvest_p_to_p
3760 to use serial line traffic as an entropy source.
3763 for more information.
3768 to disable caching entropy via
3770 Otherwise set to the directory used to store entropy files in.
3775 to disable caching entropy through reboots.
3776 Otherwise set to the filename used to store cached entropy through
3778 This file should be located on the root file system to seed the
3780 device as early as possible in the boot process.
3781 .It Va entropy_save_sz
3783 Size of the entropy cache files saved by
3786 .It Va entropy_save_num
3788 Number of entropy cache files to save by
3802 Configuration file for
3811 .Pa /var/run/dmesg.boot
3813 .It Va rcshutdown_timeout
3815 If set, start a watchdog timer in the background which will terminate
3819 has not completed within the specified time (in seconds).
3820 Notice that in addition to this soft timeout,
3822 also applies a hard timeout for the execution of
3824 This is configured via
3827 .Va kern.init_shutdown_timeout
3828 and defaults to 120 seconds.
3829 Setting the value of
3830 .Va rcshutdown_timeout
3831 to more than 120 seconds will have no effect until the
3834 .Va kern.init_shutdown_timeout
3836 .It Va virecover_enable
3840 to prevent the system from trying to
3841 recover pre-maturely terminated
3844 .It Va ugidfw_enable
3849 .Xr mac_bsdextended 4
3850 module upon system initialization and load a default
3852 .It Va bsdextended_script
3855 .Xr mac_bsdextended 4
3856 ruleset file to load.
3857 The default value of this variable is
3858 .Pa /etc/rc.bsdextended .
3859 .It Va newsyslog_enable
3866 .It Va newsyslog_flags
3869 .Va newsyslog_enable
3872 these are the flags to pass to the
3877 which causes log files flagged with a
3880 .It Va mdconfig_md Ns Aq Ar X
3890 must be specified and either a
3892 for malloc or swap backed
3900 .Va mdconfig_md Ns Aq Ar X
3901 variables are evaluated until one variable is unset or null.
3902 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
3904 Optional arguments passed to
3910 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
3912 An ownership specification passed to
3921 device and the mount point will be changed.
3922 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
3924 A mode string passed to
3933 device and the mount point will be changed.
3934 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
3936 Files to be copied to the mount point of the
3940 after it has been mounted.
3941 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
3943 Command to execute after the specified
3948 Note that the command is passed to
3954 variables can be used to reference respectively the
3956 device and the mount point.
3961 one could set the following:
3963 mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
3965 .It Va autobridge_interfaces
3967 Set to the list of bridge interfaces that will have newly arriving interfaces
3968 checked against to be automatically added.
3971 then for each whitespace separated
3974 .Va autobridge_ Ns Aq Ar element
3975 variable is assumed to exist which has a whitespace separated list of interface
3976 names to match, these names can use wildcards.
3979 autobridge_interfaces="bridge0"
3980 autobridge_bridge0="tap* dc0 vlan[345]"
3986 enable support for sound mixer.
3987 .It Va hcsecd_enable
3991 enable Bluetooth security daemon.
3992 .It Va hcsecd_config
3994 Configuration file for
3997 .Pa /etc/bluetooth/hcsecd.conf .
4002 enable Bluetooth Service Discovery Protocol daemon.
4010 .It Va sdpd_groupname
4014 group to run as after it initializes.
4017 .It Va sdpd_username
4021 user to run as after it initializes.
4024 .It Va bthidd_enable
4028 enable Bluetooth Human Interface Device daemon.
4029 .It Va bthidd_config
4031 Configuration file for
4034 .Pa /etc/bluetooth/bthidd.conf .
4037 Path to a file, where
4039 will store information about known HID devices.
4041 .Pa /var/db/bthidd.hids .
4042 .It Va rfcomm_pppd_server_enable
4046 enable Bluetooth RFCOMM PPP wrapper daemon.
4047 .It Va rfcomm_pppd_server_profile
4049 The name of the profile to use from
4050 .Pa /etc/ppp/ppp.conf .
4051 Multiple profiles can be specified here.
4052 Also used to specify per-profile overrides.
4053 When the profile name contains any of the characters
4055 they are translated to
4057 for the proposes of the override variable names.
4058 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4060 Overrides local address to listen on.
4066 The address can be specified as BD_ADDR or name.
4067 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4069 Overrides local RFCOMM channel to listen on.
4072 will listen on RFCOMM channel 1.
4073 Must set properly if multiple profiles used in the same time.
4074 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4078 if it should register Serial Port service on the specified RFCOMM channel.
4081 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4085 if it should register Dial-Up Networking service on the specified
4089 .It Va ubthidhci_enable
4093 change the USB Bluetooth controller from HID mode to HCI mode.
4094 You also need to specify the location of USB Bluetooth controller with the
4095 .Va ubthidhci_busnum
4099 .It Va ubthidhci_busnum
4100 Bus number where the USB Bluetooth controller is located.
4103 on your system to find this information.
4104 .It Va ubthidhci_addr
4105 Bus address of the USB Bluetooth controller.
4108 on your system to find this information.
4111 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4112 .It Pa /etc/defaults/rc.conf
4114 .It Pa /etc/rc.conf.local
4143 .Xr newsyslog.conf 5 ,
4211 .An Jordan K. Hubbard .