4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the system installation utility,
46 is not to run commands or perform system startup actions
48 Instead, it is included by the
49 various generic startup scripts in
51 which conditionalize their
52 internal actions according to the settings found there.
56 file is included from the file
57 .Pa /etc/defaults/rc.conf ,
58 which specifies the default settings for all the available options.
59 Options need only be specified in
61 when the system administrator wishes to override these defaults.
63 .Pa /etc/rc.conf.local
64 is used to override settings in
66 for historical reasons.
71 The following list provides a name and short description for each
72 variable that can be set in the
75 .Bl -tag -width indent-two
80 enable output of debug messages from rc scripts.
81 This variable can be helpful in diagnosing mistakes when
82 editing or integrating new scripts.
83 Beware that this produces copious output to the terminal and
89 disable informational messages from the rc scripts.
90 Informational messages are displayed when
91 a condition that is not serious enough to warrant a warning or
93 .It Va early_late_divider
95 The name of the script that should be used as the
100 stages of the boot process.
101 The early stage should contain all the services needed to
102 get the disks (local or remote) mounted so that the late
103 stage can include scripts contained in the directories
106 variable (see below).
107 Thus, the two likely candidates for this value are
108 mountcritlocal for the typical system,
109 and mountcritremote if the system needs remote file
110 systems mounted to get access to the
112 directories; for example when
119 NETWORKING is likely to be an appropriate value.
120 Extreme care should be taken when changing this value,
121 and before changing it one should ensure that there are
122 adequate provisions to recover from a failed boot
123 (such as physical contact with the machine,
124 or reliable remote console access).
129 no swapfile is installed, otherwise the value is used as the full
130 pathname to a file to use for additional swap space.
135 enable support for Automatic Power Management with
143 to handle APM event from userland.
144 This also enables support for APM.
151 these are the flags to pass to the
158 to handle device added, removed or unknown events from the kernel.
159 .It Va kldxref_enable
166 to automatically rebuild
171 .It Va kldxref_clobber
181 will overwrite existing
188 .It Va kldxref_module_path
193 delimited list of paths containing
205 enable PCCARD support at boot time.
208 Set to PCCARD controller memory address or
210 for the default value.
214 set the PCCARD controller to silent mode.
218 set it to melody mode.
221 Path to the configuration file for the
224 .Pa /etc/pccard.conf.sample ) .
231 these are the flags to pass to the
238 enable the system power control facility with the
247 these are the flags to pass to the
251 Controls the creation of a
254 Always happens if set to
256 and never happens if set to
258 If set to anything else, a memory file system is created if
262 Controls the size of a created
266 Extra options passed to the
268 utility when the memory file system for
273 which inhibits the use of softupdates on
275 to waste as little space as possible
276 and creates a pure memory backed disk, which will never be swapped out,
277 for maximum performance and system stability at low memory conditions.
280 for other options you can use in
283 Controls the creation of a
286 Always happens if set to
288 and never happens if set to
290 If set to anything else, a memory file system is created if
294 Controls the size of a created
298 Extra options passed to the
300 utility when the memory file system for
305 which inhibits the use of softupdates on
307 to waste as little space as possible
308 and creates a pure memory backed disk, which will never be swapped out,
309 for maximum performance and system stability at low memory conditions.
312 for other options you can use in
315 Controls the automatic population of the
318 Always happens if set to
320 and never happens if set to
322 If set to anything else, a memory file system is created if
325 Note that this process requires access to certain commands in
329 is mounted on normal systems.
330 .It Va cleanvar_enable
337 List of directories to search for startup script files.
338 .It Va script_name_sep
340 The field separator to use for breaking down the list of startup script files
341 into individual filenames.
342 The default is a space.
343 It is not necessary to change this unless there are startup scripts with names
347 The fully qualified domain name (FQDN) of this host on the network.
348 This should almost certainly be set to something meaningful, even if
349 there is no network connection.
352 is used to set the hostname via DHCP,
353 this variable should be set to an empty string.
356 Enable support for IPv6 networking.
357 Note that this requires that the kernel has been compiled with
358 .Cd "options INET6" .
361 The NIS domain name of this host, or
364 .It Va dhclient_program
366 Path to the DHCP client program
367 .Pa ( /sbin/dhclient ,
372 .It Va dhclient_flags
374 Additional flags to pass to the DHCP client program.
379 manpage for a description of the command line options available.
380 .It Va background_dhclient
384 to start the DHCP client in background.
385 This can cause trouble with applications depending on
386 a working network, but it will provide a faster startup
388 .It Va firewall_enable
392 to load firewall rules at startup.
393 If the kernel was not built with
394 .Cd "options IPFIREWALL" ,
397 kernel module will be loaded.
399 .Va ipfilter_enable .
400 .It Va ipv6_firewall_enable
402 The IPv6 equivalent of
403 .Va firewall_enable .
406 to load IPv6 firewall rules at startup.
407 If the kernel was not built with
408 .Cd "options IPV6FIREWALL" ,
411 kernel module will be loaded.
412 .It Va firewall_script
414 This variable specifies the full path to the firewall script to run.
416 .Pa /etc/rc.firewall .
417 .It Va ipv6_firewall_script
419 The IPv6 equivalent of
420 .Va firewall_script .
423 Names the firewall type from the selection in
424 .Pa /etc/rc.firewall ,
425 or the file which contains the local firewall ruleset.
426 Valid selections from
430 .Bl -tag -width ".Li simple" -compact
432 unrestricted IP access
434 all IP services disabled, except via
437 basic protection for a workstation
439 basic protection for a LAN.
442 If a filename is specified, the full path
444 .It Va ipv6_firewall_type
446 The IPv6 equivalent of
448 .It Va firewall_quiet
452 to disable the display of firewall rules on the console during boot.
453 .It Va ipv6_firewall_quiet
455 The IPv6 equivalent of
457 .It Va firewall_logging
461 to enable firewall event logging.
462 This is equivalent to the
463 .Dv IPFIREWALL_VERBOSE
465 .It Va ipv6_firewall_logging
467 The IPv6 equivalent of
468 .Va firewall_logging .
469 .It Va firewall_flags
475 specifies a filename.
476 .It Va ipv6_firewall_flags
478 The IPv6 equivalent of
495 sockets must be enabled in the kernel.
496 If the kernel was not built with
497 .Cd "options IPDIVERT" ,
500 kernel module will be loaded.
501 .It Va natd_interface
503 This is the name of the public interface on which
506 The interface may be given as an interface name or as an IP address.
511 flags should be placed here.
516 flag is automatically added with the above
519 .\" ----- ipfilter_enable setting --------------------------------
520 .It Va ipfilter_enable
531 Typical usage will require putting
533 ipfilter_enable="YES"
551 can be enabled independently.
555 both require at least one of
565 options IPFILTER_DEFAULT_BLOCK
568 in the kernel configuration file is a good idea, too.
569 .\" ----- ipfilter_program setting ------------------------------
570 .It Va ipfilter_program
576 .\" ----- ipfilter_rules setting --------------------------------
577 .It Va ipfilter_rules
582 This variable contains the name of the filter rule definition file.
583 The file is expected to be readable for the
586 .\" ----- ipv6_ipfilter_rules setting ---------------------------
587 .It Va ipv6_ipfilter_rules
592 This variable contains the IPv6 filter rule definition file.
593 The file is expected to be readable for the
596 .\" ----- ipfilter_flags setting --------------------------------
597 .It Va ipfilter_flags
600 This variable contains flags passed to the
603 .\" ----- ipnat_enable setting ----------------------------------
613 network address translation.
616 for a detailed discussion.
617 .\" ----- ipnat_program setting ---------------------------------
624 .\" ----- ipnat_rules setting -----------------------------------
630 This variable contains the name of the file
631 holding the network address translation definition.
632 This file is expected to be readable for the
635 .\" ----- ipnat_flags setting -----------------------------------
639 This variable contains flags passed to the
642 .\" ----- ipmon_enable setting ----------------------------------
657 Setting this variable needs setting
664 for a detailed discussion.
665 .\" ----- ipmon_program setting ---------------------------------
672 .\" ----- ipmon_flags setting -----------------------------------
678 This variable contains flags passed to the
681 Another typical example would be
682 .Dq Fl D Pa /var/log/ipflog
685 log directly to a file bypassing
688 .Pa /etc/newsyslog.conf
689 in such case like this:
691 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
693 .\" ----- ipfs_enable setting -----------------------------------
703 saving the filter and NAT state tables during shutdown
704 and reloading them during startup again.
705 Setting this variable needs setting
714 for a detailed discussion.
720 because the raised securelevel will prevent
722 from saving the state tables at shutdown time.
723 .\" ----- ipfs_program setting ----------------------------------
730 .\" ----- ipfs_flags setting ------------------------------------
734 This variable contains flags passed to the
737 .\" ----- end of added ipf hook ---------------------------------
749 Typical usage will require putting
764 Otherwise it is loaded from a module.
769 ruleset configuration file
784 these flags are passed to the
786 program when loading the ruleset.
796 which logs packets from the
809 .Pa /var/log/pflog ) .
811 .Pa /etc/newsyslog.conf
812 to adjust logfile rotation for this.
822 This variable contains additional flags passed to the
834 state changes to other hosts over the network by means of
839 must also be set then.
840 .It Va pfsync_syncdev
843 This variable specifies the name of the network interface
845 should operate through.
846 It must be set accordingly if
850 .It Va pfsync_ifconfig
853 This variable can contain additional options to be passed to the
855 command used to set up
857 .It Va tcp_extensions
864 disables certain TCP options as described by
870 might help remedy such problems with connections as randomly hanging
871 or other weird behavior.
872 Some network devices are known
873 to be broken with respect to these options.
880 .Va net.inet.tcp.log_in_vain
882 .Va net.inet.udp.log_in_vain ,
887 are set to the given value.
895 will disable probing idle TCP connections to verify that the
896 peer is still up and reachable.
897 .It Va tcp_drop_synfin
904 will cause the kernel to ignore TCP frames that have both
905 the SYN and FIN flags set.
906 This prevents OS fingerprinting, but may
907 break some legitimate applications.
908 This option is only available if the
909 kernel was built with the
912 .It Va icmp_drop_redirect
919 will cause the kernel to ignore ICMP REDIRECT packets.
922 for more information.
923 .It Va icmp_log_redirect
930 will cause the kernel to log ICMP REDIRECT packets.
932 the log messages are not rate-limited, so this option should only be used
933 for troubleshooting networks.
936 for more information.
937 .It Va icmp_bmcastecho
941 to respond to broadcast or multicast ICMP ping packets.
944 for more information.
945 .It Va ip_portrange_first
949 this is the first port in the default portrange.
952 for more information.
953 .It Va ip_portrange_last
957 this is the last port in the default portrange.
960 for more information.
961 .It Va network_interfaces
963 Set to the list of network interfaces to configure on this host or
965 (the default) for all current interfaces.
966 For example, if the only active network devices in the system
967 are the loopback device
976 .Va ifconfig_ Ns Aq Ar interface
977 variable is also assumed to exist for each value of
979 The variable can contain arguments to
981 as well as special case-insensitive keywords described below.
982 Such keywords are removed before passing the value to
984 while the order of the other arguments is preserved.
986 One can configure more than one IPv4 address with the
987 .Va ipv4_addrs_ Ns Aq Ar interface
989 One or more IP addresses must be provided in Classless Inter-Domain
990 Routing (CIDR) address notation, whose last byte can be a range like
992 In this case the address 192.168.0.5 will be configured with the
993 netmask /24 and the addresses 192.168.0.6 to 192.168.0.23 with
994 the non-conflicting netmask /32 as explained in the
997 With the interface in question being
999 an example could look like:
1001 ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"
1004 It is also possible to add IP alias entries using
1007 Assuming that the interface in question was
1010 something like this:
1012 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1013 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1018 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1019 entry that is found,
1020 its contents are passed to
1022 Execution stops at the first unsuccessful access, so if
1023 something like this is present:
1025 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1026 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1027 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1028 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1031 Then note that alias4 would
1033 be added since the search would
1034 stop with the missing
1037 Due to this difficult to manage behavior, the
1038 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1042 .Pa /etc/start_if. Ns Aq Ar interface
1043 file is present, it is read and executed by the
1046 before configuring the interface as specified in the
1047 .Va ifconfig_ Ns Aq Ar interface
1049 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1053 .Va ifconfig_ Ns Aq Ar interface
1054 contains the keyword
1056 then the interface will not be configured
1058 .Pa /etc/pccard_ether
1060 .Va network_interfaces
1064 It is possible to bring up an interface with DHCP by adding
1067 .Va ifconfig_ Ns Aq Ar interface
1069 For instance, to initialize the
1072 it is possible to use something like:
1077 Also, if your interface needs WPA authentication, it is possible to add
1080 .Va ifconfig_ Ns Aq Ar interface
1083 Finally, you can add
1085 options in this variable, in addition to the
1086 .Pa /etc/start_if. Ns Aq Ar interface
1088 For instance, to initialize the
1090 device via DHCP, using WPA authentication and 802.11b mode, it is
1091 possible to use something like:
1093 ifconfig_wi0="DHCP WPA mode 11b"
1097 .Va ifconfig_ Ns Aq Ar interface
1098 form, a fallback variable
1099 .Va ifconfig_DEFAULT
1101 It will be used for all interfaces with no
1102 .Va ifconfig_ Ns Aq Ar interface
1104 This is intended to replace the no longer supported
1108 It is also possible to rename interface by doing:
1110 ifconfig_ed0_name="net0"
1111 ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
1113 .It Va ipv6_network_interfaces
1115 This is the IPv6 equivalent of
1116 .Va network_interfaces .
1117 Instead of setting the ifconfig variables as
1118 .Va ifconfig_ Ns Aq Ar interface
1119 they should be set as
1120 .Va ipv6_ifconfig_ Ns Aq Ar interface .
1121 Aliases should be set as
1122 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
1123 .Va ipv6_prefix_ Ns Aq Ar interface
1125 Interfaces that do not have a
1126 .Va ipv6_ifconfig_ Ns Aq Ar interface
1127 setting will be auto configured by
1130 .Va ipv6_gateway_enable
1133 Note that the IPv6 networking code does not support the
1134 .Pa /etc/start_if. Ns Aq Ar interface
1136 .It Va ipv6_default_interface
1140 this is the default output interface for scoped addresses.
1141 Now this works only for IPv6 link local multicast addresses.
1142 .It Va cloned_interfaces
1144 Set to the list of clonable network interfaces to create on this host.
1146 .Va cloned_interfaces
1147 are automatically appended to
1148 .Va network_interfaces
1150 .It Va gif_interfaces
1154 tunnel interfaces to configure on this host.
1156 .Va gifconfig_ Ns Aq Ar interface
1157 variable is assumed to exist for each value of
1159 The value of this variable is used to configure the link layer of the
1160 tunnel according to the syntax of the
1164 Additionally, this option ensures that each listed interface is created
1169 before attempting to configure it.
1170 .It Va sppp_interfaces
1174 interfaces to configure on this host.
1176 .Va spppconfig_ Ns Aq Ar interface
1177 variable is assumed to exist for each value of
1179 Each interface should also be configured by a general
1180 .Va ifconfig_ Ns Aq Ar interface
1184 for more information about available options.
1194 Mode in which to run the
1203 See the manual for a full description.
1208 enables network address translation.
1209 Used in conjunction with
1211 allows hosts on private network addresses access to the Internet using
1212 this host as a network address translating router.
1215 The name of the profile to use from
1216 .Pa /etc/ppp/ppp.conf .
1219 The name of the user under which
1227 .It Va rc_conf_files
1229 This option is used to specify a list of files that will override
1231 .Pa /etc/defaults/rc.conf .
1232 The files will be read in the order in which they are specified and should
1233 include the full path to the file.
1234 By default, the files specified are
1237 .Pa /etc/rc.conf.local
1238 .It Va gbde_autoattach_all
1243 will attempt to automatically initialize your .bde devices in
1247 List the devices that the script should try to attach,
1252 The directory where the
1254 lockfiles are located.
1255 The default lockfile directory is
1258 The lockfile for each individual
1260 device can be overridden by setting the variable
1261 .Va gbde_lock_ Ns Aq Ar device ,
1264 is the encrypted device without the
1269 .It Va gbde_attach_attempts
1271 Number of times to attempt attaching to a
1273 device, i.e., how many times the user is asked for the pass-phrase.
1277 List of devices to automatically attach on boot.
1278 Note that .eli devices from
1280 are automatically appended to this list.
1283 Number of times user is asked for the pass-phrase.
1284 If empty, it will be taken from
1285 .Va kern.geom.eli.tries
1287 .It Va geli_default_flags
1289 Default flags to use by
1291 when configuring disk encryption.
1292 Flags can be configured for every device separately by defining
1293 .Va geli_ Ns Ao Ar device Ac Ns Va _flags
1295 .It Va geli_autodetach
1297 Specifies if GELI devices should be marked for detach on last close after
1298 file systems are mounted.
1301 This can be changed for every device separately by defining
1302 .Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1304 .It Va geli_swap_flags
1305 Options passed to the
1307 utility when encrypted GEOM providers for swap partitions are created.
1309 .Dq Li "-a aes -l 256 -s 4096 -d" .
1310 .It Va root_rw_mount
1315 After the file systems are checked at boot time, the root file system
1316 is remounted as read-write if this is set to
1318 Diskless systems that mount their root file system from a read-only remote
1319 NFS share should set this to
1323 .It Va fsck_y_enable
1328 will be run with the
1330 flag if the initial preen
1331 of the file systems fails.
1332 .It Va background_fsck
1336 the system will attempt to run
1338 in the background where possible.
1339 .It Va background_fsck_delay
1341 The amount of time in seconds to sleep before starting a background
1343 It defaults to sixty seconds to allow large applications such as
1344 the X server to start before disk I/O bandwidth is monopolized by
1348 List of file system types that are network-based.
1349 This list should generally not be modified by end users.
1351 .Va extra_netfs_types
1353 .It Va extra_netfs_types
1355 If set to something other than
1358 this variable extends the list of file system types
1359 for which automatic mounting at startup by
1361 should be delayed until the network is initialized.
1363 a whitespace-separated list of network file system descriptor pairs,
1364 each consisting of a file system type as passed to
1366 and a human-readable, one-word description,
1369 Extending the default list in this way is only necessary
1370 when third party file system types are used.
1371 .It Va syslogd_enable
1378 .It Va syslogd_program
1383 .Pa /usr/sbin/syslogd ) .
1384 .It Va syslogd_flags
1390 these are the flags to pass to
1399 .It Va inetd_program
1404 .Pa /usr/sbin/inetd ) .
1411 these are the flags to pass to
1420 .It Va named_program
1425 .Pa /usr/sbin/named ) .
1432 these are the flags to pass to
1434 .It Va named_pidfile
1436 This is the default path to the
1439 Change it if you change the location in
1441 .It Va named_chrootdir
1443 The root directory for a name server run in a
1445 environment (default
1449 will not be run in a
1452 .It Va named_chroot_autoupdate
1456 to disable automatic update of the
1459 .It Va named_symlink_enable
1463 to disable symlinking of
1468 .It Va kerberos5_server_enable
1472 to start a Kerberos 5 authentication server
1474 .It Va kerberos5_server
1477 .Va kerberos5_server_enable
1480 this is the path to Kerberos 5 Authentication Server.
1481 .It Va kerberos5_server_flags
1484 This variable contains additional flags to be passed to the Kerberos 5
1485 authentication server.
1486 .It Va kadmind5_server_enable
1492 the Kerberos 5 Administration Daemon; set to
1495 .It Va kadmind5_server
1498 .Va kadmind5_server_enable
1501 this is the path to Kerberos 5 Administration Daemon.
1502 .It Va kpasswdd_server_enable
1508 the Kerberos 5 Password-Changing Daemon; set to
1511 .It Va kpasswdd_server
1514 .Va kpasswdd_server_enable
1517 this is the path to Kerberos 5 Password-Changing Daemon.
1524 daemon at boot time.
1531 these are the flags to pass to it.
1538 daemon at boot time.
1545 these are the flags to pass to it.
1548 manpage for more information.
1549 .It Va amd_map_program
1552 the specified program is run to get the list of
1557 maps are stored in NIS, one can set this to
1570 will be updated at boot time to reflect the kernel release
1575 will not be updated.
1576 .It Va nfs_client_enable
1580 run the NFS client daemons at boot time.
1581 .It Va nfs_access_cache
1584 .Va nfs_client_enable
1589 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1591 results should be cached.
1592 A value of 2-10 seconds will substantially reduce network
1593 traffic for many NFS operations.
1594 .It Va nfs_server_enable
1598 run the NFS server daemons at boot time.
1599 .It Va nfs_server_flags
1602 .Va nfs_server_enable
1605 these are the flags to pass to the
1608 .It Va mountd_enable
1613 .Va nfs_server_enable
1619 It is commonly needed to run CFS without real NFS used.
1626 these are the flags to pass to the
1629 .It Va weak_mountd_authentication
1633 allow services like PCNFSD to make non-privileged mount
1635 .It Va nfs_reserved_port_only
1639 provide NFS services only on a secure port.
1640 .It Va nfs_bufpackets
1642 If set to a number, indicates the number of packets worth of
1643 socket buffer space to reserve on an NFS client.
1644 The kernel default is typically 4.
1645 Using a higher number may be
1646 useful on gigabit networks to improve performance.
1647 The minimum value is
1648 2 and the maximum is 64.
1649 .It Va rpc_lockd_enable
1653 and also an NFS server, run
1656 .It Va rpc_statd_enable
1660 and also an NFS server, run
1663 .It Va rpcbind_program
1668 .Pa /usr/sbin/rpcbind ) .
1669 .It Va rpcbind_enable
1675 service at boot time.
1676 .It Va rpcbind_flags
1682 these are the flags to pass to the
1685 .It Va keyserv_enable
1691 daemon on boot for running Secure RPC.
1692 .It Va keyserv_flags
1698 these are the flags to pass to
1701 .It Va pppoed_enable
1707 daemon at boot time to provide PPP over Ethernet services.
1708 .It Va pppoed_ Ns Ar provider
1711 listens to requests to this
1717 argument of the same name.
1720 Additional flags to pass to
1722 .It Va pppoed_interface
1724 The network interface to run
1727 This is mandatory when
1737 service at boot time.
1738 This command is intended for networks of
1739 machines where a consistent
1741 for all hosts must be established.
1742 This is often useful in large NFS
1743 environments where time stamps on files are expected to be consistent
1751 these are the flags to pass to the
1754 .It Va ntpdate_enable
1761 This command is intended to
1762 synchronize the system clock only
1764 from some standard reference.
1765 An option to set this up initially
1766 (from a list of known servers) is also provided by the
1768 program when the system is first installed.
1769 .It Va ntpdate_hosts
1771 A whitespace-separated list of NTP servers to synchronize with at startup.
1772 The default is to use the servers listed in
1774 if that file exists.
1775 .It Va ntpdate_program
1780 .Pa /usr/sbin/ntpdate ) .
1781 .It Va ntpdate_flags
1787 these are the flags to pass to the
1789 command (typically a hostname).
1796 command at boot time.
1802 .Pa /usr/sbin/ntpd ) .
1809 these are the flags to pass to the
1812 .It Va ntpd_sync_on_start
1819 flag, which syncs the system's clock on startup.
1822 for more information regarding the
1825 This is a preferred alternative to using
1830 .It Va nis_client_enable
1836 service at system boot time.
1837 .It Va nis_client_flags
1840 .Va nis_client_enable
1843 these are the flags to pass to the
1846 .It Va nis_ypset_enable
1852 daemon at system boot time.
1853 .It Va nis_ypset_flags
1856 .Va nis_ypset_enable
1859 these are the flags to pass to the
1862 .It Va nis_server_enable
1868 daemon at system boot time.
1869 .It Va nis_server_flags
1872 .Va nis_server_enable
1875 these are the flags to pass to the
1878 .It Va nis_ypxfrd_enable
1884 daemon at system boot time.
1885 .It Va nis_ypxfrd_flags
1888 .Va nis_ypxfrd_enable
1891 these are the flags to pass to the
1894 .It Va nis_yppasswdd_enable
1900 daemon at system boot time.
1901 .It Va nis_yppasswdd_flags
1904 .Va nis_yppasswdd_enable
1907 these are the flags to pass to the
1910 .It Va rpc_ypupdated_enable
1916 daemon at system boot time.
1917 .It Va bsnmpd_enable
1923 daemon at system boot time.
1924 Be sure to understand the security implications of running SNMP daemon
1932 these are the flags to pass to the
1935 .It Va defaultrouter
1939 create a default route to this host name or IP address
1940 (use an IP address if this router is also required to get to the
1942 .It Va ipv6_defaultrouter
1944 The IPv6 equivalent of
1946 .It Va static_routes
1948 Set to the list of static routes that are to be added at system
1952 then for each whitespace separated
1955 .Va route_ Ns Aq Ar element
1956 variable is assumed to exist
1957 whose contents will later be passed to a
1962 static_routes="mcast gif0local"
1963 route_mcast="-net 224.0.0.0/4 -iface gif0"
1964 route_gif0local="-host 169.254.1.1 -iface lo0"
1966 .It Va ipv6_static_routes
1968 The IPv6 equivalent of
1972 then for each whitespace separated
1975 .Va ipv6_route_ Ns Aq Ar element
1976 variable is assumed to exist
1977 whose contents will later be passed to a
1978 .Dq Nm route Cm add Fl inet6
1980 .It Va natm_static_routes
1986 If not empty then for each whitespace separated
1989 .Va route_ Ns Aq Ar element
1990 variable is assumed to exist whose contents will later be passed to a
1991 .Dq Nm atmconfig Cm natm Cm add
1993 .It Va gateway_enable
1997 configure host to act as an IP router, e.g.\& to forward packets
1999 .It Va ipv6_gateway_enable
2001 The IPv6 equivalent of
2002 .Va gateway_enable .
2003 .It Va router_enable
2007 run a routing daemon of some sort, based on the
2012 .It Va ipv6_router_enable
2014 The IPv6 equivalent of
2018 run a routing daemon of some sort, based on the
2022 .Va ipv6_router_flags .
2029 this is the name of the routing daemon to use.
2032 The IPv6 equivalent of
2040 these are the flags to pass to the routing daemon.
2041 .It Va ipv6_router_flags
2043 The IPv6 equivalent of
2045 .It Va mrouted_enable
2049 run the multicast routing daemon,
2051 .It Va mroute6d_enable
2053 The IPv6 equivalent of
2054 .Va mrouted_enable .
2057 run the IPv6 multicast routing daemon.
2058 Note that no IPv6 multicast routing daemon is included in the
2062 can be installed from the
2065 .It Va mrouted_flags
2071 these are the flags to pass to the
2074 .It Va mroute6d_flags
2076 The IPv6 equivalent of
2082 these are the flags passed to the IPv6 multicast routing daemon.
2083 .It Va mroute6d_program
2089 this is the path to the IPv6 multicast routing daemon.
2090 .It Va rtadvd_enable
2096 daemon at boot time.
2099 .Va ipv6_gateway_enable
2104 utility sends router advertisement packets to the interfaces specified in
2105 .Va rtadvd_interfaces
2106 and should only be enabled with great care.
2107 You may want to fine-tune
2109 .It Va rtadvd_interfaces
2115 this is the list of interfaces to use.
2116 .It Va ipxgateway_enable
2120 enable the routing of IPX traffic.
2121 .It Va ipxrouted_enable
2127 daemon at system boot time.
2128 .It Va ipxrouted_flags
2131 .Va ipxrouted_enable
2134 these are the flags to pass to the
2141 enable global proxy ARP.
2142 .It Va forward_sourceroute
2150 source-routed packets are forwarded.
2151 .It Va accept_sourceroute
2155 the system will accept source-routed packets directed at it.
2162 daemon at system boot time.
2169 these are the flags to pass to the
2172 .It Va bootparamd_enable
2178 daemon at system boot time.
2179 .It Va bootparamd_flags
2182 .Va bootparamd_enable
2185 these are the flags to pass to the
2188 .It Va stf_interface_ipv4addr
2192 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2194 Specify this entry to enable the 6to4 interface.
2195 .It Va stf_interface_ipv4plen
2197 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2198 An effective value is 0-31.
2199 .It Va stf_interface_ipv6_ifid
2201 IPv6 interface ID for
2205 .It Va stf_interface_ipv6_slaid
2207 IPv6 Site Level Aggregator for
2209 .It Va ipv6_faith_prefix
2213 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
2218 .It Va ipv6_ipv4mapping
2222 this enables IPv4 mapped IPv6 address communication (like
2223 .Li ::ffff:a.b.c.d ) .
2228 to enable the configuration of ATM interfaces at system boot time.
2229 For all of the ATM variables described below, please refer to the
2231 manual page for further details on the available command parameters.
2232 Also refer to the files in
2233 .Pa /usr/share/examples/atm
2234 for more detailed configuration information.
2237 This is a list of physical ATM interface drivers to load.
2242 .It Va atm_netif_ Ns Aq Ar intf
2244 For the ATM physical interface
2246 this variable defines the name prefix and count for the ATM network
2247 interfaces to be created.
2248 The value will be passed as the parameters of an
2249 .Dq Nm atm Cm "set netif" Ar intf
2251 .It Va atm_sigmgr_ Ns Aq Ar intf
2253 For the ATM physical interface
2255 this variable defines the ATM signalling manager to be used.
2256 The value will be passed as the parameters of an
2257 .Dq Nm atm Cm attach Ar intf
2259 .It Va atm_prefix_ Ns Aq Ar intf
2261 For the ATM physical interface
2263 this variable defines the NSAP prefix for interfaces using a UNI signalling
2267 the prefix will automatically be set via the
2270 Otherwise, the value will be passed as the parameters of an
2271 .Dq Nm atm Cm "set prefix" Ar intf
2273 .It Va atm_macaddr_ Ns Aq Ar intf
2275 For the ATM physical interface
2277 this variable defines the MAC address for interfaces using a UNI signalling
2281 the hardware MAC address contained in the ATM interface card will be used.
2282 Otherwise, the value will be passed as the parameters of an
2283 .Dq Nm atm Cm "set mac" Ar intf
2285 .It Va atm_arpserver_ Ns Aq Ar netif
2287 For the ATM network interface
2289 this variable defines the ATM address for a host which is to provide ATMARP
2291 This variable is only applicable to interfaces using a UNI signalling
2295 this host will become an ATMARP server.
2296 The value will be passed as the parameters of an
2297 .Dq Nm atm Cm "set arpserver" Ar netif
2299 .It Va atm_scsparp_ Ns Aq Ar netif
2303 SCSP/ATMARP service for the network interface
2305 will be initiated using the
2310 This variable is only applicable if
2311 .Va atm_arpserver_ Ns Aq Ar netif
2316 Set to the list of ATM PVCs to be added at system
2318 For each whitespace separated
2321 .Va atm_pvc_ Ns Aq Ar element
2322 variable is assumed to exist.
2323 The value of each of these variables
2324 will be passed as the parameters of an
2325 .Dq Nm atm Cm "add pvc"
2329 Set to the list of permanent ATM ARP entries to be added
2330 at system boot time.
2331 For each whitespace separated
2334 .Va atm_arp_ Ns Aq Ar element
2335 variable is assumed to exist.
2336 The value of each of these variables
2337 will be passed as the parameters of an
2338 .Dq Nm atm Cm "add arp"
2340 .It Va natm_interfaces
2344 interfaces that will also be used for HARP through
2346 If this list is not empty all interfaces in the list will be brought up
2352 For this to work the interface drivers must be either compiled into the
2353 kernel or must reside on the root partition.
2356 The keyboard bell sound.
2363 if the default behavior is desired.
2364 For details, refer to the
2369 If set to a non-null string, the virtual console's keyboard input is
2375 no keymap is installed, otherwise the value is used to install
2377 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
2380 The keyboard repeat speed.
2387 if the default behavior is desired.
2392 attempt to program the function keys with the value.
2394 be a single string of the form:
2395 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
2398 Can be set to the value of
2401 .Dq Li destructive ,
2404 to set the cursor behavior explicitly or choose the default behavior.
2409 no screen map is installed, otherwise the value is used to install
2410 the screen map file in
2411 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
2416 the default 8x16 font value is used for screen size requests, otherwise
2418 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2424 the default 8x14 font value is used for screen size requests, otherwise
2426 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2432 the default 8x8 font value is used for screen size requests, otherwise
2434 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2440 the default screen blanking interval is used, otherwise it is set
2448 this is the actual screen saver to use
2449 .Li ( blank , snake , daemon ,
2451 .It Va moused_nondefault_enable
2455 the mouse device specified on
2456 the command line is not automatically treated as enabled by the
2457 .Pa /etc/rc.d/moused
2459 Having this variable set to
2465 to be enabled as soon as it is plugged in.
2466 .It Va moused_enable
2472 daemon is started for doing cut/paste selection on the console.
2475 This is the protocol type of the mouse connected to this host.
2476 This variable must be set if
2483 is able to detect the appropriate mouse type automatically in many cases.
2484 Set this variable to
2486 to let the daemon detect it, or
2487 select one from the following list if the automatic detection fails.
2489 If the mouse is attached to the PS/2 mouse port, choose
2493 regardless of the brand and model of the mouse.
2495 mouse is attached to the bus mouse port, choose
2499 All other protocols are for serial mice and will not work with
2500 the PS/2 and bus mice.
2501 If this is a USB mouse,
2503 is the only protocol type which will work.
2505 .Bl -tag -width ".Li x10mouseremote" -compact
2507 Microsoft mouse (serial)
2509 Microsoft IntelliMouse (serial)
2511 Mouse systems Corp.\& mouse (serial)
2513 MM Series mouse (serial)
2515 Logitech mouse (serial)
2519 Logitech MouseMan and TrackMan (serial)
2521 ALPS GlidePoint (serial)
2522 .It Li thinkingmouse
2523 Kensington ThinkingMouse (serial)
2527 MM HitTablet (serial)
2528 .It Li x10mouseremote
2529 X10 MouseRemote (serial)
2531 Interlink VersaPad (serial)
2534 Even if the mouse is not in the above list, it may be compatible
2535 with one in the list.
2536 Refer to the manual page for
2538 for compatibility information.
2540 It should also be noted that while this is enabled, any
2541 other client of the mouse (such as an X server) should access
2542 the mouse through the virtual mouse device,
2544 and configure it as a
2546 type mouse, since all
2547 mouse data is converted to this single canonical format when
2550 If the client program does not support the
2556 It is the second preferred type.
2563 this is the actual port the mouse is on.
2566 for a COM1 serial mouse,
2570 for a bus mouse, for example.
2575 is set, these are the additional flags to pass to the
2578 .It Va mousechar_start
2582 the default mouse cursor character range
2583 .Li 0xd0 Ns - Ns Li 0xd3
2585 otherwise the range start is set
2590 Use if the default range is occupied in the language code table.
2591 .It Va allscreens_flags
2595 is run with these options for each of the virtual terminals
2599 will enable the mouse pointer on all virtual terminals
2604 .It Va allscreens_kbdflags
2608 is run with these options for each of the virtual terminals
2614 scrollback (history) buffer to 200 lines.
2621 daemon at system boot time.
2627 .Pa /usr/sbin/cron ) .
2634 these are the flags to pass to
2640 enable the special handling of transitions to and from the
2641 Daylight Saving Time in
2643 (equivalent to using the flag
2650 .Pa /usr/sbin/lpd ) .
2657 daemon at system boot time.
2664 these are the flags to pass to the
2667 .It Va chkprintcap_enable
2673 command before starting the
2676 .It Va chkprintcap_flags
2681 .Va chkprintcap_enable
2684 these are the flags to pass to the
2689 which causes missing directories to be created.
2690 .It Va mta_start_script
2692 This variable specifies the full path to the script to run to start
2693 a mail transfer agent.
2695 .Pa /etc/rc.sendmail .
2699 .Pa /etc/rc.sendmail
2700 uses are documented in the
2705 Indicates the device (usually a swap partition) to which a crash dump
2706 should be written in the event of a system crash.
2707 If the value of this variable is
2709 the first suitable swap device listed in
2711 will be used as dump device.
2712 Otherwise, the value of this variable is passed as the argument to
2714 To disable crash dumps, set this variable to
2718 When the system reboots after a crash and a crash dump is found on the
2719 device specified by the
2723 will save that crash dump and a copy of the kernel to the directory
2727 The default value is
2736 .It Va savecore_flags
2738 If crash dumps are enabled, these are the flags to pass to the
2741 .It Va enable_quotas
2745 to turn on user disk quotas on system startup via the
2752 to enable user disk quota checking via the
2755 .It Va accounting_enable
2759 to enable system accounting through the
2766 to enable iBCS2 (SCO) binary emulation at system initial boot
2768 .It Va ibcs2_loaders
2776 this specifies a list of additional iBCS2 loaders to enable.
2781 to enable Linux/ELF binary emulation at system initial
2787 to enable OSF/1 (Digital UNIX) binary emulation at system
2794 enable SysVR4 emulation at boot time.
2795 .It Va sysvipc_enable
2799 load System V IPC primitives at boot time.
2800 .It Va clear_tmp_enable
2811 to disable removing of X11 lock files,
2812 and the removal and (secure) recreation
2813 of the various socket directories for X11
2815 .It Va ldconfig_paths
2817 Set to the list of shared library paths to use with
2821 will always be added first, so it need not appear in this list.
2822 .It Va ldconfig_paths_aout
2824 Set to the list of shared library paths to use with
2829 .It Va ldconfig_insecure
2833 utility normally refuses to use directories
2834 which are writable by anyone except root.
2835 Set this variable to
2837 to disable that security check during system startup.
2838 .It Va ldconfig_local_dirs
2840 Set to the list of local
2843 The names of all files in the directories listed will be
2844 passed as arguments to
2846 .It Va ldconfig_local32_dirs
2848 Set to the list of local 32-bit compatibility
2851 The names of all files in the directories listed will be
2852 passed as arguments to
2855 .It Va kern_securelevel_enable
2859 to set the kernel security level at system startup.
2860 .It Va kern_securelevel
2862 The kernel security level to set at startup.
2863 The allowed range of
2865 ranges from \-1 (the compile time default) to 3 (the
2869 for the list of possible security levels and their effect
2870 on system operation.
2873 Path to the SSH server program
2874 .Pa ( /usr/sbin/sshd
2882 at system boot time.
2889 these are the flags to pass to the
2892 .It Va watchdogd_enable
2898 daemon at boot time.
2899 This requires that the kernel have been compiled with a
2902 .It Va watchdogd_flags
2905 .Va watchdogd_enable
2908 these are the flags passed to the
2911 .It Va performance_cx_lowest
2913 CPU idle state to use while on AC power.
2918 should use the lowest power state available while
2920 indicates that the lowest latency state (less power savings) should be used.
2921 .It Va performance_cpu_freq
2923 CPU clock frequency to use while on AC power.
2928 should use the lowest frequency available while
2930 indicates that the highest frequency (less power savings) should be used.
2931 .It Va economy_cx_lowest
2933 CPU idle state to use when off AC power.
2938 should use the lowest power state available while
2940 indicates that the lowest latency state (less power savings) should be used.
2941 .It Va economy_cpu_freq
2943 CPU clock frequency to use when off AC power.
2948 should use the lowest frequency available while
2950 indicates that the highest frequency (less power savings) should be used.
2955 any configured jails will not be started.
2958 A space separated list of names for jails.
2959 This is purely a configuration aid to help identify and
2960 configure multiple jails.
2961 The names specified in this list will be used to
2962 identify settings common to an instance of a jail.
2963 Assuming that the jail in question was named
2965 you would have the following dependent variables:
2967 jail_vjail_hostname="jail.example.com"
2968 jail_vjail_ip="192.168.1.100"
2969 jail_vjail_rootdir="/var/jails/vjail/root"
2970 jail_vjail_exec="/bin/sh /etc/rc"
2973 The last one is optional.
2977 .It Va jail_set_hostname_allow
2981 do not allow the root user in a jail to set its hostname.
2982 .It Va jail_socket_unixiproute_only
2986 do not allow any sockets,
2987 besides UNIX/IP/route sockets,
2988 to be used within a jail.
2989 .It Va jail_sysvipc_allow
2993 allow applications within a jail to use System V IPC.
2994 .It Va unaligned_print
2998 unaligned access warnings will not be printed.
3000 .\" ----- ISDN settings ---------------------------------
3011 at system boot time.
3015 .Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
3017 Additional flags to pass to
3023 for certain tunable parameters).
3029 The terminal type of the output device when
3031 operates in full-screen mode.
3032 .It Va isdn_screenflags
3037 The video mode for full-screen mode (only for
3047 The output device for
3049 in full-screen mode (or
3059 enables the ISDN protocol trace utility
3061 at system boot time.
3062 .It Va isdn_traceflags
3065 .Dq Fl f Pa /var/tmp/isdntrace0
3069 .\" -----------------------------------------------------
3077 verbose messages about the actions done by the start script are displayed.
3081 driver must be compiled into the kernel before the
3084 options described here take any effect.
3090 Use this to configure a national keyboard mapping found in the
3091 .Pa /usr/share/misc/keycap.pcvt
3092 file of keyboard mappings.
3093 (See also the manual pages
3099 keycap database and the manual page
3103 for national keyboard mapping configuration.)
3109 Used to set the keyboard key repeat delay value.
3111 in the range 0..3 for delay values of 250, 500, 750 and 1000 msec.
3120 Used to set the keyboard key repetition rate value.
3122 in the range 0..31 for repetition values of 2..30 characters per second.
3123 .It Va pcvt_keyrepeat
3130 to enable automatic keyboard key repeating.
3140 to use 24 lines only (in 25 lines mode) for compatibility
3151 to enable the display and functionality of function key labels (as found
3154 terminals such as the
3165 by default resulting in a value of 25.
3166 Used to set the number of lines on the screen.
3167 For VGA displays, valid
3168 values are 25, 28, 40 and 50 lines.
3172 .It Va pcvt_blanktime
3177 Used to set the screen saver timeout in seconds for values greater than
3184 Used to set the cursor top scanline.
3193 Used to set the cursor bottom scanline.
3194 .It Va pcvt_monohigh
3201 to set intensity to high on monochrome monitors.
3206 for more information on changing VGA palette
3208 .It Va harvest_interrupt
3212 to use hardware interrupts as an entropy source.
3215 for more information.
3216 .It Va harvest_ethernet
3220 to use LAN traffic as an entropy source.
3223 for more information.
3224 .It Va harvest_p_to_p
3228 to use serial line traffic as an entropy source.
3231 for more information.
3236 to disable caching entropy via
3238 Otherwise set to the directory used to store entropy files in.
3243 to disable caching entropy through reboots.
3244 Otherwise set to the filename used to store cached entropy through
3246 This file should be located on the root file system to seed the
3248 device as early as possible in the boot process.
3249 .It Va entropy_save_sz
3251 Size of the entropy cache files saved by
3254 .It Va entropy_save_num
3256 Number of entropy cache files to save by
3270 Configuration file for
3279 .Pa /var/run/dmesg.boot
3281 .It Va rcshutdown_timeout
3283 If set, start a watchdog timer in the background which will terminate
3287 has not completed within the specified time (in seconds).
3288 Notice that in addition to this soft timeout,
3290 also applies a hard timeout for the execution of
3292 This is configured via
3295 .Va kern.init_shutdown_timeout
3296 and defaults to 120 seconds.
3297 Setting the value of
3298 .Va rcshutdown_timeout
3299 to more than 120 seconds will have no effect until the
3302 .Va kern.init_shutdown_timeout
3304 .It Va virecover_enable
3308 to prevent the system from trying to
3309 recover pre-maturely terminated
3312 .It Va ugidfw_enable
3317 .Xr mac_bsdextended 4
3318 module upon system initialization and load a default
3320 .It Va bsdextended_script
3323 .Xr mac_bsdextended 4
3324 ruleset file to load.
3325 The default value of this variable is
3326 .Pa /etc/rc.bsdextended .
3327 .It Va newsyslog_enable
3334 .It Va newsyslog_flags
3337 .Va newsyslog_enable
3340 these are the flags to pass to the
3345 which causes log files flagged with a
3348 .It Va ramdisk_units
3350 A list of one or more ramdisk units to configure with
3354 in time to be mounted from
3358 must specify at least a
3361 .Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
3363 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
3371 must be specified, where
3377 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs
3379 Optional arguments passed to
3381 to initialize ramdisk
3383 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner
3385 An ownership specification passed to
3387 after the specified ramdisk unit
3392 device and the mount point will be changed.
3393 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms
3395 A mode string passed to
3397 after the specified ramdisk unit
3402 device and the mount point will be changed.
3405 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
3406 .It Pa /etc/defaults/rc.conf
3408 .It Pa /etc/rc.conf.local
3433 .Xr newsyslog.conf 5 ,
3494 .An Jordan K. Hubbard .