4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the system installation utility.
45 is not to run commands or perform system startup actions
47 Instead, it is included by the
48 various generic startup scripts in
50 which conditionalize their
51 internal actions according to the settings found there.
55 file is included from the file
56 .Pa /etc/defaults/rc.conf ,
57 which specifies the default settings for all the available options.
58 Options need only be specified in
60 when the system administrator wishes to override these defaults.
62 .Pa /etc/defaults/vendor.conf
63 allows vendors to override
67 .Pa /etc/rc.conf.local
68 is used to override settings in
70 for historical reasons.
72 The sysrc(8) command provides a scripting interface to modify system
76 .Pa /etc/rc.conf.local
77 you can also place smaller configuration files for each
82 .Ao Ar dir Ac Ns Pa /rc.conf.d
83 directories specified in
85 which will be included by the
88 For jail configurations you could use the file
89 .Pa /etc/rc.conf.d/jail
90 to store jail specific configuration options.
94 .Pa /usr/local/etc/rc.d
97 .Pa /usr/local/rc.conf.d/jail
99 .Pa /opt/conf/rc.conf.d/jail
102 .Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
104 all of files in the directory will be loaded.
110 .Dq Ar name Ns Li = Ns Ar value
114 The following list provides a name and short description for each
115 variable that can be set in the
118 .Bl -tag -width indent-two
123 enable output of debug messages from rc scripts.
124 This variable can be helpful in diagnosing mistakes when
125 editing or integrating new scripts.
126 Beware that this produces copious output to the terminal and
132 disable informational messages from the rc scripts.
133 Informational messages are displayed when
134 a condition that is not serious enough to warrant a warning or
142 when faststart is used (e.g., at boot time).
143 .It Va early_late_divider
145 The name of the script that should be used as the
146 delimiter between the
150 stages of the boot process.
151 The early stage should contain all the services needed to
152 get the disks (local or remote) mounted so that the late
153 stage can include scripts contained in the directories
156 variable (see below).
157 Thus, the two likely candidates for this value are
159 for the typical system, and
161 if the system needs remote file
162 systems mounted to get access to the
164 directories; for example when
172 is likely to be an appropriate value.
173 Extreme care should be taken when changing this value,
174 and before changing it one should ensure that there are
175 adequate provisions to recover from a failed boot
176 (such as physical contact with the machine,
177 or reliable remote console access).
178 .It Va always_force_depends
182 scripts use the force_depend function to check whether required
183 services are already running, and to start them if necessary.
184 By default during boot time this check is bypassed if the
185 required service is enabled in
186 .Pa /etc/rc.conf[.local] .
187 Setting this option will bypass that check at boot time and
188 always test whether or not the service is actually running.
189 Enabling this option is likely to increase your boot time if
190 services are enabled that utilize the force_depend check.
191 .It Ao Ar name Ac Ns Va _chroot
194 to this directory before running the service.
195 .It Ao Ar name Ac Ns Va _user
197 Run the service under this user account.
198 .It Ao Ar name Ac Ns Va _group
200 Run the chrooted service under this system group.
202 setting, this setting has no effect if the service is not chrooted.
203 .It Ao Ar name Ac Ns Va _fib
207 value to run the service under.
208 .It Ao Ar name Ac Ns Va _nice
212 value to run the service under.
217 enable support for Automatic Power Management with
225 to handle APM event from userland.
226 This also enables support for APM.
233 these are the flags to pass to the
240 to handle device added, removed or unknown events from the kernel.
247 scripts at boot time.
250 Configuration file for
256 A whitespace-separated list of kernel modules to load right after
257 the local disks are mounted, without any
260 Loading modules at this point in the boot process is
261 much faster than doing it via
262 .Pa /boot/loader.conf
263 for those modules not necessary for mounting local disks.
264 .It Va kldxref_enable
271 to automatically rebuild
276 .It Va kldxref_clobber
286 will overwrite existing
293 .It Va kldxref_module_path
298 delimited list of paths containing
310 enable the system power control facility with the
319 these are the flags to pass to the
323 Controls the creation of a
326 Always happens if set to
328 and never happens if set to
330 If set to anything else, a memory file system is created if
334 Controls the size of a created
338 Extra options passed to the
340 utility when the memory file system for
345 which inhibits the use of softupdates on
347 so that file system space is freed without delay
348 after file truncation or deletion.
351 for other options you can use in
354 Controls the creation of a
357 Always happens if set to
359 and never happens if set to
361 If set to anything else, a memory file system is created if
365 Controls the size of a created
369 Extra options passed to the
371 utility when the memory file system for
376 which inhibits the use of softupdates on
378 so that file system space is freed without delay
379 after file truncation or deletion.
382 for other options you can use in
385 Controls the automatic population of the
388 Always happens if set to
390 and never happens if set to
392 If set to anything else, a memory file system is created if
395 Note that this process requires access to certain commands in
399 is mounted on normal systems.
400 .It Va cleanvar_enable
407 List of directories to search for startup script files.
408 .It Va script_name_sep
410 The field separator to use for breaking down the list of startup script files
411 into individual filenames.
412 The default is a space.
413 It is not necessary to change this unless there are startup scripts with names
415 .It Va hostapd_enable
424 The fully qualified domain name (FQDN) of this host on the network.
425 This should almost certainly be set to something meaningful, even if
426 there is no network connection.
429 is used to set the hostname via DHCP,
430 this variable should be set to an empty string.
433 the hostname is generally already set and this variable may be absent.
434 If this value remains unset when the system is done booting
435 your console login will display the default hostname of
439 The NIS domain name of this host, or
442 .It Va dhclient_program
444 Path to the DHCP client program
445 .Pa ( /sbin/dhclient ,
450 .It Va dhclient_flags
452 Additional flags to pass to the DHCP client program.
457 manpage for a description of the command line options available.
458 .It Va dhclient_flags_ Ns Aq Ar iface
459 Additional flags to pass to the DHCP client program running on
462 When specified, this variable overrides
464 .It Va background_dhclient
468 to start the DHCP client in background.
469 This can cause trouble with applications depending on
470 a working network, but it will provide a faster startup
472 .It Va background_dhclient_ Ns Aq Ar iface
473 When specified, this variable overrides the
474 .Va background_dhclient
475 variable for interface
478 .It Va synchronous_dhclient
484 synchronously at startup.
485 This behavior can be overridden on a per-interface basis by replacing
489 .Va ifconfig_ Ns Aq Ar interface
494 .It Va defaultroute_delay
496 When set to a positive value, wait up to this long after configuring
497 DHCP interfaces at startup to give the interfaces time to receive a lease.
498 .It Va firewall_enable
502 to load firewall rules at startup.
503 If the kernel was not built with
504 .Cd "options IPFIREWALL" ,
507 kernel module will be loaded.
509 .Va ipfilter_enable .
510 .It Va firewall_script
512 This variable specifies the full path to the firewall script to run.
514 .Pa /etc/rc.firewall .
517 Names the firewall type from the selection in
518 .Pa /etc/rc.firewall ,
519 or the file which contains the local firewall ruleset.
520 Valid selections from
524 .Bl -tag -width ".Li simple" -compact
526 unrestricted IP access
528 all IP services disabled, except via
531 basic protection for a workstation
533 basic protection for a LAN.
536 If a filename is specified, the full path
538 .It Va firewall_quiet
542 to disable the display of firewall rules on the console during boot.
543 .It Va firewall_logging
547 to enable firewall event logging.
548 This is equivalent to the
549 .Dv IPFIREWALL_VERBOSE
551 .It Va firewall_logif
555 to create pseudo interface
558 For more details, see
561 .It Va firewall_flags
567 specifies a filename.
568 .It Va firewall_coscripts
570 List of executables and/or rc scripts to run after firewall starts/stops.
572 .\" ----- firewall_nat_enable setting --------------------------------
573 .It Va firewall_nat_enable
581 will automatically load the
587 .It Va firewall_nat_interface
593 This is the name of the public interface or IP address on which
594 kernel NAT should run.
595 .It Va firewall_nat_flags
597 Additional configuration parameters for kernel NAT should be placed here.
598 .It Va firewall_nat64_enable
602 will automatically load the
604 NAT64 kernel module if
608 .It Va firewall_nptv6_enable
612 will automatically load the
614 NPTv6 kernel module if
618 .It Va firewall_pmod_enable
622 will automatically load the
624 pmod kernel module if
628 .It Va dummynet_enable
632 will automatically load the
638 .\" -------------------------------------------------------------------
639 .It Va ipfw_netflow_enable
643 will enable netflow logging via
646 By default a ipfw rule is inserted and all packets are duplicated with
647 the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
648 port using protocol version 5.
649 .It Va ipfw_netflow_hook
651 netflow hook name, must be numerical
654 .It Va ipfw_netflow_rule
659 .It Va ipfw_netflow_ip
661 Destination server ip for receiving netflow data
664 .It Va ipfw_netflow_port
666 Destination server port for receiving netflow data
669 .It Va ipfw_netflow_version
671 Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
672 .It Va ipfw_netflow_fib
674 Only match packet in FIB
676 (default is undefined meaning all FIBs).
692 sockets must be enabled in the kernel.
693 If the kernel was not built with
694 .Cd "options IPDIVERT" ,
697 kernel module will be loaded.
698 .It Va natd_interface
700 This is the name of the public interface on which
703 The interface may be given as an interface name or as an IP address.
708 flags should be placed here.
713 flag is automatically added with the above
716 .\" ----- ipfilter_enable setting --------------------------------
717 .It Va ipfilter_enable
728 Typical usage will require putting
730 ipfilter_enable="YES"
748 can be enabled independently.
752 both require at least one of
762 options IPFILTER_DEFAULT_BLOCK
765 in the kernel configuration file is a good idea, too.
766 .\" ----- ipfilter_program setting ------------------------------
767 .It Va ipfilter_program
773 .\" ----- ipfilter_rules setting --------------------------------
774 .It Va ipfilter_rules
779 This variable contains the name of the filter rule definition file.
780 The file is expected to be readable for the
783 .\" ----- ipv6_ipfilter_rules setting ---------------------------
784 .It Va ipv6_ipfilter_rules
789 This variable contains the IPv6 filter rule definition file.
790 The file is expected to be readable for the
793 .\" ----- ipfilter_flags setting --------------------------------
794 .It Va ipfilter_flags
797 This variable contains flags passed to the
800 .\" ----- ipnat_enable setting ----------------------------------
810 network address translation.
813 for a detailed discussion.
814 .\" ----- ipnat_program setting ---------------------------------
821 .\" ----- ipnat_rules setting -----------------------------------
827 This variable contains the name of the file
828 holding the network address translation definition.
829 This file is expected to be readable for the
832 .\" ----- ipnat_flags setting -----------------------------------
836 This variable contains flags passed to the
839 .\" ----- ipmon_enable setting ----------------------------------
854 Setting this variable needs setting
861 for a detailed discussion.
862 .\" ----- ipmon_program setting ---------------------------------
869 .\" ----- ipmon_flags setting -----------------------------------
875 This variable contains flags passed to the
878 Another typical example would be
879 .Dq Fl D Pa /var/log/ipflog
882 log directly to a file bypassing
885 .Pa /etc/newsyslog.conf
886 in such case like this:
888 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
890 .\" ----- ipfs_enable setting -----------------------------------
900 saving the filter and NAT state tables during shutdown
901 and reloading them during startup again.
902 Setting this variable needs setting
911 for a detailed discussion.
917 because the raised securelevel will prevent
919 from saving the state tables at shutdown time.
920 .\" ----- ipfs_program setting ----------------------------------
927 .\" ----- ipfs_flags setting ------------------------------------
931 This variable contains flags passed to the
934 .\" ----- end of added ipf hook ---------------------------------
946 Typical usage will require putting
961 into the kernel, otherwise the
962 kernel module will be loaded.
967 ruleset configuration file
982 these flags are passed to the
984 program when loading the ruleset.
994 which logs packets from the
1007 .Pa /var/log/pflog ) .
1009 .Pa /etc/newsyslog.conf
1010 to adjust logfile rotation for this.
1011 .It Va pflog_program
1016 .Pa /sbin/pflogd ) .
1020 This variable contains additional flags passed to the
1023 .It Va pflog_instances
1025 If logging to more than one
1027 interface is desired,
1029 is set to the list of
1031 instances that should be started at system boot time.
1034 is set, for each whitespace-separated
1037 .Ao Ar element Ac Ns Va _dev
1039 .Ao Ar element Ac Ns Va _logfile
1040 elements are assumed to exist.
1041 .Ao Ar element Ac Ns Va _dev
1044 interface to be watched by the named
1047 .Ao Ar element Ac Ns Va _logfile
1048 must contain the name of the logfile that will be used by the
1051 .It Va ftpproxy_enable
1062 packet filter in translating ftp connections.
1063 .It Va ftpproxy_flags
1066 This variable contains additional flags passed to the
1069 .It Va ftpproxy_instances
1072 If multiple instances of
1074 are desired at boot time,
1075 .Va ftpproxy_instances
1076 should contain a whitespace-separated list of instance names.
1079 in the list, a variable named
1080 .Ao Ar element Ac Ns Va _flags
1081 should be defined, containing the command-line flags to be passed to the
1084 .It Va pfsync_enable
1093 state changes to other hosts over the network by means of
1098 must also be set then.
1099 .It Va pfsync_syncdev
1102 This variable specifies the name of the network interface
1104 should operate through.
1105 It must be set accordingly if
1109 .It Va pfsync_syncpeer
1112 This variable is optional.
1113 By default, state change messages are sent out on the synchronisation
1114 interface using IP multicast packets.
1115 The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1117 When a peer address is specified using the
1119 option, the peer address is used as a destination for the pfsync
1120 traffic, and the traffic can then be protected using
1124 manpage for more details about using
1129 .It Va pfsync_ifconfig
1132 This variable can contain additional options to be passed to the
1134 command used to set up
1136 .It Va tcp_extensions
1143 disables certain TCP options as described by
1149 might help remedy such problems with connections as randomly hanging
1150 or other weird behavior.
1151 Some network devices are known
1152 to be broken with respect to these options.
1155 Set to 0 by default.
1159 .Va net.inet.tcp.log_in_vain
1161 .Va net.inet.udp.log_in_vain ,
1166 are set to the given value.
1167 .It Va tcp_keepalive
1174 will disable probing idle TCP connections to verify that the
1175 peer is still up and reachable.
1176 .It Va tcp_drop_synfin
1183 will cause the kernel to ignore TCP frames that have both
1184 the SYN and FIN flags set.
1185 This prevents OS fingerprinting, but may
1186 break some legitimate applications.
1187 .It Va icmp_drop_redirect
1192 This setting will be identical to
1194 if a dynamicrouting daemon is enabled, because redirect processing may
1195 cause performance issues for large routing tables.
1196 If no such service is enabled, this setting behaves like a
1200 will cause the kernel to ignore ICMP REDIRECT packets.
1203 will cause the kernel to process ICMP REDIRECT packets.
1206 for more information.
1207 .It Va icmp_log_redirect
1214 will cause the kernel to log ICMP REDIRECT packets.
1216 the log messages are not rate-limited, so this option should only be used
1217 for troubleshooting networks.
1220 for more information.
1221 .It Va icmp_bmcastecho
1225 to respond to broadcast or multicast ICMP ping packets.
1228 for more information.
1229 .It Va ip_portrange_first
1233 this is the first port in the default portrange.
1236 for more information.
1237 .It Va ip_portrange_last
1241 this is the last port in the default portrange.
1244 for more information.
1245 .It Va network_interfaces
1247 Set to the list of network interfaces to configure on this host or
1249 (the default) for all current interfaces.
1251 .Va network_interfaces
1252 variable to anything other than the default is deprecated.
1253 Interfaces that the administrator wishes to store configuration for,
1254 but not start at boot should be configured with the
1257 .Va ifconfig_ Ns Aq Ar interface
1258 variables as described below.
1261 .Va ifconfig_ Ns Aq Ar interface
1262 variable is also assumed to exist for each value of
1264 When an interface name contains any of the characters
1266 they are translated to
1269 The variable can contain arguments to
1271 as well as special case-insensitive keywords described below.
1272 Such keywords are removed before passing the value to
1274 while the order of the other arguments is preserved.
1276 It is possible to add IP alias entries using
1278 syntax with the address family keyword such as
1280 Assuming that the interface in question was
1282 it might look something like this:
1284 ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1285 ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1288 It also possible to configure multiple IP addresses in Classless
1289 Inter-Domain Routing
1292 whose each address component can be a range like
1293 .Li inet 192.0.2.5-23/24
1295 .Li inet6 2001:db8:1-f::1/64 .
1296 This notation allows address and prefix length part only,
1297 not the other address modifiers.
1298 Note that the maximum number of the generated addresses from a range
1299 specification is limited to an integer value specified in
1300 .Va netif_ipexpand_max
1303 because a small typo can unexpectedly generate a large number of addresses.
1304 The default value is
1306 It can be increased by adding the following line into
1309 netif_ipexpand_max="4096"
1313 .Li 192.0.2.5-23/24 ,
1314 the address 192.0.2.5 will be configured with the
1315 netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1316 the non-conflicting netmask /32 as explained in the
1319 Note that this special netmask handling is only for
1321 not for the other address families such as
1324 With the interface in question being
1326 an example could look like:
1328 ifconfig_em0_alias2="inet 192.0.2.129/27"
1329 ifconfig_em0_alias3="inet 192.0.2.1-5/28"
1334 Note that deprecated
1335 .Va ipv4_addrs_ Ns Aq Ar interface
1336 variable was supported for IPv4 CIDR address notation.
1338 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1339 variable replaces it, though
1340 .Va ipv4_addrs_ Ns Aq Ar interface
1341 is still supported for backward compatibility.
1344 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1345 entry with an address family keyword,
1346 its contents are passed to
1348 Execution stops at the first unsuccessful access, so if
1349 something like this is present:
1351 ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1352 ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1353 ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1354 ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1357 Then note that alias4 would
1359 be added since the search would
1360 stop with the missing
1363 Because of this difficult to manage behavior,
1365 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1366 variable, which has the same functionality as
1367 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1368 and can have all of entries in a variable like the following:
1370 ifconfig_em0_aliases="\\
1371 inet 127.0.0.251 netmask 0xffffffff \\
1372 inet 127.0.0.252 netmask 0xffffffff \\
1373 inet 127.0.0.253 netmask 0xffffffff \\
1374 inet 127.0.0.254 netmask 0xffffffff"
1377 It also supports CIDR notation.
1380 .Pa /etc/start_if. Ns Aq Ar interface
1381 file is present, it is read and executed by the
1384 before configuring the interface as specified in the
1385 .Va ifconfig_ Ns Aq Ar interface
1387 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1391 .Va vlans_ Ns Aq Ar interface
1395 interface will be created for each item in the list with the
1399 If a vlan interface's name is a number,
1400 then that number is used as the vlan tag and the new vlan interface is
1402 .Ar interface . Ns Ar tag .
1404 the vlan tag must be specified via a
1407 .Va create_args_ Ns Aq Ar interface
1410 To create a vlan device named
1414 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1417 ifconfig_em0_101="inet 192.0.2.1/24"
1420 To create a vlan device named
1424 with the vlan tag 102:
1427 create_args_myvlan="vlan 102"
1431 .Va wlans_ Ns Aq Ar interface
1435 interface will be created for each item in the list with the
1439 Further wlan cloning arguments may be passed to the
1442 command by setting the
1443 .Va create_args_ Ns Aq Ar interface
1447 devices must be created for each wireless devices as of
1453 may be specified with an
1454 .Va wlandebug_ Ns Aq Ar interface
1456 The contents of this variable will be passed directly to
1460 .Va ifconfig_ Ns Aq Ar interface
1461 contains the keyword
1463 then the interface will not be configured
1465 .Pa /etc/pccard_ether
1467 .Va network_interfaces
1471 It is possible to bring up an interface with DHCP by adding
1474 .Va ifconfig_ Ns Aq Ar interface
1476 For instance, to initialize the
1479 it is possible to use something like:
1484 If you want to configure your wireless interface with
1485 .Xr wpa_supplicant 8
1486 for use with WPA, EAP/LEAP or WEP, you need to add
1489 .Va ifconfig_ Ns Aq Ar interface
1492 On the other hand, if you want to configure your wireless interface with
1497 .Va ifconfig_ Ns Aq Ar interface
1500 will use the settings from
1501 .Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1503 Finally, you can add
1505 options in this variable, in addition to the
1506 .Pa /etc/start_if. Ns Aq Ar interface
1508 For instance, to configure an
1510 wireless device in station mode with an address obtained
1511 via DHCP, using WPA authentication and 802.11b mode, it is
1512 possible to use something like:
1515 ifconfig_wlan0="DHCP WPA mode 11b"
1519 .Va ifconfig_ Ns Aq Ar interface
1520 form, a fallback variable
1521 .Va ifconfig_DEFAULT
1523 It will be used for all interfaces with no
1524 .Va ifconfig_ Ns Aq Ar interface
1526 This is intended to replace the no longer supported
1530 It is also possible to rename an interface by doing:
1532 ifconfig_em0_name="net0"
1533 ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1537 This variable is deprecated.
1539 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1541 .Va ipv6_activate_all_interfaces
1546 .Dq Li inet6 accept_rtadv
1548 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1550 .Va ipv6_activate_all_interfaces
1555 This variable is deprecated.
1557 .Va ip6addrctl_policy
1562 the default address selection policy table set by
1564 will be IPv6-preferred.
1568 the default address selection policy table set by
1570 will be IPv4-preferred.
1571 .It Va ipv6_activate_all_interfaces
1573 This controls initial configuration on IPv6-capable
1574 interfaces with no corresponding
1575 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1577 Note that it is not always necessary to set this variable to
1579 to use IPv6 functionality on
1581 In most cases, just configuring
1582 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1587 all interfaces which do not have a corresponding
1588 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1589 variable will be marked as
1592 This means that all of IPv6 functionality on that interface
1593 is completely disabled to enforce a security policy.
1594 If the variable is set to
1596 the flag will be cleared on all of the interfaces.
1598 In most cases, just defining an
1599 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1600 for an IPv6-capable interface should be sufficient.
1601 However, if an interface is added dynamically
1602 .Pq by some tunneling protocols such as PPP, for example ,
1603 it is often difficult to define the variable in advance.
1604 In such a case, configuring the
1606 flag can be disabled by setting this variable to
1609 For more details of the
1612 .Dq Li inet6 ifdisabled ,
1622 privacy addresses will be generated for each IPv6
1623 interface as described in RFC 4941.
1624 .It Va ipv6_network_interfaces
1626 This is the IPv6 equivalent of
1627 .Va network_interfaces .
1628 Normally manual configuration of this variable is not needed.
1629 .It Va ipv6_cpe_wanif
1631 If the variable is set to an interface name,
1635 .Dq inet6 -no_radr accept_rtadv
1636 will be added to the specified interface automatically before evaluating
1637 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1641 .Va net.inet6.ip6.rfc6204w3
1643 .Va net.inet6.ip6.no_radr
1646 This means the specified interface will accept ICMPv6 Router
1647 Advertisement messages on that link and add the discovered
1648 routers into the Default Router List.
1649 While the other interfaces can still accept RA messages if the
1650 .Dq inet6 accept_rtadv
1651 option is specified, adding
1652 routes into the Default Router List will be disabled by
1659 Note that ICMPv6 Router Advertisement messages will be
1661 .Va net.inet6.ip6.forwarding
1663 .Pq packet forwarding is enabled
1665 .Va net.inet6.ip6.rfc6204w3
1670 .It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr
1672 This assigns arbitrary description to an interface.
1676 .Va net.ifdescr_maxlen
1678 This static setting may be overridden by commands
1679 started with dynamic interface configuration utilities
1683 The description can be seen with
1685 command and it may be exported with
1687 daemon using its MIB-2 module.
1688 .It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1690 IPv6 functionality on an interface should be configured by
1691 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1692 instead of setting ifconfig parameters in
1693 .Va ifconfig_ Ns Aq Ar interface .
1694 If this variable is empty, all of IPv6 configurations on the
1695 specified interface by other variables such as
1696 .Va ipv6_prefix_ Ns Ao Ar interface Ac
1699 Aliases should be set by
1700 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1706 ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1707 ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1710 Interfaces that have an
1711 .Dq Li inet6 accept_rtadv
1713 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1714 setting will be automatically configured by SLAAC
1715 .Pq StateLess Address AutoConfiguration
1721 Note that a link-local address will be automatically configured in
1722 addition to the configured global-scope addresses because the IPv6
1723 specifications require it on each link.
1724 The address is calculated from the MAC address by using an algorithm
1731 If only a link-local address is needed on the interface,
1732 the following configuration can be used:
1734 ifconfig_em0_ipv6="inet6 auto_linklocal"
1737 A link-local address can also be configured manually.
1738 This is useful for the default router address of an IPv6 router
1739 so that it does not change when the network interface
1743 ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64"
1745 .It Va ipv6_prefix_ Ns Aq Ar interface
1747 If one or more prefixes are defined in
1748 .Va ipv6_prefix_ Ns Aq Ar interface
1749 addresses based on each prefix and the EUI-64 interface index will be
1750 configured on that interface.
1751 Note that this variable will be ignored when
1752 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1755 For example, the following configuration
1757 ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"
1760 is equivalent to the following:
1762 ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1763 ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1764 ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1765 ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1768 These Subnet-Router anycast addresses will be added only when
1769 .Va ipv6_gateway_enable
1771 .It Va ipv6_default_interface
1775 this is the default output interface for scoped addresses.
1776 This works only with ipv6_gateway_enable="NO".
1777 .It Va ip6addrctl_enable
1779 This variable is to enable configuring default address selection policy table
1781 The table can be specified in another variable
1782 .Va ip6addrctl_policy .
1784 .Va ip6addrctl_policy
1785 the following keywords can be specified:
1786 .Dq Li ipv4_prefer ,
1787 .Dq Li ipv6_prefer ,
1797 installs a pre-defined policy table described in Section 10.3
1805 is specified, it attempts to read a file
1806 .Pa /etc/ip6addrctl.conf
1808 If this file is found,
1810 reads and installs it.
1811 If not found, a policy is automatically set
1813 .Va ipv6_activate_all_interfaces
1814 variable; if the variable is set to
1816 the IPv6-preferred one is used.
1817 Otherwise IPv4-preferred.
1819 The default value of
1820 .Va ip6addrctl_enable
1822 .Va ip6addrctl_policy
1828 .It Va cloned_interfaces
1830 Set to the list of clonable network interfaces to create on this host.
1831 Further cloning arguments may be passed to the
1834 command for each interface by setting the
1835 .Va create_args_ Ns Aq Ar interface
1837 If an interface name is specified with
1840 the interface will not be destroyed even when
1842 script is invoked with
1845 This is useful when reconfiguring the interface without destroying it.
1847 .Va cloned_interfaces
1848 are automatically appended to
1849 .Va network_interfaces
1851 .It Va cloned_interfaces_sticky
1853 This variable is to globally enable functionality of
1856 .Va cloned_interfaces
1858 The default value is
1860 Even if this variable is specified to
1863 keyword can be used to override it on per interface basis.
1864 .It Va gif_interfaces
1867 tunnel interfaces to configure on this host.
1869 .Va gifconfig_ Ns Aq Ar interface
1870 variable is assumed to exist for each value of
1872 The value of this variable is used to configure the link layer of the
1877 Additionally, this option ensures that each listed interface is created
1882 before attempting to configure it.
1884 For example, configure two
1888 gif_interfaces="gif0 gif1"
1889 gifconfig_gif0="100.64.0.1 100.64.0.2"
1890 ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252"
1891 gifconfig_gif1="inet6 2a00::1 2a01::1"
1892 ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252"
1894 .It Va sppp_interfaces
1898 interfaces to configure on this host.
1900 .Va spppconfig_ Ns Aq Ar interface
1901 variable is assumed to exist for each value of
1903 Each interface should also be configured by a general
1904 .Va ifconfig_ Ns Aq Ar interface
1908 for more information about available options.
1918 The name of the profile to use from
1919 .Pa /etc/ppp/ppp.conf .
1920 Also used for per-profile overrides of
1925 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1926 When the profile name contains any of the characters
1928 they are translated to
1930 for the proposes of the override variable names.
1933 Mode in which to run the
1936 .It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1938 Overrides the global
1948 See the manual for a full description.
1953 enables network address translation.
1954 Used in conjunction with
1956 allows hosts on private network addresses access to the Internet using
1957 this host as a network address translating router.
1960 .It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1962 Overrides the global
1966 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1968 Set the unit number to be used for this profile.
1969 See the manual description of
1974 The name of the user under which
1982 .It Va rc_conf_files
1984 This option is used to specify a list of files that will override
1986 .Pa /etc/defaults/rc.conf .
1987 The files will be read in the order in which they are specified and should
1988 include the full path to the file.
1989 By default, the files specified are
1992 .Pa /etc/rc.conf.local
1998 will attempt to automatically mount ZFS file systems and initialize ZFS volumes
2000 .It Va gptboot_enable
2004 .Pa /etc/rc.d/gptboot
2005 will log if the system successfully (or not) booted from a GPT partition,
2011 .It Va gbde_autoattach_all
2016 will attempt to automatically initialize your .bde devices in
2020 List the devices that the script should try to attach,
2025 The directory where the
2027 lockfiles are located.
2028 The default lockfile directory is
2031 The lockfile for each individual
2033 device can be overridden by setting the variable
2034 .Va gbde_lock_ Ns Aq Ar device ,
2037 is the encrypted device without the
2042 .It Va gbde_attach_attempts
2044 Number of times to attempt attaching to a
2046 device, i.e., how many times the user is asked for the pass-phrase.
2050 List of devices to automatically attach on boot.
2051 Note that .eli devices from
2053 are automatically appended to this list.
2056 List of groups containing devices to automatically attach on boot with the same
2057 keyfiles and passphrase.
2058 This must be accompanied with a corresponding
2059 .Va geli_ Ns Ao Ar group Ac Ns Va _devices
2063 Number of times user is asked for the pass-phrase.
2064 If empty, it will be taken from
2065 .Va kern.geom.eli.tries
2067 .It Va geli_default_flags
2069 Default flags to use by
2071 when configuring disk encryption.
2072 Flags can be configured for every device separately by defining the
2073 .Va geli_ Ns Ao Ar device Ac Ns Va _flags
2074 variable, and for every group separately by defining the
2075 .Va geli_ Ns Ao Ar group Ac Ns Va _flags
2077 .It Va geli_autodetach
2079 Specifies if GELI devices should be marked for detach on last close after
2080 file systems are mounted.
2083 This can be changed for every device separately by defining the
2084 .Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
2086 .It Va root_rw_mount
2091 After the file systems are checked at boot time, the root file system
2092 is remounted as read-write if this is set to
2094 Diskless systems that mount their root file system from a read-only remote
2095 NFS share should set this to
2099 .It Va fsck_y_enable
2104 will be run with the
2106 flag if the initial preen
2107 of the file systems fails.
2108 .It Va background_fsck
2112 the system will not attempt to run
2114 in the background where possible.
2115 .It Va background_fsck_delay
2117 The amount of time in seconds to sleep before starting a background
2119 It defaults to sixty seconds to allow large applications such as
2120 the X server to start before disk I/O bandwidth is monopolized by
2122 If set to a negative number, the background file system check will be
2123 delayed indefinitely to allow the administrator to run it at a more
2125 For example it may be run from
2127 by adding a line like
2129 .Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
2135 List of file system types that are network-based.
2136 This list should generally not be modified by end users.
2138 .Va extra_netfs_types
2140 .It Va extra_netfs_types
2142 If set to something other than
2145 this variable extends the list of file system types
2146 for which automatic mounting at startup by
2148 should be delayed until the network is initialized.
2150 a whitespace-separated list of network file system descriptor pairs,
2151 each consisting of a file system type as passed to
2153 and a human-readable, one-word description,
2156 Extending the default list in this way is only necessary
2157 when third party file system types are used.
2158 .It Va syslogd_enable
2165 .It Va syslogd_program
2170 .Pa /usr/sbin/syslogd ) .
2171 .It Va syslogd_flags
2177 these are the flags to pass to
2186 .It Va inetd_program
2191 .Pa /usr/sbin/inetd ) .
2198 these are the flags to pass to
2207 .It Va hastd_program
2219 these are the flags to pass to
2221 .It Va local_unbound_enable
2227 daemon as a local caching resolver.
2232 to start a Kerberos 5 authentication server
2240 this is the path to Kerberos 5 Authentication Server.
2244 This variable contains additional flags to be passed to the Kerberos 5
2245 authentication server.
2246 .It Va kadmind_enable
2252 the Kerberos 5 Administration Daemon; set to
2255 .It Va kadmind_program
2261 this is the path to Kerberos 5 Administration Daemon.
2262 .It Va kpasswdd_enable
2268 the Kerberos 5 Password-Changing Daemon; set to
2271 .It Va kpasswdd_program
2277 this is the path to Kerberos 5 Password-Changing Daemon.
2284 the Kerberos 5 ticket forwarding daemon, at the boot time.
2290 .Pa /usr/libexec/kfd ) .
2297 daemon at boot time.
2304 these are the flags to pass to it.
2311 daemon at boot time.
2318 these are the flags to pass to it.
2321 manpage for more information.
2322 .It Va amd_map_program
2325 the specified program is run to get the list of
2330 maps are stored in NIS, one can set this to
2343 will be updated at boot time to reflect the kernel release
2348 will not be updated.
2349 .It Va nfs_client_enable
2353 run the NFS client daemons at boot time.
2354 .It Va nfs_access_cache
2357 .Va nfs_client_enable
2362 to disable NFS ACCESS RPC caching, or to the number of seconds for which
2364 results should be cached.
2365 A value of 2-10 seconds will substantially reduce network
2366 traffic for many NFS operations.
2367 .It Va nfs_server_enable
2371 run the NFS server daemons at boot time.
2372 .It Va nfs_server_flags
2375 .Va nfs_server_enable
2378 these are the flags to pass to the
2381 .It Va nfsv4_server_enable
2384 .Va nfs_server_enable
2388 .Va nfsv4_server_enable
2391 enable the server for NFSv4 as well as NFSv2 and NFSv3.
2392 .It Va nfsuserd_enable
2398 run the nfsuserd daemon, which is needed for NFSv4 in order
2399 to map between user/group names vs uid/gid numbers.
2401 .Va nfsv4_server_enable
2404 this will be forced enabled.
2405 .It Va nfsuserd_flags
2411 these are the flags to pass to the
2414 .It Va nfscbd_enable
2420 run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2427 these are the flags to pass to the
2430 .It Va mountd_enable
2435 .Va nfs_server_enable
2441 It is commonly needed to run CFS without real NFS used.
2448 these are the flags to pass to the
2451 .It Va weak_mountd_authentication
2455 allow services like PCNFSD to make non-privileged mount
2457 .It Va nfs_reserved_port_only
2461 provide NFS services only on a secure port.
2462 .It Va nfs_bufpackets
2464 If set to a number, indicates the number of packets worth of
2465 socket buffer space to reserve on an NFS client.
2466 The kernel default is typically 4.
2467 Using a higher number may be
2468 useful on gigabit networks to improve performance.
2469 The minimum value is
2470 2 and the maximum is 64.
2471 .It Va rpc_lockd_enable
2475 and also an NFS server or client, run
2478 .It Va rpc_lockd_flags
2481 .Va rpc_lockd_enable
2484 these are the flags to pass to the
2487 .It Va rpc_statd_enable
2491 and also an NFS server or client, run
2494 .It Va rpc_statd_flags
2497 .Va rpc_statd_enable
2500 these are the flags to pass to the
2503 .It Va rpcbind_program
2508 .Pa /usr/sbin/rpcbind ) .
2509 .It Va rpcbind_enable
2515 service at boot time.
2516 .It Va rpcbind_flags
2522 these are the flags to pass to the
2525 .It Va keyserv_enable
2531 daemon on boot for running Secure RPC.
2532 .It Va keyserv_flags
2538 these are the flags to pass to
2541 .It Va pppoed_enable
2547 daemon at boot time to provide PPP over Ethernet services.
2548 .It Va pppoed_ Ns Aq Ar provider
2551 listens to requests to this
2557 argument of the same name.
2560 Additional flags to pass to
2562 .It Va pppoed_interface
2564 The network interface to run
2567 This is mandatory when
2577 service at boot time.
2578 This command is intended for networks of
2579 machines where a consistent
2581 for all hosts must be established.
2582 This is often useful in large NFS
2583 environments where time stamps on files are expected to be consistent
2591 these are the flags to pass to the
2594 .It Va ntpdate_enable
2601 This command is intended to
2602 synchronize the system clock only
2604 from some standard reference.
2606 Note that the use of the
2607 .Va ntpd_sync_on_start
2608 variable is a preferred alternative to the
2612 is to be retired from the NTP distribution.
2613 .It Va ntpdate_config
2615 Configuration file for
2619 .It Va ntpdate_hosts
2621 A whitespace-separated list of NTP servers to synchronize with at startup.
2622 The default is to use the servers listed in
2623 .Va ntpdate_config ,
2624 if that file exists.
2625 .It Va ntpdate_program
2630 .Pa /usr/sbin/ntpdate ) .
2631 .It Va ntpdate_flags
2637 these are the flags to pass to the
2639 command (typically a hostname).
2646 command at boot time.
2652 .Pa /usr/sbin/ntpd ) .
2666 these are the flags to pass to the
2669 .It Va ntpd_sync_on_start
2676 flag, which syncs the system's clock on startup.
2679 for more information regarding the
2682 This is a preferred alternative to using
2687 .It Va nis_client_enable
2693 service at system boot time.
2694 .It Va nis_client_flags
2697 .Va nis_client_enable
2700 these are the flags to pass to the
2703 .It Va nis_ypldap_enable
2709 daemon at system boot time.
2710 .It Va nis_ypldap_flags
2713 .Va nis.ypldap_enable
2716 these are the flags to pass to the
2719 .It Va nis_ypset_enable
2725 daemon at system boot time.
2726 .It Va nis_ypset_flags
2729 .Va nis_ypset_enable
2732 these are the flags to pass to the
2735 .It Va nis_server_enable
2741 daemon at system boot time.
2742 .It Va nis_server_flags
2745 .Va nis_server_enable
2748 these are the flags to pass to the
2751 .It Va nis_ypxfrd_enable
2757 daemon at system boot time.
2758 .It Va nis_ypxfrd_flags
2761 .Va nis_ypxfrd_enable
2764 these are the flags to pass to the
2767 .It Va nis_yppasswdd_enable
2773 daemon at system boot time.
2774 .It Va nis_yppasswdd_flags
2777 .Va nis_yppasswdd_enable
2780 these are the flags to pass to the
2783 .It Va rpc_ypupdated_enable
2789 daemon at system boot time.
2790 .It Va bsnmpd_enable
2796 daemon at system boot time.
2797 Be sure to understand the security implications of running SNMP daemon
2805 these are the flags to pass to the
2808 .It Va defaultrouter
2812 create a default route to this host name or IP address
2813 (use an IP address if this router is also required to get to the
2815 .It Va ipv6_defaultrouter
2817 The IPv6 equivalent of
2819 .It Va static_arp_pairs
2821 Set to the list of static ARP pairs that are to be added at system
2823 For each whitespace separated
2826 .Va static_arp_ Ns Aq Ar element
2827 variable is assumed to exist whose contents will later be passed to a
2832 static_arp_pairs="gw"
2833 static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2835 .It Va static_ndp_pairs
2837 Set to the list of static NDP pairs that are to be added at system
2839 For each whitespace separated
2842 .Va static_ndp_ Ns Aq Ar element
2843 variable is assumed to exist whose contents will later be passed to a
2848 static_ndp_pairs="gw"
2849 static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2851 .It Va static_routes
2853 Set to the list of static routes that are to be added at system
2857 then for each whitespace separated
2860 .Va route_ Ns Aq Ar element
2861 variable is assumed to exist
2862 whose contents will later be passed to a
2867 static_routes="ext mcast:gif0 gif0local:gif0"
2868 route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2869 route_mcast="-net 224.0.0.0/4 -iface gif0"
2870 route_gif0local="-host 169.254.1.1 -iface lo0"
2877 the route is specific to the interface
2879 .It Va ipv6_static_routes
2881 The IPv6 equivalent of
2885 then for each whitespace separated
2888 .Va ipv6_route_ Ns Aq Ar element
2889 variable is assumed to exist
2890 whose contents will later be passed to a
2891 .Dq Nm route Cm add Fl inet6
2893 .It Va gateway_enable
2897 configure host to act as an IP router, e.g.\& to forward packets
2899 .It Va ipv6_gateway_enable
2901 The IPv6 equivalent of
2902 .Va gateway_enable .
2903 .It Va routed_enable
2907 run a routing daemon of some sort, based on the
2912 .It Va route6d_enable
2914 The IPv6 equivalent of
2918 run a routing daemon of some sort, based on the
2923 .It Va routed_program
2929 this is the name of the routing daemon to use.
2930 .It Va route6d_program
2932 The IPv6 equivalent of
2933 .Va routed_program .
2940 these are the flags to pass to the routing daemon.
2941 .It Va route6d_flags
2943 The IPv6 equivalent of
2945 .It Va rtadvd_enable
2951 daemon at boot time.
2954 utility sends ICMPv6 Router Advertisement messages to
2955 the interfaces specified in
2956 .Va rtadvd_interfaces .
2957 This should only be enabled with great care.
2958 You may want to fine-tune
2960 .It Va rtadvd_interfaces
2966 this is the list of interfaces to use.
2971 enable global proxy ARP.
2972 .It Va forward_sourceroute
2980 source-routed packets are forwarded.
2981 .It Va accept_sourceroute
2985 the system will accept source-routed packets directed at it.
2992 daemon at system boot time.
2999 these are the flags to pass to the
3002 .It Va bootparamd_enable
3008 daemon at system boot time.
3009 .It Va bootparamd_flags
3012 .Va bootparamd_enable
3015 these are the flags to pass to the
3018 .It Va stf_interface_ipv4addr
3022 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
3024 Specify this entry to enable the 6to4 interface.
3025 .It Va stf_interface_ipv4plen
3027 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
3028 An effective value is 0-31.
3029 .It Va stf_interface_ipv6_ifid
3031 IPv6 interface ID for
3035 .It Va stf_interface_ipv6_slaid
3037 IPv6 Site Level Aggregator for
3039 .It Va ipv6_ipv4mapping
3043 this enables IPv4 mapped IPv6 address communication (like
3044 .Li ::ffff:a.b.c.d ) .
3045 .It Va rtsold_enable
3051 daemon to send ICMPv6 Router Solicitation messages.
3058 these are the flags to pass to
3062 For interfaces configured with the
3063 .Dq Li inet6 accept_rtadv
3064 keyword, these are the flags to pass to
3069 is mutually exclusive to
3075 The keyboard bell sound.
3082 if the default behavior is desired.
3083 For details, refer to the
3088 If set to a non-null string, the virtual console's keyboard input is
3094 no keymap is installed, otherwise the value is used to install
3095 the keymap file found in
3096 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3099 .Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3104 The keyboard repeat speed.
3111 if the default behavior is desired.
3116 attempt to program the function keys with the value.
3118 be a single string of the form:
3119 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3122 Can be set to the value of
3125 .Dq Li destructive ,
3128 to set the cursor behavior explicitly or choose the default behavior.
3133 no screen map is installed, otherwise the value is used to install
3134 the screen map file in
3135 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3136 This parameter is ignored when using
3138 as the console driver.
3143 the default 8x16 font value is used for screen size requests, otherwise
3145 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3147 .Pa /usr/share/vt/fonts/ Ns Aq Ar value
3148 is used (depending on the console driver being used).
3153 the default 8x14 font value is used for screen size requests, otherwise
3155 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3157 .Pa /usr/share/vt/fonts/ Ns Aq Ar value
3158 is used (depending on the console driver being used).
3163 the default 8x8 font value is used for screen size requests, otherwise
3165 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3167 .Pa /usr/share/vt/fonts/ Ns Aq Ar value
3168 is used (depending on the console driver being used).
3173 the default screen blanking interval is used, otherwise it is set
3181 this is the actual screen saver to use
3182 .Li ( blank , snake , daemon ,
3184 .It Va moused_nondefault_enable
3188 the mouse device specified on
3189 the command line is not automatically treated as enabled by the
3190 .Pa /etc/rc.d/moused
3192 Having this variable set to
3198 to be enabled as soon as it is plugged in.
3199 .It Va moused_enable
3205 daemon is started for doing cut/paste selection on the console.
3208 This is the protocol type of the mouse connected to this host.
3209 This variable must be set if
3216 is able to detect the appropriate mouse type automatically in many cases.
3217 Set this variable to
3219 to let the daemon detect it, or
3220 select one from the following list if the automatic detection fails.
3222 If the mouse is attached to the PS/2 mouse port, choose
3226 regardless of the brand and model of the mouse.
3228 mouse is attached to the bus mouse port, choose
3232 All other protocols are for serial mice and will not work with
3233 the PS/2 and bus mice.
3234 If this is a USB mouse,
3236 is the only protocol type which will work.
3238 .Bl -tag -width ".Li x10mouseremote" -compact
3240 Microsoft mouse (serial)
3242 Microsoft IntelliMouse (serial)
3244 Mouse systems Corp.\& mouse (serial)
3246 MM Series mouse (serial)
3248 Logitech mouse (serial)
3252 Logitech MouseMan and TrackMan (serial)
3254 ALPS GlidePoint (serial)
3255 .It Li thinkingmouse
3256 Kensington ThinkingMouse (serial)
3260 MM HitTablet (serial)
3261 .It Li x10mouseremote
3262 X10 MouseRemote (serial)
3264 Interlink VersaPad (serial)
3267 Even if the mouse is not in the above list, it may be compatible
3268 with one in the list.
3269 Refer to the manual page for
3271 for compatibility information.
3273 It should also be noted that while this is enabled, any
3274 other client of the mouse (such as an X server) should access
3275 the mouse through the virtual mouse device,
3277 and configure it as a
3279 type mouse, since all
3280 mouse data is converted to this single canonical format when
3283 If the client program does not support the
3289 It is the second preferred type.
3296 this is the actual port the mouse is on.
3299 for a COM1 serial mouse, or
3301 for a PS/2 mouse, for example.
3306 is set, its value is used as an additional set of flags to pass to the
3309 .It Va "moused_" Ns Ar XXX Ns Va "_flags"
3311 .Va moused_nondefault_enable
3314 daemon is started for a non-default port, the
3315 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3316 set of options has precedence over and replaces the default
3320 is the name of the non-default port, i.e.,\&
3323 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3324 it is possible to set up a different set of default flags for each
3327 For example, you can use
3331 to make your laptop's touchpad more comfortable to use,
3332 but an empty set of options for
3333 .Va moused_ums0_flags
3336 mouse has three or more buttons.
3337 .It Va mousechar_start
3341 the default mouse cursor character range
3342 .Li 0xd0 Ns - Ns Li 0xd3
3344 otherwise the range start is set
3349 Use if the default range is occupied in the language code table.
3350 .It Va allscreens_flags
3354 is run with these options for each of the virtual terminals
3358 will enable the mouse pointer on all virtual terminals
3363 .It Va allscreens_kbdflags
3367 is run with these options for each of the virtual terminals
3375 scrollback (history) buffer to 200 lines.
3382 daemon at system boot time.
3388 .Pa /usr/sbin/cron ) .
3395 these are the flags to pass to
3401 enable the special handling of transitions to and from the
3402 Daylight Saving Time in
3404 (equivalent to using the flag
3411 .Pa /usr/sbin/lpd ) .
3418 daemon at system boot time.
3425 these are the flags to pass to the
3428 .It Va chkprintcap_enable
3434 command before starting the
3437 .It Va chkprintcap_flags
3442 .Va chkprintcap_enable
3445 these are the flags to pass to the
3450 which causes missing directories to be created.
3451 .It Va mta_start_script
3453 This variable specifies the full path to the script to run to start
3454 a mail transfer agent.
3456 .Pa /etc/rc.sendmail .
3460 .Pa /etc/rc.sendmail
3461 uses are documented in the
3466 Indicates the device (usually a swap partition) to which a crash dump
3467 should be written in the event of a system crash.
3468 If the value of this variable is
3470 the first suitable swap device listed in
3472 will be used as dump device.
3473 Otherwise, the value of this variable is passed as the argument to
3477 To disable crash dumps, set this variable to
3485 as the system dump device.
3488 When the system reboots after a crash and a crash dump is found on the
3489 device specified by the
3493 will save that crash dump and a copy of the kernel to the directory
3497 The default value is
3506 .It Va savecore_enable
3510 disable automatic extraction of the crash dump from the
3512 .It Va savecore_flags
3514 If crash dumps are enabled, these are the flags to pass to the
3521 to turn on user and group disk quotas on system startup via the
3523 command for all file systems marked as having quotas enabled in
3525 The kernel must be built with
3527 for disk quotas to function.
3532 to enable user and group disk quota checking via the
3535 .It Va quotacheck_flags
3545 these are the flags to pass to the
3550 which checks quotas for all file systems with quotas enabled in
3552 .It Va quotaon_flags
3558 these are the flags to pass to the
3563 which enables quotas for all file systems with quotas enabled in
3565 .It Va quotaoff_flags
3571 these are the flags to pass to the
3573 utility when shutting down the quota system.
3576 which disables quotas for all file systems with quotas enabled in
3578 .It Va accounting_enable
3582 to enable system accounting through the
3585 .It Va firstboot_sentinel
3587 This variable specifies the full path to a
3590 If a file exists with this path,
3594 keyword will be run on startup and the sentinel file will be deleted
3595 after the boot process completes.
3596 The sentinel file must be located on a writable file system which is
3597 mounted no later than
3598 .Va early_late_divider
3599 to function properly.
3606 to enable Linux/ELF binary emulation at system initial
3608 .It Va sysvipc_enable
3612 load System V IPC primitives at boot time.
3613 .It Va clear_tmp_enable
3624 to disable removing of X11 lock files,
3625 and the removal and (secure) recreation
3626 of the various socket directories for X11
3628 .It Va ldconfig_paths
3630 Set to the list of shared library paths to use with
3636 will always be added first, so they need not appear in this list.
3637 .It Va ldconfig32_paths
3639 Set to the list of 32-bit compatibility shared library paths to
3642 .It Va ldconfig_insecure
3646 utility normally refuses to use directories
3647 which are writable by anyone except root.
3648 Set this variable to
3650 to disable that security check during system startup.
3651 .It Va ldconfig_local_dirs
3653 Set to the list of local
3656 The names of all files in the directories listed will be
3657 passed as arguments to
3659 .It Va ldconfig_local32_dirs
3661 Set to the list of local 32-bit compatibility
3664 The names of all files in the directories listed will be
3665 passed as arguments to
3666 .Dq Nm ldconfig Fl 32 .
3667 .It Va kern_securelevel_enable
3671 to set the kernel security level at system startup.
3672 .It Va kern_securelevel
3674 The kernel security level to set at startup.
3675 The allowed range of
3677 ranges from \-1 (the compile time default) to 3 (the
3681 for the list of possible security levels and their effect
3682 on system operation.
3685 Path to the SSH server program
3686 .Pa ( /usr/sbin/sshd
3694 at system boot time.
3701 these are the flags to pass to the
3706 Path to the FTP server program
3707 .Pa ( /usr/libexec/ftpd
3715 as a stand-alone daemon at system boot time.
3722 these are the additional flags to pass to the
3725 .It Va watchdogd_enable
3731 daemon at boot time.
3732 This requires that the kernel have been compiled with a
3735 .It Va watchdogd_flags
3738 .Va watchdogd_enable
3741 these are the flags passed to the
3744 .It Va watchdogd_timeout
3747 .Va watchdogd_enable
3750 this is a timeout that will be used by the
3753 If this option is set, it overrides
3756 .Va watchdogd_flags .
3757 .It Va watchdogd_shutdown_timeout
3760 .Va watchdogd_enable
3763 this is a timeout that will be set by the
3765 daemon when it exits during the system shutdown.
3766 This timeout will not be set when returning to the single-user mode
3767 or when the watchdogd service is stopped individually using the
3769 command or the rc.d script.
3770 Note that the timeout will be applied if
3772 is stopped outside of
3775 If this option is set, it overrides
3778 .Va watchdogd_flags .
3779 .It Va devfs_rulesets
3781 List of files containing sets of rules for
3783 .It Va devfs_system_ruleset
3785 Rule name(s) to apply to the system
3788 .It Va devfs_set_rulesets
3790 Pairs of already-mounted
3792 directories and rulesets that should be applied to them.
3793 For example: /mount/dev=ruleset_name
3794 .It Va devfs_load_rulesets
3796 If set, always load the default rulesets listed in
3797 .Va devfs_rulesets .
3798 .It Va performance_cx_lowest
3800 CPU idle state to use while on AC power.
3805 should use the lowest power state available while
3807 indicates that the lowest latency state (less power savings) should be used.
3808 .It Va performance_cpu_freq
3810 CPU clock frequency to use while on AC power.
3815 should use the lowest frequency available while
3817 indicates that the highest frequency (less power savings) should be used.
3818 .It Va economy_cx_lowest
3820 CPU idle state to use when off AC power.
3825 should use the lowest power state available while
3827 indicates that the lowest latency state (less power savings) should be used.
3828 .It Va economy_cpu_freq
3830 CPU clock frequency to use when off AC power.
3835 should use the lowest frequency available while
3837 indicates that the highest frequency (less power savings) should be used.
3842 any configured jails will not be started.
3845 The configuration filename used by
3848 The default value is
3849 .Pa /etc/jail.conf .
3850 .It Va jail_parallel_start
3854 all configured jails will be started in the background (in parallel).
3858 When set, use as default value for
3859 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3864 A space-delimited list of jail names.
3865 When left empty, all of the
3867 instances defined in the configuration file are started.
3868 The names specified in this list control the jail startup order.
3870 instances missing from
3872 must be started manually.
3875 parameter in the configuration file may override this list.
3876 .It Va jail_reverse_stop
3880 all configured jails in
3882 are stopped in reverse order.
3883 .It Va jail_ Ns * variables
3884 Note that older releases supported per-jail configuration via
3888 hostname of a jail named
3890 was able to be set by
3891 .Li jail_vjail_hostname .
3892 These per-jail configuration variables are now obsolete in favor of
3895 For backward compatibility,
3896 when per-jail configuration variables are defined,
3898 configuration files are created as
3899 .Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf
3902 The following per-jail parameters are handled by
3904 script out of their corresponding
3907 In addition to them, parameters in
3908 .Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3909 will be added to the configuration file.
3910 They must be a semi-colon
3918 .Bl -tag -width "host.hostname" -offset indent
3921 .Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3922 .It Li host.hostname
3924 .Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3925 .It Li exec.consolelog
3927 .Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3928 The default value is
3929 .Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3932 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
3933 .It Li vnet.interface
3935 .Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
3938 parameter will be enabled and cannot be specified with
3939 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
3940 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3942 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3946 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3949 .Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
3952 .Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3955 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
3956 The parameter name was
3958 in some older releases.
3959 .It Li exec.prestart
3961 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
3962 .It Li exec.poststart
3964 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
3967 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3970 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
3971 .It Li exec.poststop
3973 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
3976 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3978 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3979 contain IPv4 addresses
3982 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3984 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3985 contain IPv6 addresses
3988 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3991 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3992 .It Li devfs_ruleset
3994 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
3995 This must be an integer,
3997 .It Li mount.fdescfs
3999 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
4000 .It Li allow.set_hostname
4002 .Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
4003 .It Li allow.rawsocket
4005 .Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
4006 .It Li allow.sysvipc
4008 .Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
4010 .\" -----------------------------------------------------
4014 representing the entropy sources
4015 you wish to harvest.
4018 for more information.
4023 to disable caching entropy via
4025 Otherwise set to the directory
4026 in which the entropy files are stored.
4030 that regularly writes and rotates
4033 will be used at boot time.
4035 .Pa /var/db/entropy .
4040 to disable caching entropy through reboots.
4041 Otherwise set to the name
4042 of a file used to store cached entropy.
4043 This file should be located
4044 on a file system that is readable
4045 before all the volumes specified in
4052 .Pa /var/db/entropy-file
4053 is found it will also be used.
4054 This will be of some use to
4056 .It Va entropy_boot_file
4061 very early caching entropy
4063 Otherwise set to the filename
4065 very early reboot cached entropy.
4066 This file should be located where
4071 The default location is
4073 .It Va entropy_save_sz
4075 Size of the entropy cache files saved by
4078 .It Va entropy_save_num
4080 Number of entropy cache files to save by
4094 Configuration file for
4103 .Pa /var/run/dmesg.boot
4105 .It Va rcshutdown_timeout
4107 If set, start a watchdog timer in the background which will terminate
4111 has not completed within the specified time (in seconds).
4112 Notice that in addition to this soft timeout,
4114 also applies a hard timeout for the execution of
4116 This is configured via
4119 .Va kern.init_shutdown_timeout
4120 and defaults to 120 seconds.
4121 Setting the value of
4122 .Va rcshutdown_timeout
4123 to more than 120 seconds will have no effect until the
4126 .Va kern.init_shutdown_timeout
4128 .It Va virecover_enable
4132 to prevent the system from trying to
4133 recover pre-maturely terminated
4136 .It Va ugidfw_enable
4141 .Xr mac_bsdextended 4
4142 module upon system initialization and load a default
4144 .It Va bsdextended_script
4147 .Xr mac_bsdextended 4
4148 ruleset file to load.
4149 The default value of this variable is
4150 .Pa /etc/rc.bsdextended .
4151 .It Va newsyslog_enable
4158 .It Va newsyslog_flags
4161 .Va newsyslog_enable
4164 these are the flags to pass to the
4169 which causes log files flagged with a
4172 .It Va mdconfig_md Ns Aq Ar X
4182 must be specified and either a
4184 for malloc or swap backed
4192 .Va mdconfig_md Ns Aq Ar X
4193 variables are evaluated until one variable is unset or null.
4194 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4196 Optional arguments passed to
4202 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4204 An ownership specification passed to
4213 device and the mount point will be changed.
4214 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4216 A mode string passed to
4225 device and the mount point will be changed.
4226 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4228 Files to be copied to the mount point of the
4232 after it has been mounted.
4233 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4235 Command to execute after the specified
4240 Note that the command is passed to
4246 variables can be used to reference respectively the
4248 device and the mount point.
4253 one could set the following:
4255 mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4257 .It Va autobridge_interfaces
4259 Set to the list of bridge interfaces that will have newly arriving interfaces
4260 checked against to be automatically added.
4263 then for each whitespace separated
4266 .Va autobridge_ Ns Aq Ar element
4267 variable is assumed to exist which has a whitespace separated list of interface
4268 names to match, these names can use wildcards.
4271 autobridge_interfaces="bridge0"
4272 autobridge_bridge0="tap* dc0 vlan[345]"
4278 enable support for sound mixer.
4279 .It Va hcsecd_enable
4283 enable Bluetooth security daemon.
4284 .It Va hcsecd_config
4286 Configuration file for
4289 .Pa /etc/bluetooth/hcsecd.conf .
4294 enable Bluetooth Service Discovery Protocol daemon.
4302 .It Va sdpd_groupname
4306 group to run as after it initializes.
4309 .It Va sdpd_username
4313 user to run as after it initializes.
4316 .It Va bthidd_enable
4320 enable Bluetooth Human Interface Device daemon.
4321 .It Va bthidd_config
4323 Configuration file for
4326 .Pa /etc/bluetooth/bthidd.conf .
4329 Path to a file, where
4331 will store information about known HID devices.
4333 .Pa /var/db/bthidd.hids .
4334 .It Va rfcomm_pppd_server_enable
4338 enable Bluetooth RFCOMM PPP wrapper daemon.
4339 .It Va rfcomm_pppd_server_profile
4341 The name of the profile to use from
4342 .Pa /etc/ppp/ppp.conf .
4343 Multiple profiles can be specified here.
4344 Also used to specify per-profile overrides.
4345 When the profile name contains any of the characters
4347 they are translated to
4349 for the proposes of the override variable names.
4350 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4352 Overrides local address to listen on.
4358 The address can be specified as BD_ADDR or name.
4359 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4361 Overrides local RFCOMM channel to listen on.
4364 will listen on RFCOMM channel 1.
4365 Must set properly if multiple profiles used in the same time.
4366 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4370 if it should register Serial Port service on the specified RFCOMM channel.
4373 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4377 if it should register Dial-Up Networking service on the specified
4381 .It Va ubthidhci_enable
4385 change the USB Bluetooth controller from HID mode to HCI mode.
4386 You also need to specify the location of USB Bluetooth controller with the
4387 .Va ubthidhci_busnum
4391 .It Va ubthidhci_busnum
4392 Bus number where the USB Bluetooth controller is located.
4395 on your system to find this information.
4396 .It Va ubthidhci_addr
4397 Bus address of the USB Bluetooth controller.
4400 on your system to find this information.
4401 .It Va netwait_enable
4405 delays the start of network-reliant services until
4407 is up and ICMP packets to a destination defined in
4410 Link state is examined first, followed by
4412 an IP address to verify network usability.
4413 If no destination can be reached or timeouts are exceeded,
4414 network services are started anyway with no guarantee that
4415 the network is usable.
4416 Use of this variable requires both
4424 This variable contains a space-delimited list of IP addresses to
4426 DNS hostnames should not be used as resolution is not guaranteed
4427 to be functional at this point.
4428 If multiple IP addresses are specified,
4429 each will be tried until one is successful or the list is exhausted.
4430 .It Va netwait_timeout
4432 Indicates the total number of seconds to perform a
4434 against each IP address in
4436 at a rate of one ping per second.
4437 If any of the pings are successful,
4438 full network connectivity is considered reliable.
4443 Defines the name of the network interface on which watch for link.
4445 is used to monitor the interface, looking for
4446 .Dq Li status: no carrier .
4447 Once gone, the link is considered up.
4450 interface if desired.
4451 .It Va netwait_if_timeout
4453 Defines the total number of seconds to wait for link to become usable,
4454 polled at a 1-second interval.
4462 rules from the defined ruleset.
4463 The kernel must be built with
4466 .Cd "options RCTL" .
4472 This variables contains the
4478 A space-separated list of configuration files used by
4480 The default value is an empty string.
4481 .It Va autofs_enable
4491 daemons at boot time.
4492 .It Va automount_flags
4498 these are the flags to pass to the
4501 By default no flags are passed.
4502 .It Va automountd_flags
4508 these are the flags to pass to the
4511 By default no flags are passed.
4512 .It Va autounmountd_flags
4518 these are the flags to pass to the
4521 By default no flags are passed.
4528 daemon at boot time.
4529 .It Va iscsid_enable
4535 daemon at boot time.
4536 .It Va iscsictl_enable
4542 utility at boot time.
4543 .It Va iscsictl_flags
4549 these are the flags to pass to the
4554 which configures sessions based on the
4557 .It Va cfumass_enable
4561 create and export an USB LUN using
4566 The directory where the files exported by USB LUN are located.
4567 The default directory is
4569 .It Va service_delete_empty
4573 .Ql Li service delete
4577 .It Va zfs_bootonce_activate
4581 and a boot environment marked bootonce is successfully booted,
4582 it will be made permanently active.
4585 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4586 .It Pa /etc/defaults/rc.conf
4587 .It Pa /etc/defaults/vendor.conf
4589 .It Pa /etc/rc.conf.local
4619 .Xr newsyslog.conf 5 ,
4692 .An Jordan K. Hubbard .
projects / FreeBSD / FreeBSD.git / blob