4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the system installation utility,
46 is not to run commands or perform system startup actions
48 Instead, it is included by the
49 various generic startup scripts in
51 which conditionalize their
52 internal actions according to the settings found there.
56 file is included from the file
57 .Pa /etc/defaults/rc.conf ,
58 which specifies the default settings for all the available options.
59 Options need only be specified in
61 when the system administrator wishes to override these defaults.
63 .Pa /etc/rc.conf.local
64 is used to override settings in
66 for historical reasons.
68 .Pa /etc/rc.conf.local
69 you can also place smaller configuration files for each
73 directory, which will be included by the
76 For jail configurations you could use the file
77 .Pa /etc/rc.conf.d/jail
78 to store jail specific configuration options.
84 .Dq Ar name Ns Li = Ns Ar value
88 The following list provides a name and short description for each
89 variable that can be set in the
92 .Bl -tag -width indent-two
97 enable output of debug messages from rc scripts.
98 This variable can be helpful in diagnosing mistakes when
99 editing or integrating new scripts.
100 Beware that this produces copious output to the terminal and
106 disable informational messages from the rc scripts.
107 Informational messages are displayed when
108 a condition that is not serious enough to warrant a warning or
116 when faststart is used (e.g., at boot time).
117 .It Va early_late_divider
119 The name of the script that should be used as the
120 delimiter between the
124 stages of the boot process.
125 The early stage should contain all the services needed to
126 get the disks (local or remote) mounted so that the late
127 stage can include scripts contained in the directories
130 variable (see below).
131 Thus, the two likely candidates for this value are
133 for the typical system, and
135 if the system needs remote file
136 systems mounted to get access to the
138 directories; for example when
146 is likely to be an appropriate value.
147 Extreme care should be taken when changing this value,
148 and before changing it one should ensure that there are
149 adequate provisions to recover from a failed boot
150 (such as physical contact with the machine,
151 or reliable remote console access).
152 .It Va always_force_depends
156 scripts use the force_depend function to check whether required
157 services are already running, and to start them if necessary.
158 By default during boot time this check is bypassed if the
159 required service is enabled in
160 .Pa /etc/rc.conf[.local] .
161 Setting this option will bypass that check at boot time and
162 always test whether or not the service is actually running.
163 Enabling this option is likely to increase your boot time if
164 services are enabled that utilize the force_depend check.
169 no swapfile is installed, otherwise the value is used as the full
170 pathname to a file to use for additional swap space.
175 enable support for Automatic Power Management with
183 to handle APM event from userland.
184 This also enables support for APM.
191 these are the flags to pass to the
198 to handle device added, removed or unknown events from the kernel.
205 scripts at boot time.
208 Configuration file for
214 A list of kernel modules to load right after the local
216 Loading modules at this point in the boot process is
217 much faster than doing it via
218 .Pa /boot/loader.conf
219 for those modules not necessary for mounting local disk.
220 .It Va kldxref_enable
227 to automatically rebuild
232 .It Va kldxref_clobber
242 will overwrite existing
249 .It Va kldxref_module_path
254 delimited list of paths containing
266 enable the system power control facility with the
275 these are the flags to pass to the
279 Controls the creation of a
282 Always happens if set to
284 and never happens if set to
286 If set to anything else, a memory file system is created if
290 Controls the size of a created
294 Extra options passed to the
296 utility when the memory file system for
301 which inhibits the use of softupdates on
303 so that file system space is freed without delay
304 after file truncation or deletion.
307 for other options you can use in
310 Controls the creation of a
313 Always happens if set to
315 and never happens if set to
317 If set to anything else, a memory file system is created if
321 Controls the size of a created
325 Extra options passed to the
327 utility when the memory file system for
332 which inhibits the use of softupdates on
334 so that file system space is freed without delay
335 after file truncation or deletion.
338 for other options you can use in
341 Controls the automatic population of the
344 Always happens if set to
346 and never happens if set to
348 If set to anything else, a memory file system is created if
351 Note that this process requires access to certain commands in
355 is mounted on normal systems.
356 .It Va cleanvar_enable
363 List of directories to search for startup script files.
364 .It Va script_name_sep
366 The field separator to use for breaking down the list of startup script files
367 into individual filenames.
368 The default is a space.
369 It is not necessary to change this unless there are startup scripts with names
371 .It Va hostapd_enable
380 The fully qualified domain name (FQDN) of this host on the network.
381 This should almost certainly be set to something meaningful, even if
382 there is no network connection.
385 is used to set the hostname via DHCP,
386 this variable should be set to an empty string.
387 If this value remains unset when the system is done booting
388 your console login will display the default hostname of
392 Enable support for IPv6 networking.
393 Note that this requires that the kernel has been compiled with
394 .Cd "options INET6" .
397 The NIS domain name of this host, or
400 .It Va dhclient_program
402 Path to the DHCP client program
403 .Pa ( /sbin/dhclient ,
408 .It Va dhclient_flags
410 Additional flags to pass to the DHCP client program.
415 manpage for a description of the command line options available.
416 .It Va dhclient_flags_ Ns Aq Ar iface
417 Additional flags to pass to the DHCP client program running on
420 When specified, this variable overrides
422 .It Va background_dhclient
426 to start the DHCP client in background.
427 This can cause trouble with applications depending on
428 a working network, but it will provide a faster startup
430 .It Va background_dhclient_ Ns Aq Ar iface
431 When specified, this variable overrides the
432 .Va background_dhclient
433 variable for interface
436 .It Va synchronous_dhclient
442 synchronously at startup.
443 This behavior can be overridden on a per-interface basis by replacing
447 .Va ifconfig_ Ns Aq Ar interface
452 .It Va defaultroute_delay
454 When set to a positive value, wait up to this long after configuring
455 DHCP interfaces at startup to give the interfaces time to receive a lease.
456 .It Va firewall_enable
460 to load firewall rules at startup.
461 If the kernel was not built with
462 .Cd "options IPFIREWALL" ,
465 kernel module will be loaded.
467 .Va ipfilter_enable .
468 .It Va firewall_script
470 This variable specifies the full path to the firewall script to run.
472 .Pa /etc/rc.firewall .
475 Names the firewall type from the selection in
476 .Pa /etc/rc.firewall ,
477 or the file which contains the local firewall ruleset.
478 Valid selections from
482 .Bl -tag -width ".Li simple" -compact
484 unrestricted IP access
486 all IP services disabled, except via
489 basic protection for a workstation
491 basic protection for a LAN.
494 If a filename is specified, the full path
496 .It Va firewall_quiet
500 to disable the display of firewall rules on the console during boot.
501 .It Va firewall_logging
505 to enable firewall event logging.
506 This is equivalent to the
507 .Dv IPFIREWALL_VERBOSE
509 .It Va firewall_flags
515 specifies a filename.
516 .It Va firewall_coscripts
518 List of executables and/or rc scripts to run after firewall starts/stops.
520 .\" ----- firewall_nat_enable setting --------------------------------
521 .It Va firewall_nat_enable
533 .It Va firewall_nat_interface
539 This is the name of the public interface or IP address on which
540 kernel NAT should run.
541 .It Va firewall_nat_flags
543 Additional configuration parameters for kernel NAT should be placed here.
544 .It Va dummynet_enable
548 will automatically load the
554 .\" -------------------------------------------------------------------
570 sockets must be enabled in the kernel.
571 If the kernel was not built with
572 .Cd "options IPDIVERT" ,
575 kernel module will be loaded.
576 .It Va natd_interface
578 This is the name of the public interface on which
581 The interface may be given as an interface name or as an IP address.
586 flags should be placed here.
591 flag is automatically added with the above
594 .\" ----- ipfilter_enable setting --------------------------------
595 .It Va ipfilter_enable
606 Typical usage will require putting
608 ipfilter_enable="YES"
626 can be enabled independently.
630 both require at least one of
640 options IPFILTER_DEFAULT_BLOCK
643 in the kernel configuration file is a good idea, too.
644 .\" ----- ipfilter_program setting ------------------------------
645 .It Va ipfilter_program
651 .\" ----- ipfilter_rules setting --------------------------------
652 .It Va ipfilter_rules
657 This variable contains the name of the filter rule definition file.
658 The file is expected to be readable for the
661 .\" ----- ipv6_ipfilter_rules setting ---------------------------
662 .It Va ipv6_ipfilter_rules
667 This variable contains the IPv6 filter rule definition file.
668 The file is expected to be readable for the
671 .\" ----- ipfilter_flags setting --------------------------------
672 .It Va ipfilter_flags
675 This variable contains flags passed to the
678 .\" ----- ipnat_enable setting ----------------------------------
688 network address translation.
691 for a detailed discussion.
692 .\" ----- ipnat_program setting ---------------------------------
699 .\" ----- ipnat_rules setting -----------------------------------
705 This variable contains the name of the file
706 holding the network address translation definition.
707 This file is expected to be readable for the
710 .\" ----- ipnat_flags setting -----------------------------------
714 This variable contains flags passed to the
717 .\" ----- ipmon_enable setting ----------------------------------
732 Setting this variable needs setting
739 for a detailed discussion.
740 .\" ----- ipmon_program setting ---------------------------------
747 .\" ----- ipmon_flags setting -----------------------------------
753 This variable contains flags passed to the
756 Another typical example would be
757 .Dq Fl D Pa /var/log/ipflog
760 log directly to a file bypassing
763 .Pa /etc/newsyslog.conf
764 in such case like this:
766 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
768 .\" ----- ipfs_enable setting -----------------------------------
778 saving the filter and NAT state tables during shutdown
779 and reloading them during startup again.
780 Setting this variable needs setting
789 for a detailed discussion.
795 because the raised securelevel will prevent
797 from saving the state tables at shutdown time.
798 .\" ----- ipfs_program setting ----------------------------------
805 .\" ----- ipfs_flags setting ------------------------------------
809 This variable contains flags passed to the
812 .\" ----- end of added ipf hook ---------------------------------
824 Typical usage will require putting
839 into the kernel, otherwise the
840 kernel module will be loaded.
845 ruleset configuration file
860 these flags are passed to the
862 program when loading the ruleset.
872 which logs packets from the
885 .Pa /var/log/pflog ) .
887 .Pa /etc/newsyslog.conf
888 to adjust logfile rotation for this.
898 This variable contains additional flags passed to the
901 .It Va ftpproxy_enable
912 packet filter in translating ftp connections.
913 .It Va ftpproxy_flags
916 This variable contains additional flags passed to the
928 state changes to other hosts over the network by means of
933 must also be set then.
934 .It Va pfsync_syncdev
937 This variable specifies the name of the network interface
939 should operate through.
940 It must be set accordingly if
944 .It Va pfsync_syncpeer
947 This variable is optional.
948 By default, state change messages are sent out on the synchronisation
949 interface using IP multicast packets.
950 The protocol is IP protocol 240, PFSYNC, and the multicast group used is
952 When a peer address is specified using the
954 option, the peer address is used as a destination for the pfsync
955 traffic, and the traffic can then be protected using
959 manpage for more details about using
964 .It Va pfsync_ifconfig
967 This variable can contain additional options to be passed to the
969 command used to set up
971 .It Va tcp_extensions
978 disables certain TCP options as described by
984 might help remedy such problems with connections as randomly hanging
985 or other weird behavior.
986 Some network devices are known
987 to be broken with respect to these options.
994 .Va net.inet.tcp.log_in_vain
996 .Va net.inet.udp.log_in_vain ,
1001 are set to the given value.
1002 .It Va tcp_keepalive
1009 will disable probing idle TCP connections to verify that the
1010 peer is still up and reachable.
1011 .It Va tcp_drop_synfin
1018 will cause the kernel to ignore TCP frames that have both
1019 the SYN and FIN flags set.
1020 This prevents OS fingerprinting, but may
1021 break some legitimate applications.
1022 .It Va icmp_drop_redirect
1029 will cause the kernel to ignore ICMP REDIRECT packets.
1032 for more information.
1033 .It Va icmp_log_redirect
1040 will cause the kernel to log ICMP REDIRECT packets.
1042 the log messages are not rate-limited, so this option should only be used
1043 for troubleshooting networks.
1046 for more information.
1047 .It Va icmp_bmcastecho
1051 to respond to broadcast or multicast ICMP ping packets.
1054 for more information.
1055 .It Va ip_portrange_first
1059 this is the first port in the default portrange.
1062 for more information.
1063 .It Va ip_portrange_last
1067 this is the last port in the default portrange.
1070 for more information.
1071 .It Va network_interfaces
1073 Set to the list of network interfaces to configure on this host or
1075 (the default) for all current interfaces.
1077 .Va network_interfaces
1078 variable to anything other than the default is deprecated.
1079 Interfaces that the administrator wishes to store configuration for,
1080 but not start at boot should be configured with the
1083 .Va ifconfig_ Ns Aq Ar interface
1084 variables as described below.
1087 .Va ifconfig_ Ns Aq Ar interface
1088 variable is also assumed to exist for each value of
1090 When an interface name contains any of the characters
1092 they are translated to
1095 The variable can contain arguments to
1097 as well as special case-insensitive keywords described below.
1098 Such keywords are removed before passing the value to
1100 while the order of the other arguments is preserved.
1102 One can configure more than one IPv4 address with the
1103 .Va ipv4_addrs_ Ns Aq Ar interface
1105 One or more IP addresses must be provided in Classless Inter-Domain
1106 Routing (CIDR) address notation, whose last byte can be a range like
1108 In this case the address 192.0.2.5 will be configured with the
1109 netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1110 the non-conflicting netmask /32 as explained in the
1113 With the interface in question being
1115 an example could look like:
1117 ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28"
1120 It is also possible to add IP alias entries using
1123 Assuming that the interface in question was
1126 something like this:
1128 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1129 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1134 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1135 entry that is found,
1136 its contents are passed to
1138 Execution stops at the first unsuccessful access, so if
1139 something like this is present:
1141 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1142 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1143 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1144 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1147 Then note that alias4 would
1149 be added since the search would
1150 stop with the missing
1153 Due to this difficult to manage behavior, the
1154 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1158 .Pa /etc/start_if. Ns Aq Ar interface
1159 file is present, it is read and executed by the
1162 before configuring the interface as specified in the
1163 .Va ifconfig_ Ns Aq Ar interface
1165 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1169 .Va vlans_ Ns Aq Ar interface
1173 interface will be created for each item in the list with the
1177 If a vlan interface's name is a number,
1178 then that number is used as the vlan tag and the new vlan interface is
1180 .Ar interface . Ns Ar tag .
1182 the vlan tag must be specified via a
1185 .Va create_args_ Ns Aq Ar interface
1188 To create a vlan device named
1192 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1195 ifconfig_em0_101="inet 192.0.2.1/24"
1198 To create a vlan device named
1202 with the vlan tag 102:
1205 create_args_myvlan="vlan 102"
1209 .Va wlans_ Ns Aq Ar interface
1213 interface will be created for each item in the list with the
1217 Further wlan cloning arguments may be passed to the
1220 command by setting the
1221 .Va create_args_ Ns Aq Ar interface
1225 devices must be created for each wireless devices as of
1231 may be specified with an
1232 .Va wlandebug_ Ns Aq Ar interface
1234 The contents of this variable will be passed directly to
1238 .Va ifconfig_ Ns Aq Ar interface
1239 contains the keyword
1241 then the interface will not be configured
1243 .Pa /etc/pccard_ether
1245 .Va network_interfaces
1249 It is possible to bring up an interface with DHCP by adding
1252 .Va ifconfig_ Ns Aq Ar interface
1254 For instance, to initialize the
1257 it is possible to use something like:
1262 Also, if you want to configure your wireless interface with
1263 .Xr wpa_supplicant 8
1264 for use with WPA, EAP/LEAP or WEP, you need to add
1267 .Va ifconfig_ Ns Aq Ar interface
1270 Finally, you can add
1272 options in this variable, in addition to the
1273 .Pa /etc/start_if. Ns Aq Ar interface
1275 For instance, to configure an
1277 wireless device in station mode with an address obtained
1278 via DHCP, using WPA authentication and 802.11b mode, it is
1279 possible to use something like:
1282 ifconfig_wlan0="DHCP WPA mode 11b"
1286 .Va ifconfig_ Ns Aq Ar interface
1287 form, a fallback variable
1288 .Va ifconfig_DEFAULT
1290 It will be used for all interfaces with no
1291 .Va ifconfig_ Ns Aq Ar interface
1293 This is intended to replace the no longer supported
1297 It is also possible to rename an interface by doing:
1299 ifconfig_ed0_name="net0"
1300 ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1302 .It Va ipv6_network_interfaces
1304 This is the IPv6 equivalent of
1305 .Va network_interfaces .
1306 Instead of setting the ifconfig variables as
1307 .Va ifconfig_ Ns Aq Ar interface
1308 they should be set as
1309 .Va ipv6_ifconfig_ Ns Aq Ar interface .
1310 Aliases should be set as
1311 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
1312 .Va ipv6_prefix_ Ns Aq Ar interface
1314 Interfaces that do not have a
1315 .Va ipv6_ifconfig_ Ns Aq Ar interface
1316 setting will be auto configured by
1319 .Va ipv6_gateway_enable
1322 Note that the IPv6 networking code does not support the
1323 .Pa /etc/start_if. Ns Aq Ar interface
1325 .It Va ipv6_default_interface
1329 this is the default output interface for scoped addresses.
1330 Now this works only for IPv6 link local multicast addresses.
1331 .It Va cloned_interfaces
1333 Set to the list of clonable network interfaces to create on this host.
1334 Further cloning arguments may be passed to the
1337 command for each interface by setting the
1338 .Va create_args_ Ns Aq Ar interface
1341 .Va cloned_interfaces
1342 are automatically appended to
1343 .Va network_interfaces
1345 .It Va fec_interfaces
1349 Fast EtherChannel interfaces to configure on this host.
1351 .Va fecconfig_ Ns Aq Ar interface
1352 variable is assumed to exist for each value of
1354 The value of this variable is used to configure link aggregated interfaces
1355 according to the syntax of the
1356 .Cm NGM_FEC_ADD_IFACE
1360 Additionally, this option ensures that each listed interface is created
1365 before attempting to configure it.
1368 fec_interfaces="fec0"
1369 fecconfig_fec0="em0 em1"
1370 ifconfig_fec0="DHCP"
1372 .It Va gif_interfaces
1376 tunnel interfaces to configure on this host.
1378 .Va gifconfig_ Ns Aq Ar interface
1379 variable is assumed to exist for each value of
1381 The value of this variable is used to configure the link layer of the
1382 tunnel according to the syntax of the
1386 Additionally, this option ensures that each listed interface is created
1391 before attempting to configure it.
1392 .It Va sppp_interfaces
1396 interfaces to configure on this host.
1398 .Va spppconfig_ Ns Aq Ar interface
1399 variable is assumed to exist for each value of
1401 Each interface should also be configured by a general
1402 .Va ifconfig_ Ns Aq Ar interface
1406 for more information about available options.
1416 The name of the profile to use from
1417 .Pa /etc/ppp/ppp.conf .
1418 Also used for per-profile overrides of
1423 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1424 When the profile name contains any of the characters
1426 they are translated to
1428 for the proposes of the override variable names.
1431 Mode in which to run the
1434 .It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1436 Overrides the global
1446 See the manual for a full description.
1451 enables network address translation.
1452 Used in conjunction with
1454 allows hosts on private network addresses access to the Internet using
1455 this host as a network address translating router.
1456 .It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1458 Overrides the global
1462 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1464 Set the unit number to be used for this profile.
1465 See the manual description of
1470 The name of the user under which
1478 .It Va rc_conf_files
1480 This option is used to specify a list of files that will override
1482 .Pa /etc/defaults/rc.conf .
1483 The files will be read in the order in which they are specified and should
1484 include the full path to the file.
1485 By default, the files specified are
1488 .Pa /etc/rc.conf.local
1494 will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1496 .It Va gbde_autoattach_all
1501 will attempt to automatically initialize your .bde devices in
1505 List the devices that the script should try to attach,
1510 The directory where the
1512 lockfiles are located.
1513 The default lockfile directory is
1516 The lockfile for each individual
1518 device can be overridden by setting the variable
1519 .Va gbde_lock_ Ns Aq Ar device ,
1522 is the encrypted device without the
1527 .It Va gbde_attach_attempts
1529 Number of times to attempt attaching to a
1531 device, i.e., how many times the user is asked for the pass-phrase.
1535 List of devices to automatically attach on boot.
1536 Note that .eli devices from
1538 are automatically appended to this list.
1541 Number of times user is asked for the pass-phrase.
1542 If empty, it will be taken from
1543 .Va kern.geom.eli.tries
1545 .It Va geli_default_flags
1547 Default flags to use by
1549 when configuring disk encryption.
1550 Flags can be configured for every device separately by defining
1551 .Va geli_ Ns Ao Ar device Ac Ns Va _flags
1553 .It Va geli_autodetach
1555 Specifies if GELI devices should be marked for detach on last close after
1556 file systems are mounted.
1559 This can be changed for every device separately by defining
1560 .Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1562 .It Va geli_swap_flags
1563 Options passed to the
1565 utility when encrypted GEOM providers for swap partitions are created.
1567 .Dq Li "-e aes -l 256 -s 4096 -d" .
1568 .It Va root_rw_mount
1573 After the file systems are checked at boot time, the root file system
1574 is remounted as read-write if this is set to
1576 Diskless systems that mount their root file system from a read-only remote
1577 NFS share should set this to
1581 .It Va fsck_y_enable
1586 will be run with the
1588 flag if the initial preen
1589 of the file systems fails.
1590 .It Va background_fsck
1594 the system will attempt to run
1596 in the background where possible.
1597 .It Va background_fsck_delay
1599 The amount of time in seconds to sleep before starting a background
1601 It defaults to sixty seconds to allow large applications such as
1602 the X server to start before disk I/O bandwidth is monopolized by
1604 If set to a negative number, the background file system check will be
1605 delayed indefinitely to allow the administrator to run it at a more
1607 For example it may be run from
1609 by adding a line like
1611 .Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
1617 List of file system types that are network-based.
1618 This list should generally not be modified by end users.
1620 .Va extra_netfs_types
1622 .It Va extra_netfs_types
1624 If set to something other than
1627 this variable extends the list of file system types
1628 for which automatic mounting at startup by
1630 should be delayed until the network is initialized.
1632 a whitespace-separated list of network file system descriptor pairs,
1633 each consisting of a file system type as passed to
1635 and a human-readable, one-word description,
1638 Extending the default list in this way is only necessary
1639 when third party file system types are used.
1640 .It Va syslogd_enable
1647 .It Va syslogd_program
1652 .Pa /usr/sbin/syslogd ) .
1653 .It Va syslogd_flags
1659 these are the flags to pass to
1668 .It Va inetd_program
1673 .Pa /usr/sbin/inetd ) .
1680 these are the flags to pass to
1689 .It Va hastd_program
1701 these are the flags to pass to
1710 .It Va named_program
1715 .Pa /usr/sbin/named ) .
1720 configuration file, (default
1721 .Pa /etc/namedb/named.conf ) .
1728 these are the flags to pass to
1730 .It Va named_pidfile
1732 This is the default path to the
1735 This must match the location in
1741 process should be run as.
1742 .It Va named_chrootdir
1744 The root directory for a name server run in a
1746 environment (default
1750 will not be run in a
1753 .It Va named_chroot_autoupdate
1757 to disable automatic update of the
1760 .It Va named_symlink_enable
1764 to disable symlinking of
1773 loop until working name service is established.
1774 .It Va named_wait_host
1776 Name of host to lookup for the named_wait option.
1778 .It Va named_auto_forward
1780 Set to enable automatic creation of a forwarder
1781 configuration file derived from
1782 .Pa /etc/resolv.conf .
1783 .It Va named_auto_forward_only
1785 Set to change the default forwarder configuration from
1789 .It Va kerberos5_server_enable
1793 to start a Kerberos 5 authentication server
1795 .It Va kerberos5_server
1798 .Va kerberos5_server_enable
1801 this is the path to Kerberos 5 Authentication Server.
1802 .It Va kerberos5_server_flags
1805 This variable contains additional flags to be passed to the Kerberos 5
1806 authentication server.
1807 .It Va kadmind5_server_enable
1813 the Kerberos 5 Administration Daemon; set to
1816 .It Va kadmind5_server
1819 .Va kadmind5_server_enable
1822 this is the path to Kerberos 5 Administration Daemon.
1823 .It Va kpasswdd_server_enable
1829 the Kerberos 5 Password-Changing Daemon; set to
1832 .It Va kpasswdd_server
1835 .Va kpasswdd_server_enable
1838 this is the path to Kerberos 5 Password-Changing Daemon.
1845 daemon at boot time.
1852 these are the flags to pass to it.
1859 daemon at boot time.
1866 these are the flags to pass to it.
1869 manpage for more information.
1870 .It Va amd_map_program
1873 the specified program is run to get the list of
1878 maps are stored in NIS, one can set this to
1891 will be updated at boot time to reflect the kernel release
1896 will not be updated.
1897 .It Va nfs_client_enable
1901 run the NFS client daemons at boot time.
1902 .It Va nfs_access_cache
1905 .Va nfs_client_enable
1910 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1912 results should be cached.
1913 A value of 2-10 seconds will substantially reduce network
1914 traffic for many NFS operations.
1915 .It Va nfs_server_enable
1919 run the NFS server daemons at boot time.
1920 .It Va nfs_server_flags
1923 .Va nfs_server_enable
1926 these are the flags to pass to the
1929 .It Va idmapd_enable
1933 run the ID mapping daemon for NFS version 4.
1940 these are the flags to pass to the
1943 .It Va mountd_enable
1948 .Va nfs_server_enable
1954 It is commonly needed to run CFS without real NFS used.
1961 these are the flags to pass to the
1964 .It Va weak_mountd_authentication
1968 allow services like PCNFSD to make non-privileged mount
1970 .It Va nfs_reserved_port_only
1974 provide NFS services only on a secure port.
1975 .It Va nfs_bufpackets
1977 If set to a number, indicates the number of packets worth of
1978 socket buffer space to reserve on an NFS client.
1979 The kernel default is typically 4.
1980 Using a higher number may be
1981 useful on gigabit networks to improve performance.
1982 The minimum value is
1983 2 and the maximum is 64.
1984 .It Va rpc_lockd_enable
1988 and also an NFS server or client, run
1991 .It Va rpc_lockd_flags
1994 .Va rpc_lockd_enable
1997 these are the flags to pass to the
2000 .It Va rpc_statd_enable
2004 and also an NFS server or client, run
2007 .It Va rpc_statd_flags
2010 .Va rpc_statd_enable
2013 these are the flags to pass to the
2016 .It Va rpcbind_program
2021 .Pa /usr/sbin/rpcbind ) .
2022 .It Va rpcbind_enable
2028 service at boot time.
2029 .It Va rpcbind_flags
2035 these are the flags to pass to the
2038 .It Va keyserv_enable
2044 daemon on boot for running Secure RPC.
2045 .It Va keyserv_flags
2051 these are the flags to pass to
2054 .It Va pppoed_enable
2060 daemon at boot time to provide PPP over Ethernet services.
2061 .It Va pppoed_ Ns Aq Ar provider
2064 listens to requests to this
2070 argument of the same name.
2073 Additional flags to pass to
2075 .It Va pppoed_interface
2077 The network interface to run
2080 This is mandatory when
2090 service at boot time.
2091 This command is intended for networks of
2092 machines where a consistent
2094 for all hosts must be established.
2095 This is often useful in large NFS
2096 environments where time stamps on files are expected to be consistent
2104 these are the flags to pass to the
2107 .It Va ntpdate_enable
2114 This command is intended to
2115 synchronize the system clock only
2117 from some standard reference.
2118 An option to set this up initially
2119 (from a list of known servers) is also provided by the
2121 program when the system is first installed.
2122 .It Va ntpdate_config
2124 Configuration file for
2128 .It Va ntpdate_hosts
2130 A whitespace-separated list of NTP servers to synchronize with at startup.
2131 The default is to use the servers listed in
2132 .Va ntpdate_config ,
2133 if that file exists.
2134 .It Va ntpdate_program
2139 .Pa /usr/sbin/ntpdate ) .
2140 .It Va ntpdate_flags
2146 these are the flags to pass to the
2148 command (typically a hostname).
2155 command at boot time.
2161 .Pa /usr/sbin/ntpd ) .
2175 these are the flags to pass to the
2178 .It Va ntpd_sync_on_start
2185 flag, which syncs the system's clock on startup.
2188 for more information regarding the
2191 This is a preferred alternative to using
2196 .It Va nis_client_enable
2202 service at system boot time.
2203 .It Va nis_client_flags
2206 .Va nis_client_enable
2209 these are the flags to pass to the
2212 .It Va nis_ypset_enable
2218 daemon at system boot time.
2219 .It Va nis_ypset_flags
2222 .Va nis_ypset_enable
2225 these are the flags to pass to the
2228 .It Va nis_server_enable
2234 daemon at system boot time.
2235 .It Va nis_server_flags
2238 .Va nis_server_enable
2241 these are the flags to pass to the
2244 .It Va nis_ypxfrd_enable
2250 daemon at system boot time.
2251 .It Va nis_ypxfrd_flags
2254 .Va nis_ypxfrd_enable
2257 these are the flags to pass to the
2260 .It Va nis_yppasswdd_enable
2266 daemon at system boot time.
2267 .It Va nis_yppasswdd_flags
2270 .Va nis_yppasswdd_enable
2273 these are the flags to pass to the
2276 .It Va rpc_ypupdated_enable
2282 daemon at system boot time.
2283 .It Va bsnmpd_enable
2289 daemon at system boot time.
2290 Be sure to understand the security implications of running SNMP daemon
2298 these are the flags to pass to the
2301 .It Va defaultrouter
2305 create a default route to this host name or IP address
2306 (use an IP address if this router is also required to get to the
2308 .It Va ipv6_defaultrouter
2310 The IPv6 equivalent of
2312 .It Va static_arp_pairs
2314 Set to the list of static ARP pairs that are to be added at system
2316 For each whitespace separated
2319 .Va static_arp_ Ns Aq Ar element
2320 variable is assumed to exist whose contents will later be passed to a
2325 static_arp_pairs="gw"
2326 static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2328 .It Va static_ndp_pairs
2330 Set to the list of static NDP pairs that are to be added at system
2332 For each whitespace separated
2335 .Va static_ndp_ Ns Aq Ar element
2336 variable is assumed to exist whose contents will later be passed to a
2341 static_ndp_pairs="gw"
2342 static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2344 .It Va static_routes
2346 Set to the list of static routes that are to be added at system
2350 then for each whitespace separated
2353 .Va route_ Ns Aq Ar element
2354 variable is assumed to exist
2355 whose contents will later be passed to a
2360 static_routes="mcast gif0local"
2361 route_mcast="-net 224.0.0.0/4 -iface gif0"
2362 route_gif0local="-host 169.254.1.1 -iface lo0"
2364 .It Va ipv6_static_routes
2366 The IPv6 equivalent of
2370 then for each whitespace separated
2373 .Va ipv6_route_ Ns Aq Ar element
2374 variable is assumed to exist
2375 whose contents will later be passed to a
2376 .Dq Nm route Cm add Fl inet6
2378 .It Va natm_static_routes
2384 If not empty then for each whitespace separated
2387 .Va route_ Ns Aq Ar element
2388 variable is assumed to exist whose contents will later be passed to a
2389 .Dq Nm atmconfig Cm natm Cm add
2391 .It Va gateway_enable
2395 configure host to act as an IP router, e.g.\& to forward packets
2397 .It Va ipv6_gateway_enable
2399 The IPv6 equivalent of
2400 .Va gateway_enable .
2401 .It Va router_enable
2405 run a routing daemon of some sort, based on the
2410 .It Va ipv6_router_enable
2412 The IPv6 equivalent of
2416 run a routing daemon of some sort, based on the
2420 .Va ipv6_router_flags .
2427 this is the name of the routing daemon to use.
2430 The IPv6 equivalent of
2438 these are the flags to pass to the routing daemon.
2439 .It Va ipv6_router_flags
2441 The IPv6 equivalent of
2443 .It Va mrouted_enable
2447 run the multicast routing daemon,
2449 .It Va mroute6d_enable
2451 The IPv6 equivalent of
2452 .Va mrouted_enable .
2455 run the IPv6 multicast routing daemon.
2457 Note that multicast routing daemons are no longer included in the
2459 base system, however, both
2463 may be installed from the
2466 .It Va mrouted_flags
2472 these are the flags to pass to the
2475 .It Va mroute6d_flags
2477 The IPv6 equivalent of
2483 these are the flags passed to the IPv6 multicast routing daemon.
2484 .It Va mroute6d_program
2490 this is the path to the IPv6 multicast routing daemon.
2491 .It Va rtadvd_enable
2497 daemon at boot time.
2500 .Va ipv6_gateway_enable
2505 utility sends router advertisement packets to the interfaces specified in
2506 .Va rtadvd_interfaces
2507 and should only be enabled with great care.
2508 You may want to fine-tune
2510 .It Va rtadvd_interfaces
2516 this is the list of interfaces to use.
2517 .It Va ipxgateway_enable
2521 enable the routing of IPX traffic.
2522 .It Va ipxrouted_enable
2528 daemon at system boot time.
2529 .It Va ipxrouted_flags
2532 .Va ipxrouted_enable
2535 these are the flags to pass to the
2542 enable global proxy ARP.
2543 .It Va forward_sourceroute
2551 source-routed packets are forwarded.
2552 .It Va accept_sourceroute
2556 the system will accept source-routed packets directed at it.
2563 daemon at system boot time.
2570 these are the flags to pass to the
2573 .It Va bootparamd_enable
2579 daemon at system boot time.
2580 .It Va bootparamd_flags
2583 .Va bootparamd_enable
2586 these are the flags to pass to the
2589 .It Va stf_interface_ipv4addr
2593 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2595 Specify this entry to enable the 6to4 interface.
2596 .It Va stf_interface_ipv4plen
2598 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2599 An effective value is 0-31.
2600 .It Va stf_interface_ipv6_ifid
2602 IPv6 interface ID for
2606 .It Va stf_interface_ipv6_slaid
2608 IPv6 Site Level Aggregator for
2610 .It Va ipv6_faith_prefix
2614 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
2619 .It Va ipv6_ipv4mapping
2623 this enables IPv4 mapped IPv6 address communication (like
2624 .Li ::ffff:a.b.c.d ) .
2625 .It Va rtsold_enable
2631 daemon to send ICMPv6 Router Solicitation messages.
2638 these are the flags to pass to
2642 For interfaces configured with the
2643 .Dq Li inet6 accept_rtadv
2644 keyword, these are the flags to pass to
2649 is mutually exclusive to
2657 to enable the configuration of ATM interfaces at system boot time.
2658 For all of the ATM variables described below, please refer to the
2660 manual page for further details on the available command parameters.
2661 Also refer to the files in
2662 .Pa /usr/share/examples/atm
2663 for more detailed configuration information.
2666 This is a list of physical ATM interface drivers to load.
2671 .It Va atm_netif_ Ns Aq Ar intf
2673 For the ATM physical interface
2675 this variable defines the name prefix and count for the ATM network
2676 interfaces to be created.
2677 The value will be passed as the parameters of an
2678 .Dq Nm atm Cm "set netif" Ar intf
2680 .It Va atm_sigmgr_ Ns Aq Ar intf
2682 For the ATM physical interface
2684 this variable defines the ATM signalling manager to be used.
2685 The value will be passed as the parameters of an
2686 .Dq Nm atm Cm attach Ar intf
2688 .It Va atm_prefix_ Ns Aq Ar intf
2690 For the ATM physical interface
2692 this variable defines the NSAP prefix for interfaces using a UNI signalling
2696 the prefix will automatically be set via the
2699 Otherwise, the value will be passed as the parameters of an
2700 .Dq Nm atm Cm "set prefix" Ar intf
2702 .It Va atm_macaddr_ Ns Aq Ar intf
2704 For the ATM physical interface
2706 this variable defines the MAC address for interfaces using a UNI signalling
2710 the hardware MAC address contained in the ATM interface card will be used.
2711 Otherwise, the value will be passed as the parameters of an
2712 .Dq Nm atm Cm "set mac" Ar intf
2714 .It Va atm_arpserver_ Ns Aq Ar netif
2716 For the ATM network interface
2718 this variable defines the ATM address for a host which is to provide ATMARP
2720 This variable is only applicable to interfaces using a UNI signalling
2724 this host will become an ATMARP server.
2725 The value will be passed as the parameters of an
2726 .Dq Nm atm Cm "set arpserver" Ar netif
2728 .It Va atm_scsparp_ Ns Aq Ar netif
2732 SCSP/ATMARP service for the network interface
2734 will be initiated using the
2739 This variable is only applicable if
2740 .Va atm_arpserver_ Ns Aq Ar netif
2745 Set to the list of ATM PVCs to be added at system
2747 For each whitespace separated
2750 .Va atm_pvc_ Ns Aq Ar element
2751 variable is assumed to exist.
2752 The value of each of these variables
2753 will be passed as the parameters of an
2754 .Dq Nm atm Cm "add pvc"
2758 Set to the list of permanent ATM ARP entries to be added
2759 at system boot time.
2760 For each whitespace separated
2763 .Va atm_arp_ Ns Aq Ar element
2764 variable is assumed to exist.
2765 The value of each of these variables
2766 will be passed as the parameters of an
2767 .Dq Nm atm Cm "add arp"
2769 .It Va natm_interfaces
2773 interfaces that will also be used for HARP through
2775 If this list is not empty all interfaces in the list will be brought up
2781 For this to work the interface drivers must be either compiled into the
2782 kernel or must reside on the root partition.
2785 The keyboard bell sound.
2792 if the default behavior is desired.
2793 For details, refer to the
2798 If set to a non-null string, the virtual console's keyboard input is
2804 no keymap is installed, otherwise the value is used to install
2806 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
2809 The keyboard repeat speed.
2816 if the default behavior is desired.
2821 attempt to program the function keys with the value.
2823 be a single string of the form:
2824 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
2827 Can be set to the value of
2830 .Dq Li destructive ,
2833 to set the cursor behavior explicitly or choose the default behavior.
2838 no screen map is installed, otherwise the value is used to install
2839 the screen map file in
2840 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
2845 the default 8x16 font value is used for screen size requests, otherwise
2847 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2853 the default 8x14 font value is used for screen size requests, otherwise
2855 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2861 the default 8x8 font value is used for screen size requests, otherwise
2863 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2869 the default screen blanking interval is used, otherwise it is set
2877 this is the actual screen saver to use
2878 .Li ( blank , snake , daemon ,
2880 .It Va moused_nondefault_enable
2884 the mouse device specified on
2885 the command line is not automatically treated as enabled by the
2886 .Pa /etc/rc.d/moused
2888 Having this variable set to
2894 to be enabled as soon as it is plugged in.
2895 .It Va moused_enable
2901 daemon is started for doing cut/paste selection on the console.
2904 This is the protocol type of the mouse connected to this host.
2905 This variable must be set if
2912 is able to detect the appropriate mouse type automatically in many cases.
2913 Set this variable to
2915 to let the daemon detect it, or
2916 select one from the following list if the automatic detection fails.
2918 If the mouse is attached to the PS/2 mouse port, choose
2922 regardless of the brand and model of the mouse.
2924 mouse is attached to the bus mouse port, choose
2928 All other protocols are for serial mice and will not work with
2929 the PS/2 and bus mice.
2930 If this is a USB mouse,
2932 is the only protocol type which will work.
2934 .Bl -tag -width ".Li x10mouseremote" -compact
2936 Microsoft mouse (serial)
2938 Microsoft IntelliMouse (serial)
2940 Mouse systems Corp.\& mouse (serial)
2942 MM Series mouse (serial)
2944 Logitech mouse (serial)
2948 Logitech MouseMan and TrackMan (serial)
2950 ALPS GlidePoint (serial)
2951 .It Li thinkingmouse
2952 Kensington ThinkingMouse (serial)
2956 MM HitTablet (serial)
2957 .It Li x10mouseremote
2958 X10 MouseRemote (serial)
2960 Interlink VersaPad (serial)
2963 Even if the mouse is not in the above list, it may be compatible
2964 with one in the list.
2965 Refer to the manual page for
2967 for compatibility information.
2969 It should also be noted that while this is enabled, any
2970 other client of the mouse (such as an X server) should access
2971 the mouse through the virtual mouse device,
2973 and configure it as a
2975 type mouse, since all
2976 mouse data is converted to this single canonical format when
2979 If the client program does not support the
2985 It is the second preferred type.
2992 this is the actual port the mouse is on.
2995 for a COM1 serial mouse,
2999 for a bus mouse, for example.
3004 is set, its value is used as an additional set of flags to pass to the
3007 .It Va "moused_" Ns Ar XXX Ns Va "_flags"
3009 .Va moused_nondefault_enable
3012 daemon is started for a non-default port, the
3013 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3014 set of options has precedence over and replaces the default
3018 is the name of the non-default port, i.e.,\&
3021 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3022 it is possible to set up a different set of default flags for each
3025 For example, you can use
3029 to make your laptop's touchpad more comfortable to use,
3030 but an empty set of options for
3031 .Va moused_ums0_flags
3034 mouse has three or more buttons.
3035 .It Va mousechar_start
3039 the default mouse cursor character range
3040 .Li 0xd0 Ns - Ns Li 0xd3
3042 otherwise the range start is set
3047 Use if the default range is occupied in the language code table.
3048 .It Va allscreens_flags
3052 is run with these options for each of the virtual terminals
3056 will enable the mouse pointer on all virtual terminals
3061 .It Va allscreens_kbdflags
3065 is run with these options for each of the virtual terminals
3071 scrollback (history) buffer to 200 lines.
3078 daemon at system boot time.
3084 .Pa /usr/sbin/cron ) .
3091 these are the flags to pass to
3097 enable the special handling of transitions to and from the
3098 Daylight Saving Time in
3100 (equivalent to using the flag
3107 .Pa /usr/sbin/lpd ) .
3114 daemon at system boot time.
3121 these are the flags to pass to the
3124 .It Va chkprintcap_enable
3130 command before starting the
3133 .It Va chkprintcap_flags
3138 .Va chkprintcap_enable
3141 these are the flags to pass to the
3146 which causes missing directories to be created.
3147 .It Va mta_start_script
3149 This variable specifies the full path to the script to run to start
3150 a mail transfer agent.
3152 .Pa /etc/rc.sendmail .
3156 .Pa /etc/rc.sendmail
3157 uses are documented in the
3162 Indicates the device (usually a swap partition) to which a crash dump
3163 should be written in the event of a system crash.
3164 If the value of this variable is
3166 the first suitable swap device listed in
3168 will be used as dump device.
3169 Otherwise, the value of this variable is passed as the argument to
3171 To disable crash dumps, set this variable to
3175 When the system reboots after a crash and a crash dump is found on the
3176 device specified by the
3180 will save that crash dump and a copy of the kernel to the directory
3184 The default value is
3193 .It Va savecore_flags
3195 If crash dumps are enabled, these are the flags to pass to the
3202 to turn on user and group disk quotas on system startup via the
3204 command for all file systems marked as having quotas enabled in
3206 The kernel must be built with
3208 for disk quotas to function.
3213 to enable user and group disk quota checking via the
3216 .It Va quotacheck_flags
3226 these are the flags to pass to the
3231 which checks quotas for all file systems with quotas enabled in
3233 .It Va quotaon_flags
3239 these are the flags to pass to the
3244 which enables quotas for all file systems with quotas enabled in
3246 .It Va quotaoff_flags
3252 these are the flags to pass to the
3254 utility when shutting down the quota system.
3257 which disables quotas for all file systems with quotas enabled in
3259 .It Va accounting_enable
3263 to enable system accounting through the
3270 to enable iBCS2 (SCO) binary emulation at system initial boot
3272 .It Va ibcs2_loaders
3280 this specifies a list of additional iBCS2 loaders to enable.
3285 to enable Linux/ELF binary emulation at system initial
3291 enable SysVR4 emulation at boot time.
3292 .It Va sysvipc_enable
3296 load System V IPC primitives at boot time.
3297 .It Va clear_tmp_enable
3308 to disable removing of X11 lock files,
3309 and the removal and (secure) recreation
3310 of the various socket directories for X11
3312 .It Va ldconfig_paths
3314 Set to the list of shared library paths to use with
3318 will always be added first, so it need not appear in this list.
3319 .It Va ldconfig32_paths
3321 Set to the list of 32-bit compatibility shared library paths to
3324 .It Va ldconfig_paths_aout
3326 Set to the list of shared library paths to use with
3331 .It Va ldconfig_insecure
3335 utility normally refuses to use directories
3336 which are writable by anyone except root.
3337 Set this variable to
3339 to disable that security check during system startup.
3340 .It Va ldconfig_local_dirs
3342 Set to the list of local
3345 The names of all files in the directories listed will be
3346 passed as arguments to
3348 .It Va ldconfig_local32_dirs
3350 Set to the list of local 32-bit compatibility
3353 The names of all files in the directories listed will be
3354 passed as arguments to
3355 .Dq Nm ldconfig Fl 32 .
3356 .It Va kern_securelevel_enable
3360 to set the kernel security level at system startup.
3361 .It Va kern_securelevel
3363 The kernel security level to set at startup.
3364 The allowed range of
3366 ranges from \-1 (the compile time default) to 3 (the
3370 for the list of possible security levels and their effect
3371 on system operation.
3374 Path to the SSH server program
3375 .Pa ( /usr/sbin/sshd
3383 at system boot time.
3390 these are the flags to pass to the
3395 Path to the FTP server program
3396 .Pa ( /usr/libexec/ftpd
3404 as a stand-alone daemon at system boot time.
3411 these are the additional flags to pass to the
3414 .It Va watchdogd_enable
3420 daemon at boot time.
3421 This requires that the kernel have been compiled with a
3424 .It Va watchdogd_flags
3427 .Va watchdogd_enable
3430 these are the flags passed to the
3433 .It Va devfs_rulesets
3435 List of files containing sets of rules for
3437 .It Va devfs_system_ruleset
3439 Rule name(s) to apply to the system
3442 .It Va devfs_set_rulesets
3444 Pairs of already-mounted
3446 directories and rulesets that should be applied to them.
3447 For example: /mount/dev=ruleset_name
3448 .It Va devfs_load_rulesets
3450 If set, always load the default rulesets listed in
3451 .Va devfs_rulesets .
3452 .It Va performance_cx_lowest
3454 CPU idle state to use while on AC power.
3459 should use the lowest power state available while
3461 indicates that the lowest latency state (less power savings) should be used.
3462 .It Va performance_cpu_freq
3464 CPU clock frequency to use while on AC power.
3469 should use the lowest frequency available while
3471 indicates that the highest frequency (less power savings) should be used.
3472 .It Va economy_cx_lowest
3474 CPU idle state to use when off AC power.
3479 should use the lowest power state available while
3481 indicates that the lowest latency state (less power savings) should be used.
3482 .It Va economy_cpu_freq
3484 CPU clock frequency to use when off AC power.
3489 should use the lowest frequency available while
3491 indicates that the highest frequency (less power savings) should be used.
3496 any configured jails will not be started.
3499 A space separated list of names for jails.
3500 This is purely a configuration aid to help identify and
3501 configure multiple jails.
3502 The names specified in this list will be used to
3503 identify settings common to an instance of a jail,
3504 and should contain alphanumeric characters only.
3505 The literal jail name of
3510 Assuming that the jail in question was named
3512 you would have the following dependent variables:
3514 jail_vjail_hostname="jail.example.com"
3515 jail_vjail_ip="192.0.2.100"
3516 jail_vjail_rootdir="/var/jails/vjail/root"
3522 When set, use as default value for
3523 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3526 .It Va jail_interface
3529 When set, use as default value for
3530 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3536 When set, use as default value for
3537 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3540 .It Va jail_mount_enable
3548 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3551 by default for every jail in
3553 .It Va jail_devfs_ruleset
3557 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3558 to given value for every jail in
3560 .It Va jail_devfs_enable
3568 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3571 by default for every jail in
3573 .It Va jail_fdescfs_enable
3581 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3584 by default for every jail in
3586 .It Va jail_procfs_enable
3594 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3597 by default for every jail in
3599 .It Va jail_exec_prestart Ns Aq Ar N
3602 When set, use as default value for
3603 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N
3606 .It Va jail_exec_start
3609 When set, use as default value for
3610 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3613 .It Va jail_exec_afterstart Ns Aq Ar N
3616 When set, use as default value for
3617 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3620 .It Va jail_exec_poststart Ns Aq Ar N
3623 When set, use as default value for
3624 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N
3627 .It Va jail_exec_prestop Ns Aq Ar N
3630 When set, use as default value for
3631 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N
3634 .It Va jail_exec_stop
3636 When set, use as default value for
3637 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3640 .It Va jail_exec_poststop Ns Aq Ar N
3643 When set, use as default value for
3644 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N
3647 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3650 Set to the root directory used by jail
3652 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3655 Set to the fully qualified domain name (FQDN) assigned to jail
3657 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3660 Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail.
3661 The argument can be a sole address or a comma separated list of addresses.
3662 Additionally each address can be prefixed by the name of an interface
3663 followed by a pipe to overwrite
3664 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3667 and/or suffixed by a netmask, prefixlen or prefix.
3668 In case no netmask, prefixlen or prefix is given,
3670 will be used for IPv4 and
3672 will be used for an IPv6 address.
3673 If no address is given for the jail then the jail will be started with
3674 no networking support.
3675 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3678 Set additional IPv4 and/or IPv6 address(es) assigned to the jail.
3679 The sequence starts with
3681 and the numbers have to be strictly ascending.
3682 These entries follow the same syntax as their primary
3683 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3685 The order of the entries can be important as the first address for
3686 each address family found will be the primary address of the jail.
3692 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3697 These are flags to pass to
3699 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3702 When set, sets the interface to use when setting IP address alias.
3703 Note that the alias is created at jail startup and removed at jail shutdown.
3704 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3707 When set, the jail is started with the specified forwarding table (sometimes
3708 referred to as a routing table) via
3710 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3713 .Pa /etc/fstab. Ns Aq Ar jname
3715 This is the file system information file to use for jail
3717 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3724 mount all file systems from
3725 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3727 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3730 When set, defines the device file system ruleset file to use for jail
3732 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3739 mount the device file system inside jail
3742 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3749 mount the file-descriptor file system inside jail
3752 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
3759 mount the process file system inside jail
3762 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N
3765 This is the command run as
3768 before jail startup, where
3771 It is run outside the jail.
3772 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3775 .Dq Li /bin/sh /etc/rc
3777 This is the command executed in a jail at jail startup.
3778 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3781 This is the command run as
3785 after jail startup, where
3788 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N
3791 This is the command run as
3794 after jail startup, where
3797 It is run outside the jail.
3798 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N
3801 This is the command run as
3804 before jail shutdown, where
3807 It is run outside the jail.
3808 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3811 .Dq Li /bin/sh /etc/rc.shutdown
3813 This is the command executed in a jail at jail shutdown.
3814 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N
3817 This is the command run as
3820 after jail shutdown, where
3823 It is run outside the jail.
3824 .It Va jail_set_hostname_allow
3828 do not allow the root user in a jail to set its hostname.
3829 .It Va jail_socket_unixiproute_only
3833 do not allow any sockets,
3834 besides UNIX/IP/route sockets,
3835 to be used within a jail.
3836 .It Va jail_sysvipc_allow
3840 allow applications within a jail to use System V IPC.
3841 .\" -----------------------------------------------------
3842 .It Va harvest_interrupt
3846 to use hardware interrupts as an entropy source.
3849 for more information.
3850 .It Va harvest_ethernet
3854 to use LAN traffic as an entropy source.
3857 for more information.
3858 .It Va harvest_p_to_p
3862 to use serial line traffic as an entropy source.
3865 for more information.
3870 to disable caching entropy via
3872 Otherwise set to the directory used to store entropy files in.
3877 to disable caching entropy through reboots.
3878 Otherwise set to the filename used to store cached entropy through
3880 This file should be located on the root file system to seed the
3882 device as early as possible in the boot process.
3883 .It Va entropy_save_sz
3885 Size of the entropy cache files saved by
3888 .It Va entropy_save_num
3890 Number of entropy cache files to save by
3904 Configuration file for
3913 .Pa /var/run/dmesg.boot
3915 .It Va rcshutdown_timeout
3917 If set, start a watchdog timer in the background which will terminate
3921 has not completed within the specified time (in seconds).
3922 Notice that in addition to this soft timeout,
3924 also applies a hard timeout for the execution of
3926 This is configured via
3929 .Va kern.init_shutdown_timeout
3930 and defaults to 120 seconds.
3931 Setting the value of
3932 .Va rcshutdown_timeout
3933 to more than 120 seconds will have no effect until the
3936 .Va kern.init_shutdown_timeout
3938 .It Va virecover_enable
3942 to prevent the system from trying to
3943 recover pre-maturely terminated
3946 .It Va ugidfw_enable
3951 .Xr mac_bsdextended 4
3952 module upon system initialization and load a default
3954 .It Va bsdextended_script
3957 .Xr mac_bsdextended 4
3958 ruleset file to load.
3959 The default value of this variable is
3960 .Pa /etc/rc.bsdextended .
3961 .It Va newsyslog_enable
3968 .It Va newsyslog_flags
3971 .Va newsyslog_enable
3974 these are the flags to pass to the
3979 which causes log files flagged with a
3982 .It Va mdconfig_md Ns Aq Ar X
3992 must be specified and either a
3994 for malloc or swap backed
4002 .Va mdconfig_md Ns Aq Ar X
4003 variables are evaluated until one variable is unset or null.
4004 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4006 Optional arguments passed to
4012 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4014 An ownership specification passed to
4023 device and the mount point will be changed.
4024 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4026 A mode string passed to
4035 device and the mount point will be changed.
4036 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4038 Files to be copied to the mount point of the
4042 after it has been mounted.
4043 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4045 Command to execute after the specified
4050 Note that the command is passed to
4056 variables can be used to reference respectively the
4058 device and the mount point.
4063 one could set the following:
4065 mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4067 .It Va autobridge_interfaces
4069 Set to the list of bridge interfaces that will have newly arriving interfaces
4070 checked against to be automatically added.
4073 then for each whitespace separated
4076 .Va autobridge_ Ns Aq Ar element
4077 variable is assumed to exist which has a whitespace separated list of interface
4078 names to match, these names can use wildcards.
4081 autobridge_interfaces="bridge0"
4082 autobridge_bridge0="tap* dc0 vlan[345]"
4088 enable support for sound mixer.
4089 .It Va hcsecd_enable
4093 enable Bluetooth security daemon.
4094 .It Va hcsecd_config
4096 Configuration file for
4099 .Pa /etc/bluetooth/hcsecd.conf .
4104 enable Bluetooth Service Discovery Protocol daemon.
4112 .It Va sdpd_groupname
4116 group to run as after it initializes.
4119 .It Va sdpd_username
4123 user to run as after it initializes.
4126 .It Va bthidd_enable
4130 enable Bluetooth Human Interface Device daemon.
4131 .It Va bthidd_config
4133 Configuration file for
4136 .Pa /etc/bluetooth/bthidd.conf .
4139 Path to a file, where
4141 will store information about known HID devices.
4143 .Pa /var/db/bthidd.hids .
4144 .It Va rfcomm_pppd_server_enable
4148 enable Bluetooth RFCOMM PPP wrapper daemon.
4149 .It Va rfcomm_pppd_server_profile
4151 The name of the profile to use from
4152 .Pa /etc/ppp/ppp.conf .
4153 Multiple profiles can be specified here.
4154 Also used to specify per-profile overrides.
4155 When the profile name contains any of the characters
4157 they are translated to
4159 for the proposes of the override variable names.
4160 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4162 Overrides local address to listen on.
4168 The address can be specified as BD_ADDR or name.
4169 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4171 Overrides local RFCOMM channel to listen on.
4174 will listen on RFCOMM channel 1.
4175 Must set properly if multiple profiles used in the same time.
4176 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4180 if it should register Serial Port service on the specified RFCOMM channel.
4183 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4187 if it should register Dial-Up Networking service on the specified
4191 .It Va ubthidhci_enable
4195 change the USB Bluetooth controller from HID mode to HCI mode.
4196 You also need to specify the location of USB Bluetooth controller with the
4197 .Va ubthidhci_busnum
4201 .It Va ubthidhci_busnum
4202 Bus number where the USB Bluetooth controller is located.
4205 on your system to find this information.
4206 .It Va ubthidhci_addr
4207 Bus address of the USB Bluetooth controller.
4210 on your system to find this information.
4211 .It Va netwait_enable
4215 delays the start of network-reliant services until
4217 is up and ICMP packets to a destination defined in
4220 Link state is examined first, followed by
4222 an IP address to verify network usability.
4223 If no destination can be reached or timeouts are exceeded,
4224 network services are started anyway with no guarantee that
4225 the network is usable.
4226 Use of this variable requires both
4234 This variable contains a space-delimited list of IP addresses to
4236 DNS hostnames should not be used as resolution is not guaranteed
4237 to be functional at this point.
4238 If multiple IP addresses are specified,
4239 each will be tried until one is successful or the list is exhausted.
4240 .It Va netwait_timeout
4242 Indicates the total number of seconds to perform a
4244 against each IP address in
4246 at a rate of one ping per second.
4247 If any of the pings are successful,
4248 full network connectivity is considered reliable.
4253 Defines the name of the network interface on which watch for link.
4255 is used to monitor the interface, looking for
4256 .Dq Li status: no carrier .
4257 Once gone, the link is considered up.
4260 interface if desired.
4261 .It Va netwait_if_timeout
4263 Defines the total number of seconds to wait for link to become usable,
4264 polled at a 1-second interval.
4268 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4269 .It Pa /etc/defaults/rc.conf
4271 .It Pa /etc/rc.conf.local
4300 .Xr newsyslog.conf 5 ,
4370 .An Jordan K. Hubbard .