4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 .Dd September 13, 2010
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the system installation utility,
46 is not to run commands or perform system startup actions
48 Instead, it is included by the
49 various generic startup scripts in
51 which conditionalize their
52 internal actions according to the settings found there.
56 file is included from the file
57 .Pa /etc/defaults/rc.conf ,
58 which specifies the default settings for all the available options.
59 Options need only be specified in
61 when the system administrator wishes to override these defaults.
63 .Pa /etc/rc.conf.local
64 is used to override settings in
66 for historical reasons.
72 .Dq Ar name Ns Li = Ns Ar value
76 The following list provides a name and short description for each
77 variable that can be set in the
80 .Bl -tag -width indent-two
85 enable output of debug messages from rc scripts.
86 This variable can be helpful in diagnosing mistakes when
87 editing or integrating new scripts.
88 Beware that this produces copious output to the terminal and
94 disable informational messages from the rc scripts.
95 Informational messages are displayed when
96 a condition that is not serious enough to warrant a warning or
104 when faststart is used (e.g., at boot time).
105 .It Va early_late_divider
107 The name of the script that should be used as the
108 delimiter between the
112 stages of the boot process.
113 The early stage should contain all the services needed to
114 get the disks (local or remote) mounted so that the late
115 stage can include scripts contained in the directories
118 variable (see below).
119 Thus, the two likely candidates for this value are
121 for the typical system, and
123 if the system needs remote file
124 systems mounted to get access to the
126 directories; for example when
134 is likely to be an appropriate value.
135 Extreme care should be taken when changing this value,
136 and before changing it one should ensure that there are
137 adequate provisions to recover from a failed boot
138 (such as physical contact with the machine,
139 or reliable remote console access).
144 no swapfile is installed, otherwise the value is used as the full
145 pathname to a file to use for additional swap space.
150 enable support for Automatic Power Management with
158 to handle APM event from userland.
159 This also enables support for APM.
166 these are the flags to pass to the
173 to handle device added, removed or unknown events from the kernel.
180 scripts at boot time.
183 Configuration file for
187 .It Va kldxref_enable
194 to automatically rebuild
199 .It Va kldxref_clobber
209 will overwrite existing
216 .It Va kldxref_module_path
221 delimited list of paths containing
233 enable the system power control facility with the
242 these are the flags to pass to the
246 Controls the creation of a
249 Always happens if set to
251 and never happens if set to
253 If set to anything else, a memory file system is created if
257 Controls the size of a created
261 Extra options passed to the
263 utility when the memory file system for
268 which inhibits the use of softupdates on
270 so that file system space is freed without delay
271 after file truncation or deletion.
274 for other options you can use in
277 Controls the creation of a
280 Always happens if set to
282 and never happens if set to
284 If set to anything else, a memory file system is created if
288 Controls the size of a created
292 Extra options passed to the
294 utility when the memory file system for
299 which inhibits the use of softupdates on
301 so that file system space is freed without delay
302 after file truncation or deletion.
305 for other options you can use in
308 Controls the automatic population of the
311 Always happens if set to
313 and never happens if set to
315 If set to anything else, a memory file system is created if
318 Note that this process requires access to certain commands in
322 is mounted on normal systems.
323 .It Va cleanvar_enable
330 List of directories to search for startup script files.
331 .It Va script_name_sep
333 The field separator to use for breaking down the list of startup script files
334 into individual filenames.
335 The default is a space.
336 It is not necessary to change this unless there are startup scripts with names
338 .It Va hostapd_enable
347 The fully qualified domain name (FQDN) of this host on the network.
348 This should almost certainly be set to something meaningful, even if
349 there is no network connection.
352 is used to set the hostname via DHCP,
353 this variable should be set to an empty string.
354 If this value remains unset when the system is done booting
355 your console login will display the default hostname of
359 The NIS domain name of this host, or
362 .It Va dhclient_program
364 Path to the DHCP client program
365 .Pa ( /sbin/dhclient ,
370 .It Va dhclient_flags
372 Additional flags to pass to the DHCP client program.
377 manpage for a description of the command line options available.
378 .It Va dhclient_flags_ Ns Aq Ar iface
379 Additional flags to pass to the DHCP client program running on
382 When specified, this variable overrides
384 .It Va background_dhclient
388 to start the DHCP client in background.
389 This can cause trouble with applications depending on
390 a working network, but it will provide a faster startup
392 .It Va background_dhclient_ Ns Aq Ar iface
393 When specified, this variable overrides the
394 .Va background_dhclient
395 variable for interface
398 .It Va synchronous_dhclient
404 synchronously at startup.
405 This behavior can be overridden on a per-interface basis by replacing
409 .Va ifconfig_ Ns Aq Ar interface
414 .It Va defaultroute_delay
416 When set to a positive value, wait up to this long after configuring
417 DHCP interfaces at startup to give the interfaces time to receive a lease.
418 .It Va firewall_enable
422 to load firewall rules at startup.
423 If the kernel was not built with
424 .Cd "options IPFIREWALL" ,
427 kernel module will be loaded.
429 .Va ipfilter_enable .
430 .It Va firewall_script
432 This variable specifies the full path to the firewall script to run.
434 .Pa /etc/rc.firewall .
437 Names the firewall type from the selection in
438 .Pa /etc/rc.firewall ,
439 or the file which contains the local firewall ruleset.
440 Valid selections from
444 .Bl -tag -width ".Li simple" -compact
446 unrestricted IP access
448 all IP services disabled, except via
451 basic protection for a workstation
453 basic protection for a LAN.
456 If a filename is specified, the full path
458 .It Va firewall_quiet
462 to disable the display of firewall rules on the console during boot.
463 .It Va firewall_logging
467 to enable firewall event logging.
468 This is equivalent to the
469 .Dv IPFIREWALL_VERBOSE
471 .It Va firewall_flags
477 specifies a filename.
478 .It Va firewall_coscripts
480 List of executables and/or rc scripts to run after firewall starts/stops.
482 .\" ----- firewall_nat_enable setting --------------------------------
483 .It Va firewall_nat_enable
495 .It Va firewall_nat_interface
501 This is the name of the public interface or IP address on which
502 kernel NAT should run.
503 .It Va firewall_nat_flags
505 Additional configuration parameters for kernel NAT should be placed here.
506 .It Va dummynet_enable
510 will automatically load the
516 .\" -------------------------------------------------------------------
532 sockets must be enabled in the kernel.
533 If the kernel was not built with
534 .Cd "options IPDIVERT" ,
537 kernel module will be loaded.
538 .It Va natd_interface
540 This is the name of the public interface on which
543 The interface may be given as an interface name or as an IP address.
548 flags should be placed here.
553 flag is automatically added with the above
556 .\" ----- ipfilter_enable setting --------------------------------
557 .It Va ipfilter_enable
568 Typical usage will require putting
570 ipfilter_enable="YES"
588 can be enabled independently.
592 both require at least one of
602 options IPFILTER_DEFAULT_BLOCK
605 in the kernel configuration file is a good idea, too.
606 .\" ----- ipfilter_program setting ------------------------------
607 .It Va ipfilter_program
613 .\" ----- ipfilter_rules setting --------------------------------
614 .It Va ipfilter_rules
619 This variable contains the name of the filter rule definition file.
620 The file is expected to be readable for the
623 .\" ----- ipv6_ipfilter_rules setting ---------------------------
624 .It Va ipv6_ipfilter_rules
629 This variable contains the IPv6 filter rule definition file.
630 The file is expected to be readable for the
633 .\" ----- ipfilter_flags setting --------------------------------
634 .It Va ipfilter_flags
637 This variable contains flags passed to the
640 .\" ----- ipnat_enable setting ----------------------------------
650 network address translation.
653 for a detailed discussion.
654 .\" ----- ipnat_program setting ---------------------------------
661 .\" ----- ipnat_rules setting -----------------------------------
667 This variable contains the name of the file
668 holding the network address translation definition.
669 This file is expected to be readable for the
672 .\" ----- ipnat_flags setting -----------------------------------
676 This variable contains flags passed to the
679 .\" ----- ipmon_enable setting ----------------------------------
694 Setting this variable needs setting
701 for a detailed discussion.
702 .\" ----- ipmon_program setting ---------------------------------
709 .\" ----- ipmon_flags setting -----------------------------------
715 This variable contains flags passed to the
718 Another typical example would be
719 .Dq Fl D Pa /var/log/ipflog
722 log directly to a file bypassing
725 .Pa /etc/newsyslog.conf
726 in such case like this:
728 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
730 .\" ----- ipfs_enable setting -----------------------------------
740 saving the filter and NAT state tables during shutdown
741 and reloading them during startup again.
742 Setting this variable needs setting
751 for a detailed discussion.
757 because the raised securelevel will prevent
759 from saving the state tables at shutdown time.
760 .\" ----- ipfs_program setting ----------------------------------
767 .\" ----- ipfs_flags setting ------------------------------------
771 This variable contains flags passed to the
774 .\" ----- end of added ipf hook ---------------------------------
786 Typical usage will require putting
801 into the kernel, otherwise the
802 kernel module will be loaded.
807 ruleset configuration file
822 these flags are passed to the
824 program when loading the ruleset.
834 which logs packets from the
847 .Pa /var/log/pflog ) .
849 .Pa /etc/newsyslog.conf
850 to adjust logfile rotation for this.
860 This variable contains additional flags passed to the
863 .It Va ftpproxy_enable
874 packet filter in translating ftp connections.
875 .It Va ftpproxy_flags
878 This variable contains additional flags passed to the
890 state changes to other hosts over the network by means of
895 must also be set then.
896 .It Va pfsync_syncdev
899 This variable specifies the name of the network interface
901 should operate through.
902 It must be set accordingly if
906 .It Va pfsync_syncpeer
909 This variable is optional.
910 By default, state change messages are sent out on the synchronisation
911 interface using IP multicast packets.
912 The protocol is IP protocol 240, PFSYNC, and the multicast group used is
914 When a peer address is specified using the
916 option, the peer address is used as a destination for the pfsync
917 traffic, and the traffic can then be protected using
921 manpage for more details about using
926 .It Va pfsync_ifconfig
929 This variable can contain additional options to be passed to the
931 command used to set up
933 .It Va tcp_extensions
940 disables certain TCP options as described by
946 might help remedy such problems with connections as randomly hanging
947 or other weird behavior.
948 Some network devices are known
949 to be broken with respect to these options.
956 .Va net.inet.tcp.log_in_vain
958 .Va net.inet.udp.log_in_vain ,
963 are set to the given value.
971 will disable probing idle TCP connections to verify that the
972 peer is still up and reachable.
973 .It Va tcp_drop_synfin
980 will cause the kernel to ignore TCP frames that have both
981 the SYN and FIN flags set.
982 This prevents OS fingerprinting, but may
983 break some legitimate applications.
984 .It Va icmp_drop_redirect
991 will cause the kernel to ignore ICMP REDIRECT packets.
994 for more information.
995 .It Va icmp_log_redirect
1002 will cause the kernel to log ICMP REDIRECT packets.
1004 the log messages are not rate-limited, so this option should only be used
1005 for troubleshooting networks.
1008 for more information.
1009 .It Va icmp_bmcastecho
1013 to respond to broadcast or multicast ICMP ping packets.
1016 for more information.
1017 .It Va ip_portrange_first
1021 this is the first port in the default portrange.
1024 for more information.
1025 .It Va ip_portrange_last
1029 this is the last port in the default portrange.
1032 for more information.
1033 .It Va network_interfaces
1035 Set to the list of network interfaces to configure on this host or
1037 (the default) for all current interfaces.
1039 .Va network_interfaces
1040 variable to anything other than the default is deprecated.
1041 Interfaces that the administrator wishes to store configuration for,
1042 but not start at boot should be configured with the
1045 .Va ifconfig_ Ns Aq Ar interface
1046 variables as described below.
1049 .Va ifconfig_ Ns Aq Ar interface
1050 variable is also assumed to exist for each value of
1052 When an interface name contains any of the characters
1054 they are translated to
1057 The variable can contain arguments to
1059 as well as special case-insensitive keywords described below.
1060 Such keywords are removed before passing the value to
1062 while the order of the other arguments is preserved.
1064 One can configure more than one IPv4 address with the
1065 .Va ipv4_addrs_ Ns Aq Ar interface
1067 One or more IP addresses must be provided in Classless Inter-Domain
1068 Routing (CIDR) address notation, whose last byte can be a range like
1070 In this case the address 192.0.2.5 will be configured with the
1071 netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1072 the non-conflicting netmask /32 as explained in the
1075 With the interface in question being
1077 an example could look like:
1079 ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28"
1082 It is also possible to add IP alias entries using
1085 Assuming that the interface in question was
1088 something like this:
1090 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1091 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1096 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1097 entry that is found,
1098 its contents are passed to
1100 Execution stops at the first unsuccessful access, so if
1101 something like this is present:
1103 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1104 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1105 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1106 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1109 Then note that alias4 would
1111 be added since the search would
1112 stop with the missing
1115 Due to this difficult to manage behavior, the
1116 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1120 .Pa /etc/start_if. Ns Aq Ar interface
1121 file is present, it is read and executed by the
1124 before configuring the interface as specified in the
1125 .Va ifconfig_ Ns Aq Ar interface
1127 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1131 .Va vlans_ Ns Aq Ar interface
1135 interface will be created for each item in the list with the
1139 If a vlan interface's name is a number,
1140 then that number is used as the vlan tag and the new vlan interface is
1142 .Ar interface . Ns Ar tag .
1144 the vlan tag must be specified via a
1147 .Va create_args_ Ns Aq Ar interface
1150 To create a vlan device named
1154 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1157 ifconfig_em0_101="inet 192.0.2.1/24"
1160 To create a vlan device named
1164 with the vlan tag 102:
1167 create_args_myvlan="vlan 102"
1171 .Va wlans_ Ns Aq Ar interface
1175 interface will be created for each item in the list with the
1179 Further wlan cloning arguments may be passed to the
1182 command by setting the
1183 .Va create_args_ Ns Aq Ar interface
1187 devices must be created for each wireless devices as of
1193 may be specified with an
1194 .Va wlandebug_ Ns Aq Ar interface
1196 The contents of this variable will be passed directly to
1200 .Va ifconfig_ Ns Aq Ar interface
1201 contains the keyword
1203 then the interface will not be configured
1205 .Pa /etc/pccard_ether
1207 .Va network_interfaces
1211 It is possible to bring up an interface with DHCP by adding
1214 .Va ifconfig_ Ns Aq Ar interface
1216 For instance, to initialize the
1219 it is possible to use something like:
1224 Also, if you want to configure your wireless interface with
1225 .Xr wpa_supplicant 8
1226 for use with WPA, EAP/LEAP or WEP, you need to add
1229 .Va ifconfig_ Ns Aq Ar interface
1232 Finally, you can add
1234 options in this variable, in addition to the
1235 .Pa /etc/start_if. Ns Aq Ar interface
1237 For instance, to configure an
1239 wireless device in station mode with an address obtained
1240 via DHCP, using WPA authentication and 802.11b mode, it is
1241 possible to use something like:
1244 ifconfig_wlan0="DHCP WPA mode 11b"
1248 .Va ifconfig_ Ns Aq Ar interface
1249 form, a fallback variable
1250 .Va ifconfig_DEFAULT
1252 It will be used for all interfaces with no
1253 .Va ifconfig_ Ns Aq Ar interface
1255 This is intended to replace the no longer supported
1259 It is also possible to rename an interface by doing:
1261 ifconfig_ed0_name="net0"
1262 ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1268 .Dq Li inet6 accept_rtadv
1270 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1272 .Va ipv6_activate_all_interfaces
1276 This variable is deprecated. Use
1277 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1279 .Va ipv6_activate_all_interfaces
1285 the default address selection policy table set by
1287 will be IPv6-preferred.
1291 the default address selection policy table set by
1293 will be IPv4-preferred.
1295 This variable is deprecated. Use
1296 .Va ip6addtctl_policy
1298 .It Va ipv6_activate_all_interfaces
1301 all of interfaces which do not have the corrsponding
1302 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1303 variable will be marked as
1305 for security reason. This means only IPv6 functionality on that interface
1306 is completely disabled. For more details of
1309 .Dq Li inet6 ifdisabled ,
1319 privacy addresses will be generated for each IPv6
1320 interface as described in RFC 4193.
1321 .It Va ipv6_network_interfaces
1323 This is the IPv6 equivalent of
1324 .Va network_interfaces .
1325 Normally manual configuration of this variable is not needed.
1327 .It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1329 IPv6 functionality on an interface should be configured by
1330 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1331 instead of setting ifconfig parameters in
1332 .Va ifconfig_ Ns Aq Ar interface .
1333 Aliases should be set by
1334 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1337 keyword. For example:
1339 ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1340 ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1343 Interfaces that have an
1344 .Dq Li inet6 accept_rtadv
1346 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1347 setting will be automatically configured by
1349 Note that this automatic configuration is disabled if the
1350 .Va ipv6_gateway_enable
1353 .It Va ipv6_prefix_ Ns Aq Ar interface
1355 If one or more prefixes are defined in
1356 .Va ipv6_prefix_ Ns Aq Ar interface
1357 addresses based on each prefix and the EUI-64 interface index will be
1358 configured on that interface.
1359 .It Va ipv6_default_interface
1363 this is the default output interface for scoped addresses.
1364 This works only with ipv6_gateway_enable="NO".
1365 .It Va ip6addrctl_enable
1367 This variable is to enable configuring default address selection policy table
1369 The table can be specified in another variable
1370 .Va ip6addrctl_policy .
1372 .Va ip6addrctl_policy
1373 the following keywords can be specified:
1374 .Dq Li ipv4_prefer ,
1375 .Dq Li ipv6_prefer ,
1385 installs a pre-defined policy table described in Section 2.1
1393 is specified, it attempts to read a file
1394 .Pa /etc/ip6addrctl.conf
1395 first. If this file is found,
1397 reads and installs it. If not found, a policy is automatically set
1399 .Va ipv6_activate_all_interfaces
1400 variable; if the variable is set to
1402 the IPv6-preferred one is used. Otherwise IPv4-preferred.
1404 The default value of
1405 .Va ip6addrctl_enable
1407 .Va ip6addrctl_policy
1413 .It Va cloned_interfaces
1415 Set to the list of clonable network interfaces to create on this host.
1416 Further cloning arguments may be passed to the
1419 command for each interface by setting the
1420 .Va create_args_ Ns Aq Ar interface
1423 .Va cloned_interfaces
1424 are automatically appended to
1425 .Va network_interfaces
1427 .It Va fec_interfaces
1431 Fast EtherChannel interfaces to configure on this host.
1433 .Va fecconfig_ Ns Aq Ar interface
1434 variable is assumed to exist for each value of
1436 The value of this variable is used to configure link aggregated interfaces
1437 according to the syntax of the
1438 .Cm NGM_FEC_ADD_IFACE
1442 Additionally, this option ensures that each listed interface is created
1447 before attempting to configure it.
1450 fec_interfaces="fec0"
1451 fecconfig_fec0="em0 em1"
1452 ifconfig_fec0="DHCP"
1454 .It Va gif_interfaces
1458 tunnel interfaces to configure on this host.
1460 .Va gifconfig_ Ns Aq Ar interface
1461 variable is assumed to exist for each value of
1463 The value of this variable is used to configure the link layer of the
1464 tunnel according to the syntax of the
1468 Additionally, this option ensures that each listed interface is created
1473 before attempting to configure it.
1474 .It Va sppp_interfaces
1478 interfaces to configure on this host.
1480 .Va spppconfig_ Ns Aq Ar interface
1481 variable is assumed to exist for each value of
1483 Each interface should also be configured by a general
1484 .Va ifconfig_ Ns Aq Ar interface
1488 for more information about available options.
1498 The name of the profile to use from
1499 .Pa /etc/ppp/ppp.conf .
1500 Also used for per-profile overrides of
1505 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1506 When the profile name contains any of the characters
1508 they are translated to
1510 for the proposes of the override variable names.
1513 Mode in which to run the
1516 .It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1518 Overrides the global
1528 See the manual for a full description.
1533 enables network address translation.
1534 Used in conjunction with
1536 allows hosts on private network addresses access to the Internet using
1537 this host as a network address translating router.
1538 .It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1540 Overrides the global
1544 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1546 Set the unit number to be used for this profile.
1547 See the manual description of
1552 The name of the user under which
1560 .It Va rc_conf_files
1562 This option is used to specify a list of files that will override
1564 .Pa /etc/defaults/rc.conf .
1565 The files will be read in the order in which they are specified and should
1566 include the full path to the file.
1567 By default, the files specified are
1570 .Pa /etc/rc.conf.local
1576 will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1578 .It Va gbde_autoattach_all
1583 will attempt to automatically initialize your .bde devices in
1587 List the devices that the script should try to attach,
1592 The directory where the
1594 lockfiles are located.
1595 The default lockfile directory is
1598 The lockfile for each individual
1600 device can be overridden by setting the variable
1601 .Va gbde_lock_ Ns Aq Ar device ,
1604 is the encrypted device without the
1609 .It Va gbde_attach_attempts
1611 Number of times to attempt attaching to a
1613 device, i.e., how many times the user is asked for the pass-phrase.
1617 List of devices to automatically attach on boot.
1618 Note that .eli devices from
1620 are automatically appended to this list.
1623 Number of times user is asked for the pass-phrase.
1624 If empty, it will be taken from
1625 .Va kern.geom.eli.tries
1627 .It Va geli_default_flags
1629 Default flags to use by
1631 when configuring disk encryption.
1632 Flags can be configured for every device separately by defining
1633 .Va geli_ Ns Ao Ar device Ac Ns Va _flags
1635 .It Va geli_autodetach
1637 Specifies if GELI devices should be marked for detach on last close after
1638 file systems are mounted.
1641 This can be changed for every device separately by defining
1642 .Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1644 .It Va geli_swap_flags
1645 Options passed to the
1647 utility when encrypted GEOM providers for swap partitions are created.
1649 .Dq Li "-e aes -l 256 -s 4096 -d" .
1650 .It Va root_rw_mount
1655 After the file systems are checked at boot time, the root file system
1656 is remounted as read-write if this is set to
1658 Diskless systems that mount their root file system from a read-only remote
1659 NFS share should set this to
1663 .It Va fsck_y_enable
1668 will be run with the
1670 flag if the initial preen
1671 of the file systems fails.
1672 .It Va background_fsck
1676 the system will attempt to run
1678 in the background where possible.
1679 .It Va background_fsck_delay
1681 The amount of time in seconds to sleep before starting a background
1683 It defaults to sixty seconds to allow large applications such as
1684 the X server to start before disk I/O bandwidth is monopolized by
1686 If set to a negative number, the background file system check will be
1687 delayed indefinitely to allow the administrator to run it at a more
1689 For example it may be run from
1691 by adding a line like
1693 .Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
1699 List of file system types that are network-based.
1700 This list should generally not be modified by end users.
1702 .Va extra_netfs_types
1704 .It Va extra_netfs_types
1706 If set to something other than
1709 this variable extends the list of file system types
1710 for which automatic mounting at startup by
1712 should be delayed until the network is initialized.
1714 a whitespace-separated list of network file system descriptor pairs,
1715 each consisting of a file system type as passed to
1717 and a human-readable, one-word description,
1720 Extending the default list in this way is only necessary
1721 when third party file system types are used.
1722 .It Va syslogd_enable
1729 .It Va syslogd_program
1734 .Pa /usr/sbin/syslogd ) .
1735 .It Va syslogd_flags
1741 these are the flags to pass to
1750 .It Va inetd_program
1755 .Pa /usr/sbin/inetd ) .
1762 these are the flags to pass to
1771 .It Va hastd_program
1783 these are the flags to pass to
1792 .It Va named_program
1797 .Pa /usr/sbin/named ) .
1802 configuration file, (default
1803 .Pa /etc/namedb/named.conf ) .
1810 these are the flags to pass to
1812 .It Va named_pidfile
1814 This is the default path to the
1817 This must match the location in
1823 process should be run as.
1824 .It Va named_chrootdir
1826 The root directory for a name server run in a
1828 environment (default
1832 will not be run in a
1835 .It Va named_chroot_autoupdate
1839 to disable automatic update of the
1842 .It Va named_symlink_enable
1846 to disable symlinking of
1855 loop until working name service is established.
1856 .It Va named_wait_host
1858 Name of host to lookup for the named_wait option.
1860 .It Va named_auto_forward
1862 Set to enable automatic creation of a forwarder
1863 configuration file derived from
1864 .Pa /etc/resolv.conf .
1865 .It Va named_auto_forward_only
1867 Set to change the default forwarder configuration from
1871 .It Va kerberos5_server_enable
1875 to start a Kerberos 5 authentication server
1877 .It Va kerberos5_server
1880 .Va kerberos5_server_enable
1883 this is the path to Kerberos 5 Authentication Server.
1884 .It Va kerberos5_server_flags
1887 This variable contains additional flags to be passed to the Kerberos 5
1888 authentication server.
1889 .It Va kadmind5_server_enable
1895 the Kerberos 5 Administration Daemon; set to
1898 .It Va kadmind5_server
1901 .Va kadmind5_server_enable
1904 this is the path to Kerberos 5 Administration Daemon.
1905 .It Va kpasswdd_server_enable
1911 the Kerberos 5 Password-Changing Daemon; set to
1914 .It Va kpasswdd_server
1917 .Va kpasswdd_server_enable
1920 this is the path to Kerberos 5 Password-Changing Daemon.
1927 daemon at boot time.
1934 these are the flags to pass to it.
1941 daemon at boot time.
1948 these are the flags to pass to it.
1951 manpage for more information.
1952 .It Va amd_map_program
1955 the specified program is run to get the list of
1960 maps are stored in NIS, one can set this to
1973 will be updated at boot time to reflect the kernel release
1978 will not be updated.
1979 .It Va nfs_client_enable
1983 run the NFS client daemons at boot time.
1984 .It Va nfs_access_cache
1987 .Va nfs_client_enable
1992 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1994 results should be cached.
1995 A value of 2-10 seconds will substantially reduce network
1996 traffic for many NFS operations.
1997 .It Va nfs_server_enable
2001 run the NFS server daemons at boot time.
2002 .It Va nfs_server_flags
2005 .Va nfs_server_enable
2008 these are the flags to pass to the
2011 .It Va idmapd_enable
2015 run the ID mapping daemon for NFS version 4.
2022 these are the flags to pass to the
2025 .It Va mountd_enable
2030 .Va nfs_server_enable
2036 It is commonly needed to run CFS without real NFS used.
2043 these are the flags to pass to the
2046 .It Va weak_mountd_authentication
2050 allow services like PCNFSD to make non-privileged mount
2052 .It Va nfs_reserved_port_only
2056 provide NFS services only on a secure port.
2057 .It Va nfs_bufpackets
2059 If set to a number, indicates the number of packets worth of
2060 socket buffer space to reserve on an NFS client.
2061 The kernel default is typically 4.
2062 Using a higher number may be
2063 useful on gigabit networks to improve performance.
2064 The minimum value is
2065 2 and the maximum is 64.
2066 .It Va rpc_lockd_enable
2070 and also an NFS server or client, run
2073 .It Va rpc_lockd_flags
2076 .Va rpc_lockd_enable
2079 these are the flags to pass to the
2082 .It Va rpc_statd_enable
2086 and also an NFS server or client, run
2089 .It Va rpc_statd_flags
2092 .Va rpc_statd_enable
2095 these are the flags to pass to the
2098 .It Va rpcbind_program
2103 .Pa /usr/sbin/rpcbind ) .
2104 .It Va rpcbind_enable
2110 service at boot time.
2111 .It Va rpcbind_flags
2117 these are the flags to pass to the
2120 .It Va keyserv_enable
2126 daemon on boot for running Secure RPC.
2127 .It Va keyserv_flags
2133 these are the flags to pass to
2136 .It Va pppoed_enable
2142 daemon at boot time to provide PPP over Ethernet services.
2143 .It Va pppoed_ Ns Aq Ar provider
2146 listens to requests to this
2152 argument of the same name.
2155 Additional flags to pass to
2157 .It Va pppoed_interface
2159 The network interface to run
2162 This is mandatory when
2172 service at boot time.
2173 This command is intended for networks of
2174 machines where a consistent
2176 for all hosts must be established.
2177 This is often useful in large NFS
2178 environments where time stamps on files are expected to be consistent
2186 these are the flags to pass to the
2189 .It Va ntpdate_enable
2196 This command is intended to
2197 synchronize the system clock only
2199 from some standard reference.
2200 An option to set this up initially
2201 (from a list of known servers) is also provided by the
2203 program when the system is first installed.
2204 .It Va ntpdate_config
2206 Configuration file for
2210 .It Va ntpdate_hosts
2212 A whitespace-separated list of NTP servers to synchronize with at startup.
2213 The default is to use the servers listed in
2214 .Va ntpdate_config ,
2215 if that file exists.
2216 .It Va ntpdate_program
2221 .Pa /usr/sbin/ntpdate ) .
2222 .It Va ntpdate_flags
2228 these are the flags to pass to the
2230 command (typically a hostname).
2237 command at boot time.
2243 .Pa /usr/sbin/ntpd ) .
2257 these are the flags to pass to the
2260 .It Va ntpd_sync_on_start
2267 flag, which syncs the system's clock on startup.
2270 for more information regarding the
2273 This is a preferred alternative to using
2278 .It Va nis_client_enable
2284 service at system boot time.
2285 .It Va nis_client_flags
2288 .Va nis_client_enable
2291 these are the flags to pass to the
2294 .It Va nis_ypset_enable
2300 daemon at system boot time.
2301 .It Va nis_ypset_flags
2304 .Va nis_ypset_enable
2307 these are the flags to pass to the
2310 .It Va nis_server_enable
2316 daemon at system boot time.
2317 .It Va nis_server_flags
2320 .Va nis_server_enable
2323 these are the flags to pass to the
2326 .It Va nis_ypxfrd_enable
2332 daemon at system boot time.
2333 .It Va nis_ypxfrd_flags
2336 .Va nis_ypxfrd_enable
2339 these are the flags to pass to the
2342 .It Va nis_yppasswdd_enable
2348 daemon at system boot time.
2349 .It Va nis_yppasswdd_flags
2352 .Va nis_yppasswdd_enable
2355 these are the flags to pass to the
2358 .It Va rpc_ypupdated_enable
2364 daemon at system boot time.
2365 .It Va bsnmpd_enable
2371 daemon at system boot time.
2372 Be sure to understand the security implications of running SNMP daemon
2380 these are the flags to pass to the
2383 .It Va defaultrouter
2387 create a default route to this host name or IP address
2388 (use an IP address if this router is also required to get to the
2390 .It Va ipv6_defaultrouter
2392 The IPv6 equivalent of
2394 .It Va static_arp_pairs
2396 Set to the list of static ARP pairs that are to be added at system
2398 For each whitespace separated
2401 .Va static_arp_ Ns Aq Ar element
2402 variable is assumed to exist whose contents will later be passed to a
2407 static_arp_pairs="gw"
2408 static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2410 .It Va static_routes
2412 Set to the list of static routes that are to be added at system
2416 then for each whitespace separated
2419 .Va route_ Ns Aq Ar element
2420 variable is assumed to exist
2421 whose contents will later be passed to a
2426 static_routes="mcast gif0local"
2427 route_mcast="-net 224.0.0.0/4 -iface gif0"
2428 route_gif0local="-host 169.254.1.1 -iface lo0"
2430 .It Va ipv6_static_routes
2432 The IPv6 equivalent of
2436 then for each whitespace separated
2439 .Va ipv6_route_ Ns Aq Ar element
2440 variable is assumed to exist
2441 whose contents will later be passed to a
2442 .Dq Nm route Cm add Fl inet6
2444 .It Va natm_static_routes
2450 If not empty then for each whitespace separated
2453 .Va route_ Ns Aq Ar element
2454 variable is assumed to exist whose contents will later be passed to a
2455 .Dq Nm atmconfig Cm natm Cm add
2457 .It Va gateway_enable
2461 configure host to act as an IP router, e.g.\& to forward packets
2463 .It Va ipv6_gateway_enable
2465 The IPv6 equivalent of
2466 .Va gateway_enable .
2467 .It Va routed_enable
2471 run a routing daemon of some sort, based on the
2476 .It Va route6d_enable
2478 The IPv6 equivalent of
2482 run a routing daemon of some sort, based on the
2487 .It Va routed_program
2493 this is the name of the routing daemon to use.
2494 .It Va route6d_program
2496 The IPv6 equivalent of
2497 .Va routed_program .
2504 these are the flags to pass to the routing daemon.
2505 .It Va route6d_flags
2507 The IPv6 equivalent of
2509 .It Va mrouted_enable
2513 run the multicast routing daemon,
2515 .It Va mroute6d_enable
2517 The IPv6 equivalent of
2518 .Va mrouted_enable .
2521 run the IPv6 multicast routing daemon.
2523 Note that multicast routing daemons are no longer included in the
2525 base system, however, both
2529 may be installed from the
2532 .It Va mrouted_flags
2538 these are the flags to pass to the
2541 .It Va mroute6d_flags
2543 The IPv6 equivalent of
2549 these are the flags passed to the IPv6 multicast routing daemon.
2550 .It Va mroute6d_program
2556 this is the path to the IPv6 multicast routing daemon.
2557 .It Va rtadvd_enable
2563 daemon at boot time.
2566 .Va ipv6_gateway_enable
2571 utility sends router advertisement packets to the interfaces specified in
2572 .Va rtadvd_interfaces
2573 and should only be enabled with great care.
2574 You may want to fine-tune
2576 .It Va rtadvd_interfaces
2582 this is the list of interfaces to use.
2583 .It Va ipxgateway_enable
2587 enable the routing of IPX traffic.
2588 .It Va ipxrouted_enable
2594 daemon at system boot time.
2595 .It Va ipxrouted_flags
2598 .Va ipxrouted_enable
2601 these are the flags to pass to the
2608 enable global proxy ARP.
2609 .It Va forward_sourceroute
2617 source-routed packets are forwarded.
2618 .It Va accept_sourceroute
2622 the system will accept source-routed packets directed at it.
2629 daemon at system boot time.
2636 these are the flags to pass to the
2639 .It Va bootparamd_enable
2645 daemon at system boot time.
2646 .It Va bootparamd_flags
2649 .Va bootparamd_enable
2652 these are the flags to pass to the
2655 .It Va stf_interface_ipv4addr
2659 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2661 Specify this entry to enable the 6to4 interface.
2662 .It Va stf_interface_ipv4plen
2664 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2665 An effective value is 0-31.
2666 .It Va stf_interface_ipv6_ifid
2668 IPv6 interface ID for
2672 .It Va stf_interface_ipv6_slaid
2674 IPv6 Site Level Aggregator for
2676 .It Va ipv6_faith_prefix
2680 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
2685 .It Va ipv6_ipv4mapping
2689 this enables IPv4 mapped IPv6 address communication (like
2690 .Li ::ffff:a.b.c.d ) .
2695 to enable the configuration of ATM interfaces at system boot time.
2696 For all of the ATM variables described below, please refer to the
2698 manual page for further details on the available command parameters.
2699 Also refer to the files in
2700 .Pa /usr/share/examples/atm
2701 for more detailed configuration information.
2704 This is a list of physical ATM interface drivers to load.
2709 .It Va atm_netif_ Ns Aq Ar intf
2711 For the ATM physical interface
2713 this variable defines the name prefix and count for the ATM network
2714 interfaces to be created.
2715 The value will be passed as the parameters of an
2716 .Dq Nm atm Cm "set netif" Ar intf
2718 .It Va atm_sigmgr_ Ns Aq Ar intf
2720 For the ATM physical interface
2722 this variable defines the ATM signalling manager to be used.
2723 The value will be passed as the parameters of an
2724 .Dq Nm atm Cm attach Ar intf
2726 .It Va atm_prefix_ Ns Aq Ar intf
2728 For the ATM physical interface
2730 this variable defines the NSAP prefix for interfaces using a UNI signalling
2734 the prefix will automatically be set via the
2737 Otherwise, the value will be passed as the parameters of an
2738 .Dq Nm atm Cm "set prefix" Ar intf
2740 .It Va atm_macaddr_ Ns Aq Ar intf
2742 For the ATM physical interface
2744 this variable defines the MAC address for interfaces using a UNI signalling
2748 the hardware MAC address contained in the ATM interface card will be used.
2749 Otherwise, the value will be passed as the parameters of an
2750 .Dq Nm atm Cm "set mac" Ar intf
2752 .It Va atm_arpserver_ Ns Aq Ar netif
2754 For the ATM network interface
2756 this variable defines the ATM address for a host which is to provide ATMARP
2758 This variable is only applicable to interfaces using a UNI signalling
2762 this host will become an ATMARP server.
2763 The value will be passed as the parameters of an
2764 .Dq Nm atm Cm "set arpserver" Ar netif
2766 .It Va atm_scsparp_ Ns Aq Ar netif
2770 SCSP/ATMARP service for the network interface
2772 will be initiated using the
2777 This variable is only applicable if
2778 .Va atm_arpserver_ Ns Aq Ar netif
2783 Set to the list of ATM PVCs to be added at system
2785 For each whitespace separated
2788 .Va atm_pvc_ Ns Aq Ar element
2789 variable is assumed to exist.
2790 The value of each of these variables
2791 will be passed as the parameters of an
2792 .Dq Nm atm Cm "add pvc"
2796 Set to the list of permanent ATM ARP entries to be added
2797 at system boot time.
2798 For each whitespace separated
2801 .Va atm_arp_ Ns Aq Ar element
2802 variable is assumed to exist.
2803 The value of each of these variables
2804 will be passed as the parameters of an
2805 .Dq Nm atm Cm "add arp"
2807 .It Va natm_interfaces
2811 interfaces that will also be used for HARP through
2813 If this list is not empty all interfaces in the list will be brought up
2819 For this to work the interface drivers must be either compiled into the
2820 kernel or must reside on the root partition.
2823 The keyboard bell sound.
2830 if the default behavior is desired.
2831 For details, refer to the
2836 If set to a non-null string, the virtual console's keyboard input is
2842 no keymap is installed, otherwise the value is used to install
2844 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
2847 The keyboard repeat speed.
2854 if the default behavior is desired.
2859 attempt to program the function keys with the value.
2861 be a single string of the form:
2862 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
2865 Can be set to the value of
2868 .Dq Li destructive ,
2871 to set the cursor behavior explicitly or choose the default behavior.
2876 no screen map is installed, otherwise the value is used to install
2877 the screen map file in
2878 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
2883 the default 8x16 font value is used for screen size requests, otherwise
2885 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2891 the default 8x14 font value is used for screen size requests, otherwise
2893 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2899 the default 8x8 font value is used for screen size requests, otherwise
2901 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2907 the default screen blanking interval is used, otherwise it is set
2915 this is the actual screen saver to use
2916 .Li ( blank , snake , daemon ,
2918 .It Va moused_nondefault_enable
2922 the mouse device specified on
2923 the command line is not automatically treated as enabled by the
2924 .Pa /etc/rc.d/moused
2926 Having this variable set to
2932 to be enabled as soon as it is plugged in.
2933 .It Va moused_enable
2939 daemon is started for doing cut/paste selection on the console.
2942 This is the protocol type of the mouse connected to this host.
2943 This variable must be set if
2950 is able to detect the appropriate mouse type automatically in many cases.
2951 Set this variable to
2953 to let the daemon detect it, or
2954 select one from the following list if the automatic detection fails.
2956 If the mouse is attached to the PS/2 mouse port, choose
2960 regardless of the brand and model of the mouse.
2962 mouse is attached to the bus mouse port, choose
2966 All other protocols are for serial mice and will not work with
2967 the PS/2 and bus mice.
2968 If this is a USB mouse,
2970 is the only protocol type which will work.
2972 .Bl -tag -width ".Li x10mouseremote" -compact
2974 Microsoft mouse (serial)
2976 Microsoft IntelliMouse (serial)
2978 Mouse systems Corp.\& mouse (serial)
2980 MM Series mouse (serial)
2982 Logitech mouse (serial)
2986 Logitech MouseMan and TrackMan (serial)
2988 ALPS GlidePoint (serial)
2989 .It Li thinkingmouse
2990 Kensington ThinkingMouse (serial)
2994 MM HitTablet (serial)
2995 .It Li x10mouseremote
2996 X10 MouseRemote (serial)
2998 Interlink VersaPad (serial)
3001 Even if the mouse is not in the above list, it may be compatible
3002 with one in the list.
3003 Refer to the manual page for
3005 for compatibility information.
3007 It should also be noted that while this is enabled, any
3008 other client of the mouse (such as an X server) should access
3009 the mouse through the virtual mouse device,
3011 and configure it as a
3013 type mouse, since all
3014 mouse data is converted to this single canonical format when
3017 If the client program does not support the
3023 It is the second preferred type.
3030 this is the actual port the mouse is on.
3033 for a COM1 serial mouse,
3037 for a bus mouse, for example.
3042 is set, its value is used as an additional set of flags to pass to the
3045 .It Va "moused_" Ns Ar XXX Ns Va "_flags"
3047 .Va moused_nondefault_enable
3050 daemon is started for a non-default port, the
3051 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3052 set of options has precedence over and replaces the default
3053 .Va moused_flags (where
3055 is the name of the non-default port, i.e.\&
3058 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3059 it is possible to set up a different set of default flags for each
3062 For example, you can use
3066 to make your laptop's touchpad more comfortable to use,
3067 but an empty set of options for
3068 .Va moused_ums0_flags
3071 mouse has three or more buttons.
3072 .It Va mousechar_start
3076 the default mouse cursor character range
3077 .Li 0xd0 Ns - Ns Li 0xd3
3079 otherwise the range start is set
3084 Use if the default range is occupied in the language code table.
3085 .It Va allscreens_flags
3089 is run with these options for each of the virtual terminals
3093 will enable the mouse pointer on all virtual terminals
3098 .It Va allscreens_kbdflags
3102 is run with these options for each of the virtual terminals
3108 scrollback (history) buffer to 200 lines.
3115 daemon at system boot time.
3121 .Pa /usr/sbin/cron ) .
3128 these are the flags to pass to
3134 enable the special handling of transitions to and from the
3135 Daylight Saving Time in
3137 (equivalent to using the flag
3144 .Pa /usr/sbin/lpd ) .
3151 daemon at system boot time.
3158 these are the flags to pass to the
3161 .It Va chkprintcap_enable
3167 command before starting the
3170 .It Va chkprintcap_flags
3175 .Va chkprintcap_enable
3178 these are the flags to pass to the
3183 which causes missing directories to be created.
3184 .It Va mta_start_script
3186 This variable specifies the full path to the script to run to start
3187 a mail transfer agent.
3189 .Pa /etc/rc.sendmail .
3193 .Pa /etc/rc.sendmail
3194 uses are documented in the
3199 Indicates the device (usually a swap partition) to which a crash dump
3200 should be written in the event of a system crash.
3201 If the value of this variable is
3203 the first suitable swap device listed in
3205 will be used as dump device.
3206 Otherwise, the value of this variable is passed as the argument to
3208 To disable crash dumps, set this variable to
3212 When the system reboots after a crash and a crash dump is found on the
3213 device specified by the
3217 will save that crash dump and a copy of the kernel to the directory
3221 The default value is
3230 .It Va savecore_flags
3232 If crash dumps are enabled, these are the flags to pass to the
3239 to turn on user and group disk quotas on system startup via the
3241 command for all file systems marked as having quotas enabled in
3243 The kernel must be built with
3245 for disk quotas to function.
3250 to enable user and group disk quota checking via the
3253 .It Va quotacheck_flags
3263 these are the flags to pass to the
3268 which checks quotas for all file systems with quotas enabled in
3270 .It Va quotaon_flags
3276 these are the flags to pass to the
3281 which enables quotas for all file systems with quotas enabled in
3283 .It Va quotaoff_flags
3289 these are the flags to pass to the
3291 utility when shutting down the quota system.
3294 which disables quotas for all file systems with quotas enabled in
3296 .It Va accounting_enable
3300 to enable system accounting through the
3307 to enable iBCS2 (SCO) binary emulation at system initial boot
3309 .It Va ibcs2_loaders
3317 this specifies a list of additional iBCS2 loaders to enable.
3322 to enable Linux/ELF binary emulation at system initial
3328 enable SysVR4 emulation at boot time.
3329 .It Va sysvipc_enable
3333 load System V IPC primitives at boot time.
3334 .It Va clear_tmp_enable
3345 to disable removing of X11 lock files,
3346 and the removal and (secure) recreation
3347 of the various socket directories for X11
3349 .It Va ldconfig_paths
3351 Set to the list of shared library paths to use with
3355 will always be added first, so it need not appear in this list.
3356 .It Va ldconfig32_paths
3358 Set to the list of 32-bit compatibility shared library paths to
3361 .It Va ldconfig_paths_aout
3363 Set to the list of shared library paths to use with
3368 .It Va ldconfig_insecure
3372 utility normally refuses to use directories
3373 which are writable by anyone except root.
3374 Set this variable to
3376 to disable that security check during system startup.
3377 .It Va ldconfig_local_dirs
3379 Set to the list of local
3382 The names of all files in the directories listed will be
3383 passed as arguments to
3385 .It Va ldconfig_local32_dirs
3387 Set to the list of local 32-bit compatibility
3390 The names of all files in the directories listed will be
3391 passed as arguments to
3392 .Dq Nm ldconfig Fl 32 .
3393 .It Va kern_securelevel_enable
3397 to set the kernel security level at system startup.
3398 .It Va kern_securelevel
3400 The kernel security level to set at startup.
3401 The allowed range of
3403 ranges from \-1 (the compile time default) to 3 (the
3407 for the list of possible security levels and their effect
3408 on system operation.
3411 Path to the SSH server program
3412 .Pa ( /usr/sbin/sshd
3420 at system boot time.
3427 these are the flags to pass to the
3432 Path to the FTP server program
3433 .Pa ( /usr/libexec/ftpd
3441 as a stand-alone daemon at system boot time.
3448 these are the additional flags to pass to the
3451 .It Va watchdogd_enable
3457 daemon at boot time.
3458 This requires that the kernel have been compiled with a
3461 .It Va watchdogd_flags
3464 .Va watchdogd_enable
3467 these are the flags passed to the
3470 .It Va performance_cx_lowest
3472 CPU idle state to use while on AC power.
3477 should use the lowest power state available while
3479 indicates that the lowest latency state (less power savings) should be used.
3480 .It Va performance_cpu_freq
3482 CPU clock frequency to use while on AC power.
3487 should use the lowest frequency available while
3489 indicates that the highest frequency (less power savings) should be used.
3490 .It Va economy_cx_lowest
3492 CPU idle state to use when off AC power.
3497 should use the lowest power state available while
3499 indicates that the lowest latency state (less power savings) should be used.
3500 .It Va economy_cpu_freq
3502 CPU clock frequency to use when off AC power.
3507 should use the lowest frequency available while
3509 indicates that the highest frequency (less power savings) should be used.
3514 any configured jails will not be started.
3515 .It jail_parallel_start
3519 all configured jails will be started in the background (= in parallel).
3522 A space separated list of names for jails.
3523 This is purely a configuration aid to help identify and
3524 configure multiple jails.
3525 The names specified in this list will be used to
3526 identify settings common to an instance of a jail,
3527 and should contain alphanumeric characters only.
3528 Assuming that the jail in question was named
3530 you would have the following dependent variables:
3532 jail_vjail_hostname="jail.example.com"
3533 jail_vjail_ip="192.0.2.100"
3534 jail_vjail_rootdir="/var/jails/vjail/root"
3540 When set, use as default value for
3541 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3544 .It Va jail_interface
3547 When set, use as default value for
3548 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3554 When set, use as default value for
3555 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3558 .It Va jail_mount_enable
3566 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3569 by default for every jail in
3571 .It Va jail_devfs_ruleset
3575 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3576 to given value for every jail in
3578 .It Va jail_devfs_enable
3586 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3589 by default for every jail in
3591 .It Va jail_fdescfs_enable
3599 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3602 by default for every jail in
3604 .It Va jail_procfs_enable
3612 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3615 by default for every jail in
3617 .It Va jail_exec_prestart Ns Aq Ar N
3620 When set, use as default value for
3621 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N
3624 .It Va jail_exec_start
3627 When set, use as default value for
3628 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3631 .It Va jail_exec_afterstart Ns Aq Ar N
3634 When set, use as default value for
3635 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3638 .It Va jail_exec_poststart Ns Aq Ar N
3641 When set, use as default value for
3642 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N
3645 .It Va jail_exec_prestop Ns Aq Ar N
3648 When set, use as default value for
3649 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N
3652 .It Va jail_exec_stop
3654 When set, use as default value for
3655 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3658 .It Va jail_exec_poststop Ns Aq Ar N
3661 When set, use as default value for
3662 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N
3665 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3668 Set to the root directory used by jail
3670 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3673 Set to the fully qualified domain name (FQDN) assigned to jail
3675 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3678 Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail.
3679 The argument can be a sole address or a comma separated list of addresses.
3680 Additionally each address can be prefixed by the name of an interface
3681 followed by a pipe to overwrite
3682 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3685 and/or suffixed by a netmask, prefixlen or prefix.
3686 In case no netmask, prefixlen or prefix is given,
3688 will be used for IPv4 and
3690 will be used for an IPv6 address.
3691 If no address is given for the jail then the jail will be started with
3692 no networking support.
3693 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3696 Set additional IPv4 and/or IPv6 address(es) assigned to the jail.
3697 The sequence starts with
3699 and the numbers have to be strictly ascending.
3700 These entries follow the same syntax as their primary
3701 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3703 The order of the entries can be important as the first address for
3704 each address family found will be the primary address of the jail.
3710 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3715 These are flags to pass to
3717 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3720 When set, sets the interface to use when setting IP address alias.
3721 Note that the alias is created at jail startup and removed at jail shutdown.
3722 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3725 When set, the jail is started with the specified forwarding table (sometimes
3726 referred to as a routing table) via
3728 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3731 .Pa /etc/fstab. Ns Aq Ar jname
3733 This is the file system information file to use for jail
3735 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3742 mount all file systems from
3743 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3745 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3748 When set, defines the device file system ruleset file to use for jail
3750 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3757 mount the device file system inside jail
3760 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3767 mount the file-descriptor file system inside jail
3770 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
3777 mount the process file system inside jail
3780 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N
3783 This is the command run as
3786 before jail startup, where
3789 It is run outside the jail.
3790 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3793 .Dq Li /bin/sh /etc/rc
3795 This is the command executed in a jail at jail startup.
3796 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3799 This is the command run as
3803 after jail startup, where
3806 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N
3809 This is the command run as
3812 after jail startup, where
3815 It is run outside the jail.
3816 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N
3819 This is the command run as
3822 before jail shutdown, where
3825 It is run outside the jail.
3826 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3829 .Dq Li /bin/sh /etc/rc.shutdown
3831 This is the command executed in a jail at jail shutdown.
3832 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N
3835 This is the command run as
3838 after jail shutdown, where
3841 It is run outside the jail.
3842 .It Va jail_set_hostname_allow
3846 do not allow the root user in a jail to set its hostname.
3847 .It Va jail_socket_unixiproute_only
3851 do not allow any sockets,
3852 besides UNIX/IP/route sockets,
3853 to be used within a jail.
3854 .It Va jail_sysvipc_allow
3858 allow applications within a jail to use System V IPC.
3859 .\" -----------------------------------------------------
3860 .It Va harvest_interrupt
3864 to use hardware interrupts as an entropy source.
3867 for more information.
3868 .It Va harvest_ethernet
3872 to use LAN traffic as an entropy source.
3875 for more information.
3876 .It Va harvest_p_to_p
3880 to use serial line traffic as an entropy source.
3883 for more information.
3888 to disable caching entropy via
3890 Otherwise set to the directory used to store entropy files in.
3895 to disable caching entropy through reboots.
3896 Otherwise set to the filename used to store cached entropy through
3898 This file should be located on the root file system to seed the
3900 device as early as possible in the boot process.
3901 .It Va entropy_save_sz
3903 Size of the entropy cache files saved by
3906 .It Va entropy_save_num
3908 Number of entropy cache files to save by
3922 Configuration file for
3931 .Pa /var/run/dmesg.boot
3933 .It Va rcshutdown_timeout
3935 If set, start a watchdog timer in the background which will terminate
3939 has not completed within the specified time (in seconds).
3940 Notice that in addition to this soft timeout,
3942 also applies a hard timeout for the execution of
3944 This is configured via
3947 .Va kern.init_shutdown_timeout
3948 and defaults to 120 seconds.
3949 Setting the value of
3950 .Va rcshutdown_timeout
3951 to more than 120 seconds will have no effect until the
3954 .Va kern.init_shutdown_timeout
3956 .It Va virecover_enable
3960 to prevent the system from trying to
3961 recover pre-maturely terminated
3964 .It Va ugidfw_enable
3969 .Xr mac_bsdextended 4
3970 module upon system initialization and load a default
3972 .It Va bsdextended_script
3975 .Xr mac_bsdextended 4
3976 ruleset file to load.
3977 The default value of this variable is
3978 .Pa /etc/rc.bsdextended .
3979 .It Va newsyslog_enable
3986 .It Va newsyslog_flags
3989 .Va newsyslog_enable
3992 these are the flags to pass to the
3997 which causes log files flagged with a
4000 .It Va mdconfig_md Ns Aq Ar X
4010 must be specified and either a
4012 for malloc or swap backed
4020 .Va mdconfig_md Ns Aq Ar X
4021 variables are evaluated until one variable is unset or null.
4022 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4024 Optional arguments passed to
4030 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4032 An ownership specification passed to
4041 device and the mount point will be changed.
4042 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4044 A mode string passed to
4053 device and the mount point will be changed.
4054 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4056 Files to be copied to the mount point of the
4060 after it has been mounted.
4061 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4063 Command to execute after the specified
4068 Note that the command is passed to
4074 variables can be used to reference respectively the
4076 device and the mount point.
4081 one could set the following:
4083 mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4085 .It Va ramdisk_units
4087 A list of one or more ramdisk units to configure with
4091 in time to be mounted from
4095 must specify at least a
4098 .Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
4100 Note that this way to configure ramdisks has been deprecated
4103 variables (see above).
4104 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
4112 must be specified, where
4118 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs
4120 Optional arguments passed to
4122 to initialize ramdisk
4124 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner
4126 An ownership specification passed to
4128 after the specified ramdisk unit
4133 device and the mount point will be changed.
4134 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms
4136 A mode string passed to
4138 after the specified ramdisk unit
4143 device and the mount point will be changed.
4144 .It Va autobridge_interfaces
4146 Set to the list of bridge interfaces that will have newly arriving interfaces
4147 checked against to be automatically added.
4150 then for each whitespace separated
4153 .Va autobridge_ Ns Aq Ar element
4154 variable is assumed to exist which has a whitespace separated list of interface
4155 names to match, these names can use wildcards.
4158 autobridge_interfaces="bridge0"
4159 autobridge_bridge0="tap* dc0 vlan[345]"
4165 enable support for sound mixer.
4166 .It Va hcsecd_enable
4170 enable Bluetooth security daemon.
4171 .It Va hcsecd_config
4173 Configuration file for
4176 .Pa /etc/bluetooth/hcsecd.conf .
4181 enable Bluetooth Service Discovery Protocol daemon.
4189 .It Va sdpd_groupname
4193 group to run as after it initializes.
4196 .It Va sdpd_username
4200 user to run as after it initializes.
4203 .It Va bthidd_enable
4207 enable Bluetooth Human Interface Device daemon.
4208 .It Va bthidd_config
4210 Configuration file for
4213 .Pa /etc/bluetooth/bthidd.conf .
4216 Path to a file, where
4218 will store information about known HID devices.
4220 .Pa /var/db/bthidd.hids .
4221 .It Va rfcomm_pppd_server_enable
4225 enable Bluetooth RFCOMM PPP wrapper daemon.
4226 .It Va rfcomm_pppd_server_profile
4228 The name of the profile to use from
4229 .Pa /etc/ppp/ppp.conf .
4230 Multiple profiles can be specified here.
4231 Also used to specify per-profile overrides.
4232 When the profile name contains any of the characters
4234 they are translated to
4236 for the proposes of the override variable names.
4237 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4239 Overrides local address to listen on.
4245 The address can be specified as BD_ADDR or name.
4246 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4248 Overrides local RFCOMM channel to listen on.
4251 will listen on RFCOMM channel 1.
4252 Must set properly if multiple profiles used in the same time.
4253 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4257 if it should register Serial Port service on the specified RFCOMM channel.
4260 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4264 if it should register Dial-Up Networking service on the specified
4268 .It Va ubthidhci_enable
4272 change the USB Bluetooth controller from HID mode to HCI mode.
4273 You also need to specify the location of USB Bluetooth controller with the
4274 .Va ubthidhci_busnum
4278 .It Va ubthidhci_busnum
4279 Bus number where the USB Bluetooth controller is located.
4282 on your system to find this information.
4283 .It Va ubthidhci_addr
4284 Bus address of the USB Bluetooth controller.
4287 on your system to find this information.
4290 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4291 .It Pa /etc/defaults/rc.conf
4293 .It Pa /etc/rc.conf.local
4322 .Xr newsyslog.conf 5 ,
4390 .An Jordan K. Hubbard .