4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the system installation utility.
45 is not to run commands or perform system startup actions
47 Instead, it is included by the
48 various generic startup scripts in
50 which conditionalize their
51 internal actions according to the settings found there.
55 file is included from the file
56 .Pa /etc/defaults/rc.conf ,
57 which specifies the default settings for all the available options.
58 Options need only be specified in
60 when the system administrator wishes to override these defaults.
62 .Pa /etc/rc.conf.local
63 is used to override settings in
65 for historical reasons.
67 The sysrc(8) command provides a scripting interface to modify system
71 .Pa /etc/rc.conf.local
72 you can also place smaller configuration files for each
77 .Ao Ar dir Ac Ns Pa /rc.conf.d
78 directories specified in
80 which will be included by the
83 For jail configurations you could use the file
84 .Pa /etc/rc.conf.d/jail
85 to store jail specific configuration options.
89 .Pa /usr/local/etc/rc.d
92 .Pa /usr/local/rc.conf.d/jail
94 .Pa /opt/conf/rc.conf.d/jail
97 .Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
99 all of files in the directory will be loaded.
105 .Dq Ar name Ns Li = Ns Ar value
109 The following list provides a name and short description for each
110 variable that can be set in the
113 .Bl -tag -width indent-two
118 enable output of debug messages from rc scripts.
119 This variable can be helpful in diagnosing mistakes when
120 editing or integrating new scripts.
121 Beware that this produces copious output to the terminal and
127 disable informational messages from the rc scripts.
128 Informational messages are displayed when
129 a condition that is not serious enough to warrant a warning or
137 when faststart is used (e.g., at boot time).
138 .It Va early_late_divider
140 The name of the script that should be used as the
141 delimiter between the
145 stages of the boot process.
146 The early stage should contain all the services needed to
147 get the disks (local or remote) mounted so that the late
148 stage can include scripts contained in the directories
151 variable (see below).
152 Thus, the two likely candidates for this value are
154 for the typical system, and
156 if the system needs remote file
157 systems mounted to get access to the
159 directories; for example when
167 is likely to be an appropriate value.
168 Extreme care should be taken when changing this value,
169 and before changing it one should ensure that there are
170 adequate provisions to recover from a failed boot
171 (such as physical contact with the machine,
172 or reliable remote console access).
173 .It Va always_force_depends
177 scripts use the force_depend function to check whether required
178 services are already running, and to start them if necessary.
179 By default during boot time this check is bypassed if the
180 required service is enabled in
181 .Pa /etc/rc.conf[.local] .
182 Setting this option will bypass that check at boot time and
183 always test whether or not the service is actually running.
184 Enabling this option is likely to increase your boot time if
185 services are enabled that utilize the force_depend check.
186 .It Ao Ar name Ac Ns Va _chroot
189 to this directory before running the service.
190 .It Ao Ar name Ac Ns Va _user
192 Run the service under this user account.
193 .It Ao Ar name Ac Ns Va _group
195 Run the chrooted service under this system group.
197 setting, this setting has no effect if the service is not chrooted.
198 .It Ao Ar name Ac Ns Va _fib
202 value to run the service under.
203 .It Ao Ar name Ac Ns Va _nice
207 value to run the service under.
212 enable support for Automatic Power Management with
220 to handle APM event from userland.
221 This also enables support for APM.
228 these are the flags to pass to the
235 to handle device added, removed or unknown events from the kernel.
242 scripts at boot time.
245 Configuration file for
251 A list of kernel modules to load right after the local
253 Loading modules at this point in the boot process is
254 much faster than doing it via
255 .Pa /boot/loader.conf
256 for those modules not necessary for mounting local disk.
257 .It Va kldxref_enable
264 to automatically rebuild
269 .It Va kldxref_clobber
279 will overwrite existing
286 .It Va kldxref_module_path
291 delimited list of paths containing
303 enable the system power control facility with the
312 these are the flags to pass to the
316 Controls the creation of a
319 Always happens if set to
321 and never happens if set to
323 If set to anything else, a memory file system is created if
327 Controls the size of a created
331 Extra options passed to the
333 utility when the memory file system for
338 which inhibits the use of softupdates on
340 so that file system space is freed without delay
341 after file truncation or deletion.
344 for other options you can use in
347 Controls the creation of a
350 Always happens if set to
352 and never happens if set to
354 If set to anything else, a memory file system is created if
358 Controls the size of a created
362 Extra options passed to the
364 utility when the memory file system for
369 which inhibits the use of softupdates on
371 so that file system space is freed without delay
372 after file truncation or deletion.
375 for other options you can use in
378 Controls the automatic population of the
381 Always happens if set to
383 and never happens if set to
385 If set to anything else, a memory file system is created if
388 Note that this process requires access to certain commands in
392 is mounted on normal systems.
393 .It Va cleanvar_enable
400 List of directories to search for startup script files.
401 .It Va script_name_sep
403 The field separator to use for breaking down the list of startup script files
404 into individual filenames.
405 The default is a space.
406 It is not necessary to change this unless there are startup scripts with names
408 .It Va hostapd_enable
417 The fully qualified domain name (FQDN) of this host on the network.
418 This should almost certainly be set to something meaningful, even if
419 there is no network connection.
422 is used to set the hostname via DHCP,
423 this variable should be set to an empty string.
424 If this value remains unset when the system is done booting
425 your console login will display the default hostname of
429 The NIS domain name of this host, or
432 .It Va dhclient_program
434 Path to the DHCP client program
435 .Pa ( /sbin/dhclient ,
440 .It Va dhclient_flags
442 Additional flags to pass to the DHCP client program.
447 manpage for a description of the command line options available.
448 .It Va dhclient_flags_ Ns Aq Ar iface
449 Additional flags to pass to the DHCP client program running on
452 When specified, this variable overrides
454 .It Va background_dhclient
458 to start the DHCP client in background.
459 This can cause trouble with applications depending on
460 a working network, but it will provide a faster startup
462 .It Va background_dhclient_ Ns Aq Ar iface
463 When specified, this variable overrides the
464 .Va background_dhclient
465 variable for interface
468 .It Va synchronous_dhclient
474 synchronously at startup.
475 This behavior can be overridden on a per-interface basis by replacing
479 .Va ifconfig_ Ns Aq Ar interface
484 .It Va defaultroute_delay
486 When set to a positive value, wait up to this long after configuring
487 DHCP interfaces at startup to give the interfaces time to receive a lease.
488 .It Va firewall_enable
492 to load firewall rules at startup.
493 If the kernel was not built with
494 .Cd "options IPFIREWALL" ,
497 kernel module will be loaded.
499 .Va ipfilter_enable .
500 .It Va firewall_script
502 This variable specifies the full path to the firewall script to run.
504 .Pa /etc/rc.firewall .
507 Names the firewall type from the selection in
508 .Pa /etc/rc.firewall ,
509 or the file which contains the local firewall ruleset.
510 Valid selections from
514 .Bl -tag -width ".Li simple" -compact
516 unrestricted IP access
518 all IP services disabled, except via
521 basic protection for a workstation
523 basic protection for a LAN.
526 If a filename is specified, the full path
528 .It Va firewall_quiet
532 to disable the display of firewall rules on the console during boot.
533 .It Va firewall_logging
537 to enable firewall event logging.
538 This is equivalent to the
539 .Dv IPFIREWALL_VERBOSE
541 .It Va firewall_logif
545 to create pseudo interface
548 For more details, see
551 .It Va firewall_flags
557 specifies a filename.
558 .It Va firewall_coscripts
560 List of executables and/or rc scripts to run after firewall starts/stops.
562 .\" ----- firewall_nat_enable setting --------------------------------
563 .It Va firewall_nat_enable
575 .It Va firewall_nat_interface
581 This is the name of the public interface or IP address on which
582 kernel NAT should run.
583 .It Va firewall_nat_flags
585 Additional configuration parameters for kernel NAT should be placed here.
586 .It Va dummynet_enable
590 will automatically load the
596 .\" -------------------------------------------------------------------
597 .It Va ipfw_netflow_enable
601 will enable netflow logging via
604 By default a ipfw rule is inserted and all packets are duplicated with
605 the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
606 port using protocol version 5.
607 .It Va ipfw_netflow_hook
609 netflow hook name, must be numerical
612 .It Va ipfw_netflow_rule
617 .It Va ipfw_netflow_ip
619 Destination server ip for receiving netflow data
622 .It Va ipfw_netflow_port
624 Destination server port for receiving netflow data
627 .It Va ipfw_netflow_version
629 Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
630 .It Va ipfw_netflow_fib
632 Only match packet in FIB
634 (default is undefined meaning all FIBs).
650 sockets must be enabled in the kernel.
651 If the kernel was not built with
652 .Cd "options IPDIVERT" ,
655 kernel module will be loaded.
656 .It Va natd_interface
658 This is the name of the public interface on which
661 The interface may be given as an interface name or as an IP address.
666 flags should be placed here.
671 flag is automatically added with the above
674 .\" ----- ipfilter_enable setting --------------------------------
675 .It Va ipfilter_enable
686 Typical usage will require putting
688 ipfilter_enable="YES"
706 can be enabled independently.
710 both require at least one of
720 options IPFILTER_DEFAULT_BLOCK
723 in the kernel configuration file is a good idea, too.
724 .\" ----- ipfilter_program setting ------------------------------
725 .It Va ipfilter_program
731 .\" ----- ipfilter_rules setting --------------------------------
732 .It Va ipfilter_rules
737 This variable contains the name of the filter rule definition file.
738 The file is expected to be readable for the
741 .\" ----- ipv6_ipfilter_rules setting ---------------------------
742 .It Va ipv6_ipfilter_rules
747 This variable contains the IPv6 filter rule definition file.
748 The file is expected to be readable for the
751 .\" ----- ipfilter_flags setting --------------------------------
752 .It Va ipfilter_flags
755 This variable contains flags passed to the
758 .\" ----- ipnat_enable setting ----------------------------------
768 network address translation.
771 for a detailed discussion.
772 .\" ----- ipnat_program setting ---------------------------------
779 .\" ----- ipnat_rules setting -----------------------------------
785 This variable contains the name of the file
786 holding the network address translation definition.
787 This file is expected to be readable for the
790 .\" ----- ipnat_flags setting -----------------------------------
794 This variable contains flags passed to the
797 .\" ----- ipmon_enable setting ----------------------------------
812 Setting this variable needs setting
819 for a detailed discussion.
820 .\" ----- ipmon_program setting ---------------------------------
827 .\" ----- ipmon_flags setting -----------------------------------
833 This variable contains flags passed to the
836 Another typical example would be
837 .Dq Fl D Pa /var/log/ipflog
840 log directly to a file bypassing
843 .Pa /etc/newsyslog.conf
844 in such case like this:
846 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
848 .\" ----- ipfs_enable setting -----------------------------------
858 saving the filter and NAT state tables during shutdown
859 and reloading them during startup again.
860 Setting this variable needs setting
869 for a detailed discussion.
875 because the raised securelevel will prevent
877 from saving the state tables at shutdown time.
878 .\" ----- ipfs_program setting ----------------------------------
885 .\" ----- ipfs_flags setting ------------------------------------
889 This variable contains flags passed to the
892 .\" ----- end of added ipf hook ---------------------------------
904 Typical usage will require putting
919 into the kernel, otherwise the
920 kernel module will be loaded.
925 ruleset configuration file
940 these flags are passed to the
942 program when loading the ruleset.
952 which logs packets from the
965 .Pa /var/log/pflog ) .
967 .Pa /etc/newsyslog.conf
968 to adjust logfile rotation for this.
978 This variable contains additional flags passed to the
981 .It Va pflog_instances
983 If logging to more than one
985 interface is desired,
987 is set to the list of
989 instances that should be started at system boot time.
992 is set, for each whitespace-seperated
995 .Ao Ar element Ac Ns Va _dev
997 .Ao Ar element Ac Ns Va _logfile
998 elements are assumed to exist.
999 .Ao Ar element Ac Ns Va _dev
1002 interface to be watched by the named
1005 .Ao Ar element Ac Ns Va _logfile
1006 must contain the name of the logfile that will be used by the
1009 .It Va ftpproxy_enable
1020 packet filter in translating ftp connections.
1021 .It Va ftpproxy_flags
1024 This variable contains additional flags passed to the
1027 .It Va ftpproxy_instances
1030 If multiple instances of
1032 are desired at boot time,
1033 .Va ftpproxy_instances
1034 should contain a whitespace-seperated list of instance names.
1037 in the list, a variable named
1038 .Ao Ar element Ac Ns Va _flags
1039 should be defined, containing the command-line flags to be passed to the
1042 .It Va pfsync_enable
1051 state changes to other hosts over the network by means of
1056 must also be set then.
1057 .It Va pfsync_syncdev
1060 This variable specifies the name of the network interface
1062 should operate through.
1063 It must be set accordingly if
1067 .It Va pfsync_syncpeer
1070 This variable is optional.
1071 By default, state change messages are sent out on the synchronisation
1072 interface using IP multicast packets.
1073 The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1075 When a peer address is specified using the
1077 option, the peer address is used as a destination for the pfsync
1078 traffic, and the traffic can then be protected using
1082 manpage for more details about using
1087 .It Va pfsync_ifconfig
1090 This variable can contain additional options to be passed to the
1092 command used to set up
1094 .It Va tcp_extensions
1101 disables certain TCP options as described by
1107 might help remedy such problems with connections as randomly hanging
1108 or other weird behavior.
1109 Some network devices are known
1110 to be broken with respect to these options.
1113 Set to 0 by default.
1117 .Va net.inet.tcp.log_in_vain
1119 .Va net.inet.udp.log_in_vain ,
1124 are set to the given value.
1125 .It Va tcp_keepalive
1132 will disable probing idle TCP connections to verify that the
1133 peer is still up and reachable.
1134 .It Va tcp_drop_synfin
1141 will cause the kernel to ignore TCP frames that have both
1142 the SYN and FIN flags set.
1143 This prevents OS fingerprinting, but may
1144 break some legitimate applications.
1145 .It Va icmp_drop_redirect
1152 will cause the kernel to ignore ICMP REDIRECT packets.
1155 for more information.
1156 .It Va icmp_log_redirect
1163 will cause the kernel to log ICMP REDIRECT packets.
1165 the log messages are not rate-limited, so this option should only be used
1166 for troubleshooting networks.
1169 for more information.
1170 .It Va icmp_bmcastecho
1174 to respond to broadcast or multicast ICMP ping packets.
1177 for more information.
1178 .It Va ip_portrange_first
1182 this is the first port in the default portrange.
1185 for more information.
1186 .It Va ip_portrange_last
1190 this is the last port in the default portrange.
1193 for more information.
1194 .It Va network_interfaces
1196 Set to the list of network interfaces to configure on this host or
1198 (the default) for all current interfaces.
1200 .Va network_interfaces
1201 variable to anything other than the default is deprecated.
1202 Interfaces that the administrator wishes to store configuration for,
1203 but not start at boot should be configured with the
1206 .Va ifconfig_ Ns Aq Ar interface
1207 variables as described below.
1210 .Va ifconfig_ Ns Aq Ar interface
1211 variable is also assumed to exist for each value of
1213 When an interface name contains any of the characters
1215 they are translated to
1218 The variable can contain arguments to
1220 as well as special case-insensitive keywords described below.
1221 Such keywords are removed before passing the value to
1223 while the order of the other arguments is preserved.
1225 It is possible to add IP alias entries using
1227 syntax with the address family keyword such as
1229 Assuming that the interface in question was
1231 it might look something like this:
1233 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1234 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1237 It also possible to configure multiple IP addresses in Classless
1238 Inter-Domain Routing
1241 whose each address component can be a range like
1242 .Li inet 192.0.2.5-23/24
1244 .Li inet6 2001:db8:1-f::1/64 .
1245 This notation allows address and prefix length part only,
1246 not the other address modifiers.
1247 Note that the maximum number of the generated addresses from a range
1248 specification is limited to an integer value specified in
1249 .Va netif_ipexpand_max
1252 because a small typo can unexpectedly generate a large number of addresses.
1253 The default value is
1255 It can be increased by adding the following line into
1258 netif_ipexpand_max="4096"
1262 .Li 192.0.2.5-23/24 ,
1263 the address 192.0.2.5 will be configured with the
1264 netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1265 the non-conflicting netmask /32 as explained in the
1268 Note that this special netmask handling is only for
1270 not for the other address families such as
1273 With the interface in question being
1275 an example could look like:
1277 ifconfig_ed0_alias2="inet 192.0.2.129/27"
1278 ifconfig_ed0_alias3="inet 192.0.2.1-5/28"
1284 .Va ipv4_addrs_ Ns Aq Ar interface
1285 variable was supported for IPv4 CIDR address notation.
1286 It is now deprecated because the functionality was integrated into
1287 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1289 .Va ipv4_addrs_ Ns Aq Ar interface
1290 is still supported for backward compatibility.
1293 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1294 entry with an address family keyword,
1295 its contents are passed to
1297 Execution stops at the first unsuccessful access, so if
1298 something like this is present:
1300 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1301 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1302 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1303 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1306 Then note that alias4 would
1308 be added since the search would
1309 stop with the missing
1312 Because of this difficult to manage behavior,
1314 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1315 variable, which has the same functionality as
1316 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1317 and can have all of entries in a variable like the following:
1319 ifconfig_ed0_aliases="\\
1320 inet 127.0.0.251 netmask 0xffffffff \\
1321 inet 127.0.0.252 netmask 0xffffffff \\
1322 inet 127.0.0.253 netmask 0xffffffff \\
1323 inet 127.0.0.254 netmask 0xffffffff"
1326 It also supports CIDR notation.
1329 .Pa /etc/start_if. Ns Aq Ar interface
1330 file is present, it is read and executed by the
1333 before configuring the interface as specified in the
1334 .Va ifconfig_ Ns Aq Ar interface
1336 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1340 .Va vlans_ Ns Aq Ar interface
1344 interface will be created for each item in the list with the
1348 If a vlan interface's name is a number,
1349 then that number is used as the vlan tag and the new vlan interface is
1351 .Ar interface . Ns Ar tag .
1353 the vlan tag must be specified via a
1356 .Va create_args_ Ns Aq Ar interface
1359 To create a vlan device named
1363 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1366 ifconfig_em0_101="inet 192.0.2.1/24"
1369 To create a vlan device named
1373 with the vlan tag 102:
1376 create_args_myvlan="vlan 102"
1380 .Va wlans_ Ns Aq Ar interface
1384 interface will be created for each item in the list with the
1388 Further wlan cloning arguments may be passed to the
1391 command by setting the
1392 .Va create_args_ Ns Aq Ar interface
1396 devices must be created for each wireless devices as of
1402 may be specified with an
1403 .Va wlandebug_ Ns Aq Ar interface
1405 The contents of this variable will be passed directly to
1409 .Va ifconfig_ Ns Aq Ar interface
1410 contains the keyword
1412 then the interface will not be configured
1414 .Pa /etc/pccard_ether
1416 .Va network_interfaces
1420 It is possible to bring up an interface with DHCP by adding
1423 .Va ifconfig_ Ns Aq Ar interface
1425 For instance, to initialize the
1428 it is possible to use something like:
1433 If you want to configure your wireless interface with
1434 .Xr wpa_supplicant 8
1435 for use with WPA, EAP/LEAP or WEP, you need to add
1438 .Va ifconfig_ Ns Aq Ar interface
1441 On the other hand, if you want to configure your wireless interface with
1446 .Va ifconfig_ Ns Aq Ar interface
1449 will use the settings from
1450 .Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1452 Finally, you can add
1454 options in this variable, in addition to the
1455 .Pa /etc/start_if. Ns Aq Ar interface
1457 For instance, to configure an
1459 wireless device in station mode with an address obtained
1460 via DHCP, using WPA authentication and 802.11b mode, it is
1461 possible to use something like:
1464 ifconfig_wlan0="DHCP WPA mode 11b"
1468 .Va ifconfig_ Ns Aq Ar interface
1469 form, a fallback variable
1470 .Va ifconfig_DEFAULT
1472 It will be used for all interfaces with no
1473 .Va ifconfig_ Ns Aq Ar interface
1475 This is intended to replace the no longer supported
1479 It is also possible to rename an interface by doing:
1481 ifconfig_ed0_name="net0"
1482 ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1486 This variable is deprecated.
1488 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1490 .Va ipv6_activate_all_interfaces
1495 .Dq Li inet6 accept_rtadv
1497 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1499 .Va ipv6_activate_all_interfaces
1504 This variable is deprecated.
1506 .Va ip6addrctl_policy
1511 the default address selection policy table set by
1513 will be IPv6-preferred.
1517 the default address selection policy table set by
1519 will be IPv4-preferred.
1520 .It Va ipv6_activate_all_interfaces
1522 This controls initial configuration on IPv6-capable
1523 interfaces with no corresponding
1524 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1526 Note that it is not always necessary to set this variable to
1528 to use IPv6 functionality on
1530 In most cases, just configuring
1531 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1536 all interfaces which do not have a corresponding
1537 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1538 variable will be marked as
1541 This means that all of IPv6 functionality on that interface
1542 is completely disabled to enforce a security policy.
1543 If the variable is set to
1545 the flag will be cleared on all of the interfaces.
1547 In most cases, just defining an
1548 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1549 for an IPv6-capable interface should be sufficient.
1550 However, if an interface is added dynamically
1551 .Pq by some tunneling protocols such as PPP, for example ,
1552 it is often difficult to define the variable in advance.
1553 In such a case, configuring the
1555 flag can be disabled by setting this variable to
1558 For more details of the
1561 .Dq Li inet6 ifdisabled ,
1571 privacy addresses will be generated for each IPv6
1572 interface as described in RFC 4941.
1573 .It Va ipv6_network_interfaces
1575 This is the IPv6 equivalent of
1576 .Va network_interfaces .
1577 Normally manual configuration of this variable is not needed.
1578 .It Va ipv6_cpe_wanif
1580 If the variable is set to an interface name,
1584 .Dq inet6 -no_radr accept_rtadv
1585 will be added to the specified interface automatically before evaluating
1586 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1590 .Va net.inet6.ip6.rfc6204w3
1592 .Va net.inet6.ip6.no_radr
1595 This means the specified interface will accept ICMPv6 Router
1596 Advertisement messages on that link and add the discovered
1597 routers into the Default Router List.
1598 While the other interfaces can still accept RA messages if the
1599 .Dq inet6 accept_rtadv
1600 option is specified, adding
1601 routes into the Default Router List will be disabled by
1608 Note that ICMPv6 Router Advertisement messages will be
1610 .Va net.inet6.ip6.forwarding
1612 .Pq packet forwarding is enabled
1614 .Va net.inet6.ip6.rfc6204w3
1619 .It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1621 IPv6 functionality on an interface should be configured by
1622 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1623 instead of setting ifconfig parameters in
1624 .Va ifconfig_ Ns Aq Ar interface .
1625 If this variable is empty, all of IPv6 configurations on the
1626 specified interface by other variables such as
1627 .Va ipv6_prefix_ Ns Ao Ar interface Ac
1630 Aliases should be set by
1631 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1637 ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1638 ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1641 Interfaces that have an
1642 .Dq Li inet6 accept_rtadv
1644 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1645 setting will be automatically configured by SLAAC
1646 .Pq StateLess Address AutoConfiguration
1652 Note that a link-local address will be automatically configured in
1653 addition to the configured global-scope addresses because the IPv6
1654 specifications require it on each link.
1655 The address is calculated from the MAC address by using an algorithm
1662 If only a link-local address is needed on the interface,
1663 the following configuration can be used:
1665 ifconfig_ed0_ipv6="inet6 auto_linklocal"
1668 A link-local address can also be configured manually.
1669 This is useful for the default router address of an IPv6 router
1670 so that it does not change when the network interface
1674 ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64"
1676 .It Va ipv6_prefix_ Ns Aq Ar interface
1678 If one or more prefixes are defined in
1679 .Va ipv6_prefix_ Ns Aq Ar interface
1680 addresses based on each prefix and the EUI-64 interface index will be
1681 configured on that interface.
1682 Note that this variable will be ignored when
1683 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1686 For example, the following configuration
1688 ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0"
1691 is equivalent to the following:
1693 ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1694 ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1695 ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1696 ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1699 These Subnet-Router anycast addresses will be added only when
1700 .Va ipv6_gateway_enable
1702 .It Va ipv6_default_interface
1706 this is the default output interface for scoped addresses.
1707 This works only with ipv6_gateway_enable="NO".
1708 .It Va ip6addrctl_enable
1710 This variable is to enable configuring default address selection policy table
1712 The table can be specified in another variable
1713 .Va ip6addrctl_policy .
1715 .Va ip6addrctl_policy
1716 the following keywords can be specified:
1717 .Dq Li ipv4_prefer ,
1718 .Dq Li ipv6_prefer ,
1728 installs a pre-defined policy table described in Section 2.1
1736 is specified, it attempts to read a file
1737 .Pa /etc/ip6addrctl.conf
1739 If this file is found,
1741 reads and installs it.
1742 If not found, a policy is automatically set
1744 .Va ipv6_activate_all_interfaces
1745 variable; if the variable is set to
1747 the IPv6-preferred one is used.
1748 Otherwise IPv4-preferred.
1750 The default value of
1751 .Va ip6addrctl_enable
1753 .Va ip6addrctl_policy
1759 .It Va cloned_interfaces
1761 Set to the list of clonable network interfaces to create on this host.
1762 Further cloning arguments may be passed to the
1765 command for each interface by setting the
1766 .Va create_args_ Ns Aq Ar interface
1768 If an interface name is specified with
1771 the interface will not be destroyed even when
1773 script is invoked with
1776 This is useful when reconfiguring the interface without destroying it.
1778 .Va cloned_interfaces
1779 are automatically appended to
1780 .Va network_interfaces
1782 .It Va cloned_interfaces_sticky
1784 This variable is to globally enable functionality of
1787 .Va cloned_interfaces
1789 The default value is
1791 Even if this variable is specified to
1794 keyword can be used to override it on per interface basis.
1795 .It Va gif_interfaces
1797 This variable is deprecated in favor of
1798 .Va cloned_interfaces .
1801 tunnel interfaces to configure on this host.
1803 .Va gifconfig_ Ns Aq Ar interface
1804 variable is assumed to exist for each value of
1806 The value of this variable is used to configure the link layer of the
1807 tunnel according to the syntax of the
1811 Additionally, this option ensures that each listed interface is created
1816 before attempting to configure it.
1817 .It Va sppp_interfaces
1821 interfaces to configure on this host.
1823 .Va spppconfig_ Ns Aq Ar interface
1824 variable is assumed to exist for each value of
1826 Each interface should also be configured by a general
1827 .Va ifconfig_ Ns Aq Ar interface
1831 for more information about available options.
1841 The name of the profile to use from
1842 .Pa /etc/ppp/ppp.conf .
1843 Also used for per-profile overrides of
1848 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1849 When the profile name contains any of the characters
1851 they are translated to
1853 for the proposes of the override variable names.
1856 Mode in which to run the
1859 .It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1861 Overrides the global
1871 See the manual for a full description.
1876 enables network address translation.
1877 Used in conjunction with
1879 allows hosts on private network addresses access to the Internet using
1880 this host as a network address translating router.
1881 .It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1883 Overrides the global
1887 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1889 Set the unit number to be used for this profile.
1890 See the manual description of
1895 The name of the user under which
1903 .It Va rc_conf_files
1905 This option is used to specify a list of files that will override
1907 .Pa /etc/defaults/rc.conf .
1908 The files will be read in the order in which they are specified and should
1909 include the full path to the file.
1910 By default, the files specified are
1913 .Pa /etc/rc.conf.local
1919 will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1921 .It Va gptboot_enable
1925 .Pa /etc/rc.d/gptboot
1926 will log if the system successfully (or not) booted from a GPT partition,
1932 .It Va gbde_autoattach_all
1937 will attempt to automatically initialize your .bde devices in
1941 List the devices that the script should try to attach,
1946 The directory where the
1948 lockfiles are located.
1949 The default lockfile directory is
1952 The lockfile for each individual
1954 device can be overridden by setting the variable
1955 .Va gbde_lock_ Ns Aq Ar device ,
1958 is the encrypted device without the
1963 .It Va gbde_attach_attempts
1965 Number of times to attempt attaching to a
1967 device, i.e., how many times the user is asked for the pass-phrase.
1971 List of devices to automatically attach on boot.
1972 Note that .eli devices from
1974 are automatically appended to this list.
1977 Number of times user is asked for the pass-phrase.
1978 If empty, it will be taken from
1979 .Va kern.geom.eli.tries
1981 .It Va geli_default_flags
1983 Default flags to use by
1985 when configuring disk encryption.
1986 Flags can be configured for every device separately by defining
1987 .Va geli_ Ns Ao Ar device Ac Ns Va _flags
1989 .It Va geli_autodetach
1991 Specifies if GELI devices should be marked for detach on last close after
1992 file systems are mounted.
1995 This can be changed for every device separately by defining
1996 .Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1998 .It Va root_rw_mount
2003 After the file systems are checked at boot time, the root file system
2004 is remounted as read-write if this is set to
2006 Diskless systems that mount their root file system from a read-only remote
2007 NFS share should set this to
2011 .It Va fsck_y_enable
2016 will be run with the
2018 flag if the initial preen
2019 of the file systems fails.
2020 .It Va background_fsck
2024 the system will attempt to run
2026 in the background where possible.
2027 .It Va background_fsck_delay
2029 The amount of time in seconds to sleep before starting a background
2031 It defaults to sixty seconds to allow large applications such as
2032 the X server to start before disk I/O bandwidth is monopolized by
2034 If set to a negative number, the background file system check will be
2035 delayed indefinitely to allow the administrator to run it at a more
2037 For example it may be run from
2039 by adding a line like
2041 .Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
2047 List of file system types that are network-based.
2048 This list should generally not be modified by end users.
2050 .Va extra_netfs_types
2052 .It Va extra_netfs_types
2054 If set to something other than
2057 this variable extends the list of file system types
2058 for which automatic mounting at startup by
2060 should be delayed until the network is initialized.
2062 a whitespace-separated list of network file system descriptor pairs,
2063 each consisting of a file system type as passed to
2065 and a human-readable, one-word description,
2068 Extending the default list in this way is only necessary
2069 when third party file system types are used.
2070 .It Va syslogd_enable
2077 .It Va syslogd_program
2082 .Pa /usr/sbin/syslogd ) .
2083 .It Va syslogd_flags
2089 these are the flags to pass to
2098 .It Va inetd_program
2103 .Pa /usr/sbin/inetd ) .
2110 these are the flags to pass to
2119 .It Va hastd_program
2131 these are the flags to pass to
2133 .It Va local_unbound_enable
2139 daemon as a local caching resolver.
2144 to start a Kerberos 5 authentication server
2152 this is the path to Kerberos 5 Authentication Server.
2156 This variable contains additional flags to be passed to the Kerberos 5
2157 authentication server.
2158 .It Va kadmind_enable
2164 the Kerberos 5 Administration Daemon; set to
2167 .It Va kadmind_program
2173 this is the path to Kerberos 5 Administration Daemon.
2174 .It Va kpasswdd_enable
2180 the Kerberos 5 Password-Changing Daemon; set to
2183 .It Va kpasswdd_program
2189 this is the path to Kerberos 5 Password-Changing Daemon.
2196 the Kerberos 5 ticket forwarding daemon, at the boot time.
2202 .Pa /usr/libexec/kfd ) .
2209 daemon at boot time.
2216 these are the flags to pass to it.
2223 daemon at boot time.
2230 these are the flags to pass to it.
2233 manpage for more information.
2234 .It Va amd_map_program
2237 the specified program is run to get the list of
2242 maps are stored in NIS, one can set this to
2255 will be updated at boot time to reflect the kernel release
2260 will not be updated.
2261 .It Va nfs_client_enable
2265 run the NFS client daemons at boot time.
2266 .It Va nfs_access_cache
2269 .Va nfs_client_enable
2274 to disable NFS ACCESS RPC caching, or to the number of seconds for which
2276 results should be cached.
2277 A value of 2-10 seconds will substantially reduce network
2278 traffic for many NFS operations.
2279 .It Va nfs_server_enable
2283 run the NFS server daemons at boot time.
2284 .It Va nfs_server_flags
2287 .Va nfs_server_enable
2290 these are the flags to pass to the
2293 .It Va nfsv4_server_enable
2296 .Va nfs_server_enable
2300 .Va nfsv4_server_enable
2303 enable the server for NFSv4 as well as NFSv2 and NFSv3.
2304 .It Va nfsuserd_enable
2310 run the nfsuserd daemon, which is needed for NFSv4 in order
2311 to map between user/group names vs uid/gid numbers.
2313 .Va nfsv4_server_enable
2316 this will be forced enabled.
2317 .It Va nfsuserd_flags
2323 these are the flags to pass to the
2326 .It Va nfscbd_enable
2332 run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2339 these are the flags to pass to the
2342 .It Va mountd_enable
2347 .Va nfs_server_enable
2353 It is commonly needed to run CFS without real NFS used.
2360 these are the flags to pass to the
2363 .It Va weak_mountd_authentication
2367 allow services like PCNFSD to make non-privileged mount
2369 .It Va nfs_reserved_port_only
2373 provide NFS services only on a secure port.
2374 .It Va nfs_bufpackets
2376 If set to a number, indicates the number of packets worth of
2377 socket buffer space to reserve on an NFS client.
2378 The kernel default is typically 4.
2379 Using a higher number may be
2380 useful on gigabit networks to improve performance.
2381 The minimum value is
2382 2 and the maximum is 64.
2383 .It Va rpc_lockd_enable
2387 and also an NFS server or client, run
2390 .It Va rpc_lockd_flags
2393 .Va rpc_lockd_enable
2396 these are the flags to pass to the
2399 .It Va rpc_statd_enable
2403 and also an NFS server or client, run
2406 .It Va rpc_statd_flags
2409 .Va rpc_statd_enable
2412 these are the flags to pass to the
2415 .It Va rpcbind_program
2420 .Pa /usr/sbin/rpcbind ) .
2421 .It Va rpcbind_enable
2427 service at boot time.
2428 .It Va rpcbind_flags
2434 these are the flags to pass to the
2437 .It Va keyserv_enable
2443 daemon on boot for running Secure RPC.
2444 .It Va keyserv_flags
2450 these are the flags to pass to
2453 .It Va pppoed_enable
2459 daemon at boot time to provide PPP over Ethernet services.
2460 .It Va pppoed_ Ns Aq Ar provider
2463 listens to requests to this
2469 argument of the same name.
2472 Additional flags to pass to
2474 .It Va pppoed_interface
2476 The network interface to run
2479 This is mandatory when
2489 service at boot time.
2490 This command is intended for networks of
2491 machines where a consistent
2493 for all hosts must be established.
2494 This is often useful in large NFS
2495 environments where time stamps on files are expected to be consistent
2503 these are the flags to pass to the
2506 .It Va ntpdate_enable
2513 This command is intended to
2514 synchronize the system clock only
2516 from some standard reference.
2517 .It Va ntpdate_config
2519 Configuration file for
2523 .It Va ntpdate_hosts
2525 A whitespace-separated list of NTP servers to synchronize with at startup.
2526 The default is to use the servers listed in
2527 .Va ntpdate_config ,
2528 if that file exists.
2529 .It Va ntpdate_program
2534 .Pa /usr/sbin/ntpdate ) .
2535 .It Va ntpdate_flags
2541 these are the flags to pass to the
2543 command (typically a hostname).
2550 command at boot time.
2556 .Pa /usr/sbin/ntpd ) .
2570 these are the flags to pass to the
2573 .It Va ntpd_sync_on_start
2580 flag, which syncs the system's clock on startup.
2583 for more information regarding the
2586 This is a preferred alternative to using
2591 .It Va nis_client_enable
2597 service at system boot time.
2598 .It Va nis_client_flags
2601 .Va nis_client_enable
2604 these are the flags to pass to the
2607 .It Va nis_ypldap_enable
2613 daemon at system boot time.
2614 .It Va nis_ypldap_flags
2617 .Va nis.ypldap_enable
2620 these are the flags to pass to the
2623 .It Va nis_ypset_enable
2629 daemon at system boot time.
2630 .It Va nis_ypset_flags
2633 .Va nis_ypset_enable
2636 these are the flags to pass to the
2639 .It Va nis_server_enable
2645 daemon at system boot time.
2646 .It Va nis_server_flags
2649 .Va nis_server_enable
2652 these are the flags to pass to the
2655 .It Va nis_ypxfrd_enable
2661 daemon at system boot time.
2662 .It Va nis_ypxfrd_flags
2665 .Va nis_ypxfrd_enable
2668 these are the flags to pass to the
2671 .It Va nis_yppasswdd_enable
2677 daemon at system boot time.
2678 .It Va nis_yppasswdd_flags
2681 .Va nis_yppasswdd_enable
2684 these are the flags to pass to the
2687 .It Va rpc_ypupdated_enable
2693 daemon at system boot time.
2694 .It Va bsnmpd_enable
2700 daemon at system boot time.
2701 Be sure to understand the security implications of running SNMP daemon
2709 these are the flags to pass to the
2712 .It Va defaultrouter
2716 create a default route to this host name or IP address
2717 (use an IP address if this router is also required to get to the
2719 .It Va ipv6_defaultrouter
2721 The IPv6 equivalent of
2723 .It Va static_arp_pairs
2725 Set to the list of static ARP pairs that are to be added at system
2727 For each whitespace separated
2730 .Va static_arp_ Ns Aq Ar element
2731 variable is assumed to exist whose contents will later be passed to a
2736 static_arp_pairs="gw"
2737 static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2739 .It Va static_ndp_pairs
2741 Set to the list of static NDP pairs that are to be added at system
2743 For each whitespace separated
2746 .Va static_ndp_ Ns Aq Ar element
2747 variable is assumed to exist whose contents will later be passed to a
2752 static_ndp_pairs="gw"
2753 static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2755 .It Va static_routes
2757 Set to the list of static routes that are to be added at system
2761 then for each whitespace separated
2764 .Va route_ Ns Aq Ar element
2765 variable is assumed to exist
2766 whose contents will later be passed to a
2771 static_routes="ext mcast:gif0 gif0local:gif0"
2772 route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2773 route_mcast="-net 224.0.0.0/4 -iface gif0"
2774 route_gif0local="-host 169.254.1.1 -iface lo0"
2781 the route is specific to the interface
2783 .It Va ipv6_static_routes
2785 The IPv6 equivalent of
2789 then for each whitespace separated
2792 .Va ipv6_route_ Ns Aq Ar element
2793 variable is assumed to exist
2794 whose contents will later be passed to a
2795 .Dq Nm route Cm add Fl inet6
2797 .It Va gateway_enable
2801 configure host to act as an IP router, e.g.\& to forward packets
2803 .It Va ipv6_gateway_enable
2805 The IPv6 equivalent of
2806 .Va gateway_enable .
2807 .It Va routed_enable
2811 run a routing daemon of some sort, based on the
2816 .It Va route6d_enable
2818 The IPv6 equivalent of
2822 run a routing daemon of some sort, based on the
2827 .It Va routed_program
2833 this is the name of the routing daemon to use.
2834 .It Va route6d_program
2836 The IPv6 equivalent of
2837 .Va routed_program .
2844 these are the flags to pass to the routing daemon.
2845 .It Va route6d_flags
2847 The IPv6 equivalent of
2849 .It Va rtadvd_enable
2855 daemon at boot time.
2858 utility sends ICMPv6 Router Advertisement messages to
2859 the interfaces specified in
2860 .Va rtadvd_interfaces .
2861 This should only be enabled with great care.
2862 You may want to fine-tune
2864 .It Va rtadvd_interfaces
2870 this is the list of interfaces to use.
2875 enable global proxy ARP.
2876 .It Va forward_sourceroute
2884 source-routed packets are forwarded.
2885 .It Va accept_sourceroute
2889 the system will accept source-routed packets directed at it.
2896 daemon at system boot time.
2903 these are the flags to pass to the
2906 .It Va bootparamd_enable
2912 daemon at system boot time.
2913 .It Va bootparamd_flags
2916 .Va bootparamd_enable
2919 these are the flags to pass to the
2922 .It Va stf_interface_ipv4addr
2926 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2928 Specify this entry to enable the 6to4 interface.
2929 .It Va stf_interface_ipv4plen
2931 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2932 An effective value is 0-31.
2933 .It Va stf_interface_ipv6_ifid
2935 IPv6 interface ID for
2939 .It Va stf_interface_ipv6_slaid
2941 IPv6 Site Level Aggregator for
2943 .It Va ipv6_ipv4mapping
2947 this enables IPv4 mapped IPv6 address communication (like
2948 .Li ::ffff:a.b.c.d ) .
2949 .It Va rtsold_enable
2955 daemon to send ICMPv6 Router Solicitation messages.
2962 these are the flags to pass to
2966 For interfaces configured with the
2967 .Dq Li inet6 accept_rtadv
2968 keyword, these are the flags to pass to
2973 is mutually exclusive to
2979 The keyboard bell sound.
2986 if the default behavior is desired.
2987 For details, refer to the
2992 If set to a non-null string, the virtual console's keyboard input is
2998 no keymap is installed, otherwise the value is used to install
2999 the keymap file found in
3000 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3003 .Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3008 The keyboard repeat speed.
3015 if the default behavior is desired.
3020 attempt to program the function keys with the value.
3022 be a single string of the form:
3023 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3026 Can be set to the value of
3029 .Dq Li destructive ,
3032 to set the cursor behavior explicitly or choose the default behavior.
3037 no screen map is installed, otherwise the value is used to install
3038 the screen map file in
3039 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3040 This parameter is ignored when using
3042 as the console driver.
3047 the default 8x16 font value is used for screen size requests, otherwise
3049 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3051 .Pa /usr/share/vt/fonts/ Ns Aq Ar value
3052 is used (depending on the console driver being used).
3057 the default 8x14 font value is used for screen size requests, otherwise
3059 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3061 .Pa /usr/share/vt/fonts/ Ns Aq Ar value
3062 is used (depending on the console driver being used).
3067 the default 8x8 font value is used for screen size requests, otherwise
3069 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3071 .Pa /usr/share/vt/fonts/ Ns Aq Ar value
3072 is used (depending on the console driver being used).
3077 the default screen blanking interval is used, otherwise it is set
3085 this is the actual screen saver to use
3086 .Li ( blank , snake , daemon ,
3088 .It Va moused_nondefault_enable
3092 the mouse device specified on
3093 the command line is not automatically treated as enabled by the
3094 .Pa /etc/rc.d/moused
3096 Having this variable set to
3102 to be enabled as soon as it is plugged in.
3103 .It Va moused_enable
3109 daemon is started for doing cut/paste selection on the console.
3112 This is the protocol type of the mouse connected to this host.
3113 This variable must be set if
3120 is able to detect the appropriate mouse type automatically in many cases.
3121 Set this variable to
3123 to let the daemon detect it, or
3124 select one from the following list if the automatic detection fails.
3126 If the mouse is attached to the PS/2 mouse port, choose
3130 regardless of the brand and model of the mouse.
3132 mouse is attached to the bus mouse port, choose
3136 All other protocols are for serial mice and will not work with
3137 the PS/2 and bus mice.
3138 If this is a USB mouse,
3140 is the only protocol type which will work.
3142 .Bl -tag -width ".Li x10mouseremote" -compact
3144 Microsoft mouse (serial)
3146 Microsoft IntelliMouse (serial)
3148 Mouse systems Corp.\& mouse (serial)
3150 MM Series mouse (serial)
3152 Logitech mouse (serial)
3156 Logitech MouseMan and TrackMan (serial)
3158 ALPS GlidePoint (serial)
3159 .It Li thinkingmouse
3160 Kensington ThinkingMouse (serial)
3164 MM HitTablet (serial)
3165 .It Li x10mouseremote
3166 X10 MouseRemote (serial)
3168 Interlink VersaPad (serial)
3171 Even if the mouse is not in the above list, it may be compatible
3172 with one in the list.
3173 Refer to the manual page for
3175 for compatibility information.
3177 It should also be noted that while this is enabled, any
3178 other client of the mouse (such as an X server) should access
3179 the mouse through the virtual mouse device,
3181 and configure it as a
3183 type mouse, since all
3184 mouse data is converted to this single canonical format when
3187 If the client program does not support the
3193 It is the second preferred type.
3200 this is the actual port the mouse is on.
3203 for a COM1 serial mouse,
3207 for a bus mouse, for example.
3212 is set, its value is used as an additional set of flags to pass to the
3215 .It Va "moused_" Ns Ar XXX Ns Va "_flags"
3217 .Va moused_nondefault_enable
3220 daemon is started for a non-default port, the
3221 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3222 set of options has precedence over and replaces the default
3226 is the name of the non-default port, i.e.,\&
3229 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3230 it is possible to set up a different set of default flags for each
3233 For example, you can use
3237 to make your laptop's touchpad more comfortable to use,
3238 but an empty set of options for
3239 .Va moused_ums0_flags
3242 mouse has three or more buttons.
3243 .It Va mousechar_start
3247 the default mouse cursor character range
3248 .Li 0xd0 Ns - Ns Li 0xd3
3250 otherwise the range start is set
3255 Use if the default range is occupied in the language code table.
3256 .It Va allscreens_flags
3260 is run with these options for each of the virtual terminals
3264 will enable the mouse pointer on all virtual terminals
3269 .It Va allscreens_kbdflags
3273 is run with these options for each of the virtual terminals
3281 scrollback (history) buffer to 200 lines.
3288 daemon at system boot time.
3294 .Pa /usr/sbin/cron ) .
3301 these are the flags to pass to
3307 enable the special handling of transitions to and from the
3308 Daylight Saving Time in
3310 (equivalent to using the flag
3317 .Pa /usr/sbin/lpd ) .
3324 daemon at system boot time.
3331 these are the flags to pass to the
3334 .It Va chkprintcap_enable
3340 command before starting the
3343 .It Va chkprintcap_flags
3348 .Va chkprintcap_enable
3351 these are the flags to pass to the
3356 which causes missing directories to be created.
3357 .It Va mta_start_script
3359 This variable specifies the full path to the script to run to start
3360 a mail transfer agent.
3362 .Pa /etc/rc.sendmail .
3366 .Pa /etc/rc.sendmail
3367 uses are documented in the
3372 Indicates the device (usually a swap partition) to which a crash dump
3373 should be written in the event of a system crash.
3374 If the value of this variable is
3376 the first suitable swap device listed in
3378 will be used as dump device.
3379 Otherwise, the value of this variable is passed as the argument to
3381 To disable crash dumps, set this variable to
3389 as the system dump device.
3392 When the system reboots after a crash and a crash dump is found on the
3393 device specified by the
3397 will save that crash dump and a copy of the kernel to the directory
3401 The default value is
3410 .It Va savecore_enable
3414 disable automatic extraction of the crash dump from the
3416 .It Va savecore_flags
3418 If crash dumps are enabled, these are the flags to pass to the
3425 to turn on user and group disk quotas on system startup via the
3427 command for all file systems marked as having quotas enabled in
3429 The kernel must be built with
3431 for disk quotas to function.
3436 to enable user and group disk quota checking via the
3439 .It Va quotacheck_flags
3449 these are the flags to pass to the
3454 which checks quotas for all file systems with quotas enabled in
3456 .It Va quotaon_flags
3462 these are the flags to pass to the
3467 which enables quotas for all file systems with quotas enabled in
3469 .It Va quotaoff_flags
3475 these are the flags to pass to the
3477 utility when shutting down the quota system.
3480 which disables quotas for all file systems with quotas enabled in
3482 .It Va accounting_enable
3486 to enable system accounting through the
3493 to enable iBCS2 (SCO) binary emulation at system initial boot
3495 .It Va ibcs2_loaders
3503 this specifies a list of additional iBCS2 loaders to enable.
3504 .It Va firstboot_sentinel
3506 This variable specifies the full path to a
3509 If a file exists with this path,
3513 keyword will be run on startup and the sentinel file will be deleted
3514 after the boot process completes.
3515 The sentinel file must be located on a writable file system which is
3516 mounted no later than
3517 .Va early_late_divider
3518 to function properly.
3525 to enable Linux/ELF binary emulation at system initial
3527 .It Va sysvipc_enable
3531 load System V IPC primitives at boot time.
3532 .It Va clear_tmp_enable
3543 to disable removing of X11 lock files,
3544 and the removal and (secure) recreation
3545 of the various socket directories for X11
3547 .It Va ldconfig_paths
3549 Set to the list of shared library paths to use with
3553 will always be added first, so it need not appear in this list.
3554 .It Va ldconfig32_paths
3556 Set to the list of 32-bit compatibility shared library paths to
3559 .It Va ldconfig_paths_aout
3561 Set to the list of shared library paths to use with
3566 .It Va ldconfig_insecure
3570 utility normally refuses to use directories
3571 which are writable by anyone except root.
3572 Set this variable to
3574 to disable that security check during system startup.
3575 .It Va ldconfig_local_dirs
3577 Set to the list of local
3580 The names of all files in the directories listed will be
3581 passed as arguments to
3583 .It Va ldconfig_local32_dirs
3585 Set to the list of local 32-bit compatibility
3588 The names of all files in the directories listed will be
3589 passed as arguments to
3590 .Dq Nm ldconfig Fl 32 .
3591 .It Va kern_securelevel_enable
3595 to set the kernel security level at system startup.
3596 .It Va kern_securelevel
3598 The kernel security level to set at startup.
3599 The allowed range of
3601 ranges from \-1 (the compile time default) to 3 (the
3605 for the list of possible security levels and their effect
3606 on system operation.
3609 Path to the SSH server program
3610 .Pa ( /usr/sbin/sshd
3618 at system boot time.
3625 these are the flags to pass to the
3630 Path to the FTP server program
3631 .Pa ( /usr/libexec/ftpd
3639 as a stand-alone daemon at system boot time.
3646 these are the additional flags to pass to the
3649 .It Va watchdogd_enable
3655 daemon at boot time.
3656 This requires that the kernel have been compiled with a
3659 .It Va watchdogd_flags
3662 .Va watchdogd_enable
3665 these are the flags passed to the
3668 .It Va devfs_rulesets
3670 List of files containing sets of rules for
3672 .It Va devfs_system_ruleset
3674 Rule name(s) to apply to the system
3677 .It Va devfs_set_rulesets
3679 Pairs of already-mounted
3681 directories and rulesets that should be applied to them.
3682 For example: /mount/dev=ruleset_name
3683 .It Va devfs_load_rulesets
3685 If set, always load the default rulesets listed in
3686 .Va devfs_rulesets .
3687 .It Va performance_cx_lowest
3689 CPU idle state to use while on AC power.
3694 should use the lowest power state available while
3696 indicates that the lowest latency state (less power savings) should be used.
3697 .It Va performance_cpu_freq
3699 CPU clock frequency to use while on AC power.
3704 should use the lowest frequency available while
3706 indicates that the highest frequency (less power savings) should be used.
3707 .It Va economy_cx_lowest
3709 CPU idle state to use when off AC power.
3714 should use the lowest power state available while
3716 indicates that the lowest latency state (less power savings) should be used.
3717 .It Va economy_cpu_freq
3719 CPU clock frequency to use when off AC power.
3724 should use the lowest frequency available while
3726 indicates that the highest frequency (less power savings) should be used.
3731 any configured jails will not be started.
3734 The configuration filename used by
3737 The default value is
3738 .Pa /etc/jail.conf .
3739 .It Va jail_parallel_start
3743 all configured jails will be started in the background (in parallel).
3747 When set, use as default value for
3748 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3753 A space-delimited list of jail names.
3754 When left empty, all of the
3756 instances defined in the configuration file are started.
3757 The names specified in this list control the jail startup order.
3759 instances missing from
3761 must be started manually.
3764 parameter in the configuration file may override this list.
3765 .It Va jail_reverse_stop
3769 all configured jails in
3771 are stopped in reverse order.
3772 .It Va jail_* variables
3773 Note that older releases supported per-jail configuration via
3777 hostname of a jail named
3779 was able to be set by
3780 .Li jail_vjail_hostname .
3781 These per-jail configuration variables are now obsolete in favor of
3784 For backward compatibility,
3785 when per-jail configuration variables are defined,
3787 configuration files are created as
3788 .Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf
3791 The following per-jail parameters are handled by
3793 script out of their corresponding
3796 In addition to them, parameters in
3797 .Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3798 will be added to the configuration file.
3799 They must be a semi-colon
3807 .Bl -tag -width "host.hostname" -offset indent
3810 .Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3811 .It Li host.hostname
3813 .Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3814 .It Li exec.consolelog
3816 .Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3817 The default value is
3818 .Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3821 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
3822 .It Li vnet.interface
3824 .Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
3827 parameter will be enabled and cannot be specified with
3828 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
3829 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3831 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3835 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3838 .Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
3841 .Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3844 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
3845 The parameter name was
3847 in some older releases.
3848 .It Li exec.prestart
3850 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
3851 .It Li exec.poststart
3853 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
3856 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3859 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
3860 .It Li exec.poststop
3862 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
3865 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3867 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3868 contain IPv4 addresses
3871 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3873 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3874 contain IPv6 addresses
3877 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3880 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3881 .It Li devfs_ruleset
3883 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
3884 This must be an integer,
3886 .It Li mount.fdescfs
3888 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3889 .It Li allow.set_hostname
3891 .Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
3892 .It Li allow.rawsocket
3894 .Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
3895 .It Li allow.sysvipc
3897 .Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
3899 .\" -----------------------------------------------------
3903 representing the entropy sources
3904 you wish to harvest.
3907 for more information.
3912 to disable caching entropy via
3914 Otherwise set to the directory
3915 in which the entropy files are stored.
3919 that regularly writes and rotates
3922 will be used at boot time.
3924 .Pa /var/db/entropy .
3929 to disable caching entropy through reboots.
3930 Otherwise set to the name
3931 of a file used to store cached entropy.
3932 This file should be located
3933 on a file system that is readable
3934 before all the volumes specified in
3941 .Pa /var/db/entropy-file
3942 is found it will also be used.
3943 This will be of some use to
3945 .It Va entropy_boot_file
3950 very early caching entropy
3952 Otherwise set to the filename
3954 very early reboot cached entropy.
3955 This file should be located where
3960 The default location is
3962 .It Va entropy_save_sz
3964 Size of the entropy cache files saved by
3967 .It Va entropy_save_num
3969 Number of entropy cache files to save by
3983 Configuration file for
3992 .Pa /var/run/dmesg.boot
3994 .It Va rcshutdown_timeout
3996 If set, start a watchdog timer in the background which will terminate
4000 has not completed within the specified time (in seconds).
4001 Notice that in addition to this soft timeout,
4003 also applies a hard timeout for the execution of
4005 This is configured via
4008 .Va kern.init_shutdown_timeout
4009 and defaults to 120 seconds.
4010 Setting the value of
4011 .Va rcshutdown_timeout
4012 to more than 120 seconds will have no effect until the
4015 .Va kern.init_shutdown_timeout
4017 .It Va virecover_enable
4021 to prevent the system from trying to
4022 recover pre-maturely terminated
4025 .It Va ugidfw_enable
4030 .Xr mac_bsdextended 4
4031 module upon system initialization and load a default
4033 .It Va bsdextended_script
4036 .Xr mac_bsdextended 4
4037 ruleset file to load.
4038 The default value of this variable is
4039 .Pa /etc/rc.bsdextended .
4040 .It Va newsyslog_enable
4047 .It Va newsyslog_flags
4050 .Va newsyslog_enable
4053 these are the flags to pass to the
4058 which causes log files flagged with a
4061 .It Va mdconfig_md Ns Aq Ar X
4071 must be specified and either a
4073 for malloc or swap backed
4081 .Va mdconfig_md Ns Aq Ar X
4082 variables are evaluated until one variable is unset or null.
4083 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4085 Optional arguments passed to
4091 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4093 An ownership specification passed to
4102 device and the mount point will be changed.
4103 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4105 A mode string passed to
4114 device and the mount point will be changed.
4115 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4117 Files to be copied to the mount point of the
4121 after it has been mounted.
4122 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4124 Command to execute after the specified
4129 Note that the command is passed to
4135 variables can be used to reference respectively the
4137 device and the mount point.
4142 one could set the following:
4144 mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4146 .It Va autobridge_interfaces
4148 Set to the list of bridge interfaces that will have newly arriving interfaces
4149 checked against to be automatically added.
4152 then for each whitespace separated
4155 .Va autobridge_ Ns Aq Ar element
4156 variable is assumed to exist which has a whitespace separated list of interface
4157 names to match, these names can use wildcards.
4160 autobridge_interfaces="bridge0"
4161 autobridge_bridge0="tap* dc0 vlan[345]"
4167 enable support for sound mixer.
4168 .It Va hcsecd_enable
4172 enable Bluetooth security daemon.
4173 .It Va hcsecd_config
4175 Configuration file for
4178 .Pa /etc/bluetooth/hcsecd.conf .
4183 enable Bluetooth Service Discovery Protocol daemon.
4191 .It Va sdpd_groupname
4195 group to run as after it initializes.
4198 .It Va sdpd_username
4202 user to run as after it initializes.
4205 .It Va bthidd_enable
4209 enable Bluetooth Human Interface Device daemon.
4210 .It Va bthidd_config
4212 Configuration file for
4215 .Pa /etc/bluetooth/bthidd.conf .
4218 Path to a file, where
4220 will store information about known HID devices.
4222 .Pa /var/db/bthidd.hids .
4223 .It Va rfcomm_pppd_server_enable
4227 enable Bluetooth RFCOMM PPP wrapper daemon.
4228 .It Va rfcomm_pppd_server_profile
4230 The name of the profile to use from
4231 .Pa /etc/ppp/ppp.conf .
4232 Multiple profiles can be specified here.
4233 Also used to specify per-profile overrides.
4234 When the profile name contains any of the characters
4236 they are translated to
4238 for the proposes of the override variable names.
4239 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4241 Overrides local address to listen on.
4247 The address can be specified as BD_ADDR or name.
4248 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4250 Overrides local RFCOMM channel to listen on.
4253 will listen on RFCOMM channel 1.
4254 Must set properly if multiple profiles used in the same time.
4255 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4259 if it should register Serial Port service on the specified RFCOMM channel.
4262 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4266 if it should register Dial-Up Networking service on the specified
4270 .It Va ubthidhci_enable
4274 change the USB Bluetooth controller from HID mode to HCI mode.
4275 You also need to specify the location of USB Bluetooth controller with the
4276 .Va ubthidhci_busnum
4280 .It Va ubthidhci_busnum
4281 Bus number where the USB Bluetooth controller is located.
4284 on your system to find this information.
4285 .It Va ubthidhci_addr
4286 Bus address of the USB Bluetooth controller.
4289 on your system to find this information.
4290 .It Va netwait_enable
4294 delays the start of network-reliant services until
4296 is up and ICMP packets to a destination defined in
4299 Link state is examined first, followed by
4301 an IP address to verify network usability.
4302 If no destination can be reached or timeouts are exceeded,
4303 network services are started anyway with no guarantee that
4304 the network is usable.
4305 Use of this variable requires both
4313 This variable contains a space-delimited list of IP addresses to
4315 DNS hostnames should not be used as resolution is not guaranteed
4316 to be functional at this point.
4317 If multiple IP addresses are specified,
4318 each will be tried until one is successful or the list is exhausted.
4319 .It Va netwait_timeout
4321 Indicates the total number of seconds to perform a
4323 against each IP address in
4325 at a rate of one ping per second.
4326 If any of the pings are successful,
4327 full network connectivity is considered reliable.
4332 Defines the name of the network interface on which watch for link.
4334 is used to monitor the interface, looking for
4335 .Dq Li status: no carrier .
4336 Once gone, the link is considered up.
4339 interface if desired.
4340 .It Va netwait_if_timeout
4342 Defines the total number of seconds to wait for link to become usable,
4343 polled at a 1-second interval.
4351 rules from the defined ruleset.
4352 The kernel must be built with
4355 .Cd "options RCTL" .
4361 This variables contains the
4367 A space-separated list of configuration files used by
4369 The default value is an empty string.
4370 .It Va autofs_enable
4380 daemons at boot time.
4381 .It Va automount_flags
4387 these are the flags to pass to the
4390 By default no flags are passed.
4391 .It Va automountd_flags
4397 these are the flags to pass to the
4400 By default no flags are passed.
4401 .It Va autounmountd_flags
4407 these are the flags to pass to the
4410 By default no flags are passed.
4417 daemon at boot time.
4418 .It Va iscsid_enable
4424 daemon at boot time.
4425 .It Va iscsictl_enable
4431 utility at boot time.
4432 .It Va iscsictl_flags
4438 these are the flags to pass to the
4443 which configures sessions based on the
4448 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4449 .It Pa /etc/defaults/rc.conf
4451 .It Pa /etc/rc.conf.local
4481 .Xr newsyslog.conf 5 ,
4553 .An Jordan K. Hubbard .