4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the system installation utility,
46 is not to run commands or perform system startup actions
48 Instead, it is included by the
49 various generic startup scripts in
51 which conditionalize their
52 internal actions according to the settings found there.
56 file is included from the file
57 .Pa /etc/defaults/rc.conf ,
58 which specifies the default settings for all the available options.
59 Options need only be specified in
61 when the system administrator wishes to override these defaults.
63 .Pa /etc/rc.conf.local
64 is used to override settings in
66 for historical reasons.
68 .Pa /etc/rc.conf.local
69 you can also place smaller configuration files for each
73 directory, which will be included by the
76 For jail configurations you could use the file
77 .Pa /etc/rc.conf.d/jail
78 to store jail specific configuration options.
84 .Dq Ar name Ns Li = Ns Ar value
88 The following list provides a name and short description for each
89 variable that can be set in the
92 .Bl -tag -width indent-two
97 enable output of debug messages from rc scripts.
98 This variable can be helpful in diagnosing mistakes when
99 editing or integrating new scripts.
100 Beware that this produces copious output to the terminal and
106 disable informational messages from the rc scripts.
107 Informational messages are displayed when
108 a condition that is not serious enough to warrant a warning or
116 when faststart is used (e.g., at boot time).
117 .It Va early_late_divider
119 The name of the script that should be used as the
120 delimiter between the
124 stages of the boot process.
125 The early stage should contain all the services needed to
126 get the disks (local or remote) mounted so that the late
127 stage can include scripts contained in the directories
130 variable (see below).
131 Thus, the two likely candidates for this value are
133 for the typical system, and
135 if the system needs remote file
136 systems mounted to get access to the
138 directories; for example when
146 is likely to be an appropriate value.
147 Extreme care should be taken when changing this value,
148 and before changing it one should ensure that there are
149 adequate provisions to recover from a failed boot
150 (such as physical contact with the machine,
151 or reliable remote console access).
156 no swapfile is installed, otherwise the value is used as the full
157 pathname to a file to use for additional swap space.
162 enable support for Automatic Power Management with
170 to handle APM event from userland.
171 This also enables support for APM.
178 these are the flags to pass to the
185 to handle device added, removed or unknown events from the kernel.
192 scripts at boot time.
195 Configuration file for
199 .It Va kldxref_enable
206 to automatically rebuild
211 .It Va kldxref_clobber
221 will overwrite existing
228 .It Va kldxref_module_path
233 delimited list of paths containing
245 enable the system power control facility with the
254 these are the flags to pass to the
258 Controls the creation of a
261 Always happens if set to
263 and never happens if set to
265 If set to anything else, a memory file system is created if
269 Controls the size of a created
273 Extra options passed to the
275 utility when the memory file system for
280 which inhibits the use of softupdates on
282 so that file system space is freed without delay
283 after file truncation or deletion.
286 for other options you can use in
289 Controls the creation of a
292 Always happens if set to
294 and never happens if set to
296 If set to anything else, a memory file system is created if
300 Controls the size of a created
304 Extra options passed to the
306 utility when the memory file system for
311 which inhibits the use of softupdates on
313 so that file system space is freed without delay
314 after file truncation or deletion.
317 for other options you can use in
320 Controls the automatic population of the
323 Always happens if set to
325 and never happens if set to
327 If set to anything else, a memory file system is created if
330 Note that this process requires access to certain commands in
334 is mounted on normal systems.
335 .It Va cleanvar_enable
342 List of directories to search for startup script files.
343 .It Va script_name_sep
345 The field separator to use for breaking down the list of startup script files
346 into individual filenames.
347 The default is a space.
348 It is not necessary to change this unless there are startup scripts with names
350 .It Va hostapd_enable
359 The fully qualified domain name (FQDN) of this host on the network.
360 This should almost certainly be set to something meaningful, even if
361 there is no network connection.
364 is used to set the hostname via DHCP,
365 this variable should be set to an empty string.
366 If this value remains unset when the system is done booting
367 your console login will display the default hostname of
371 The NIS domain name of this host, or
374 .It Va dhclient_program
376 Path to the DHCP client program
377 .Pa ( /sbin/dhclient ,
382 .It Va dhclient_flags
384 Additional flags to pass to the DHCP client program.
389 manpage for a description of the command line options available.
390 .It Va dhclient_flags_ Ns Aq Ar iface
391 Additional flags to pass to the DHCP client program running on
394 When specified, this variable overrides
396 .It Va background_dhclient
400 to start the DHCP client in background.
401 This can cause trouble with applications depending on
402 a working network, but it will provide a faster startup
404 .It Va background_dhclient_ Ns Aq Ar iface
405 When specified, this variable overrides the
406 .Va background_dhclient
407 variable for interface
410 .It Va synchronous_dhclient
416 synchronously at startup.
417 This behavior can be overridden on a per-interface basis by replacing
421 .Va ifconfig_ Ns Aq Ar interface
426 .It Va defaultroute_delay
428 When set to a positive value, wait up to this long after configuring
429 DHCP interfaces at startup to give the interfaces time to receive a lease.
430 .It Va firewall_enable
434 to load firewall rules at startup.
435 If the kernel was not built with
436 .Cd "options IPFIREWALL" ,
439 kernel module will be loaded.
441 .Va ipfilter_enable .
442 .It Va firewall_script
444 This variable specifies the full path to the firewall script to run.
446 .Pa /etc/rc.firewall .
449 Names the firewall type from the selection in
450 .Pa /etc/rc.firewall ,
451 or the file which contains the local firewall ruleset.
452 Valid selections from
456 .Bl -tag -width ".Li simple" -compact
458 unrestricted IP access
460 all IP services disabled, except via
463 basic protection for a workstation
465 basic protection for a LAN.
468 If a filename is specified, the full path
470 .It Va firewall_quiet
474 to disable the display of firewall rules on the console during boot.
475 .It Va firewall_logging
479 to enable firewall event logging.
480 This is equivalent to the
481 .Dv IPFIREWALL_VERBOSE
483 .It Va firewall_flags
489 specifies a filename.
490 .It Va firewall_coscripts
492 List of executables and/or rc scripts to run after firewall starts/stops.
494 .\" ----- firewall_nat_enable setting --------------------------------
495 .It Va firewall_nat_enable
507 .It Va firewall_nat_interface
513 This is the name of the public interface or IP address on which
514 kernel NAT should run.
515 .It Va firewall_nat_flags
517 Additional configuration parameters for kernel NAT should be placed here.
518 .It Va dummynet_enable
522 will automatically load the
528 .\" -------------------------------------------------------------------
544 sockets must be enabled in the kernel.
545 If the kernel was not built with
546 .Cd "options IPDIVERT" ,
549 kernel module will be loaded.
550 .It Va natd_interface
552 This is the name of the public interface on which
555 The interface may be given as an interface name or as an IP address.
560 flags should be placed here.
565 flag is automatically added with the above
568 .\" ----- ipfilter_enable setting --------------------------------
569 .It Va ipfilter_enable
580 Typical usage will require putting
582 ipfilter_enable="YES"
600 can be enabled independently.
604 both require at least one of
614 options IPFILTER_DEFAULT_BLOCK
617 in the kernel configuration file is a good idea, too.
618 .\" ----- ipfilter_program setting ------------------------------
619 .It Va ipfilter_program
625 .\" ----- ipfilter_rules setting --------------------------------
626 .It Va ipfilter_rules
631 This variable contains the name of the filter rule definition file.
632 The file is expected to be readable for the
635 .\" ----- ipv6_ipfilter_rules setting ---------------------------
636 .It Va ipv6_ipfilter_rules
641 This variable contains the IPv6 filter rule definition file.
642 The file is expected to be readable for the
645 .\" ----- ipfilter_flags setting --------------------------------
646 .It Va ipfilter_flags
649 This variable contains flags passed to the
652 .\" ----- ipnat_enable setting ----------------------------------
662 network address translation.
665 for a detailed discussion.
666 .\" ----- ipnat_program setting ---------------------------------
673 .\" ----- ipnat_rules setting -----------------------------------
679 This variable contains the name of the file
680 holding the network address translation definition.
681 This file is expected to be readable for the
684 .\" ----- ipnat_flags setting -----------------------------------
688 This variable contains flags passed to the
691 .\" ----- ipmon_enable setting ----------------------------------
706 Setting this variable needs setting
713 for a detailed discussion.
714 .\" ----- ipmon_program setting ---------------------------------
721 .\" ----- ipmon_flags setting -----------------------------------
727 This variable contains flags passed to the
730 Another typical example would be
731 .Dq Fl D Pa /var/log/ipflog
734 log directly to a file bypassing
737 .Pa /etc/newsyslog.conf
738 in such case like this:
740 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
742 .\" ----- ipfs_enable setting -----------------------------------
752 saving the filter and NAT state tables during shutdown
753 and reloading them during startup again.
754 Setting this variable needs setting
763 for a detailed discussion.
769 because the raised securelevel will prevent
771 from saving the state tables at shutdown time.
772 .\" ----- ipfs_program setting ----------------------------------
779 .\" ----- ipfs_flags setting ------------------------------------
783 This variable contains flags passed to the
786 .\" ----- end of added ipf hook ---------------------------------
798 Typical usage will require putting
813 into the kernel, otherwise the
814 kernel module will be loaded.
819 ruleset configuration file
834 these flags are passed to the
836 program when loading the ruleset.
846 which logs packets from the
859 .Pa /var/log/pflog ) .
861 .Pa /etc/newsyslog.conf
862 to adjust logfile rotation for this.
872 This variable contains additional flags passed to the
875 .It Va ftpproxy_enable
886 packet filter in translating ftp connections.
887 .It Va ftpproxy_flags
890 This variable contains additional flags passed to the
902 state changes to other hosts over the network by means of
907 must also be set then.
908 .It Va pfsync_syncdev
911 This variable specifies the name of the network interface
913 should operate through.
914 It must be set accordingly if
918 .It Va pfsync_syncpeer
921 This variable is optional.
922 By default, state change messages are sent out on the synchronisation
923 interface using IP multicast packets.
924 The protocol is IP protocol 240, PFSYNC, and the multicast group used is
926 When a peer address is specified using the
928 option, the peer address is used as a destination for the pfsync
929 traffic, and the traffic can then be protected using
933 manpage for more details about using
938 .It Va pfsync_ifconfig
941 This variable can contain additional options to be passed to the
943 command used to set up
945 .It Va tcp_extensions
952 disables certain TCP options as described by
958 might help remedy such problems with connections as randomly hanging
959 or other weird behavior.
960 Some network devices are known
961 to be broken with respect to these options.
968 .Va net.inet.tcp.log_in_vain
970 .Va net.inet.udp.log_in_vain ,
975 are set to the given value.
983 will disable probing idle TCP connections to verify that the
984 peer is still up and reachable.
985 .It Va tcp_drop_synfin
992 will cause the kernel to ignore TCP frames that have both
993 the SYN and FIN flags set.
994 This prevents OS fingerprinting, but may
995 break some legitimate applications.
996 .It Va icmp_drop_redirect
1003 will cause the kernel to ignore ICMP REDIRECT packets.
1006 for more information.
1007 .It Va icmp_log_redirect
1014 will cause the kernel to log ICMP REDIRECT packets.
1016 the log messages are not rate-limited, so this option should only be used
1017 for troubleshooting networks.
1020 for more information.
1021 .It Va icmp_bmcastecho
1025 to respond to broadcast or multicast ICMP ping packets.
1028 for more information.
1029 .It Va ip_portrange_first
1033 this is the first port in the default portrange.
1036 for more information.
1037 .It Va ip_portrange_last
1041 this is the last port in the default portrange.
1044 for more information.
1045 .It Va network_interfaces
1047 Set to the list of network interfaces to configure on this host or
1049 (the default) for all current interfaces.
1051 .Va network_interfaces
1052 variable to anything other than the default is deprecated.
1053 Interfaces that the administrator wishes to store configuration for,
1054 but not start at boot should be configured with the
1057 .Va ifconfig_ Ns Aq Ar interface
1058 variables as described below.
1061 .Va ifconfig_ Ns Aq Ar interface
1062 variable is also assumed to exist for each value of
1064 When an interface name contains any of the characters
1066 they are translated to
1069 The variable can contain arguments to
1071 as well as special case-insensitive keywords described below.
1072 Such keywords are removed before passing the value to
1074 while the order of the other arguments is preserved.
1076 One can configure more than one IPv4 address with the
1077 .Va ipv4_addrs_ Ns Aq Ar interface
1079 One or more IP addresses must be provided in Classless Inter-Domain
1080 Routing (CIDR) address notation, whose last byte can be a range like
1082 In this case the address 192.0.2.5 will be configured with the
1083 netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1084 the non-conflicting netmask /32 as explained in the
1087 With the interface in question being
1089 an example could look like:
1091 ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28"
1094 It is also possible to add IP alias entries using
1097 Assuming that the interface in question was
1100 something like this:
1102 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1103 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1108 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1109 entry that is found,
1110 its contents are passed to
1112 Execution stops at the first unsuccessful access, so if
1113 something like this is present:
1115 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1116 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1117 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1118 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1121 Then note that alias4 would
1123 be added since the search would
1124 stop with the missing
1127 Due to this difficult to manage behavior, the
1128 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1132 .Pa /etc/start_if. Ns Aq Ar interface
1133 file is present, it is read and executed by the
1136 before configuring the interface as specified in the
1137 .Va ifconfig_ Ns Aq Ar interface
1139 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1143 .Va vlans_ Ns Aq Ar interface
1147 interface will be created for each item in the list with the
1151 If a vlan interface's name is a number,
1152 then that number is used as the vlan tag and the new vlan interface is
1154 .Ar interface . Ns Ar tag .
1156 the vlan tag must be specified via a
1159 .Va create_args_ Ns Aq Ar interface
1162 To create a vlan device named
1166 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1169 ifconfig_em0_101="inet 192.0.2.1/24"
1172 To create a vlan device named
1176 with the vlan tag 102:
1179 create_args_myvlan="vlan 102"
1183 .Va wlans_ Ns Aq Ar interface
1187 interface will be created for each item in the list with the
1191 Further wlan cloning arguments may be passed to the
1194 command by setting the
1195 .Va create_args_ Ns Aq Ar interface
1199 devices must be created for each wireless devices as of
1205 may be specified with an
1206 .Va wlandebug_ Ns Aq Ar interface
1208 The contents of this variable will be passed directly to
1212 .Va ifconfig_ Ns Aq Ar interface
1213 contains the keyword
1215 then the interface will not be configured
1217 .Pa /etc/pccard_ether
1219 .Va network_interfaces
1223 It is possible to bring up an interface with DHCP by adding
1226 .Va ifconfig_ Ns Aq Ar interface
1228 For instance, to initialize the
1231 it is possible to use something like:
1236 Also, if you want to configure your wireless interface with
1237 .Xr wpa_supplicant 8
1238 for use with WPA, EAP/LEAP or WEP, you need to add
1241 .Va ifconfig_ Ns Aq Ar interface
1244 Finally, you can add
1246 options in this variable, in addition to the
1247 .Pa /etc/start_if. Ns Aq Ar interface
1249 For instance, to configure an
1251 wireless device in station mode with an address obtained
1252 via DHCP, using WPA authentication and 802.11b mode, it is
1253 possible to use something like:
1256 ifconfig_wlan0="DHCP WPA mode 11b"
1260 .Va ifconfig_ Ns Aq Ar interface
1261 form, a fallback variable
1262 .Va ifconfig_DEFAULT
1264 It will be used for all interfaces with no
1265 .Va ifconfig_ Ns Aq Ar interface
1267 This is intended to replace the no longer supported
1271 It is also possible to rename an interface by doing:
1273 ifconfig_ed0_name="net0"
1274 ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1280 .Dq Li inet6 accept_rtadv
1282 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1284 .Va ipv6_activate_all_interfaces
1288 This variable is deprecated. Use
1289 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1291 .Va ipv6_activate_all_interfaces
1297 the default address selection policy table set by
1299 will be IPv6-preferred.
1303 the default address selection policy table set by
1305 will be IPv4-preferred.
1307 This variable is deprecated. Use
1308 .Va ip6addrctl_policy
1310 .It Va ipv6_activate_all_interfaces
1313 all of interfaces which do not have the corrsponding
1314 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1315 variable will be marked as
1317 for security reason. This means only IPv6 functionality on that interface
1318 is completely disabled. For more details of
1321 .Dq Li inet6 ifdisabled ,
1331 privacy addresses will be generated for each IPv6
1332 interface as described in RFC 4193.
1333 .It Va ipv6_network_interfaces
1335 This is the IPv6 equivalent of
1336 .Va network_interfaces .
1337 Normally manual configuration of this variable is not needed.
1339 .It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1341 IPv6 functionality on an interface should be configured by
1342 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1343 instead of setting ifconfig parameters in
1344 .Va ifconfig_ Ns Aq Ar interface .
1345 Aliases should be set by
1346 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1349 keyword. For example:
1351 ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1352 ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1355 Interfaces that have an
1356 .Dq Li inet6 accept_rtadv
1358 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1359 setting will be automatically configured by
1361 Note that this automatic configuration is disabled if the
1362 .Va ipv6_gateway_enable
1365 .It Va ipv6_prefix_ Ns Aq Ar interface
1367 If one or more prefixes are defined in
1368 .Va ipv6_prefix_ Ns Aq Ar interface
1369 addresses based on each prefix and the EUI-64 interface index will be
1370 configured on that interface.
1371 .It Va ipv6_default_interface
1375 this is the default output interface for scoped addresses.
1376 This works only with ipv6_gateway_enable="NO".
1377 .It Va ip6addrctl_enable
1379 This variable is to enable configuring default address selection policy table
1381 The table can be specified in another variable
1382 .Va ip6addrctl_policy .
1384 .Va ip6addrctl_policy
1385 the following keywords can be specified:
1386 .Dq Li ipv4_prefer ,
1387 .Dq Li ipv6_prefer ,
1397 installs a pre-defined policy table described in Section 2.1
1405 is specified, it attempts to read a file
1406 .Pa /etc/ip6addrctl.conf
1407 first. If this file is found,
1409 reads and installs it. If not found, a policy is automatically set
1411 .Va ipv6_activate_all_interfaces
1412 variable; if the variable is set to
1414 the IPv6-preferred one is used. Otherwise IPv4-preferred.
1416 The default value of
1417 .Va ip6addrctl_enable
1419 .Va ip6addrctl_policy
1425 .It Va cloned_interfaces
1427 Set to the list of clonable network interfaces to create on this host.
1428 Further cloning arguments may be passed to the
1431 command for each interface by setting the
1432 .Va create_args_ Ns Aq Ar interface
1435 .Va cloned_interfaces
1436 are automatically appended to
1437 .Va network_interfaces
1439 .It Va fec_interfaces
1443 Fast EtherChannel interfaces to configure on this host.
1445 .Va fecconfig_ Ns Aq Ar interface
1446 variable is assumed to exist for each value of
1448 The value of this variable is used to configure link aggregated interfaces
1449 according to the syntax of the
1450 .Cm NGM_FEC_ADD_IFACE
1454 Additionally, this option ensures that each listed interface is created
1459 before attempting to configure it.
1462 fec_interfaces="fec0"
1463 fecconfig_fec0="em0 em1"
1464 ifconfig_fec0="DHCP"
1466 .It Va gif_interfaces
1470 tunnel interfaces to configure on this host.
1472 .Va gifconfig_ Ns Aq Ar interface
1473 variable is assumed to exist for each value of
1475 The value of this variable is used to configure the link layer of the
1476 tunnel according to the syntax of the
1480 Additionally, this option ensures that each listed interface is created
1485 before attempting to configure it.
1486 .It Va sppp_interfaces
1490 interfaces to configure on this host.
1492 .Va spppconfig_ Ns Aq Ar interface
1493 variable is assumed to exist for each value of
1495 Each interface should also be configured by a general
1496 .Va ifconfig_ Ns Aq Ar interface
1500 for more information about available options.
1510 The name of the profile to use from
1511 .Pa /etc/ppp/ppp.conf .
1512 Also used for per-profile overrides of
1517 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1518 When the profile name contains any of the characters
1520 they are translated to
1522 for the proposes of the override variable names.
1525 Mode in which to run the
1528 .It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1530 Overrides the global
1540 See the manual for a full description.
1545 enables network address translation.
1546 Used in conjunction with
1548 allows hosts on private network addresses access to the Internet using
1549 this host as a network address translating router.
1550 .It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1552 Overrides the global
1556 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1558 Set the unit number to be used for this profile.
1559 See the manual description of
1564 The name of the user under which
1572 .It Va rc_conf_files
1574 This option is used to specify a list of files that will override
1576 .Pa /etc/defaults/rc.conf .
1577 The files will be read in the order in which they are specified and should
1578 include the full path to the file.
1579 By default, the files specified are
1582 .Pa /etc/rc.conf.local
1588 will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1590 .It Va gptboot_enable
1594 .Pa /etc/rc.d/gptboot
1595 will log if the system successfully (or not) booted from a GPT partition,
1601 .It Va gbde_autoattach_all
1606 will attempt to automatically initialize your .bde devices in
1610 List the devices that the script should try to attach,
1615 The directory where the
1617 lockfiles are located.
1618 The default lockfile directory is
1621 The lockfile for each individual
1623 device can be overridden by setting the variable
1624 .Va gbde_lock_ Ns Aq Ar device ,
1627 is the encrypted device without the
1632 .It Va gbde_attach_attempts
1634 Number of times to attempt attaching to a
1636 device, i.e., how many times the user is asked for the pass-phrase.
1640 List of devices to automatically attach on boot.
1641 Note that .eli devices from
1643 are automatically appended to this list.
1646 Number of times user is asked for the pass-phrase.
1647 If empty, it will be taken from
1648 .Va kern.geom.eli.tries
1650 .It Va geli_default_flags
1652 Default flags to use by
1654 when configuring disk encryption.
1655 Flags can be configured for every device separately by defining
1656 .Va geli_ Ns Ao Ar device Ac Ns Va _flags
1658 .It Va geli_autodetach
1660 Specifies if GELI devices should be marked for detach on last close after
1661 file systems are mounted.
1664 This can be changed for every device separately by defining
1665 .Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1667 .It Va geli_swap_flags
1668 Options passed to the
1670 utility when encrypted GEOM providers for swap partitions are created.
1672 .Dq Li "-e aes -l 256 -s 4096 -d" .
1673 .It Va root_rw_mount
1678 After the file systems are checked at boot time, the root file system
1679 is remounted as read-write if this is set to
1681 Diskless systems that mount their root file system from a read-only remote
1682 NFS share should set this to
1686 .It Va fsck_y_enable
1691 will be run with the
1693 flag if the initial preen
1694 of the file systems fails.
1695 .It Va background_fsck
1699 the system will attempt to run
1701 in the background where possible.
1702 .It Va background_fsck_delay
1704 The amount of time in seconds to sleep before starting a background
1706 It defaults to sixty seconds to allow large applications such as
1707 the X server to start before disk I/O bandwidth is monopolized by
1709 If set to a negative number, the background file system check will be
1710 delayed indefinitely to allow the administrator to run it at a more
1712 For example it may be run from
1714 by adding a line like
1716 .Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
1722 List of file system types that are network-based.
1723 This list should generally not be modified by end users.
1725 .Va extra_netfs_types
1727 .It Va extra_netfs_types
1729 If set to something other than
1732 this variable extends the list of file system types
1733 for which automatic mounting at startup by
1735 should be delayed until the network is initialized.
1737 a whitespace-separated list of network file system descriptor pairs,
1738 each consisting of a file system type as passed to
1740 and a human-readable, one-word description,
1743 Extending the default list in this way is only necessary
1744 when third party file system types are used.
1745 .It Va syslogd_enable
1752 .It Va syslogd_program
1757 .Pa /usr/sbin/syslogd ) .
1758 .It Va syslogd_flags
1764 these are the flags to pass to
1773 .It Va inetd_program
1778 .Pa /usr/sbin/inetd ) .
1785 these are the flags to pass to
1794 .It Va hastd_program
1806 these are the flags to pass to
1815 .It Va named_program
1820 .Pa /usr/sbin/named ) .
1825 configuration file, (default
1826 .Pa /etc/namedb/named.conf ) .
1833 these are the flags to pass to
1835 .It Va named_pidfile
1837 This is the default path to the
1840 This must match the location in
1846 process should be run as.
1847 .It Va named_chrootdir
1849 The root directory for a name server run in a
1851 environment (default
1855 will not be run in a
1858 .It Va named_chroot_autoupdate
1862 to disable automatic update of the
1865 .It Va named_symlink_enable
1869 to disable symlinking of
1878 loop until working name service is established.
1879 .It Va named_wait_host
1881 Name of host to lookup for the named_wait option.
1883 .It Va named_auto_forward
1885 Set to enable automatic creation of a forwarder
1886 configuration file derived from
1887 .Pa /etc/resolv.conf .
1888 .It Va named_auto_forward_only
1890 Set to change the default forwarder configuration from
1894 .It Va kerberos5_server_enable
1898 to start a Kerberos 5 authentication server
1900 .It Va kerberos5_server
1903 .Va kerberos5_server_enable
1906 this is the path to Kerberos 5 Authentication Server.
1907 .It Va kerberos5_server_flags
1910 This variable contains additional flags to be passed to the Kerberos 5
1911 authentication server.
1912 .It Va kadmind5_server_enable
1918 the Kerberos 5 Administration Daemon; set to
1921 .It Va kadmind5_server
1924 .Va kadmind5_server_enable
1927 this is the path to Kerberos 5 Administration Daemon.
1928 .It Va kpasswdd_server_enable
1934 the Kerberos 5 Password-Changing Daemon; set to
1937 .It Va kpasswdd_server
1940 .Va kpasswdd_server_enable
1943 this is the path to Kerberos 5 Password-Changing Daemon.
1950 daemon at boot time.
1957 these are the flags to pass to it.
1964 daemon at boot time.
1971 these are the flags to pass to it.
1974 manpage for more information.
1975 .It Va amd_map_program
1978 the specified program is run to get the list of
1983 maps are stored in NIS, one can set this to
1996 will be updated at boot time to reflect the kernel release
2001 will not be updated.
2002 .It Va nfs_client_enable
2006 run the NFS client daemons at boot time.
2007 .It Va nfs_access_cache
2010 .Va nfs_client_enable
2015 to disable NFS ACCESS RPC caching, or to the number of seconds for which
2017 results should be cached.
2018 A value of 2-10 seconds will substantially reduce network
2019 traffic for many NFS operations.
2020 .It Va nfs_server_enable
2024 run the NFS server daemons at boot time.
2025 .It Va nfs_server_flags
2028 .Va nfs_server_enable
2031 these are the flags to pass to the
2034 .It Va idmapd_enable
2038 run the ID mapping daemon for NFS version 4.
2045 these are the flags to pass to the
2048 .It Va mountd_enable
2053 .Va nfs_server_enable
2059 It is commonly needed to run CFS without real NFS used.
2066 these are the flags to pass to the
2069 .It Va weak_mountd_authentication
2073 allow services like PCNFSD to make non-privileged mount
2075 .It Va nfs_reserved_port_only
2079 provide NFS services only on a secure port.
2080 .It Va nfs_bufpackets
2082 If set to a number, indicates the number of packets worth of
2083 socket buffer space to reserve on an NFS client.
2084 The kernel default is typically 4.
2085 Using a higher number may be
2086 useful on gigabit networks to improve performance.
2087 The minimum value is
2088 2 and the maximum is 64.
2089 .It Va rpc_lockd_enable
2093 and also an NFS server or client, run
2096 .It Va rpc_lockd_flags
2099 .Va rpc_lockd_enable
2102 these are the flags to pass to the
2105 .It Va rpc_statd_enable
2109 and also an NFS server or client, run
2112 .It Va rpc_statd_flags
2115 .Va rpc_statd_enable
2118 these are the flags to pass to the
2121 .It Va rpcbind_program
2126 .Pa /usr/sbin/rpcbind ) .
2127 .It Va rpcbind_enable
2133 service at boot time.
2134 .It Va rpcbind_flags
2140 these are the flags to pass to the
2143 .It Va keyserv_enable
2149 daemon on boot for running Secure RPC.
2150 .It Va keyserv_flags
2156 these are the flags to pass to
2159 .It Va pppoed_enable
2165 daemon at boot time to provide PPP over Ethernet services.
2166 .It Va pppoed_ Ns Aq Ar provider
2169 listens to requests to this
2175 argument of the same name.
2178 Additional flags to pass to
2180 .It Va pppoed_interface
2182 The network interface to run
2185 This is mandatory when
2195 service at boot time.
2196 This command is intended for networks of
2197 machines where a consistent
2199 for all hosts must be established.
2200 This is often useful in large NFS
2201 environments where time stamps on files are expected to be consistent
2209 these are the flags to pass to the
2212 .It Va ntpdate_enable
2219 This command is intended to
2220 synchronize the system clock only
2222 from some standard reference.
2223 An option to set this up initially
2224 (from a list of known servers) is also provided by the
2226 program when the system is first installed.
2227 .It Va ntpdate_config
2229 Configuration file for
2233 .It Va ntpdate_hosts
2235 A whitespace-separated list of NTP servers to synchronize with at startup.
2236 The default is to use the servers listed in
2237 .Va ntpdate_config ,
2238 if that file exists.
2239 .It Va ntpdate_program
2244 .Pa /usr/sbin/ntpdate ) .
2245 .It Va ntpdate_flags
2251 these are the flags to pass to the
2253 command (typically a hostname).
2260 command at boot time.
2266 .Pa /usr/sbin/ntpd ) .
2280 these are the flags to pass to the
2283 .It Va ntpd_sync_on_start
2290 flag, which syncs the system's clock on startup.
2293 for more information regarding the
2296 This is a preferred alternative to using
2301 .It Va nis_client_enable
2307 service at system boot time.
2308 .It Va nis_client_flags
2311 .Va nis_client_enable
2314 these are the flags to pass to the
2317 .It Va nis_ypset_enable
2323 daemon at system boot time.
2324 .It Va nis_ypset_flags
2327 .Va nis_ypset_enable
2330 these are the flags to pass to the
2333 .It Va nis_server_enable
2339 daemon at system boot time.
2340 .It Va nis_server_flags
2343 .Va nis_server_enable
2346 these are the flags to pass to the
2349 .It Va nis_ypxfrd_enable
2355 daemon at system boot time.
2356 .It Va nis_ypxfrd_flags
2359 .Va nis_ypxfrd_enable
2362 these are the flags to pass to the
2365 .It Va nis_yppasswdd_enable
2371 daemon at system boot time.
2372 .It Va nis_yppasswdd_flags
2375 .Va nis_yppasswdd_enable
2378 these are the flags to pass to the
2381 .It Va rpc_ypupdated_enable
2387 daemon at system boot time.
2388 .It Va bsnmpd_enable
2394 daemon at system boot time.
2395 Be sure to understand the security implications of running SNMP daemon
2403 these are the flags to pass to the
2406 .It Va defaultrouter
2410 create a default route to this host name or IP address
2411 (use an IP address if this router is also required to get to the
2413 .It Va ipv6_defaultrouter
2415 The IPv6 equivalent of
2417 .It Va static_arp_pairs
2419 Set to the list of static ARP pairs that are to be added at system
2421 For each whitespace separated
2424 .Va static_arp_ Ns Aq Ar element
2425 variable is assumed to exist whose contents will later be passed to a
2430 static_arp_pairs="gw"
2431 static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2433 .It Va static_routes
2435 Set to the list of static routes that are to be added at system
2439 then for each whitespace separated
2442 .Va route_ Ns Aq Ar element
2443 variable is assumed to exist
2444 whose contents will later be passed to a
2449 static_routes="mcast gif0local"
2450 route_mcast="-net 224.0.0.0/4 -iface gif0"
2451 route_gif0local="-host 169.254.1.1 -iface lo0"
2453 .It Va ipv6_static_routes
2455 The IPv6 equivalent of
2459 then for each whitespace separated
2462 .Va ipv6_route_ Ns Aq Ar element
2463 variable is assumed to exist
2464 whose contents will later be passed to a
2465 .Dq Nm route Cm add Fl inet6
2467 .It Va natm_static_routes
2473 If not empty then for each whitespace separated
2476 .Va route_ Ns Aq Ar element
2477 variable is assumed to exist whose contents will later be passed to a
2478 .Dq Nm atmconfig Cm natm Cm add
2480 .It Va gateway_enable
2484 configure host to act as an IP router, e.g.\& to forward packets
2486 .It Va ipv6_gateway_enable
2488 The IPv6 equivalent of
2489 .Va gateway_enable .
2490 .It Va routed_enable
2494 run a routing daemon of some sort, based on the
2499 .It Va route6d_enable
2501 The IPv6 equivalent of
2505 run a routing daemon of some sort, based on the
2510 .It Va routed_program
2516 this is the name of the routing daemon to use.
2517 .It Va route6d_program
2519 The IPv6 equivalent of
2520 .Va routed_program .
2527 these are the flags to pass to the routing daemon.
2528 .It Va route6d_flags
2530 The IPv6 equivalent of
2532 .It Va mrouted_enable
2536 run the multicast routing daemon,
2538 .It Va mroute6d_enable
2540 The IPv6 equivalent of
2541 .Va mrouted_enable .
2544 run the IPv6 multicast routing daemon.
2546 Note that multicast routing daemons are no longer included in the
2548 base system, however, both
2552 may be installed from the
2555 .It Va mrouted_flags
2561 these are the flags to pass to the
2564 .It Va mroute6d_flags
2566 The IPv6 equivalent of
2572 these are the flags passed to the IPv6 multicast routing daemon.
2573 .It Va mroute6d_program
2579 this is the path to the IPv6 multicast routing daemon.
2580 .It Va rtadvd_enable
2586 daemon at boot time.
2589 .Va ipv6_gateway_enable
2594 utility sends router advertisement packets to the interfaces specified in
2595 .Va rtadvd_interfaces
2596 and should only be enabled with great care.
2597 You may want to fine-tune
2599 .It Va rtadvd_interfaces
2605 this is the list of interfaces to use.
2606 .It Va ipxgateway_enable
2610 enable the routing of IPX traffic.
2611 .It Va ipxrouted_enable
2617 daemon at system boot time.
2618 .It Va ipxrouted_flags
2621 .Va ipxrouted_enable
2624 these are the flags to pass to the
2631 enable global proxy ARP.
2632 .It Va forward_sourceroute
2640 source-routed packets are forwarded.
2641 .It Va accept_sourceroute
2645 the system will accept source-routed packets directed at it.
2652 daemon at system boot time.
2659 these are the flags to pass to the
2662 .It Va bootparamd_enable
2668 daemon at system boot time.
2669 .It Va bootparamd_flags
2672 .Va bootparamd_enable
2675 these are the flags to pass to the
2678 .It Va stf_interface_ipv4addr
2682 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2684 Specify this entry to enable the 6to4 interface.
2685 .It Va stf_interface_ipv4plen
2687 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2688 An effective value is 0-31.
2689 .It Va stf_interface_ipv6_ifid
2691 IPv6 interface ID for
2695 .It Va stf_interface_ipv6_slaid
2697 IPv6 Site Level Aggregator for
2699 .It Va ipv6_faith_prefix
2703 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
2708 .It Va ipv6_ipv4mapping
2712 this enables IPv4 mapped IPv6 address communication (like
2713 .Li ::ffff:a.b.c.d ) .
2718 to enable the configuration of ATM interfaces at system boot time.
2719 For all of the ATM variables described below, please refer to the
2721 manual page for further details on the available command parameters.
2722 Also refer to the files in
2723 .Pa /usr/share/examples/atm
2724 for more detailed configuration information.
2727 This is a list of physical ATM interface drivers to load.
2732 .It Va atm_netif_ Ns Aq Ar intf
2734 For the ATM physical interface
2736 this variable defines the name prefix and count for the ATM network
2737 interfaces to be created.
2738 The value will be passed as the parameters of an
2739 .Dq Nm atm Cm "set netif" Ar intf
2741 .It Va atm_sigmgr_ Ns Aq Ar intf
2743 For the ATM physical interface
2745 this variable defines the ATM signalling manager to be used.
2746 The value will be passed as the parameters of an
2747 .Dq Nm atm Cm attach Ar intf
2749 .It Va atm_prefix_ Ns Aq Ar intf
2751 For the ATM physical interface
2753 this variable defines the NSAP prefix for interfaces using a UNI signalling
2757 the prefix will automatically be set via the
2760 Otherwise, the value will be passed as the parameters of an
2761 .Dq Nm atm Cm "set prefix" Ar intf
2763 .It Va atm_macaddr_ Ns Aq Ar intf
2765 For the ATM physical interface
2767 this variable defines the MAC address for interfaces using a UNI signalling
2771 the hardware MAC address contained in the ATM interface card will be used.
2772 Otherwise, the value will be passed as the parameters of an
2773 .Dq Nm atm Cm "set mac" Ar intf
2775 .It Va atm_arpserver_ Ns Aq Ar netif
2777 For the ATM network interface
2779 this variable defines the ATM address for a host which is to provide ATMARP
2781 This variable is only applicable to interfaces using a UNI signalling
2785 this host will become an ATMARP server.
2786 The value will be passed as the parameters of an
2787 .Dq Nm atm Cm "set arpserver" Ar netif
2789 .It Va atm_scsparp_ Ns Aq Ar netif
2793 SCSP/ATMARP service for the network interface
2795 will be initiated using the
2800 This variable is only applicable if
2801 .Va atm_arpserver_ Ns Aq Ar netif
2806 Set to the list of ATM PVCs to be added at system
2808 For each whitespace separated
2811 .Va atm_pvc_ Ns Aq Ar element
2812 variable is assumed to exist.
2813 The value of each of these variables
2814 will be passed as the parameters of an
2815 .Dq Nm atm Cm "add pvc"
2819 Set to the list of permanent ATM ARP entries to be added
2820 at system boot time.
2821 For each whitespace separated
2824 .Va atm_arp_ Ns Aq Ar element
2825 variable is assumed to exist.
2826 The value of each of these variables
2827 will be passed as the parameters of an
2828 .Dq Nm atm Cm "add arp"
2830 .It Va natm_interfaces
2834 interfaces that will also be used for HARP through
2836 If this list is not empty all interfaces in the list will be brought up
2842 For this to work the interface drivers must be either compiled into the
2843 kernel or must reside on the root partition.
2846 The keyboard bell sound.
2853 if the default behavior is desired.
2854 For details, refer to the
2859 If set to a non-null string, the virtual console's keyboard input is
2865 no keymap is installed, otherwise the value is used to install
2867 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
2870 The keyboard repeat speed.
2877 if the default behavior is desired.
2882 attempt to program the function keys with the value.
2884 be a single string of the form:
2885 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
2888 Can be set to the value of
2891 .Dq Li destructive ,
2894 to set the cursor behavior explicitly or choose the default behavior.
2899 no screen map is installed, otherwise the value is used to install
2900 the screen map file in
2901 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
2906 the default 8x16 font value is used for screen size requests, otherwise
2908 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2914 the default 8x14 font value is used for screen size requests, otherwise
2916 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2922 the default 8x8 font value is used for screen size requests, otherwise
2924 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2930 the default screen blanking interval is used, otherwise it is set
2938 this is the actual screen saver to use
2939 .Li ( blank , snake , daemon ,
2941 .It Va moused_nondefault_enable
2945 the mouse device specified on
2946 the command line is not automatically treated as enabled by the
2947 .Pa /etc/rc.d/moused
2949 Having this variable set to
2955 to be enabled as soon as it is plugged in.
2956 .It Va moused_enable
2962 daemon is started for doing cut/paste selection on the console.
2965 This is the protocol type of the mouse connected to this host.
2966 This variable must be set if
2973 is able to detect the appropriate mouse type automatically in many cases.
2974 Set this variable to
2976 to let the daemon detect it, or
2977 select one from the following list if the automatic detection fails.
2979 If the mouse is attached to the PS/2 mouse port, choose
2983 regardless of the brand and model of the mouse.
2985 mouse is attached to the bus mouse port, choose
2989 All other protocols are for serial mice and will not work with
2990 the PS/2 and bus mice.
2991 If this is a USB mouse,
2993 is the only protocol type which will work.
2995 .Bl -tag -width ".Li x10mouseremote" -compact
2997 Microsoft mouse (serial)
2999 Microsoft IntelliMouse (serial)
3001 Mouse systems Corp.\& mouse (serial)
3003 MM Series mouse (serial)
3005 Logitech mouse (serial)
3009 Logitech MouseMan and TrackMan (serial)
3011 ALPS GlidePoint (serial)
3012 .It Li thinkingmouse
3013 Kensington ThinkingMouse (serial)
3017 MM HitTablet (serial)
3018 .It Li x10mouseremote
3019 X10 MouseRemote (serial)
3021 Interlink VersaPad (serial)
3024 Even if the mouse is not in the above list, it may be compatible
3025 with one in the list.
3026 Refer to the manual page for
3028 for compatibility information.
3030 It should also be noted that while this is enabled, any
3031 other client of the mouse (such as an X server) should access
3032 the mouse through the virtual mouse device,
3034 and configure it as a
3036 type mouse, since all
3037 mouse data is converted to this single canonical format when
3040 If the client program does not support the
3046 It is the second preferred type.
3053 this is the actual port the mouse is on.
3056 for a COM1 serial mouse,
3060 for a bus mouse, for example.
3065 is set, its value is used as an additional set of flags to pass to the
3068 .It Va "moused_" Ns Ar XXX Ns Va "_flags"
3070 .Va moused_nondefault_enable
3073 daemon is started for a non-default port, the
3074 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3075 set of options has precedence over and replaces the default
3076 .Va moused_flags (where
3078 is the name of the non-default port, i.e.\&
3081 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3082 it is possible to set up a different set of default flags for each
3085 For example, you can use
3089 to make your laptop's touchpad more comfortable to use,
3090 but an empty set of options for
3091 .Va moused_ums0_flags
3094 mouse has three or more buttons.
3095 .It Va mousechar_start
3099 the default mouse cursor character range
3100 .Li 0xd0 Ns - Ns Li 0xd3
3102 otherwise the range start is set
3107 Use if the default range is occupied in the language code table.
3108 .It Va allscreens_flags
3112 is run with these options for each of the virtual terminals
3116 will enable the mouse pointer on all virtual terminals
3121 .It Va allscreens_kbdflags
3125 is run with these options for each of the virtual terminals
3131 scrollback (history) buffer to 200 lines.
3138 daemon at system boot time.
3144 .Pa /usr/sbin/cron ) .
3151 these are the flags to pass to
3157 enable the special handling of transitions to and from the
3158 Daylight Saving Time in
3160 (equivalent to using the flag
3167 .Pa /usr/sbin/lpd ) .
3174 daemon at system boot time.
3181 these are the flags to pass to the
3184 .It Va chkprintcap_enable
3190 command before starting the
3193 .It Va chkprintcap_flags
3198 .Va chkprintcap_enable
3201 these are the flags to pass to the
3206 which causes missing directories to be created.
3207 .It Va mta_start_script
3209 This variable specifies the full path to the script to run to start
3210 a mail transfer agent.
3212 .Pa /etc/rc.sendmail .
3216 .Pa /etc/rc.sendmail
3217 uses are documented in the
3222 Indicates the device (usually a swap partition) to which a crash dump
3223 should be written in the event of a system crash.
3224 If the value of this variable is
3226 the first suitable swap device listed in
3228 will be used as dump device.
3229 Otherwise, the value of this variable is passed as the argument to
3231 To disable crash dumps, set this variable to
3235 When the system reboots after a crash and a crash dump is found on the
3236 device specified by the
3240 will save that crash dump and a copy of the kernel to the directory
3244 The default value is
3253 .It Va savecore_flags
3255 If crash dumps are enabled, these are the flags to pass to the
3262 to turn on user and group disk quotas on system startup via the
3264 command for all file systems marked as having quotas enabled in
3266 The kernel must be built with
3268 for disk quotas to function.
3273 to enable user and group disk quota checking via the
3276 .It Va quotacheck_flags
3286 these are the flags to pass to the
3291 which checks quotas for all file systems with quotas enabled in
3293 .It Va quotaon_flags
3299 these are the flags to pass to the
3304 which enables quotas for all file systems with quotas enabled in
3306 .It Va quotaoff_flags
3312 these are the flags to pass to the
3314 utility when shutting down the quota system.
3317 which disables quotas for all file systems with quotas enabled in
3319 .It Va accounting_enable
3323 to enable system accounting through the
3330 to enable iBCS2 (SCO) binary emulation at system initial boot
3332 .It Va ibcs2_loaders
3340 this specifies a list of additional iBCS2 loaders to enable.
3345 to enable Linux/ELF binary emulation at system initial
3351 enable SysVR4 emulation at boot time.
3352 .It Va sysvipc_enable
3356 load System V IPC primitives at boot time.
3357 .It Va clear_tmp_enable
3368 to disable removing of X11 lock files,
3369 and the removal and (secure) recreation
3370 of the various socket directories for X11
3372 .It Va ldconfig_paths
3374 Set to the list of shared library paths to use with
3378 will always be added first, so it need not appear in this list.
3379 .It Va ldconfig32_paths
3381 Set to the list of 32-bit compatibility shared library paths to
3384 .It Va ldconfig_paths_aout
3386 Set to the list of shared library paths to use with
3391 .It Va ldconfig_insecure
3395 utility normally refuses to use directories
3396 which are writable by anyone except root.
3397 Set this variable to
3399 to disable that security check during system startup.
3400 .It Va ldconfig_local_dirs
3402 Set to the list of local
3405 The names of all files in the directories listed will be
3406 passed as arguments to
3408 .It Va ldconfig_local32_dirs
3410 Set to the list of local 32-bit compatibility
3413 The names of all files in the directories listed will be
3414 passed as arguments to
3415 .Dq Nm ldconfig Fl 32 .
3416 .It Va kern_securelevel_enable
3420 to set the kernel security level at system startup.
3421 .It Va kern_securelevel
3423 The kernel security level to set at startup.
3424 The allowed range of
3426 ranges from \-1 (the compile time default) to 3 (the
3430 for the list of possible security levels and their effect
3431 on system operation.
3434 Path to the SSH server program
3435 .Pa ( /usr/sbin/sshd
3443 at system boot time.
3450 these are the flags to pass to the
3455 Path to the FTP server program
3456 .Pa ( /usr/libexec/ftpd
3464 as a stand-alone daemon at system boot time.
3471 these are the additional flags to pass to the
3474 .It Va watchdogd_enable
3480 daemon at boot time.
3481 This requires that the kernel have been compiled with a
3484 .It Va watchdogd_flags
3487 .Va watchdogd_enable
3490 these are the flags passed to the
3493 .It Va performance_cx_lowest
3495 CPU idle state to use while on AC power.
3500 should use the lowest power state available while
3502 indicates that the lowest latency state (less power savings) should be used.
3503 .It Va performance_cpu_freq
3505 CPU clock frequency to use while on AC power.
3510 should use the lowest frequency available while
3512 indicates that the highest frequency (less power savings) should be used.
3513 .It Va economy_cx_lowest
3515 CPU idle state to use when off AC power.
3520 should use the lowest power state available while
3522 indicates that the lowest latency state (less power savings) should be used.
3523 .It Va economy_cpu_freq
3525 CPU clock frequency to use when off AC power.
3530 should use the lowest frequency available while
3532 indicates that the highest frequency (less power savings) should be used.
3537 any configured jails will not be started.
3538 .It jail_parallel_start
3542 all configured jails will be started in the background (= in parallel).
3545 A space separated list of names for jails.
3546 This is purely a configuration aid to help identify and
3547 configure multiple jails.
3548 The names specified in this list will be used to
3549 identify settings common to an instance of a jail,
3550 and should contain alphanumeric characters only.
3551 Assuming that the jail in question was named
3553 you would have the following dependent variables:
3555 jail_vjail_hostname="jail.example.com"
3556 jail_vjail_ip="192.0.2.100"
3557 jail_vjail_rootdir="/var/jails/vjail/root"
3563 When set, use as default value for
3564 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3567 .It Va jail_interface
3570 When set, use as default value for
3571 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3577 When set, use as default value for
3578 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3581 .It Va jail_mount_enable
3589 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3592 by default for every jail in
3594 .It Va jail_devfs_ruleset
3598 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3599 to given value for every jail in
3601 .It Va jail_devfs_enable
3609 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3612 by default for every jail in
3614 .It Va jail_fdescfs_enable
3622 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3625 by default for every jail in
3627 .It Va jail_procfs_enable
3635 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3638 by default for every jail in
3640 .It Va jail_exec_prestart Ns Aq Ar N
3643 When set, use as default value for
3644 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N
3647 .It Va jail_exec_start
3650 When set, use as default value for
3651 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3654 .It Va jail_exec_afterstart Ns Aq Ar N
3657 When set, use as default value for
3658 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3661 .It Va jail_exec_poststart Ns Aq Ar N
3664 When set, use as default value for
3665 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N
3668 .It Va jail_exec_prestop Ns Aq Ar N
3671 When set, use as default value for
3672 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N
3675 .It Va jail_exec_stop
3677 When set, use as default value for
3678 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3681 .It Va jail_exec_poststop Ns Aq Ar N
3684 When set, use as default value for
3685 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N
3688 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3691 Set to the root directory used by jail
3693 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3696 Set to the fully qualified domain name (FQDN) assigned to jail
3698 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3701 Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail.
3702 The argument can be a sole address or a comma separated list of addresses.
3703 Additionally each address can be prefixed by the name of an interface
3704 followed by a pipe to overwrite
3705 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3708 and/or suffixed by a netmask, prefixlen or prefix.
3709 In case no netmask, prefixlen or prefix is given,
3711 will be used for IPv4 and
3713 will be used for an IPv6 address.
3714 If no address is given for the jail then the jail will be started with
3715 no networking support.
3716 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3719 Set additional IPv4 and/or IPv6 address(es) assigned to the jail.
3720 The sequence starts with
3722 and the numbers have to be strictly ascending.
3723 These entries follow the same syntax as their primary
3724 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3726 The order of the entries can be important as the first address for
3727 each address family found will be the primary address of the jail.
3733 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3738 These are flags to pass to
3740 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3743 When set, sets the interface to use when setting IP address alias.
3744 Note that the alias is created at jail startup and removed at jail shutdown.
3745 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3748 When set, the jail is started with the specified forwarding table (sometimes
3749 referred to as a routing table) via
3751 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3754 .Pa /etc/fstab. Ns Aq Ar jname
3756 This is the file system information file to use for jail
3758 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3765 mount all file systems from
3766 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3768 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3771 When set, defines the device file system ruleset file to use for jail
3773 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3780 mount the device file system inside jail
3783 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3790 mount the file-descriptor file system inside jail
3793 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
3800 mount the process file system inside jail
3803 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N
3806 This is the command run as
3809 before jail startup, where
3812 It is run outside the jail.
3813 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3816 .Dq Li /bin/sh /etc/rc
3818 This is the command executed in a jail at jail startup.
3819 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3822 This is the command run as
3826 after jail startup, where
3829 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N
3832 This is the command run as
3835 after jail startup, where
3838 It is run outside the jail.
3839 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N
3842 This is the command run as
3845 before jail shutdown, where
3848 It is run outside the jail.
3849 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3852 .Dq Li /bin/sh /etc/rc.shutdown
3854 This is the command executed in a jail at jail shutdown.
3855 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N
3858 This is the command run as
3861 after jail shutdown, where
3864 It is run outside the jail.
3865 .It Va jail_set_hostname_allow
3869 do not allow the root user in a jail to set its hostname.
3870 .It Va jail_socket_unixiproute_only
3874 do not allow any sockets,
3875 besides UNIX/IP/route sockets,
3876 to be used within a jail.
3877 .It Va jail_sysvipc_allow
3881 allow applications within a jail to use System V IPC.
3882 .\" -----------------------------------------------------
3883 .It Va harvest_interrupt
3887 to use hardware interrupts as an entropy source.
3890 for more information.
3891 .It Va harvest_ethernet
3895 to use LAN traffic as an entropy source.
3898 for more information.
3899 .It Va harvest_p_to_p
3903 to use serial line traffic as an entropy source.
3906 for more information.
3911 to disable caching entropy via
3913 Otherwise set to the directory used to store entropy files in.
3918 to disable caching entropy through reboots.
3919 Otherwise set to the filename used to store cached entropy through
3921 This file should be located on the root file system to seed the
3923 device as early as possible in the boot process.
3924 .It Va entropy_save_sz
3926 Size of the entropy cache files saved by
3929 .It Va entropy_save_num
3931 Number of entropy cache files to save by
3945 Configuration file for
3954 .Pa /var/run/dmesg.boot
3956 .It Va rcshutdown_timeout
3958 If set, start a watchdog timer in the background which will terminate
3962 has not completed within the specified time (in seconds).
3963 Notice that in addition to this soft timeout,
3965 also applies a hard timeout for the execution of
3967 This is configured via
3970 .Va kern.init_shutdown_timeout
3971 and defaults to 120 seconds.
3972 Setting the value of
3973 .Va rcshutdown_timeout
3974 to more than 120 seconds will have no effect until the
3977 .Va kern.init_shutdown_timeout
3979 .It Va virecover_enable
3983 to prevent the system from trying to
3984 recover pre-maturely terminated
3987 .It Va ugidfw_enable
3992 .Xr mac_bsdextended 4
3993 module upon system initialization and load a default
3995 .It Va bsdextended_script
3998 .Xr mac_bsdextended 4
3999 ruleset file to load.
4000 The default value of this variable is
4001 .Pa /etc/rc.bsdextended .
4002 .It Va newsyslog_enable
4009 .It Va newsyslog_flags
4012 .Va newsyslog_enable
4015 these are the flags to pass to the
4020 which causes log files flagged with a
4023 .It Va mdconfig_md Ns Aq Ar X
4033 must be specified and either a
4035 for malloc or swap backed
4043 .Va mdconfig_md Ns Aq Ar X
4044 variables are evaluated until one variable is unset or null.
4045 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4047 Optional arguments passed to
4053 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4055 An ownership specification passed to
4064 device and the mount point will be changed.
4065 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4067 A mode string passed to
4076 device and the mount point will be changed.
4077 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4079 Files to be copied to the mount point of the
4083 after it has been mounted.
4084 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4086 Command to execute after the specified
4091 Note that the command is passed to
4097 variables can be used to reference respectively the
4099 device and the mount point.
4104 one could set the following:
4106 mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4108 .It Va autobridge_interfaces
4110 Set to the list of bridge interfaces that will have newly arriving interfaces
4111 checked against to be automatically added.
4114 then for each whitespace separated
4117 .Va autobridge_ Ns Aq Ar element
4118 variable is assumed to exist which has a whitespace separated list of interface
4119 names to match, these names can use wildcards.
4122 autobridge_interfaces="bridge0"
4123 autobridge_bridge0="tap* dc0 vlan[345]"
4129 enable support for sound mixer.
4130 .It Va hcsecd_enable
4134 enable Bluetooth security daemon.
4135 .It Va hcsecd_config
4137 Configuration file for
4140 .Pa /etc/bluetooth/hcsecd.conf .
4145 enable Bluetooth Service Discovery Protocol daemon.
4153 .It Va sdpd_groupname
4157 group to run as after it initializes.
4160 .It Va sdpd_username
4164 user to run as after it initializes.
4167 .It Va bthidd_enable
4171 enable Bluetooth Human Interface Device daemon.
4172 .It Va bthidd_config
4174 Configuration file for
4177 .Pa /etc/bluetooth/bthidd.conf .
4180 Path to a file, where
4182 will store information about known HID devices.
4184 .Pa /var/db/bthidd.hids .
4185 .It Va rfcomm_pppd_server_enable
4189 enable Bluetooth RFCOMM PPP wrapper daemon.
4190 .It Va rfcomm_pppd_server_profile
4192 The name of the profile to use from
4193 .Pa /etc/ppp/ppp.conf .
4194 Multiple profiles can be specified here.
4195 Also used to specify per-profile overrides.
4196 When the profile name contains any of the characters
4198 they are translated to
4200 for the proposes of the override variable names.
4201 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4203 Overrides local address to listen on.
4209 The address can be specified as BD_ADDR or name.
4210 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4212 Overrides local RFCOMM channel to listen on.
4215 will listen on RFCOMM channel 1.
4216 Must set properly if multiple profiles used in the same time.
4217 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4221 if it should register Serial Port service on the specified RFCOMM channel.
4224 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4228 if it should register Dial-Up Networking service on the specified
4232 .It Va ubthidhci_enable
4236 change the USB Bluetooth controller from HID mode to HCI mode.
4237 You also need to specify the location of USB Bluetooth controller with the
4238 .Va ubthidhci_busnum
4242 .It Va ubthidhci_busnum
4243 Bus number where the USB Bluetooth controller is located.
4246 on your system to find this information.
4247 .It Va ubthidhci_addr
4248 Bus address of the USB Bluetooth controller.
4251 on your system to find this information.
4254 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4255 .It Pa /etc/defaults/rc.conf
4257 .It Pa /etc/rc.conf.local
4286 .Xr newsyslog.conf 5 ,
4354 .An Jordan K. Hubbard .