4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the system installation utility.
45 is not to run commands or perform system startup actions
47 Instead, it is included by the
48 various generic startup scripts in
50 which conditionalize their
51 internal actions according to the settings found there.
55 file is included from the file
56 .Pa /etc/defaults/rc.conf ,
57 which specifies the default settings for all the available options.
58 Options need only be specified in
60 when the system administrator wishes to override these defaults.
62 .Pa /etc/defaults/vendor.conf
63 allows vendors to override
67 .Pa /etc/rc.conf.local
68 is used to override settings in
70 for historical reasons.
72 The sysrc(8) command provides a scripting interface to modify system
76 .Pa /etc/rc.conf.local
77 you can also place smaller configuration files for each
82 .Ao Ar dir Ac Ns Pa /rc.conf.d
83 directories specified in
85 which will be included by the
88 For jail configurations you could use the file
89 .Pa /etc/rc.conf.d/jail
90 to store jail specific configuration options.
94 .Pa /usr/local/etc/rc.d
97 .Pa /usr/local/rc.conf.d/jail
99 .Pa /opt/conf/rc.conf.d/jail
102 .Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
104 all of files in the directory will be loaded.
110 .Dq Ar name Ns Li = Ns Ar value
114 The following list provides a name and short description for each
115 variable that can be set in the
118 .Bl -tag -width indent-two
123 enable output of debug messages from rc scripts.
124 This variable can be helpful in diagnosing mistakes when
125 editing or integrating new scripts.
126 Beware that this produces copious output to the terminal and
132 disable informational messages from the rc scripts.
133 Informational messages are displayed when
134 a condition that is not serious enough to warrant a warning or
142 when faststart is used (e.g., at boot time).
143 .It Va early_late_divider
145 The name of the script that should be used as the
146 delimiter between the
150 stages of the boot process.
151 The early stage should contain all the services needed to
152 get the disks (local or remote) mounted so that the late
153 stage can include scripts contained in the directories
156 variable (see below).
157 Thus, the two likely candidates for this value are
159 for the typical system, and
161 if the system needs remote file
162 systems mounted to get access to the
164 directories; for example when
172 is likely to be an appropriate value.
173 Extreme care should be taken when changing this value,
174 and before changing it one should ensure that there are
175 adequate provisions to recover from a failed boot
176 (such as physical contact with the machine,
177 or reliable remote console access).
178 .It Va always_force_depends
182 scripts use the force_depend function to check whether required
183 services are already running, and to start them if necessary.
184 By default during boot time this check is bypassed if the
185 required service is enabled in
186 .Pa /etc/rc.conf[.local] .
187 Setting this option will bypass that check at boot time and
188 always test whether or not the service is actually running.
189 Enabling this option is likely to increase your boot time if
190 services are enabled that utilize the force_depend check.
191 .It Ao Ar name Ac Ns Va _chroot
194 to this directory before running the service.
195 .It Ao Ar name Ac Ns Va _fib
199 value to run the service under.
200 .It Ao Ar name Ac Ns Va _group
202 Run the chrooted service under this system group.
204 .Ao Ar name Ac Ns Va _user
205 setting, this setting has no effect if the service is not chrooted.
206 .It Ao Ar name Ac Ns Va _limits
208 Resource limits to apply to the service using
210 By default, resource limits are based on the login class defined in
211 .Ao Ar name Ac Ns Va _login_class .
212 .It Ao Ar name Ac Ns Va _login_class
214 Login class to be used with
215 .Ao Ar name Ac Ns Va _limits .
218 .It Ao Ar name Ac Ns Va _nice
222 value to run the service under.
223 .It Ao Ar name Ac Ns Va _oomprotect
226 to prevent the service from being killed when swap space
230 to protect only the service itself, and
232 to protect the service and all child processes.
234 Please note rc scripts that redefine
238 such as PostgreSQL will not inherit the OOM killer protection.
239 .It Ao Ar name Ac Ns Va _user
241 Run the service under this user account.
246 enable support for Automatic Power Management with
254 to handle APM event from userland.
255 This also enables support for APM.
262 these are the flags to pass to the
269 to handle device added, removed or unknown events from the kernel.
276 scripts at boot time.
279 Configuration file for
283 .It Va devmatch_enable
287 disable auto-loading of kernel modules with
289 .It Va devmatch_blocklist
291 A whitespace-separated list of kernel modules to be ignored by
295 .Va devmatch_blocklist
296 is appended to this variable to allow disabling of
298 loaded modules from the boot loader.
299 .It Va devmatch_blacklist
301 This variable is deprecated.
303 .Va devmatch_blocklist
305 A whitespace-separated list of kernel modules to be ignored by
309 A whitespace-separated list of kernel modules to load right after
310 the local disks are mounted, without any
313 Loading modules at this point in the boot process is
314 much faster than doing it via
315 .Pa /boot/loader.conf
316 for those modules not necessary for mounting local disks.
317 .It Va kldxref_enable
324 to automatically rebuild
329 .It Va kldxref_clobber
339 will overwrite existing
346 .It Va kldxref_module_path
351 delimited list of paths containing
363 enable the system power control facility with the
372 these are the flags to pass to the
376 Controls the creation of a
379 Always happens if set to
381 and never happens if set to
383 If set to anything else, a memory file system is created if
387 Controls the size of a created
391 Extra options passed to the
393 utility when the memory file system for
398 which inhibits the use of softupdates on
400 so that file system space is freed without delay
401 after file truncation or deletion.
404 for other options you can use in
407 Controls the creation of a
410 Always happens if set to
412 and never happens if set to
414 If set to anything else, a memory file system is created if
418 Controls the size of a created
422 Extra options passed to the
424 utility when the memory file system for
429 which inhibits the use of softupdates on
431 so that file system space is freed without delay
432 after file truncation or deletion.
435 for other options you can use in
438 Controls the automatic population of the
441 Always happens if set to
443 and never happens if set to
445 If set to anything else, a memory file system is created if
448 Note that this process requires access to certain commands in
452 is mounted on normal systems.
453 .It Va cleanvar_enable
460 List of directories to search for startup script files.
461 .It Va script_name_sep
463 The field separator to use for breaking down the list of startup script files
464 into individual filenames.
465 The default is a space.
466 It is not necessary to change this unless there are startup scripts with names
468 .It Va hostapd_enable
477 The fully qualified domain name (FQDN) of this host on the network.
478 This should almost certainly be set to something meaningful, even if
479 there is no network connection.
482 is used to set the hostname via DHCP,
483 this variable should be set to an empty string.
486 the hostname is generally already set and this variable may be absent.
487 If this value remains unset when the system is done booting
488 your console login will display the default hostname of
492 The NIS domain name of this host, or
495 .It Va dhclient_program
497 Path to the DHCP client program
498 .Pa ( /sbin/dhclient ,
503 .It Va dhclient_flags
505 Additional flags to pass to the DHCP client program.
510 manpage for a description of the command line options available.
511 .It Va dhclient_flags_ Ns Aq Ar iface
512 Additional flags to pass to the DHCP client program running on
515 When specified, this variable overrides
517 .It Va background_dhclient
521 to start the DHCP client in background.
522 This can cause trouble with applications depending on
523 a working network, but it will provide a faster startup
525 .It Va background_dhclient_ Ns Aq Ar iface
526 When specified, this variable overrides the
527 .Va background_dhclient
528 variable for interface
531 .It Va synchronous_dhclient
537 synchronously at startup.
538 This behavior can be overridden on a per-interface basis by replacing
542 .Va ifconfig_ Ns Aq Ar interface
547 .It Va defaultroute_delay
549 When set to a positive value, wait up to this long after configuring
550 DHCP interfaces at startup to give the interfaces time to receive a lease.
551 .It Va firewall_enable
555 to load firewall rules at startup.
556 If the kernel was not built with
557 .Cd "options IPFIREWALL" ,
560 kernel module will be loaded.
562 .Va ipfilter_enable .
563 .It Va firewall_script
565 This variable specifies the full path to the firewall script to run.
567 .Pa /etc/rc.firewall .
570 Names the firewall type from the selection in
571 .Pa /etc/rc.firewall ,
572 or the file which contains the local firewall ruleset.
573 Valid selections from
577 .Bl -tag -width ".Li workstation" -compact
579 unrestricted IP access
581 all IP services disabled, except via
584 basic protection for a workstation
586 basic protection for a workstation using stateful firewalling
588 basic protection for a LAN.
591 If a filename is specified, the full path
594 Most of the predefined rulesets define additional configuration variables.
595 These are documented in
596 .Pa /etc/rc.firewall .
597 .It Va firewall_quiet
601 to disable the display of firewall rules on the console during boot.
602 .It Va firewall_logging
606 to enable firewall event logging.
607 This is equivalent to the
608 .Dv IPFIREWALL_VERBOSE
610 .It Va firewall_logif
614 to create pseudo interface
617 For more details, see
620 .It Va firewall_flags
626 specifies a filename.
627 .It Va firewall_coscripts
629 List of executables and/or rc scripts to run after firewall starts/stops.
631 .\" ----- firewall_nat_enable setting --------------------------------
632 .It Va firewall_nat_enable
640 will automatically load the
646 .It Va firewall_nat_interface
652 This is the name of the public interface or IP address on which
653 kernel NAT should run.
654 .It Va firewall_nat_flags
656 Additional configuration parameters for kernel NAT should be placed here.
657 .It Va firewall_nat64_enable
661 will automatically load the
663 NAT64 kernel module if
667 .It Va firewall_nptv6_enable
671 will automatically load the
673 NPTv6 kernel module if
677 .It Va firewall_pmod_enable
681 will automatically load the
683 pmod kernel module if
687 .It Va dummynet_enable
691 will automatically load the
697 .\" -------------------------------------------------------------------
698 .It Va ipfw_netflow_enable
702 will enable netflow logging via
705 By default a ipfw rule is inserted and all packets are duplicated with
706 the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
707 port using protocol version 5.
708 .It Va ipfw_netflow_hook
710 netflow hook name, must be numerical
713 .It Va ipfw_netflow_rule
718 .It Va ipfw_netflow_ip
720 Destination server ip for receiving netflow data
723 .It Va ipfw_netflow_port
725 Destination server port for receiving netflow data
728 .It Va ipfw_netflow_version
730 Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
731 .It Va ipfw_netflow_fib
733 Only match packet in FIB
735 (default is undefined meaning all FIBs).
751 sockets must be enabled in the kernel.
752 If the kernel was not built with
753 .Cd "options IPDIVERT" ,
756 kernel module will be loaded.
757 .It Va natd_interface
759 This is the name of the public interface on which
762 The interface may be given as an interface name or as an IP address.
767 flags should be placed here.
772 flag is automatically added with the above
775 .\" ----- ipfilter_enable setting --------------------------------
776 .It Va ipfilter_enable
787 Typical usage will require putting
789 ipfilter_enable="YES"
807 can be enabled independently.
811 both require at least one of
821 options IPFILTER_DEFAULT_BLOCK
824 in the kernel configuration file is a good idea, too.
825 .\" ----- ipfilter_program setting ------------------------------
826 .It Va ipfilter_program
832 .\" ----- ipfilter_rules setting --------------------------------
833 .It Va ipfilter_rules
838 This variable contains the name of the filter rule definition file.
839 The file is expected to be readable for the
842 .\" ----- ipfilter_flags setting --------------------------------
843 .It Va ipfilter_flags
846 This variable contains flags passed to the
849 .\" ----- ipnat_enable setting ----------------------------------
859 network address translation.
862 for a detailed discussion.
863 .\" ----- ipnat_program setting ---------------------------------
870 .\" ----- ipnat_rules setting -----------------------------------
876 This variable contains the name of the file
877 holding the network address translation definition.
878 This file is expected to be readable for the
881 .\" ----- ipnat_flags setting -----------------------------------
885 This variable contains flags passed to the
888 .\" ----- ipmon_enable setting ----------------------------------
903 Setting this variable needs setting
910 for a detailed discussion.
911 .\" ----- ipmon_program setting ---------------------------------
918 .\" ----- ipmon_flags setting -----------------------------------
924 This variable contains flags passed to the
927 Another typical example would be
928 .Dq Fl D Pa /var/log/ipflog
931 log directly to a file bypassing
934 .Pa /etc/newsyslog.conf
935 in such case like this:
937 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
939 .\" ----- ipfs_enable setting -----------------------------------
949 saving the filter and NAT state tables during shutdown
950 and reloading them during startup again.
951 Setting this variable needs setting
960 for a detailed discussion.
966 because the raised securelevel will prevent
968 from saving the state tables at shutdown time.
969 .\" ----- ipfs_program setting ----------------------------------
976 .\" ----- ipfs_flags setting ------------------------------------
980 This variable contains flags passed to the
983 .\" ----- end of added ipf hook ---------------------------------
995 Typical usage will require putting
1010 into the kernel, otherwise the
1011 kernel module will be loaded.
1016 ruleset configuration file
1018 .Pa /etc/pf.conf ) .
1031 these flags are passed to the
1033 program when loading the ruleset.
1034 .It Va pf_fallback_rules_enable
1042 .Va pf_fallback_rules_file
1044 .Va pf_fallback_rules
1045 in case of a problem when loading the ruleset in
1047 .It Va pf_fallback_rules_file
1049 Path to a pf ruleset to load in case of failure when loading the
1053 .Pa /etc/pf-fallback.conf ) .
1054 .It Va pf_fallback_rules
1056 A pf ruleset to load in case of failure when loading the ruleset in
1059 .Va pf_fallback_rules_file
1061 Multiple rules can be set as follows:
1063 pf_fallback_rules="\\
1064 block drop log all\\
1065 pass in quick on em0"
1068 The default fallback rule is
1069 .Dq block drop log all
1079 which logs packets from the
1082 .It Va pflog_logfile
1092 .Pa /var/log/pflog ) .
1094 .Pa /etc/newsyslog.conf
1095 to adjust logfile rotation for this.
1096 .It Va pflog_program
1101 .Pa /sbin/pflogd ) .
1105 This variable contains additional flags passed to the
1108 .It Va pflog_instances
1110 If logging to more than one
1112 interface is desired,
1114 is set to the list of
1116 instances that should be started at system boot time.
1119 is set, for each whitespace-separated
1122 .Ao Ar element Ac Ns Va _dev
1124 .Ao Ar element Ac Ns Va _logfile
1125 elements are assumed to exist.
1126 .Ao Ar element Ac Ns Va _dev
1129 interface to be watched by the named
1132 .Ao Ar element Ac Ns Va _logfile
1133 must contain the name of the logfile that will be used by the
1136 .It Va ftpproxy_enable
1147 packet filter in translating ftp connections.
1148 .It Va ftpproxy_flags
1151 This variable contains additional flags passed to the
1154 .It Va ftpproxy_instances
1157 If multiple instances of
1159 are desired at boot time,
1160 .Va ftpproxy_instances
1161 should contain a whitespace-separated list of instance names.
1164 in the list, a variable named
1165 .Ao Ar element Ac Ns Va _flags
1166 should be defined, containing the command-line flags to be passed to the
1169 .It Va pfsync_enable
1178 state changes to other hosts over the network by means of
1183 must also be set then.
1184 .It Va pfsync_syncdev
1187 This variable specifies the name of the network interface
1189 should operate through.
1190 It must be set accordingly if
1194 .It Va pfsync_syncpeer
1197 This variable is optional.
1198 By default, state change messages are sent out on the synchronisation
1199 interface using IP multicast packets.
1200 The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1202 When a peer address is specified using the
1204 option, the peer address is used as a destination for the pfsync
1205 traffic, and the traffic can then be protected using
1209 manpage for more details about using
1214 .It Va pfsync_ifconfig
1217 This variable can contain additional options to be passed to the
1219 command used to set up
1221 .It Va tcp_extensions
1228 disables certain TCP options as described by
1234 might help remedy such problems with connections as randomly hanging
1235 or other weird behavior.
1236 Some network devices are known
1237 to be broken with respect to these options.
1240 Set to 0 by default.
1244 .Va net.inet.tcp.log_in_vain
1246 .Va net.inet.udp.log_in_vain ,
1251 are set to the given value.
1252 .It Va tcp_keepalive
1259 will disable probing idle TCP connections to verify that the
1260 peer is still up and reachable.
1261 .It Va tcp_drop_synfin
1268 will cause the kernel to ignore TCP frames that have both
1269 the SYN and FIN flags set.
1270 This prevents OS fingerprinting, but may
1271 break some legitimate applications.
1272 .It Va icmp_drop_redirect
1277 This setting will be identical to
1279 if a dynamicrouting daemon is enabled, because redirect processing may
1280 cause performance issues for large routing tables.
1281 If no such service is enabled, this setting behaves like a
1285 will cause the kernel to ignore ICMP REDIRECT packets.
1288 will cause the kernel to process ICMP REDIRECT packets.
1291 for more information.
1292 .It Va icmp_log_redirect
1299 will cause the kernel to log ICMP REDIRECT packets.
1301 the log messages are not rate-limited, so this option should only be used
1302 for troubleshooting networks.
1305 for more information.
1306 .It Va icmp_bmcastecho
1310 to respond to broadcast or multicast ICMP ping packets.
1313 for more information.
1314 .It Va ip_portrange_first
1318 this is the first port in the default portrange.
1321 for more information.
1322 .It Va ip_portrange_last
1326 this is the last port in the default portrange.
1329 for more information.
1330 .It Va network_interfaces
1332 Set to the list of network interfaces to configure on this host or
1334 (the default) for all current interfaces.
1336 .Va network_interfaces
1337 variable to anything other than the default is deprecated.
1338 Interfaces that the administrator wishes to store configuration for,
1339 but not start at boot should be configured with the
1342 .Va ifconfig_ Ns Aq Ar interface
1343 variables as described below.
1346 .Va ifconfig_ Ns Aq Ar interface
1347 variable is also assumed to exist for each value of
1349 When an interface name contains any of the characters
1351 they are translated to
1354 The variable can contain arguments to
1356 as well as special case-insensitive keywords described below.
1357 Such keywords are removed before passing the value to
1359 while the order of the other arguments is preserved.
1361 It is possible to add IP alias entries using
1363 syntax with the address family keyword such as
1365 Assuming that the interface in question was
1367 it might look something like this:
1369 ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1370 ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1373 It also possible to configure multiple IP addresses in Classless
1374 Inter-Domain Routing
1377 whose each address component can be a range like
1378 .Li inet 192.0.2.5-23/24
1380 .Li inet6 2001:db8:1-f::1/64 .
1381 This notation allows address and prefix length part only,
1382 not the other address modifiers.
1383 Note that the maximum number of the generated addresses from a range
1384 specification is limited to an integer value specified in
1385 .Va netif_ipexpand_max
1388 because a small typo can unexpectedly generate a large number of addresses.
1389 The default value is
1391 It can be increased by adding the following line into
1394 netif_ipexpand_max="4096"
1398 .Li 192.0.2.5-23/24 ,
1399 the address 192.0.2.5 will be configured with the
1400 netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1401 the non-conflicting netmask /32 as explained in the
1404 Note that this special netmask handling is only for
1406 not for the other address families such as
1409 With the interface in question being
1411 an example could look like:
1413 ifconfig_em0_alias2="inet 192.0.2.129/27"
1414 ifconfig_em0_alias3="inet 192.0.2.1-5/28"
1419 Note that deprecated
1420 .Va ipv4_addrs_ Ns Aq Ar interface
1421 variable was supported for IPv4 CIDR address notation.
1423 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1424 variable replaces it, though
1425 .Va ipv4_addrs_ Ns Aq Ar interface
1426 is still supported for backward compatibility.
1429 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1430 entry with an address family keyword,
1431 its contents are passed to
1433 Execution stops at the first unsuccessful access, so if
1434 something like this is present:
1436 ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1437 ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1438 ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1439 ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1442 Then note that alias4 would
1444 be added since the search would
1445 stop with the missing
1448 Because of this difficult to manage behavior,
1450 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1451 variable, which has the same functionality as
1452 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1453 and can have all of entries in a variable like the following:
1455 ifconfig_em0_aliases="\\
1456 inet 127.0.0.251 netmask 0xffffffff \\
1457 inet 127.0.0.252 netmask 0xffffffff \\
1458 inet 127.0.0.253 netmask 0xffffffff \\
1459 inet 127.0.0.254 netmask 0xffffffff"
1462 It also supports CIDR notation.
1465 .Pa /etc/start_if . Ns Aq Ar interface
1466 file is present, it is read and executed by the
1469 before configuring the interface as specified in the
1470 .Va ifconfig_ Ns Aq Ar interface
1472 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1476 .Va vlans_ Ns Aq Ar interface
1480 interface will be created for each item in the list with the
1484 If a vlan interface's name is a number,
1485 then that number is used as the vlan tag and the new vlan interface is
1487 .Ar interface . Ns Ar tag .
1489 the vlan tag must be specified via a
1492 .Va create_args_ Ns Aq Ar interface
1495 To create a vlan device named
1499 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1502 ifconfig_em0_101="inet 192.0.2.1/24"
1505 To create a vlan device named
1509 with the vlan tag 102:
1512 create_args_myvlan="vlan 102"
1516 .Va wlans_ Ns Aq Ar interface
1520 interface will be created for each item in the list with the
1524 Further wlan cloning arguments may be passed to the
1527 command by setting the
1528 .Va create_args_ Ns Aq Ar interface
1532 devices must be created for each wireless devices as of
1538 may be specified with an
1539 .Va wlandebug_ Ns Aq Ar interface
1541 The contents of this variable will be passed directly to
1545 .Va ifconfig_ Ns Aq Ar interface
1546 contains the keyword
1548 then the interface will not be configured
1550 .Pa /etc/pccard_ether
1552 .Va network_interfaces
1556 It is possible to bring up an interface with DHCP by adding
1559 .Va ifconfig_ Ns Aq Ar interface
1561 For instance, to initialize the
1564 it is possible to use something like:
1569 If you want to configure your wireless interface with
1570 .Xr wpa_supplicant 8
1571 for use with WPA, EAP/LEAP or WEP, you need to add
1574 .Va ifconfig_ Ns Aq Ar interface
1577 On the other hand, if you want to configure your wireless interface with
1582 .Va ifconfig_ Ns Aq Ar interface
1585 will use the settings from
1586 .Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1588 Finally, you can add
1590 options in this variable, in addition to the
1591 .Pa /etc/start_if . Ns Aq Ar interface
1593 For instance, to configure an
1595 wireless device in station mode with an address obtained
1596 via DHCP, using WPA authentication and 802.11b mode, it is
1597 possible to use something like:
1600 ifconfig_wlan0="DHCP WPA mode 11b"
1604 .Va ifconfig_ Ns Aq Ar interface
1605 form, a fallback variable
1606 .Va ifconfig_DEFAULT
1608 It will be used for all interfaces with no
1609 .Va ifconfig_ Ns Aq Ar interface
1611 This is intended to replace the no longer supported
1615 It is also possible to rename an interface by doing:
1617 ifconfig_em0_name="net0"
1618 ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1622 This variable is deprecated.
1624 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1626 .Va ipv6_activate_all_interfaces
1631 .Dq Li inet6 accept_rtadv
1633 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1635 .Va ipv6_activate_all_interfaces
1640 This variable is deprecated.
1642 .Va ip6addrctl_policy
1647 the default address selection policy table set by
1649 will be IPv6-preferred.
1653 the default address selection policy table set by
1655 will be IPv4-preferred.
1656 .It Va ipv6_activate_all_interfaces
1658 This controls initial configuration on IPv6-capable
1659 interfaces with no corresponding
1660 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1662 Note that it is not always necessary to set this variable to
1664 to use IPv6 functionality on
1666 In most cases, just configuring
1667 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1672 all interfaces which do not have a corresponding
1673 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1674 variable will be marked as
1677 This means that all of IPv6 functionality on that interface
1678 is completely disabled to enforce a security policy.
1679 If the variable is set to
1681 the flag will be cleared on all of the interfaces.
1683 In most cases, just defining an
1684 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1685 for an IPv6-capable interface should be sufficient.
1686 However, if an interface is added dynamically
1687 .Pq by some tunneling protocols such as PPP, for example ,
1688 it is often difficult to define the variable in advance.
1689 In such a case, configuring the
1691 flag can be disabled by setting this variable to
1694 For more details of the
1697 .Dq Li inet6 ifdisabled ,
1707 privacy addresses will be generated for each IPv6
1708 interface as described in RFC 4941.
1709 .It Va ipv6_network_interfaces
1711 This is the IPv6 equivalent of
1712 .Va network_interfaces .
1713 Normally manual configuration of this variable is not needed.
1714 .It Va ipv6_cpe_wanif
1716 If the variable is set to an interface name,
1720 .Dq inet6 -no_radr accept_rtadv
1721 will be added to the specified interface automatically before evaluating
1722 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1726 .Va net.inet6.ip6.rfc6204w3
1728 .Va net.inet6.ip6.no_radr
1731 This means the specified interface will accept ICMPv6 Router
1732 Advertisement messages on that link and add the discovered
1733 routers into the Default Router List.
1734 While the other interfaces can still accept RA messages if the
1735 .Dq inet6 accept_rtadv
1736 option is specified, adding
1737 routes into the Default Router List will be disabled by
1744 Note that ICMPv6 Router Advertisement messages will be
1746 .Va net.inet6.ip6.forwarding
1748 .Pq packet forwarding is enabled
1750 .Va net.inet6.ip6.rfc6204w3
1755 .It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr
1757 This assigns arbitrary description to an interface.
1761 .Va net.ifdescr_maxlen
1763 This static setting may be overridden by commands
1764 started with dynamic interface configuration utilities
1768 The description can be seen with
1770 command and it may be exported with
1772 daemon using its MIB-2 module.
1773 .It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1775 IPv6 functionality on an interface should be configured by
1776 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1777 instead of setting ifconfig parameters in
1778 .Va ifconfig_ Ns Aq Ar interface .
1779 If this variable is empty, all of IPv6 configurations on the
1780 specified interface by other variables such as
1781 .Va ipv6_prefix_ Ns Ao Ar interface Ac
1784 Aliases should be set by
1785 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1791 ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1792 ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1795 Interfaces that have an
1796 .Dq Li inet6 accept_rtadv
1798 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1799 setting will be automatically configured by SLAAC
1800 .Pq StateLess Address AutoConfiguration
1806 Note that a link-local address will be automatically configured in
1807 addition to the configured global-scope addresses because the IPv6
1808 specifications require it on each link.
1809 The address is calculated from the MAC address by using an algorithm
1816 If only a link-local address is needed on the interface,
1817 the following configuration can be used:
1819 ifconfig_em0_ipv6="inet6 auto_linklocal"
1822 A link-local address can also be configured manually.
1823 This is useful for the default router address of an IPv6 router
1824 so that it does not change when the network interface
1828 ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64"
1830 .It Va ipv6_prefix_ Ns Aq Ar interface
1832 If one or more prefixes are defined in
1833 .Va ipv6_prefix_ Ns Aq Ar interface
1834 addresses based on each prefix and the EUI-64 interface index will be
1835 configured on that interface.
1836 Note that this variable will be ignored when
1837 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1840 For example, the following configuration
1842 ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"
1845 is equivalent to the following:
1847 ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1848 ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1849 ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1850 ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1853 These Subnet-Router anycast addresses will be added only when
1854 .Va ipv6_gateway_enable
1856 .It Va ipv6_default_interface
1860 this is the default output interface for scoped addresses.
1861 This works only with ipv6_gateway_enable="NO".
1862 .It Va ip6addrctl_enable
1864 This variable is to enable configuring default address selection policy table
1866 The table can be specified in another variable
1867 .Va ip6addrctl_policy .
1869 .Va ip6addrctl_policy
1870 the following keywords can be specified:
1871 .Dq Li ipv4_prefer ,
1872 .Dq Li ipv6_prefer ,
1882 installs a pre-defined policy table described in Section 10.3
1890 is specified, it attempts to read a file
1891 .Pa /etc/ip6addrctl.conf
1893 If this file is found,
1895 reads and installs it.
1896 If not found, a policy is automatically set
1898 .Va ipv6_activate_all_interfaces
1899 variable; if the variable is set to
1901 the IPv6-preferred one is used.
1902 Otherwise IPv4-preferred.
1904 The default value of
1905 .Va ip6addrctl_enable
1907 .Va ip6addrctl_policy
1913 .It Va cloned_interfaces
1915 Set to the list of clonable network interfaces to create on this host.
1916 Further cloning arguments may be passed to the
1919 command for each interface by setting the
1920 .Va create_args_ Ns Aq Ar interface
1922 If an interface name is specified with
1925 the interface will not be destroyed even when
1927 script is invoked with
1930 This is useful when reconfiguring the interface without destroying it.
1932 .Va cloned_interfaces
1933 are automatically appended to
1934 .Va network_interfaces
1936 .It Va cloned_interfaces_sticky
1938 This variable is to globally enable functionality of
1941 .Va cloned_interfaces
1943 The default value is
1945 Even if this variable is specified to
1948 keyword can be used to override it on per interface basis.
1949 .It Va gif_interfaces
1952 tunnel interfaces to configure on this host.
1954 .Va gifconfig_ Ns Aq Ar interface
1955 variable is assumed to exist for each value of
1957 The value of this variable is used to configure the link layer of the
1962 Additionally, this option ensures that each listed interface is created
1967 before attempting to configure it.
1969 For example, configure two
1973 gif_interfaces="gif0 gif1"
1974 gifconfig_gif0="100.64.0.1 100.64.0.2"
1975 ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252"
1976 gifconfig_gif1="inet6 2a00::1 2a01::1"
1977 ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252"
1988 The name of the profile to use from
1989 .Pa /etc/ppp/ppp.conf .
1990 Also used for per-profile overrides of
1995 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1996 When the profile name contains any of the characters
1998 they are translated to
2000 for the proposes of the override variable names.
2003 Mode in which to run the
2006 .It Va ppp_ Ns Ao Ar profile Ac Ns _mode
2008 Overrides the global
2018 See the manual for a full description.
2023 enables network address translation.
2024 Used in conjunction with
2026 allows hosts on private network addresses access to the Internet using
2027 this host as a network address translating router.
2030 .It Va ppp_ Ns Ao Ar profile Ac Ns _nat
2032 Overrides the global
2036 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
2038 Set the unit number to be used for this profile.
2039 See the manual description of
2044 The name of the user under which
2052 .It Va rc_conf_files
2054 This option is used to specify a list of files that will override
2056 .Pa /etc/defaults/rc.conf .
2057 The files will be read in the order in which they are specified and should
2058 include the full path to the file.
2059 By default, the files specified are
2062 .Pa /etc/rc.conf.local
2068 will attempt to automatically mount ZFS file systems and initialize ZFS volumes
2070 .It Va gptboot_enable
2074 .Pa /etc/rc.d/gptboot
2075 will log if the system successfully (or not) booted from a GPT partition,
2081 .It Va gbde_autoattach_all
2086 will attempt to automatically initialize your .bde devices in
2090 List the devices that the script should try to attach,
2095 The directory where the
2097 lockfiles are located.
2098 The default lockfile directory is
2101 The lockfile for each individual
2103 device can be overridden by setting the variable
2104 .Va gbde_lock_ Ns Aq Ar device ,
2107 is the encrypted device without the
2112 .It Va gbde_attach_attempts
2114 Number of times to attempt attaching to a
2116 device, i.e., how many times the user is asked for the pass-phrase.
2120 List of devices to automatically attach on boot.
2121 Note that .eli devices from
2123 are automatically appended to this list.
2126 List of groups containing devices to automatically attach on boot with the same
2127 keyfiles and passphrase.
2128 This must be accompanied with a corresponding
2129 .Va geli_ Ns Ao Ar group Ac Ns Va _devices
2133 Number of times user is asked for the pass-phrase.
2134 If empty, it will be taken from
2135 .Va kern.geom.eli.tries
2137 .It Va geli_default_flags
2139 Default flags to use by
2141 when configuring disk encryption.
2142 Flags can be configured for every device separately by defining the
2143 .Va geli_ Ns Ao Ar device Ac Ns Va _flags
2144 variable, and for every group separately by defining the
2145 .Va geli_ Ns Ao Ar group Ac Ns Va _flags
2147 .It Va geli_autodetach
2149 Specifies if GELI devices should be marked for detach on last close after
2150 file systems are mounted.
2153 This can be changed for every device separately by defining the
2154 .Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
2156 .It Va root_rw_mount
2161 After the file systems are checked at boot time, the root file system
2162 is remounted as read-write if this is set to
2164 Diskless systems that mount their root file system from a read-only remote
2165 NFS share should set this to
2169 .It Va fsck_y_enable
2174 will be run with the
2176 flag if the initial preen
2177 of the file systems fails.
2178 .It Va background_fsck
2182 the system will not attempt to run
2184 in the background where possible.
2185 .It Va background_fsck_delay
2187 The amount of time in seconds to sleep before starting a background
2189 It defaults to sixty seconds to allow large applications such as
2190 the X server to start before disk I/O bandwidth is monopolized by
2192 If set to a negative number, the background file system check will be
2193 delayed indefinitely to allow the administrator to run it at a more
2195 For example it may be run from
2197 by adding a line like
2199 .Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
2205 List of file system types that are network-based.
2206 This list should generally not be modified by end users.
2208 .Va extra_netfs_types
2210 .It Va extra_netfs_types
2212 If set to something other than
2215 this variable extends the list of file system types
2216 for which automatic mounting at startup by
2218 should be delayed until the network is initialized.
2220 a whitespace-separated list of network file system descriptor pairs,
2221 each consisting of a file system type as passed to
2223 and a human-readable, one-word description,
2226 Extending the default list in this way is only necessary
2227 when third party file system types are used.
2228 .It Va syslogd_enable
2235 .It Va syslogd_program
2240 .Pa /usr/sbin/syslogd ) .
2241 .It Va syslogd_flags
2247 these are the flags to pass to
2256 .It Va inetd_program
2261 .Pa /usr/sbin/inetd ) .
2268 these are the flags to pass to
2277 .It Va hastd_program
2289 these are the flags to pass to
2291 .It Va local_unbound_enable
2297 daemon as a local caching resolver.
2302 to start a Kerberos 5 authentication server
2310 this is the path to Kerberos 5 Authentication Server.
2314 This variable contains additional flags to be passed to the Kerberos 5
2315 authentication server.
2316 .It Va kadmind_enable
2322 the Kerberos 5 Administration Daemon; set to
2325 .It Va kadmind_program
2331 this is the path to Kerberos 5 Administration Daemon.
2332 .It Va kpasswdd_enable
2338 the Kerberos 5 Password-Changing Daemon; set to
2341 .It Va kpasswdd_program
2347 this is the path to Kerberos 5 Password-Changing Daemon.
2354 the Kerberos 5 ticket forwarding daemon, at the boot time.
2360 .Pa /usr/libexec/kfd ) .
2367 daemon at boot time.
2374 these are the flags to pass to it.
2380 will be updated at boot time to reflect the kernel release
2385 will not be updated.
2386 .It Va nfs_client_enable
2390 run the NFS client daemons at boot time.
2391 .It Va nfs_access_cache
2394 .Va nfs_client_enable
2399 to disable NFS ACCESS RPC caching, or to the number of seconds for which
2401 results should be cached.
2402 A value of 2-10 seconds will substantially reduce network
2403 traffic for many NFS operations.
2404 .It Va nfs_server_enable
2408 run the NFS server daemons at boot time.
2409 .It Va nfs_server_flags
2412 .Va nfs_server_enable
2415 these are the flags to pass to the
2418 .It Va nfsv4_server_enable
2421 .Va nfs_server_enable
2425 .Va nfsv4_server_enable
2428 enable the server for NFSv4 as well as NFSv2 and NFSv3.
2429 .It Va nfsv4_server_only
2432 .Va nfs_server_enable
2436 .Va nfsv4_server_only
2439 enable the NFS server for NFSv4 only.
2440 .It Va nfs_server_maxio
2442 value to set vfs.nfsd.srvmaxio to, which is the
2443 maximum I/O size for the NFS server.
2444 .It Va tlsclntd_enable
2450 daemon, which is needed for NFS-over-TLS NFS mounts.
2451 .It Va tlsservd_enable
2457 daemon, which is needed for the
2459 to support NFS-over-TLS NFS mounts.
2460 .It Va nfsuserd_enable
2466 run the nfsuserd daemon, which is needed for NFSv4 in order
2467 to map between user/group names vs uid/gid numbers.
2469 .Va nfsv4_server_enable
2472 this will be forced enabled.
2473 .It Va nfsuserd_flags
2479 these are the flags to pass to the
2482 .It Va nfscbd_enable
2488 run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2495 these are the flags to pass to the
2498 .It Va mountd_enable
2503 .Va nfs_server_enable
2509 It is commonly needed to run CFS without real NFS used.
2516 these are the flags to pass to the
2519 .It Va weak_mountd_authentication
2523 allow services like PCNFSD to make non-privileged mount
2525 .It Va nfs_reserved_port_only
2529 provide NFS services only on a secure port.
2530 .It Va nfs_bufpackets
2532 If set to a number, indicates the number of packets worth of
2533 socket buffer space to reserve on an NFS client.
2534 The kernel default is typically 4.
2535 Using a higher number may be
2536 useful on gigabit networks to improve performance.
2537 The minimum value is
2538 2 and the maximum is 64.
2539 .It Va rpc_lockd_enable
2543 and also an NFS server or client, run
2546 .It Va rpc_lockd_flags
2549 .Va rpc_lockd_enable
2552 these are the flags to pass to the
2555 .It Va rpc_statd_enable
2559 and also an NFS server or client, run
2562 .It Va rpc_statd_flags
2565 .Va rpc_statd_enable
2568 these are the flags to pass to the
2571 .It Va rpcbind_program
2576 .Pa /usr/sbin/rpcbind ) .
2577 .It Va rpcbind_enable
2583 service at boot time.
2584 .It Va rpcbind_flags
2590 these are the flags to pass to the
2593 .It Va keyserv_enable
2599 daemon on boot for running Secure RPC.
2600 .It Va keyserv_flags
2606 these are the flags to pass to
2609 .It Va pppoed_enable
2615 daemon at boot time to provide PPP over Ethernet services.
2616 .It Va pppoed_ Ns Aq Ar provider
2619 listens to requests to this
2625 argument of the same name.
2628 Additional flags to pass to
2630 .It Va pppoed_interface
2632 The network interface to run
2635 This is mandatory when
2639 .It Va ntpdate_enable
2646 This command is intended to
2647 synchronize the system clock only
2649 from some standard reference.
2651 Note that the use of the
2652 .Va ntpd_sync_on_start
2653 variable is a preferred alternative to the
2657 is to be retired from the NTP distribution.
2658 .It Va ntpdate_config
2660 Configuration file for
2664 .It Va ntpdate_hosts
2666 A whitespace-separated list of NTP servers to synchronize with at startup.
2667 The default is to use the servers listed in
2668 .Va ntpdate_config ,
2669 if that file exists.
2670 .It Va ntpdate_program
2675 .Pa /usr/sbin/ntpdate ) .
2676 .It Va ntpdate_flags
2682 these are the flags to pass to the
2684 command (typically a hostname).
2691 command at boot time.
2697 .Pa /usr/sbin/ntpd ) .
2711 these are the flags to pass to the
2714 .It Va ntpd_sync_on_start
2721 flag, which syncs the system's clock on startup.
2724 for more information regarding the
2727 This is a preferred alternative to using
2732 .It Va nis_client_enable
2738 service at system boot time.
2739 .It Va nis_client_flags
2742 .Va nis_client_enable
2745 these are the flags to pass to the
2748 .It Va nis_ypldap_enable
2754 daemon at system boot time.
2755 .It Va nis_ypldap_flags
2758 .Va nis.ypldap_enable
2761 these are the flags to pass to the
2764 .It Va nis_ypset_enable
2770 daemon at system boot time.
2771 .It Va nis_ypset_flags
2774 .Va nis_ypset_enable
2777 these are the flags to pass to the
2780 .It Va nis_server_enable
2786 daemon at system boot time.
2787 .It Va nis_server_flags
2790 .Va nis_server_enable
2793 these are the flags to pass to the
2796 .It Va nis_ypxfrd_enable
2802 daemon at system boot time.
2803 .It Va nis_ypxfrd_flags
2806 .Va nis_ypxfrd_enable
2809 these are the flags to pass to the
2812 .It Va nis_yppasswdd_enable
2818 daemon at system boot time.
2819 .It Va nis_yppasswdd_flags
2822 .Va nis_yppasswdd_enable
2825 these are the flags to pass to the
2828 .It Va rpc_ypupdated_enable
2834 daemon at system boot time.
2835 .It Va bsnmpd_enable
2841 daemon at system boot time.
2842 Be sure to understand the security implications of running SNMP daemon
2850 these are the flags to pass to the
2853 .It Va defaultrouter
2857 create a default route to this host name or IP address
2858 (use an IP address if this router is also required to get to the
2860 .It Va defaultrouter_fibN
2864 create a default route in FIB N to this host name or IP address.
2865 .It Va ipv6_defaultrouter
2867 The IPv6 equivalent of
2869 .It Va ipv6_defaultrouter_fibN
2871 The IPv6 equivalent of
2872 .Va defaultrouter_fibN .
2873 .It Va static_arp_pairs
2875 Set to the list of static ARP pairs that are to be added at system
2877 For each whitespace separated
2880 .Va static_arp_ Ns Aq Ar element
2881 variable is assumed to exist whose contents will later be passed to a
2886 static_arp_pairs="gw"
2887 static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2889 .It Va static_ndp_pairs
2891 Set to the list of static NDP pairs that are to be added at system
2893 For each whitespace separated
2896 .Va static_ndp_ Ns Aq Ar element
2897 variable is assumed to exist whose contents will later be passed to a
2902 static_ndp_pairs="gw"
2903 static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2905 .It Va static_routes
2907 Set to the list of static routes that are to be added at system
2911 then for each whitespace separated
2914 .Va route_ Ns Aq Ar element
2915 variable is assumed to exist
2916 whose contents will later be passed to a
2921 static_routes="ext mcast:gif0 gif0local:gif0"
2922 route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2923 route_mcast="-net 224.0.0.0/4 -iface gif0"
2924 route_gif0local="-host 169.254.1.1 -iface lo0"
2931 the route is specific to the interface
2933 .It Va ipv6_static_routes
2935 The IPv6 equivalent of
2939 then for each whitespace separated
2942 .Va ipv6_route_ Ns Aq Ar element
2943 variable is assumed to exist
2944 whose contents will later be passed to a
2945 .Dq Nm route Cm add Fl inet6
2947 .It Va gateway_enable
2951 configure host to act as an IP router, e.g.\& to forward packets
2953 .It Va ipv6_gateway_enable
2955 The IPv6 equivalent of
2956 .Va gateway_enable .
2957 .It Va routed_enable
2961 run a routing daemon of some sort, based on the
2966 .It Va route6d_enable
2968 The IPv6 equivalent of
2972 run a routing daemon of some sort, based on the
2977 .It Va routed_program
2983 this is the name of the routing daemon to use.
2984 .It Va route6d_program
2986 The IPv6 equivalent of
2987 .Va routed_program .
2994 these are the flags to pass to the routing daemon.
2995 .It Va route6d_flags
2997 The IPv6 equivalent of
2999 .It Va rtadvd_enable
3005 daemon at boot time.
3008 utility sends ICMPv6 Router Advertisement messages to
3009 the interfaces specified in
3010 .Va rtadvd_interfaces .
3011 This should only be enabled with great care.
3012 You may want to fine-tune
3014 .It Va rtadvd_interfaces
3020 this is the list of interfaces to use.
3025 enable global proxy ARP.
3026 .It Va forward_sourceroute
3034 source-routed packets are forwarded.
3035 .It Va accept_sourceroute
3039 the system will accept source-routed packets directed at it.
3046 daemon at system boot time.
3053 these are the flags to pass to the
3056 .It Va bootparamd_enable
3062 daemon at system boot time.
3063 .It Va bootparamd_flags
3066 .Va bootparamd_enable
3069 these are the flags to pass to the
3072 .It Va stf_interface_ipv4addr
3076 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
3078 Specify this entry to enable the 6to4 interface.
3079 .It Va stf_interface_ipv4plen
3081 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
3082 An effective value is 0-31.
3083 .It Va stf_interface_ipv6_ifid
3085 IPv6 interface ID for
3089 .It Va stf_interface_ipv6_slaid
3091 IPv6 Site Level Aggregator for
3093 .It Va ipv6_ipv4mapping
3097 this enables IPv4 mapped IPv6 address communication (like
3098 .Li ::ffff:a.b.c.d ) .
3099 .It Va rtsold_enable
3105 daemon to send ICMPv6 Router Solicitation messages.
3112 these are the flags to pass to
3116 For interfaces configured with the
3117 .Dq Li inet6 accept_rtadv
3118 keyword, these are the flags to pass to
3123 is mutually exclusive to
3129 The keyboard bell sound.
3136 if the default behavior is desired.
3137 For details, refer to the
3142 If set to a non-null string, the virtual console's keyboard input is
3148 no keymap is installed, otherwise the value is used to install
3149 the keymap file found in
3150 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3153 .Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3158 The keyboard repeat speed.
3165 if the default behavior is desired.
3170 attempt to program the function keys with the value.
3172 be a single string of the form:
3173 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3176 Can be set to the value of
3179 .Dq Li destructive ,
3182 to set the cursor behavior explicitly or choose the default behavior.
3187 no screen map is installed, otherwise the value is used to install
3188 the screen map file in
3189 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3190 This parameter is ignored when using
3192 as the console driver.
3197 the default 8x16 font value is used for screen size requests, otherwise
3199 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3201 .Pa /usr/share/vt/fonts/ Ns Aq Ar value
3202 is used (depending on the console driver being used).
3207 the default 8x14 font value is used for screen size requests, otherwise
3209 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3211 .Pa /usr/share/vt/fonts/ Ns Aq Ar value
3212 is used (depending on the console driver being used).
3217 the default 8x8 font value is used for screen size requests, otherwise
3219 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3221 .Pa /usr/share/vt/fonts/ Ns Aq Ar value
3222 is used (depending on the console driver being used).
3227 the default screen blanking interval is used, otherwise it is set
3235 this is the actual screen saver to use
3236 .Li ( blank , snake , daemon ,
3238 .It Va moused_nondefault_enable
3242 the mouse device specified on
3243 the command line is not automatically treated as enabled by the
3244 .Pa /etc/rc.d/moused
3246 Having this variable set to
3252 to be enabled as soon as it is plugged in.
3253 .It Va moused_enable
3259 daemon is started for doing cut/paste selection on the console.
3262 This is the protocol type of the mouse connected to this host.
3263 This variable must be set if
3270 is able to detect the appropriate mouse type automatically in many cases.
3271 Set this variable to
3273 to let the daemon detect it, or
3274 select one from the following list if the automatic detection fails.
3276 If the mouse is attached to the PS/2 mouse port, choose
3280 regardless of the brand and model of the mouse.
3282 mouse is attached to the bus mouse port, choose
3286 All other protocols are for serial mice and will not work with
3287 the PS/2 and bus mice.
3288 If this is a USB mouse,
3290 is the only protocol type which will work.
3292 .Bl -tag -width ".Li x10mouseremote" -compact
3294 Microsoft mouse (serial)
3296 Microsoft IntelliMouse (serial)
3298 Mouse systems Corp.\& mouse (serial)
3300 MM Series mouse (serial)
3302 Logitech mouse (serial)
3306 Logitech MouseMan and TrackMan (serial)
3308 ALPS GlidePoint (serial)
3309 .It Li thinkingmouse
3310 Kensington ThinkingMouse (serial)
3314 MM HitTablet (serial)
3315 .It Li x10mouseremote
3316 X10 MouseRemote (serial)
3318 Interlink VersaPad (serial)
3321 Even if the mouse is not in the above list, it may be compatible
3322 with one in the list.
3323 Refer to the manual page for
3325 for compatibility information.
3327 It should also be noted that while this is enabled, any
3328 other client of the mouse (such as an X server) should access
3329 the mouse through the virtual mouse device,
3331 and configure it as a
3333 type mouse, since all
3334 mouse data is converted to this single canonical format when
3337 If the client program does not support the
3343 It is the second preferred type.
3350 this is the actual port the mouse is on.
3353 for a COM1 serial mouse, or
3355 for a PS/2 mouse, for example.
3360 is set, its value is used as an additional set of flags to pass to the
3363 .It Va "moused_" Ns Ar XXX Ns Va "_flags"
3365 .Va moused_nondefault_enable
3368 daemon is started for a non-default port, the
3369 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3370 set of options has precedence over and replaces the default
3374 is the name of the non-default port, i.e.,\&
3377 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3378 it is possible to set up a different set of default flags for each
3381 For example, you can use
3385 to make your laptop's touchpad more comfortable to use,
3386 but an empty set of options for
3387 .Va moused_ums0_flags
3390 mouse has three or more buttons.
3391 .It Va mousechar_start
3395 the default mouse cursor character range
3396 .Li 0xd0 Ns - Ns Li 0xd3
3398 otherwise the range start is set
3403 Use if the default range is occupied in the language code table.
3404 .It Va allscreens_flags
3408 is run with these options for each of the virtual terminals
3412 will enable the mouse pointer on all virtual terminals
3417 .It Va allscreens_kbdflags
3421 is run with these options for each of the virtual terminals
3429 scrollback (history) buffer to 200 lines.
3436 daemon at system boot time.
3442 .Pa /usr/sbin/cron ) .
3449 these are the flags to pass to
3455 enable the special handling of transitions to and from the
3456 Daylight Saving Time in
3458 (equivalent to using the flag
3465 .Pa /usr/sbin/lpd ) .
3472 daemon at system boot time.
3479 these are the flags to pass to the
3482 .It Va chkprintcap_enable
3488 command before starting the
3491 .It Va chkprintcap_flags
3496 .Va chkprintcap_enable
3499 these are the flags to pass to the
3504 which causes missing directories to be created.
3505 .It Va mta_start_script
3507 This variable specifies the full path to the script to run to start
3508 a mail transfer agent.
3510 .Pa /etc/rc.sendmail .
3514 .Pa /etc/rc.sendmail
3515 uses are documented in the
3520 Indicates the device (usually a swap partition) to which a crash dump
3521 should be written in the event of a system crash.
3522 If the value of this variable is
3524 the first suitable swap device listed in
3526 will be used as dump device.
3527 Otherwise, the value of this variable is passed as the argument to
3531 To disable crash dumps, set this variable to
3539 as the system dump device.
3542 When the system reboots after a crash and a crash dump is found on the
3543 device specified by the
3547 will save that crash dump and a copy of the kernel to the directory
3551 The default value is
3560 .It Va savecore_enable
3564 disable automatic extraction of the crash dump from the
3566 .It Va savecore_flags
3568 If crash dumps are enabled, these are the flags to pass to the
3575 to turn on user and group disk quotas on system startup via the
3577 command for all file systems marked as having quotas enabled in
3579 The kernel must be built with
3581 for disk quotas to function.
3586 to enable user and group disk quota checking via the
3589 .It Va quotacheck_flags
3599 these are the flags to pass to the
3604 which checks quotas for all file systems with quotas enabled in
3606 .It Va quotaon_flags
3612 these are the flags to pass to the
3617 which enables quotas for all file systems with quotas enabled in
3619 .It Va quotaoff_flags
3625 these are the flags to pass to the
3627 utility when shutting down the quota system.
3630 which disables quotas for all file systems with quotas enabled in
3632 .It Va accounting_enable
3636 to enable system accounting through the
3639 .It Va firstboot_sentinel
3641 This variable specifies the full path to a
3644 If a file exists with this path,
3648 keyword will be run on startup and the sentinel file will be deleted
3649 after the boot process completes.
3650 The sentinel file must be located on a writable file system which is
3651 mounted no later than
3652 .Va early_late_divider
3653 to function properly.
3660 to enable Linux/ELF binary emulation at system initial
3662 .It Va sysvipc_enable
3666 load System V IPC primitives at boot time.
3667 .It Va clear_tmp_enable
3678 to disable removing of X11 lock files,
3679 and the removal and (secure) recreation
3680 of the various socket directories for X11
3682 .It Va ldconfig_paths
3684 Set to the list of shared library paths to use with
3690 will always be added first, so they need not appear in this list.
3691 .It Va ldconfig32_paths
3693 Set to the list of 32-bit compatibility shared library paths to
3696 .It Va ldconfig_insecure
3700 utility normally refuses to use directories
3701 which are writable by anyone except root.
3702 Set this variable to
3704 to disable that security check during system startup.
3705 .It Va ldconfig_local_dirs
3707 Set to the list of local
3710 The names of all files in the directories listed will be
3711 passed as arguments to
3713 .It Va ldconfig_local32_dirs
3715 Set to the list of local 32-bit compatibility
3718 The names of all files in the directories listed will be
3719 passed as arguments to
3720 .Dq Nm ldconfig Fl 32 .
3721 .It Va kern_securelevel_enable
3725 to set the kernel security level at system startup.
3726 .It Va kern_securelevel
3728 The kernel security level to set at startup.
3729 The allowed range of
3731 ranges from \-1 (the compile time default) to 3 (the
3735 for the list of possible security levels and their effect
3736 on system operation.
3739 Path to the SSH server program
3740 .Pa ( /usr/sbin/sshd
3748 at system boot time.
3755 these are the flags to pass to the
3760 Path to the FTP server program
3761 .Pa ( /usr/libexec/ftpd
3769 as a stand-alone daemon at system boot time.
3776 these are the additional flags to pass to the
3779 .It Va watchdogd_enable
3785 daemon at boot time.
3786 This requires that the kernel have been compiled with a
3789 .It Va watchdogd_flags
3792 .Va watchdogd_enable
3795 these are the flags passed to the
3798 .It Va watchdogd_timeout
3801 .Va watchdogd_enable
3804 this is a timeout that will be used by the
3807 If this option is set, it overrides
3810 .Va watchdogd_flags .
3811 .It Va watchdogd_shutdown_timeout
3814 .Va watchdogd_enable
3817 this is a timeout that will be set by the
3819 daemon when it exits during the system shutdown.
3820 This timeout will not be set when returning to the single-user mode
3821 or when the watchdogd service is stopped individually using the
3823 command or the rc.d script.
3824 Note that the timeout will be applied if
3826 is stopped outside of
3829 If this option is set, it overrides
3832 .Va watchdogd_flags .
3833 .It Va devfs_rulesets
3835 List of files containing sets of rules for
3837 .It Va devfs_system_ruleset
3839 Rule name(s) to apply to the system
3842 .It Va devfs_set_rulesets
3844 Pairs of already-mounted
3846 directories and rulesets that should be applied to them.
3847 For example: /mount/dev=ruleset_name
3848 .It Va devfs_load_rulesets
3850 If set, always load the default rulesets listed in
3851 .Va devfs_rulesets .
3852 .It Va performance_cx_lowest
3854 CPU idle state to use while on AC power.
3859 should use the lowest power state available while
3861 indicates that the lowest latency state (less power savings) should be used.
3862 .It Va performance_cpu_freq
3864 CPU clock frequency to use while on AC power.
3869 should use the lowest frequency available while
3871 indicates that the highest frequency (less power savings) should be used.
3872 .It Va economy_cx_lowest
3874 CPU idle state to use when off AC power.
3879 should use the lowest power state available while
3881 indicates that the lowest latency state (less power savings) should be used.
3882 .It Va economy_cpu_freq
3884 CPU clock frequency to use when off AC power.
3889 should use the lowest frequency available while
3891 indicates that the highest frequency (less power savings) should be used.
3896 any configured jails will not be started.
3899 The configuration filename used by
3902 The default value is
3903 .Pa /etc/jail.conf .
3904 .Pa /etc/jail. Ns Ao Ar jname Ac Ns Va .conf
3906 .Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf
3907 will also be used if
3908 .Va Ao Ar jname Ac Va
3911 .It Va jail_parallel_start
3915 all configured jails will be started in the background (in parallel).
3919 When set, use as default value for
3920 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3925 A space-delimited list of jail names.
3926 When left empty, all of the
3928 instances defined in the configuration file are started.
3929 The names specified in this list control the jail startup order.
3931 instances missing from
3933 must be started manually.
3936 parameter in the configuration file may override this list.
3937 .It Va jail_reverse_stop
3941 all configured jails in
3943 are stopped in reverse order.
3944 .It Va jail_ Ns * variables
3945 Note that older releases supported per-jail configuration via
3949 hostname of a jail named
3951 was able to be set by
3952 .Li jail_vjail_hostname .
3953 These per-jail configuration variables are now obsolete in favor of
3956 For backward compatibility,
3957 when per-jail configuration variables are defined,
3959 configuration files are created as
3960 .Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf
3963 The following per-jail parameters are handled by
3965 script out of their corresponding
3968 In addition to them, parameters in
3969 .Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3970 will be added to the configuration file.
3971 They must be a semi-colon
3979 .Bl -tag -width "host.hostname" -offset indent
3982 .Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3983 .It Li host.hostname
3985 .Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3986 .It Li exec.consolelog
3988 .Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3989 The default value is
3990 .Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3993 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
3994 .It Li vnet.interface
3996 .Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
3999 parameter will be enabled and cannot be specified with
4000 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
4001 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4003 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4007 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
4010 .Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
4013 .Va jail_ Ns Ao Ar jname Ac Ns Va _fib
4016 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
4017 The parameter name was
4019 in some older releases.
4020 .It Li exec.prestart
4022 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
4023 .It Li exec.poststart
4025 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
4028 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
4031 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
4032 .It Li exec.poststop
4034 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
4037 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4039 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4040 contain IPv4 addresses
4043 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4045 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4046 contain IPv6 addresses
4049 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
4052 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
4053 .It Li devfs_ruleset
4055 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
4056 This must be an integer,
4058 .It Li mount.fdescfs
4060 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
4061 .It Li allow.set_hostname
4063 .Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
4064 .It Li allow.rawsocket
4066 .Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
4067 .It Li allow.sysvipc
4069 .Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
4071 .\" -----------------------------------------------------
4075 representing the entropy sources
4076 you wish to harvest.
4079 for more information.
4084 to disable caching entropy via
4086 Otherwise set to the directory
4087 in which the entropy files are stored.
4091 that regularly writes and rotates
4094 will be used at boot time.
4096 .Pa /var/db/entropy .
4101 to disable caching entropy through reboots.
4102 Otherwise set to the name
4103 of a file used to store cached entropy.
4104 This file should be located
4105 on a file system that is readable
4106 before all the volumes specified in
4113 .Pa /var/db/entropy-file
4114 is found it will also be used.
4115 This will be of some use to
4117 .It Va entropy_boot_file
4122 very early caching entropy
4124 Otherwise set to the filename
4126 very early reboot cached entropy.
4127 This file should be located where
4132 The default location is
4134 .It Va entropy_save_sz
4136 Size of the entropy cache files saved by
4139 .It Va entropy_save_num
4141 Number of entropy cache files to save by
4155 Configuration file for
4164 .Pa /var/run/dmesg.boot
4166 .It Va rcshutdown_timeout
4168 If set, start a watchdog timer in the background which will terminate
4172 has not completed within the specified time (in seconds).
4173 Notice that in addition to this soft timeout,
4175 also applies a hard timeout for the execution of
4177 This is configured via
4180 .Va kern.init_shutdown_timeout
4181 and defaults to 120 seconds.
4182 Setting the value of
4183 .Va rcshutdown_timeout
4184 to more than 120 seconds will have no effect until the
4187 .Va kern.init_shutdown_timeout
4189 .It Va virecover_enable
4193 to prevent the system from trying to
4194 recover pre-maturely terminated
4197 .It Va ugidfw_enable
4202 .Xr mac_bsdextended 4
4203 module upon system initialization and load a default
4205 .It Va bsdextended_script
4208 .Xr mac_bsdextended 4
4209 ruleset file to load.
4210 The default value of this variable is
4211 .Pa /etc/rc.bsdextended .
4212 .It Va newsyslog_enable
4219 .It Va newsyslog_flags
4222 .Va newsyslog_enable
4225 these are the flags to pass to the
4230 which causes log files flagged with a
4233 .It Va mdconfig_md Ns Aq Ar X
4243 must be specified and either a
4245 for malloc or swap backed
4253 .Va mdconfig_md Ns Aq Ar X
4254 variables are evaluated until one variable is unset or null.
4255 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4257 Optional arguments passed to
4263 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4265 An ownership specification passed to
4274 device and the mount point will be changed.
4275 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4277 A mode string passed to
4286 device and the mount point will be changed.
4287 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4289 Files to be copied to the mount point of the
4293 after it has been mounted.
4294 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4296 Command to execute after the specified
4301 Note that the command is passed to
4307 variables can be used to reference respectively the
4309 device and the mount point.
4314 one could set the following:
4316 mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4318 .It Va autobridge_interfaces
4320 Set to the list of bridge interfaces that will have newly arriving interfaces
4321 checked against to be automatically added.
4324 then for each whitespace separated
4327 .Va autobridge_ Ns Aq Ar element
4328 variable is assumed to exist which has a whitespace separated list of interface
4329 names to match, these names can use wildcards.
4332 autobridge_interfaces="bridge0"
4333 autobridge_bridge0="tap* dc0 vlan[345]"
4339 enable support for sound mixer.
4340 .It Va hcsecd_enable
4344 enable Bluetooth security daemon.
4345 .It Va hcsecd_config
4347 Configuration file for
4350 .Pa /etc/bluetooth/hcsecd.conf .
4355 enable Bluetooth Service Discovery Protocol daemon.
4363 .It Va sdpd_groupname
4367 group to run as after it initializes.
4370 .It Va sdpd_username
4374 user to run as after it initializes.
4377 .It Va bthidd_enable
4381 enable Bluetooth Human Interface Device daemon.
4382 .It Va bthidd_config
4384 Configuration file for
4387 .Pa /etc/bluetooth/bthidd.conf .
4390 Path to a file, where
4392 will store information about known HID devices.
4394 .Pa /var/db/bthidd.hids .
4395 .It Va rfcomm_pppd_server_enable
4399 enable Bluetooth RFCOMM PPP wrapper daemon.
4400 .It Va rfcomm_pppd_server_profile
4402 The name of the profile to use from
4403 .Pa /etc/ppp/ppp.conf .
4404 Multiple profiles can be specified here.
4405 Also used to specify per-profile overrides.
4406 When the profile name contains any of the characters
4408 they are translated to
4410 for the proposes of the override variable names.
4411 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4413 Overrides local address to listen on.
4419 The address can be specified as BD_ADDR or name.
4420 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4422 Overrides local RFCOMM channel to listen on.
4425 will listen on RFCOMM channel 1.
4426 Must set properly if multiple profiles used in the same time.
4427 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4431 if it should register Serial Port service on the specified RFCOMM channel.
4434 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4438 if it should register Dial-Up Networking service on the specified
4442 .It Va ubthidhci_enable
4446 change the USB Bluetooth controller from HID mode to HCI mode.
4447 You also need to specify the location of USB Bluetooth controller with the
4448 .Va ubthidhci_busnum
4452 .It Va ubthidhci_busnum
4453 Bus number where the USB Bluetooth controller is located.
4456 on your system to find this information.
4457 .It Va ubthidhci_addr
4458 Bus address of the USB Bluetooth controller.
4461 on your system to find this information.
4462 .It Va netwait_enable
4466 delays the start of network-reliant services until
4468 is up and ICMP packets to a destination defined in
4471 Link state is examined first, followed by
4473 an IP address to verify network usability.
4474 If no destination can be reached or timeouts are exceeded,
4475 network services are started anyway with no guarantee that
4476 the network is usable.
4477 Use of this variable requires both
4485 This variable contains a space-delimited list of IP addresses to
4487 DNS hostnames should not be used as resolution is not guaranteed
4488 to be functional at this point.
4489 If multiple IP addresses are specified,
4490 each will be tried until one is successful or the list is exhausted.
4491 .It Va netwait_timeout
4493 Indicates the total number of seconds to perform a
4495 against each IP address in
4497 at a rate of one ping per second.
4498 If any of the pings are successful,
4499 full network connectivity is considered reliable.
4504 Defines the name of the network interface on which watch for link.
4506 is used to monitor the interface, looking for
4507 .Dq Li status: no carrier .
4508 Once gone, the link is considered up.
4511 interface if desired.
4512 .It Va netwait_if_timeout
4514 Defines the total number of seconds to wait for link to become usable,
4515 polled at a 1-second interval.
4523 rules from the defined ruleset.
4524 The kernel must be built with
4527 .Cd "options RCTL" .
4533 This variables contains the
4539 A space-separated list of configuration files used by
4541 The default value is an empty string.
4542 .It Va autofs_enable
4552 daemons at boot time.
4553 .It Va automount_flags
4559 these are the flags to pass to the
4562 By default no flags are passed.
4563 .It Va automountd_flags
4569 these are the flags to pass to the
4572 By default no flags are passed.
4573 .It Va autounmountd_flags
4579 these are the flags to pass to the
4582 By default no flags are passed.
4589 daemon at boot time.
4590 .It Va iscsid_enable
4596 daemon at boot time.
4597 .It Va iscsictl_enable
4603 utility at boot time.
4604 .It Va iscsictl_flags
4610 these are the flags to pass to the
4615 which configures sessions based on the
4618 .It Va cfumass_enable
4622 create and export an USB LUN using
4627 The directory where the files exported by USB LUN are located.
4628 The default directory is
4630 .It Va service_delete_empty
4634 .Ql Li service delete
4638 .It Va zfs_bootonce_activate
4642 and a boot environment marked bootonce is successfully booted,
4643 it will be made permanently active.
4644 .It Va zfskeys_enable
4648 enable auto-loading of encryption keys for encrypted ZFS datasets.
4649 For every dataset the script will first load the appropriate encryption key
4650 and the attempt to unlock the dataset.
4652 The script operates only on datasets which are encrypted with
4653 ZFS native encryption
4656 dataset property beginning with
4658 .It Va zfskeys_datasets
4660 A whitespace-separated list of ZFS datasets to unlock.
4661 The list is empty by default,
4662 which means that the script will attempt to unlock all datasets.
4663 .It Va zfskeys_timeout
4665 Define the total number of seconds to wait for the zfskeys script
4666 to unlock an encrypted dataset.
4670 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4671 .It Pa /etc/defaults/rc.conf
4672 .It Pa /etc/defaults/vendor.conf
4674 .It Pa /etc/rc.conf.local
4706 .Xr newsyslog.conf 5 ,
4760 .Xr rpc.tlsclntd 8 ,
4761 .Xr rpc.tlsservd 8 ,
4785 .An Jordan K. Hubbard .
projects / FreeBSD / FreeBSD.git / blob