4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the system installation utility,
46 is not to run commands or perform system startup actions
48 Instead, it is included by the
49 various generic startup scripts in
51 which conditionalize their
52 internal actions according to the settings found there.
56 file is included from the file
57 .Pa /etc/defaults/rc.conf ,
58 which specifies the default settings for all the available options.
59 Options need only be specified in
61 when the system administrator wishes to override these defaults.
63 .Pa /etc/rc.conf.local
64 is used to override settings in
66 for historical reasons.
68 .Pa /etc/rc.conf.local
69 you can also place smaller configuration files for each
73 directory, which will be included by the
76 For jail configurations you could use the file
77 .Pa /etc/rc.conf.d/jail
78 to store jail specific configuration options.
84 .Dq Ar name Ns Li = Ns Ar value
88 The following list provides a name and short description for each
89 variable that can be set in the
92 .Bl -tag -width indent-two
97 enable output of debug messages from rc scripts.
98 This variable can be helpful in diagnosing mistakes when
99 editing or integrating new scripts.
100 Beware that this produces copious output to the terminal and
106 disable informational messages from the rc scripts.
107 Informational messages are displayed when
108 a condition that is not serious enough to warrant a warning or
116 when faststart is used (e.g., at boot time).
117 .It Va early_late_divider
119 The name of the script that should be used as the
120 delimiter between the
124 stages of the boot process.
125 The early stage should contain all the services needed to
126 get the disks (local or remote) mounted so that the late
127 stage can include scripts contained in the directories
130 variable (see below).
131 Thus, the two likely candidates for this value are
133 for the typical system, and
135 if the system needs remote file
136 systems mounted to get access to the
138 directories; for example when
146 is likely to be an appropriate value.
147 Extreme care should be taken when changing this value,
148 and before changing it one should ensure that there are
149 adequate provisions to recover from a failed boot
150 (such as physical contact with the machine,
151 or reliable remote console access).
152 .It Va always_force_depends
156 scripts use the force_depend function to check whether required
157 services are already running, and to start them if necessary.
158 By default during boot time this check is bypassed if the
159 required service is enabled in
160 .Pa /etc/rc.conf[.local] .
161 Setting this option will bypass that check at boot time and
162 always test whether or not the service is actually running.
163 Enabling this option is likely to increase your boot time if
164 services are enabled that utilize the force_depend check.
169 no swapfile is installed, otherwise the value is used as the full
170 pathname to a file to use for additional swap space.
175 enable support for Automatic Power Management with
183 to handle APM event from userland.
184 This also enables support for APM.
191 these are the flags to pass to the
198 to handle device added, removed or unknown events from the kernel.
205 scripts at boot time.
208 Configuration file for
214 A list of kernel modules to load right after the local
216 Loading modules at this point in the boot process is
217 much faster than doing it via
218 .Pa /boot/loader.conf
219 for those modules not necessary for mounting local disk.
220 .It Va kldxref_enable
227 to automatically rebuild
232 .It Va kldxref_clobber
242 will overwrite existing
249 .It Va kldxref_module_path
254 delimited list of paths containing
266 enable the system power control facility with the
275 these are the flags to pass to the
279 Controls the creation of a
282 Always happens if set to
284 and never happens if set to
286 If set to anything else, a memory file system is created if
290 Controls the size of a created
294 Extra options passed to the
296 utility when the memory file system for
301 which inhibits the use of softupdates on
303 so that file system space is freed without delay
304 after file truncation or deletion.
307 for other options you can use in
310 Controls the creation of a
313 Always happens if set to
315 and never happens if set to
317 If set to anything else, a memory file system is created if
321 Controls the size of a created
325 Extra options passed to the
327 utility when the memory file system for
332 which inhibits the use of softupdates on
334 so that file system space is freed without delay
335 after file truncation or deletion.
338 for other options you can use in
341 Controls the automatic population of the
344 Always happens if set to
346 and never happens if set to
348 If set to anything else, a memory file system is created if
351 Note that this process requires access to certain commands in
355 is mounted on normal systems.
356 .It Va cleanvar_enable
363 List of directories to search for startup script files.
364 .It Va script_name_sep
366 The field separator to use for breaking down the list of startup script files
367 into individual filenames.
368 The default is a space.
369 It is not necessary to change this unless there are startup scripts with names
371 .It Va hostapd_enable
380 The fully qualified domain name (FQDN) of this host on the network.
381 This should almost certainly be set to something meaningful, even if
382 there is no network connection.
385 is used to set the hostname via DHCP,
386 this variable should be set to an empty string.
387 If this value remains unset when the system is done booting
388 your console login will display the default hostname of
392 The NIS domain name of this host, or
395 .It Va dhclient_program
397 Path to the DHCP client program
398 .Pa ( /sbin/dhclient ,
403 .It Va dhclient_flags
405 Additional flags to pass to the DHCP client program.
410 manpage for a description of the command line options available.
411 .It Va dhclient_flags_ Ns Aq Ar iface
412 Additional flags to pass to the DHCP client program running on
415 When specified, this variable overrides
417 .It Va background_dhclient
421 to start the DHCP client in background.
422 This can cause trouble with applications depending on
423 a working network, but it will provide a faster startup
425 .It Va background_dhclient_ Ns Aq Ar iface
426 When specified, this variable overrides the
427 .Va background_dhclient
428 variable for interface
431 .It Va synchronous_dhclient
437 synchronously at startup.
438 This behavior can be overridden on a per-interface basis by replacing
442 .Va ifconfig_ Ns Aq Ar interface
447 .It Va defaultroute_delay
449 When set to a positive value, wait up to this long after configuring
450 DHCP interfaces at startup to give the interfaces time to receive a lease.
451 .It Va firewall_enable
455 to load firewall rules at startup.
456 If the kernel was not built with
457 .Cd "options IPFIREWALL" ,
460 kernel module will be loaded.
462 .Va ipfilter_enable .
463 .It Va firewall_script
465 This variable specifies the full path to the firewall script to run.
467 .Pa /etc/rc.firewall .
470 Names the firewall type from the selection in
471 .Pa /etc/rc.firewall ,
472 or the file which contains the local firewall ruleset.
473 Valid selections from
477 .Bl -tag -width ".Li simple" -compact
479 unrestricted IP access
481 all IP services disabled, except via
484 basic protection for a workstation
486 basic protection for a LAN.
489 If a filename is specified, the full path
491 .It Va firewall_quiet
495 to disable the display of firewall rules on the console during boot.
496 .It Va firewall_logging
500 to enable firewall event logging.
501 This is equivalent to the
502 .Dv IPFIREWALL_VERBOSE
504 .It Va firewall_logif
508 to create pseudo interface
511 For more details, see
514 .It Va firewall_flags
520 specifies a filename.
521 .It Va firewall_coscripts
523 List of executables and/or rc scripts to run after firewall starts/stops.
525 .\" ----- firewall_nat_enable setting --------------------------------
526 .It Va firewall_nat_enable
538 .It Va firewall_nat_interface
544 This is the name of the public interface or IP address on which
545 kernel NAT should run.
546 .It Va firewall_nat_flags
548 Additional configuration parameters for kernel NAT should be placed here.
549 .It Va dummynet_enable
553 will automatically load the
559 .\" -------------------------------------------------------------------
575 sockets must be enabled in the kernel.
576 If the kernel was not built with
577 .Cd "options IPDIVERT" ,
580 kernel module will be loaded.
581 .It Va natd_interface
583 This is the name of the public interface on which
586 The interface may be given as an interface name or as an IP address.
591 flags should be placed here.
596 flag is automatically added with the above
599 .\" ----- ipfilter_enable setting --------------------------------
600 .It Va ipfilter_enable
611 Typical usage will require putting
613 ipfilter_enable="YES"
631 can be enabled independently.
635 both require at least one of
645 options IPFILTER_DEFAULT_BLOCK
648 in the kernel configuration file is a good idea, too.
649 .\" ----- ipfilter_program setting ------------------------------
650 .It Va ipfilter_program
656 .\" ----- ipfilter_rules setting --------------------------------
657 .It Va ipfilter_rules
662 This variable contains the name of the filter rule definition file.
663 The file is expected to be readable for the
666 .\" ----- ipv6_ipfilter_rules setting ---------------------------
667 .It Va ipv6_ipfilter_rules
672 This variable contains the IPv6 filter rule definition file.
673 The file is expected to be readable for the
676 .\" ----- ipfilter_flags setting --------------------------------
677 .It Va ipfilter_flags
680 This variable contains flags passed to the
683 .\" ----- ipnat_enable setting ----------------------------------
693 network address translation.
696 for a detailed discussion.
697 .\" ----- ipnat_program setting ---------------------------------
704 .\" ----- ipnat_rules setting -----------------------------------
710 This variable contains the name of the file
711 holding the network address translation definition.
712 This file is expected to be readable for the
715 .\" ----- ipnat_flags setting -----------------------------------
719 This variable contains flags passed to the
722 .\" ----- ipmon_enable setting ----------------------------------
737 Setting this variable needs setting
744 for a detailed discussion.
745 .\" ----- ipmon_program setting ---------------------------------
752 .\" ----- ipmon_flags setting -----------------------------------
758 This variable contains flags passed to the
761 Another typical example would be
762 .Dq Fl D Pa /var/log/ipflog
765 log directly to a file bypassing
768 .Pa /etc/newsyslog.conf
769 in such case like this:
771 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
773 .\" ----- ipfs_enable setting -----------------------------------
783 saving the filter and NAT state tables during shutdown
784 and reloading them during startup again.
785 Setting this variable needs setting
794 for a detailed discussion.
800 because the raised securelevel will prevent
802 from saving the state tables at shutdown time.
803 .\" ----- ipfs_program setting ----------------------------------
810 .\" ----- ipfs_flags setting ------------------------------------
814 This variable contains flags passed to the
817 .\" ----- end of added ipf hook ---------------------------------
829 Typical usage will require putting
844 into the kernel, otherwise the
845 kernel module will be loaded.
850 ruleset configuration file
865 these flags are passed to the
867 program when loading the ruleset.
877 which logs packets from the
890 .Pa /var/log/pflog ) .
892 .Pa /etc/newsyslog.conf
893 to adjust logfile rotation for this.
903 This variable contains additional flags passed to the
906 .It Va ftpproxy_enable
917 packet filter in translating ftp connections.
918 .It Va ftpproxy_flags
921 This variable contains additional flags passed to the
933 state changes to other hosts over the network by means of
938 must also be set then.
939 .It Va pfsync_syncdev
942 This variable specifies the name of the network interface
944 should operate through.
945 It must be set accordingly if
949 .It Va pfsync_syncpeer
952 This variable is optional.
953 By default, state change messages are sent out on the synchronisation
954 interface using IP multicast packets.
955 The protocol is IP protocol 240, PFSYNC, and the multicast group used is
957 When a peer address is specified using the
959 option, the peer address is used as a destination for the pfsync
960 traffic, and the traffic can then be protected using
964 manpage for more details about using
969 .It Va pfsync_ifconfig
972 This variable can contain additional options to be passed to the
974 command used to set up
976 .It Va tcp_extensions
983 disables certain TCP options as described by
989 might help remedy such problems with connections as randomly hanging
990 or other weird behavior.
991 Some network devices are known
992 to be broken with respect to these options.
999 .Va net.inet.tcp.log_in_vain
1001 .Va net.inet.udp.log_in_vain ,
1006 are set to the given value.
1007 .It Va tcp_keepalive
1014 will disable probing idle TCP connections to verify that the
1015 peer is still up and reachable.
1016 .It Va tcp_drop_synfin
1023 will cause the kernel to ignore TCP frames that have both
1024 the SYN and FIN flags set.
1025 This prevents OS fingerprinting, but may
1026 break some legitimate applications.
1027 .It Va icmp_drop_redirect
1034 will cause the kernel to ignore ICMP REDIRECT packets.
1037 for more information.
1038 .It Va icmp_log_redirect
1045 will cause the kernel to log ICMP REDIRECT packets.
1047 the log messages are not rate-limited, so this option should only be used
1048 for troubleshooting networks.
1051 for more information.
1052 .It Va icmp_bmcastecho
1056 to respond to broadcast or multicast ICMP ping packets.
1059 for more information.
1060 .It Va ip_portrange_first
1064 this is the first port in the default portrange.
1067 for more information.
1068 .It Va ip_portrange_last
1072 this is the last port in the default portrange.
1075 for more information.
1076 .It Va network_interfaces
1078 Set to the list of network interfaces to configure on this host or
1080 (the default) for all current interfaces.
1082 .Va network_interfaces
1083 variable to anything other than the default is deprecated.
1084 Interfaces that the administrator wishes to store configuration for,
1085 but not start at boot should be configured with the
1088 .Va ifconfig_ Ns Aq Ar interface
1089 variables as described below.
1092 .Va ifconfig_ Ns Aq Ar interface
1093 variable is also assumed to exist for each value of
1095 When an interface name contains any of the characters
1097 they are translated to
1100 The variable can contain arguments to
1102 as well as special case-insensitive keywords described below.
1103 Such keywords are removed before passing the value to
1105 while the order of the other arguments is preserved.
1107 One can configure more than one IPv4 address with the
1108 .Va ipv4_addrs_ Ns Aq Ar interface
1110 One or more IP addresses must be provided in Classless Inter-Domain
1111 Routing (CIDR) address notation, whose last byte can be a range like
1113 In this case the address 192.0.2.5 will be configured with the
1114 netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1115 the non-conflicting netmask /32 as explained in the
1118 With the interface in question being
1120 an example could look like:
1122 ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28"
1125 It is also possible to add IP alias entries using
1130 Assuming that the interface in question was
1133 something like this:
1135 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1136 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1141 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1144 keyword that is found,
1145 its contents are passed to
1147 Execution stops at the first unsuccessful access, so if
1148 something like this is present:
1150 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1151 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1152 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1153 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1156 Then note that alias4 would
1158 be added since the search would
1159 stop with the missing
1162 Due to this difficult to manage behavior, the
1163 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1167 .Pa /etc/start_if. Ns Aq Ar interface
1168 file is present, it is read and executed by the
1171 before configuring the interface as specified in the
1172 .Va ifconfig_ Ns Aq Ar interface
1174 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1178 .Va vlans_ Ns Aq Ar interface
1182 interface will be created for each item in the list with the
1186 If a vlan interface's name is a number,
1187 then that number is used as the vlan tag and the new vlan interface is
1189 .Ar interface . Ns Ar tag .
1191 the vlan tag must be specified via a
1194 .Va create_args_ Ns Aq Ar interface
1197 To create a vlan device named
1201 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1204 ifconfig_em0_101="inet 192.0.2.1/24"
1207 To create a vlan device named
1211 with the vlan tag 102:
1214 create_args_myvlan="vlan 102"
1218 .Va wlans_ Ns Aq Ar interface
1222 interface will be created for each item in the list with the
1226 Further wlan cloning arguments may be passed to the
1229 command by setting the
1230 .Va create_args_ Ns Aq Ar interface
1234 devices must be created for each wireless devices as of
1240 may be specified with an
1241 .Va wlandebug_ Ns Aq Ar interface
1243 The contents of this variable will be passed directly to
1247 .Va ifconfig_ Ns Aq Ar interface
1248 contains the keyword
1250 then the interface will not be configured
1252 .Pa /etc/pccard_ether
1254 .Va network_interfaces
1258 It is possible to bring up an interface with DHCP by adding
1261 .Va ifconfig_ Ns Aq Ar interface
1263 For instance, to initialize the
1266 it is possible to use something like:
1271 Also, if you want to configure your wireless interface with
1272 .Xr wpa_supplicant 8
1273 for use with WPA, EAP/LEAP or WEP, you need to add
1276 .Va ifconfig_ Ns Aq Ar interface
1279 Finally, you can add
1281 options in this variable, in addition to the
1282 .Pa /etc/start_if. Ns Aq Ar interface
1284 For instance, to configure an
1286 wireless device in station mode with an address obtained
1287 via DHCP, using WPA authentication and 802.11b mode, it is
1288 possible to use something like:
1291 ifconfig_wlan0="DHCP WPA mode 11b"
1295 .Va ifconfig_ Ns Aq Ar interface
1296 form, a fallback variable
1297 .Va ifconfig_DEFAULT
1299 It will be used for all interfaces with no
1300 .Va ifconfig_ Ns Aq Ar interface
1302 This is intended to replace the no longer supported
1306 It is also possible to rename an interface by doing:
1308 ifconfig_ed0_name="net0"
1309 ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1313 This variable is deprecated.
1315 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1317 .Va ipv6_activate_all_interfaces
1322 .Dq Li inet6 accept_rtadv
1324 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1326 .Va ipv6_activate_all_interfaces
1331 This variable is deprecated.
1333 .Va ip6addrctl_policy
1338 the default address selection policy table set by
1340 will be IPv6-preferred.
1344 the default address selection policy table set by
1346 will be IPv4-preferred.
1347 .It Va ipv6_activate_all_interfaces
1349 This controls initial configuration on IPv6-capable
1350 interfaces with no corresponding
1351 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1353 Note that it is not always necessary to set this variable to
1355 to use IPv6 functionality on
1357 In most cases, just configuring
1358 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1363 all interfaces which do not have a corresponding
1364 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1365 variable will be marked as
1368 This means that all of IPv6 functionality on that interface
1369 is completely disabled to enforce a security policy.
1370 If the variable is set to
1372 the flag will be cleared on all of the interfaces.
1374 In most cases, just defining an
1375 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1376 for an IPv6-capable interface should be sufficient.
1377 However, if an interface is added dynamically
1378 .Pq by some tunneling protocols such as PPP, for example ,
1379 it is often difficult to define the variable in advance.
1380 In such a case, configuring the
1382 flag can be disabled by setting this variable to
1385 For more details of the
1388 .Dq Li inet6 ifdisabled ,
1398 privacy addresses will be generated for each IPv6
1399 interface as described in RFC 4941.
1400 .It Va ipv6_network_interfaces
1402 This is the IPv6 equivalent of
1403 .Va network_interfaces .
1404 Normally manual configuration of this variable is not needed.
1406 .It Va ipv6_cpe_wanif
1408 If the variable is set to an interface name,
1412 .Dq inet6 -no_radr accept_rtadv
1413 will be added to the specified interface automatically before evaluating
1414 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1418 .Va net.inet6.ip6.rfc6204w3
1420 .Va net.inet6.ip6.no_radr
1423 This means the specified interface will accept ICMPv6 Router
1424 Advertisement messages on that link and add the discovered
1425 routers into the Default Router List.
1426 While the other interfaces can still accept RA messages if the
1427 .Dq inet6 accept_rtadv
1428 option is specified, adding
1429 routes into the Default Router List will be disabled by
1436 Note that ICMPv6 Router Advertisement messages will be
1438 .Va net.inet6.ip6.forwarding
1440 .Pq packet forwarding is enabled
1442 .Va net.inet6.ip6.rfc6204w3
1447 .It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1449 IPv6 functionality on an interface should be configured by
1450 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1451 instead of setting ifconfig parameters in
1452 .Va ifconfig_ Ns Aq Ar interface .
1453 If this variable is empty, all of IPv6 configurations on the
1454 specified interface by other variables such as
1455 .Va ipv6_prefix_ Ns Ao Ar interface Ac
1458 Aliases should be set by
1459 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1465 ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1466 ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1469 Interfaces that have an
1470 .Dq Li inet6 accept_rtadv
1472 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1473 setting will be automatically configured by SLAAC
1474 .Pq StateLess Address AutoConfiguration
1480 Note that a link-local address will be automatically configured in
1481 addition to the configured global-scope addresses because the IPv6
1482 specifications require it on each link.
1483 The address is calculated from the MAC address by using an algorithm
1490 If only a link-local address is needed on the interface,
1491 the following configuration can be used:
1493 ifconfig_ed0_ipv6="inet6 auto_linklocal"
1496 A link-local address can also be configured manually.
1497 This is useful for the default router address of an IPv6 router
1498 so that it does not change when the network interface
1502 ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64"
1504 .It Va ipv6_prefix_ Ns Aq Ar interface
1506 If one or more prefixes are defined in
1507 .Va ipv6_prefix_ Ns Aq Ar interface
1508 addresses based on each prefix and the EUI-64 interface index will be
1509 configured on that interface.
1510 Note that this variable will be ignored when
1511 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1514 For example, the following configuration
1516 ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0"
1519 is equivalent to the following:
1521 ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1522 ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1523 ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1524 ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1527 These Subnet-Router anycast addresses will be added only when
1528 .Va ipv6_gateway_enable
1530 .It Va ipv6_default_interface
1534 this is the default output interface for scoped addresses.
1535 This works only with ipv6_gateway_enable="NO".
1536 .It Va ip6addrctl_enable
1538 This variable is to enable configuring default address selection policy table
1540 The table can be specified in another variable
1541 .Va ip6addrctl_policy .
1543 .Va ip6addrctl_policy
1544 the following keywords can be specified:
1545 .Dq Li ipv4_prefer ,
1546 .Dq Li ipv6_prefer ,
1556 installs a pre-defined policy table described in Section 2.1
1564 is specified, it attempts to read a file
1565 .Pa /etc/ip6addrctl.conf
1567 If this file is found,
1569 reads and installs it.
1570 If not found, a policy is automatically set
1572 .Va ipv6_activate_all_interfaces
1573 variable; if the variable is set to
1575 the IPv6-preferred one is used.
1576 Otherwise IPv4-preferred.
1578 The default value of
1579 .Va ip6addrctl_enable
1581 .Va ip6addrctl_policy
1587 .It Va cloned_interfaces
1589 Set to the list of clonable network interfaces to create on this host.
1590 Further cloning arguments may be passed to the
1593 command for each interface by setting the
1594 .Va create_args_ Ns Aq Ar interface
1597 .Va cloned_interfaces
1598 are automatically appended to
1599 .Va network_interfaces
1601 .It Va fec_interfaces
1605 Fast EtherChannel interfaces to configure on this host.
1607 .Va fecconfig_ Ns Aq Ar interface
1608 variable is assumed to exist for each value of
1610 The value of this variable is used to configure link aggregated interfaces
1611 according to the syntax of the
1612 .Cm NGM_FEC_ADD_IFACE
1616 Additionally, this option ensures that each listed interface is created
1621 before attempting to configure it.
1624 fec_interfaces="fec0"
1625 fecconfig_fec0="em0 em1"
1626 ifconfig_fec0="DHCP"
1628 .It Va gif_interfaces
1632 tunnel interfaces to configure on this host.
1634 .Va gifconfig_ Ns Aq Ar interface
1635 variable is assumed to exist for each value of
1637 The value of this variable is used to configure the link layer of the
1638 tunnel according to the syntax of the
1642 Additionally, this option ensures that each listed interface is created
1647 before attempting to configure it.
1648 .It Va sppp_interfaces
1652 interfaces to configure on this host.
1654 .Va spppconfig_ Ns Aq Ar interface
1655 variable is assumed to exist for each value of
1657 Each interface should also be configured by a general
1658 .Va ifconfig_ Ns Aq Ar interface
1662 for more information about available options.
1672 The name of the profile to use from
1673 .Pa /etc/ppp/ppp.conf .
1674 Also used for per-profile overrides of
1679 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1680 When the profile name contains any of the characters
1682 they are translated to
1684 for the proposes of the override variable names.
1687 Mode in which to run the
1690 .It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1692 Overrides the global
1702 See the manual for a full description.
1707 enables network address translation.
1708 Used in conjunction with
1710 allows hosts on private network addresses access to the Internet using
1711 this host as a network address translating router.
1712 .It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1714 Overrides the global
1718 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1720 Set the unit number to be used for this profile.
1721 See the manual description of
1726 The name of the user under which
1734 .It Va rc_conf_files
1736 This option is used to specify a list of files that will override
1738 .Pa /etc/defaults/rc.conf .
1739 The files will be read in the order in which they are specified and should
1740 include the full path to the file.
1741 By default, the files specified are
1744 .Pa /etc/rc.conf.local
1750 will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1752 .It Va gptboot_enable
1756 .Pa /etc/rc.d/gptboot
1757 will log if the system successfully (or not) booted from a GPT partition,
1763 .It Va gbde_autoattach_all
1768 will attempt to automatically initialize your .bde devices in
1772 List the devices that the script should try to attach,
1777 The directory where the
1779 lockfiles are located.
1780 The default lockfile directory is
1783 The lockfile for each individual
1785 device can be overridden by setting the variable
1786 .Va gbde_lock_ Ns Aq Ar device ,
1789 is the encrypted device without the
1794 .It Va gbde_attach_attempts
1796 Number of times to attempt attaching to a
1798 device, i.e., how many times the user is asked for the pass-phrase.
1802 List of devices to automatically attach on boot.
1803 Note that .eli devices from
1805 are automatically appended to this list.
1808 Number of times user is asked for the pass-phrase.
1809 If empty, it will be taken from
1810 .Va kern.geom.eli.tries
1812 .It Va geli_default_flags
1814 Default flags to use by
1816 when configuring disk encryption.
1817 Flags can be configured for every device separately by defining
1818 .Va geli_ Ns Ao Ar device Ac Ns Va _flags
1820 .It Va geli_autodetach
1822 Specifies if GELI devices should be marked for detach on last close after
1823 file systems are mounted.
1826 This can be changed for every device separately by defining
1827 .Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1829 .It Va geli_swap_flags
1830 Options passed to the
1832 utility when encrypted GEOM providers for swap partitions are created.
1834 .Dq Li "-e aes -l 256 -s 4096 -d" .
1835 .It Va root_rw_mount
1840 After the file systems are checked at boot time, the root file system
1841 is remounted as read-write if this is set to
1843 Diskless systems that mount their root file system from a read-only remote
1844 NFS share should set this to
1848 .It Va fsck_y_enable
1853 will be run with the
1855 flag if the initial preen
1856 of the file systems fails.
1857 .It Va background_fsck
1861 the system will attempt to run
1863 in the background where possible.
1864 .It Va background_fsck_delay
1866 The amount of time in seconds to sleep before starting a background
1868 It defaults to sixty seconds to allow large applications such as
1869 the X server to start before disk I/O bandwidth is monopolized by
1871 If set to a negative number, the background file system check will be
1872 delayed indefinitely to allow the administrator to run it at a more
1874 For example it may be run from
1876 by adding a line like
1878 .Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
1884 List of file system types that are network-based.
1885 This list should generally not be modified by end users.
1887 .Va extra_netfs_types
1889 .It Va extra_netfs_types
1891 If set to something other than
1894 this variable extends the list of file system types
1895 for which automatic mounting at startup by
1897 should be delayed until the network is initialized.
1899 a whitespace-separated list of network file system descriptor pairs,
1900 each consisting of a file system type as passed to
1902 and a human-readable, one-word description,
1905 Extending the default list in this way is only necessary
1906 when third party file system types are used.
1907 .It Va syslogd_enable
1914 .It Va syslogd_program
1919 .Pa /usr/sbin/syslogd ) .
1920 .It Va syslogd_flags
1926 these are the flags to pass to
1935 .It Va inetd_program
1940 .Pa /usr/sbin/inetd ) .
1947 these are the flags to pass to
1956 .It Va hastd_program
1968 these are the flags to pass to
1977 .It Va named_program
1982 .Pa /usr/sbin/named ) .
1987 configuration file, (default
1988 .Pa /etc/namedb/named.conf ) .
1995 these are the flags to pass to
2001 process should be run as.
2002 .It Va named_chrootdir
2004 The root directory for a name server run in a
2006 environment (default
2010 will not be run in a
2013 .It Va named_chroot_autoupdate
2017 to disable automatic update of the
2020 .It Va named_symlink_enable
2024 to disable symlinking of
2033 loop until working name service is established.
2034 .It Va named_wait_host
2036 Name of host to lookup for the named_wait option.
2038 .It Va named_auto_forward
2040 Set to enable automatic creation of a forwarder
2041 configuration file derived from
2042 .Pa /etc/resolv.conf .
2043 .It Va named_auto_forward_only
2045 Set to change the default forwarder configuration from
2049 .It Va kerberos5_server_enable
2053 to start a Kerberos 5 authentication server
2055 .It Va kerberos5_server
2058 .Va kerberos5_server_enable
2061 this is the path to Kerberos 5 Authentication Server.
2062 .It Va kerberos5_server_flags
2065 This variable contains additional flags to be passed to the Kerberos 5
2066 authentication server.
2067 .It Va kadmind5_server_enable
2073 the Kerberos 5 Administration Daemon; set to
2076 .It Va kadmind5_server
2079 .Va kadmind5_server_enable
2082 this is the path to Kerberos 5 Administration Daemon.
2083 .It Va kpasswdd_server_enable
2089 the Kerberos 5 Password-Changing Daemon; set to
2092 .It Va kpasswdd_server
2095 .Va kpasswdd_server_enable
2098 this is the path to Kerberos 5 Password-Changing Daemon.
2105 the Kerberos 5 ticket forwarding daemon, at the boot time.
2111 .Pa /usr/libexec/kfd ) .
2118 daemon at boot time.
2125 these are the flags to pass to it.
2132 daemon at boot time.
2139 these are the flags to pass to it.
2142 manpage for more information.
2143 .It Va amd_map_program
2146 the specified program is run to get the list of
2151 maps are stored in NIS, one can set this to
2164 will be updated at boot time to reflect the kernel release
2169 will not be updated.
2170 .It Va nfs_client_enable
2174 run the NFS client daemons at boot time.
2175 .It Va nfs_access_cache
2178 .Va nfs_client_enable
2183 to disable NFS ACCESS RPC caching, or to the number of seconds for which
2185 results should be cached.
2186 A value of 2-10 seconds will substantially reduce network
2187 traffic for many NFS operations.
2188 .It Va nfs_server_enable
2192 run the NFS server daemons at boot time.
2193 .It Va nfs_server_flags
2196 .Va nfs_server_enable
2199 these are the flags to pass to the
2202 .It Va nfsv4_server_enable
2205 .Va nfs_server_enable
2209 .Va nfsv4_server_enable
2212 enable the server for NFSv4 as well as NFSv2 and NFSv3.
2213 .It Va nfsuserd_enable
2219 run the nfsuserd daemon, which is needed for NFSv4 in order
2220 to map between user/group names vs uid/gid numbers.
2222 .Va nfsv4_server_enable
2225 this will be forced enabled.
2226 .It Va nfsuserd_flags
2232 these are the flags to pass to the
2235 .It Va nfscbd_enable
2241 run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2248 these are the flags to pass to the
2251 .It Va oldnfs_server_enable
2254 .Va oldnfs_server_enable
2257 force the NFS server daemons to run the old NFS server code
2258 that does not support NFSv4.
2259 .It Va mountd_enable
2264 .Va nfs_server_enable
2270 It is commonly needed to run CFS without real NFS used.
2277 these are the flags to pass to the
2280 .It Va weak_mountd_authentication
2284 allow services like PCNFSD to make non-privileged mount
2286 .It Va nfs_reserved_port_only
2290 provide NFS services only on a secure port.
2291 .It Va nfs_bufpackets
2293 If set to a number, indicates the number of packets worth of
2294 socket buffer space to reserve on an NFS client.
2295 The kernel default is typically 4.
2296 Using a higher number may be
2297 useful on gigabit networks to improve performance.
2298 The minimum value is
2299 2 and the maximum is 64.
2300 .It Va rpc_lockd_enable
2304 and also an NFS server or client, run
2307 .It Va rpc_lockd_flags
2310 .Va rpc_lockd_enable
2313 these are the flags to pass to the
2316 .It Va rpc_statd_enable
2320 and also an NFS server or client, run
2323 .It Va rpc_statd_flags
2326 .Va rpc_statd_enable
2329 these are the flags to pass to the
2332 .It Va rpcbind_program
2337 .Pa /usr/sbin/rpcbind ) .
2338 .It Va rpcbind_enable
2344 service at boot time.
2345 .It Va rpcbind_flags
2351 these are the flags to pass to the
2354 .It Va keyserv_enable
2360 daemon on boot for running Secure RPC.
2361 .It Va keyserv_flags
2367 these are the flags to pass to
2370 .It Va pppoed_enable
2376 daemon at boot time to provide PPP over Ethernet services.
2377 .It Va pppoed_ Ns Aq Ar provider
2380 listens to requests to this
2386 argument of the same name.
2389 Additional flags to pass to
2391 .It Va pppoed_interface
2393 The network interface to run
2396 This is mandatory when
2406 service at boot time.
2407 This command is intended for networks of
2408 machines where a consistent
2410 for all hosts must be established.
2411 This is often useful in large NFS
2412 environments where time stamps on files are expected to be consistent
2420 these are the flags to pass to the
2423 .It Va ntpdate_enable
2430 This command is intended to
2431 synchronize the system clock only
2433 from some standard reference.
2434 An option to set this up initially
2435 (from a list of known servers) is also provided by the
2437 program when the system is first installed.
2438 .It Va ntpdate_config
2440 Configuration file for
2444 .It Va ntpdate_hosts
2446 A whitespace-separated list of NTP servers to synchronize with at startup.
2447 The default is to use the servers listed in
2448 .Va ntpdate_config ,
2449 if that file exists.
2450 .It Va ntpdate_program
2455 .Pa /usr/sbin/ntpdate ) .
2456 .It Va ntpdate_flags
2462 these are the flags to pass to the
2464 command (typically a hostname).
2471 command at boot time.
2477 .Pa /usr/sbin/ntpd ) .
2491 these are the flags to pass to the
2494 .It Va ntpd_sync_on_start
2501 flag, which syncs the system's clock on startup.
2504 for more information regarding the
2507 This is a preferred alternative to using
2512 .It Va nis_client_enable
2518 service at system boot time.
2519 .It Va nis_client_flags
2522 .Va nis_client_enable
2525 these are the flags to pass to the
2528 .It Va nis_ypset_enable
2534 daemon at system boot time.
2535 .It Va nis_ypset_flags
2538 .Va nis_ypset_enable
2541 these are the flags to pass to the
2544 .It Va nis_server_enable
2550 daemon at system boot time.
2551 .It Va nis_server_flags
2554 .Va nis_server_enable
2557 these are the flags to pass to the
2560 .It Va nis_ypxfrd_enable
2566 daemon at system boot time.
2567 .It Va nis_ypxfrd_flags
2570 .Va nis_ypxfrd_enable
2573 these are the flags to pass to the
2576 .It Va nis_yppasswdd_enable
2582 daemon at system boot time.
2583 .It Va nis_yppasswdd_flags
2586 .Va nis_yppasswdd_enable
2589 these are the flags to pass to the
2592 .It Va rpc_ypupdated_enable
2598 daemon at system boot time.
2599 .It Va bsnmpd_enable
2605 daemon at system boot time.
2606 Be sure to understand the security implications of running SNMP daemon
2614 these are the flags to pass to the
2617 .It Va defaultrouter
2621 create a default route to this host name or IP address
2622 (use an IP address if this router is also required to get to the
2624 .It Va ipv6_defaultrouter
2626 The IPv6 equivalent of
2628 .It Va static_arp_pairs
2630 Set to the list of static ARP pairs that are to be added at system
2632 For each whitespace separated
2635 .Va static_arp_ Ns Aq Ar element
2636 variable is assumed to exist whose contents will later be passed to a
2641 static_arp_pairs="gw"
2642 static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2644 .It Va static_ndp_pairs
2646 Set to the list of static NDP pairs that are to be added at system
2648 For each whitespace separated
2651 .Va static_ndp_ Ns Aq Ar element
2652 variable is assumed to exist whose contents will later be passed to a
2657 static_ndp_pairs="gw"
2658 static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2660 .It Va static_routes
2662 Set to the list of static routes that are to be added at system
2666 then for each whitespace separated
2669 .Va route_ Ns Aq Ar element
2670 variable is assumed to exist
2671 whose contents will later be passed to a
2676 static_routes="mcast gif0local"
2677 route_mcast="-net 224.0.0.0/4 -iface gif0"
2678 route_gif0local="-host 169.254.1.1 -iface lo0"
2680 .It Va ipv6_static_routes
2682 The IPv6 equivalent of
2686 then for each whitespace separated
2689 .Va ipv6_route_ Ns Aq Ar element
2690 variable is assumed to exist
2691 whose contents will later be passed to a
2692 .Dq Nm route Cm add Fl inet6
2694 .It Va natm_static_routes
2700 If not empty then for each whitespace separated
2703 .Va route_ Ns Aq Ar element
2704 variable is assumed to exist whose contents will later be passed to a
2705 .Dq Nm atmconfig Cm natm Cm add
2707 .It Va gateway_enable
2711 configure host to act as an IP router, e.g.\& to forward packets
2713 .It Va ipv6_gateway_enable
2715 The IPv6 equivalent of
2716 .Va gateway_enable .
2717 .It Va routed_enable
2721 run a routing daemon of some sort, based on the
2726 .It Va route6d_enable
2728 The IPv6 equivalent of
2732 run a routing daemon of some sort, based on the
2737 .It Va routed_program
2743 this is the name of the routing daemon to use.
2744 .It Va route6d_program
2746 The IPv6 equivalent of
2747 .Va routed_program .
2754 these are the flags to pass to the routing daemon.
2755 .It Va route6d_flags
2757 The IPv6 equivalent of
2759 .It Va mrouted_enable
2763 run the multicast routing daemon,
2765 .It Va mroute6d_enable
2767 The IPv6 equivalent of
2768 .Va mrouted_enable .
2771 run the IPv6 multicast routing daemon.
2773 Note that multicast routing daemons are no longer included in the
2775 base system, however, both
2779 may be installed from the
2782 .It Va mrouted_flags
2788 these are the flags to pass to the
2791 .It Va mroute6d_flags
2793 The IPv6 equivalent of
2799 these are the flags passed to the IPv6 multicast routing daemon.
2800 .It Va mroute6d_program
2806 this is the path to the IPv6 multicast routing daemon.
2807 .It Va rtadvd_enable
2813 daemon at boot time.
2816 utility sends ICMPv6 Router Advertisement messages to
2817 the interfaces specified in
2818 .Va rtadvd_interfaces .
2819 This should only be enabled with great care.
2820 You may want to fine-tune
2822 .It Va rtadvd_interfaces
2828 this is the list of interfaces to use.
2829 .It Va ipxgateway_enable
2833 enable the routing of IPX traffic.
2834 .It Va ipxrouted_enable
2840 daemon at system boot time.
2841 .It Va ipxrouted_flags
2844 .Va ipxrouted_enable
2847 these are the flags to pass to the
2854 enable global proxy ARP.
2855 .It Va forward_sourceroute
2863 source-routed packets are forwarded.
2864 .It Va accept_sourceroute
2868 the system will accept source-routed packets directed at it.
2875 daemon at system boot time.
2882 these are the flags to pass to the
2885 .It Va bootparamd_enable
2891 daemon at system boot time.
2892 .It Va bootparamd_flags
2895 .Va bootparamd_enable
2898 these are the flags to pass to the
2901 .It Va stf_interface_ipv4addr
2905 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2907 Specify this entry to enable the 6to4 interface.
2908 .It Va stf_interface_ipv4plen
2910 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2911 An effective value is 0-31.
2912 .It Va stf_interface_ipv6_ifid
2914 IPv6 interface ID for
2918 .It Va stf_interface_ipv6_slaid
2920 IPv6 Site Level Aggregator for
2922 .It Va ipv6_faith_prefix
2926 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
2931 .It Va ipv6_ipv4mapping
2935 this enables IPv4 mapped IPv6 address communication (like
2936 .Li ::ffff:a.b.c.d ) .
2937 .It Va rtsold_enable
2943 daemon to send ICMPv6 Router Solicitation messages.
2950 these are the flags to pass to
2954 For interfaces configured with the
2955 .Dq Li inet6 accept_rtadv
2956 keyword, these are the flags to pass to
2961 is mutually exclusive to
2969 to enable the configuration of ATM interfaces at system boot time.
2970 For all of the ATM variables described below, please refer to the
2972 manual page for further details on the available command parameters.
2973 Also refer to the files in
2974 .Pa /usr/share/examples/atm
2975 for more detailed configuration information.
2978 This is a list of physical ATM interface drivers to load.
2983 .It Va atm_netif_ Ns Aq Ar intf
2985 For the ATM physical interface
2987 this variable defines the name prefix and count for the ATM network
2988 interfaces to be created.
2989 The value will be passed as the parameters of an
2990 .Dq Nm atm Cm "set netif" Ar intf
2992 .It Va atm_sigmgr_ Ns Aq Ar intf
2994 For the ATM physical interface
2996 this variable defines the ATM signalling manager to be used.
2997 The value will be passed as the parameters of an
2998 .Dq Nm atm Cm attach Ar intf
3000 .It Va atm_prefix_ Ns Aq Ar intf
3002 For the ATM physical interface
3004 this variable defines the NSAP prefix for interfaces using a UNI signalling
3008 the prefix will automatically be set via the
3011 Otherwise, the value will be passed as the parameters of an
3012 .Dq Nm atm Cm "set prefix" Ar intf
3014 .It Va atm_macaddr_ Ns Aq Ar intf
3016 For the ATM physical interface
3018 this variable defines the MAC address for interfaces using a UNI signalling
3022 the hardware MAC address contained in the ATM interface card will be used.
3023 Otherwise, the value will be passed as the parameters of an
3024 .Dq Nm atm Cm "set mac" Ar intf
3026 .It Va atm_arpserver_ Ns Aq Ar netif
3028 For the ATM network interface
3030 this variable defines the ATM address for a host which is to provide ATMARP
3032 This variable is only applicable to interfaces using a UNI signalling
3036 this host will become an ATMARP server.
3037 The value will be passed as the parameters of an
3038 .Dq Nm atm Cm "set arpserver" Ar netif
3040 .It Va atm_scsparp_ Ns Aq Ar netif
3044 SCSP/ATMARP service for the network interface
3046 will be initiated using the
3051 This variable is only applicable if
3052 .Va atm_arpserver_ Ns Aq Ar netif
3057 Set to the list of ATM PVCs to be added at system
3059 For each whitespace separated
3062 .Va atm_pvc_ Ns Aq Ar element
3063 variable is assumed to exist.
3064 The value of each of these variables
3065 will be passed as the parameters of an
3066 .Dq Nm atm Cm "add pvc"
3070 Set to the list of permanent ATM ARP entries to be added
3071 at system boot time.
3072 For each whitespace separated
3075 .Va atm_arp_ Ns Aq Ar element
3076 variable is assumed to exist.
3077 The value of each of these variables
3078 will be passed as the parameters of an
3079 .Dq Nm atm Cm "add arp"
3081 .It Va natm_interfaces
3085 interfaces that will also be used for HARP through
3087 If this list is not empty all interfaces in the list will be brought up
3093 For this to work the interface drivers must be either compiled into the
3094 kernel or must reside on the root partition.
3097 The keyboard bell sound.
3104 if the default behavior is desired.
3105 For details, refer to the
3110 If set to a non-null string, the virtual console's keyboard input is
3116 no keymap is installed, otherwise the value is used to install
3118 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
3121 The keyboard repeat speed.
3128 if the default behavior is desired.
3133 attempt to program the function keys with the value.
3135 be a single string of the form:
3136 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3139 Can be set to the value of
3142 .Dq Li destructive ,
3145 to set the cursor behavior explicitly or choose the default behavior.
3150 no screen map is installed, otherwise the value is used to install
3151 the screen map file in
3152 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3157 the default 8x16 font value is used for screen size requests, otherwise
3159 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3165 the default 8x14 font value is used for screen size requests, otherwise
3167 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3173 the default 8x8 font value is used for screen size requests, otherwise
3175 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3181 the default screen blanking interval is used, otherwise it is set
3189 this is the actual screen saver to use
3190 .Li ( blank , snake , daemon ,
3192 .It Va moused_nondefault_enable
3196 the mouse device specified on
3197 the command line is not automatically treated as enabled by the
3198 .Pa /etc/rc.d/moused
3200 Having this variable set to
3206 to be enabled as soon as it is plugged in.
3207 .It Va moused_enable
3213 daemon is started for doing cut/paste selection on the console.
3216 This is the protocol type of the mouse connected to this host.
3217 This variable must be set if
3224 is able to detect the appropriate mouse type automatically in many cases.
3225 Set this variable to
3227 to let the daemon detect it, or
3228 select one from the following list if the automatic detection fails.
3230 If the mouse is attached to the PS/2 mouse port, choose
3234 regardless of the brand and model of the mouse.
3236 mouse is attached to the bus mouse port, choose
3240 All other protocols are for serial mice and will not work with
3241 the PS/2 and bus mice.
3242 If this is a USB mouse,
3244 is the only protocol type which will work.
3246 .Bl -tag -width ".Li x10mouseremote" -compact
3248 Microsoft mouse (serial)
3250 Microsoft IntelliMouse (serial)
3252 Mouse systems Corp.\& mouse (serial)
3254 MM Series mouse (serial)
3256 Logitech mouse (serial)
3260 Logitech MouseMan and TrackMan (serial)
3262 ALPS GlidePoint (serial)
3263 .It Li thinkingmouse
3264 Kensington ThinkingMouse (serial)
3268 MM HitTablet (serial)
3269 .It Li x10mouseremote
3270 X10 MouseRemote (serial)
3272 Interlink VersaPad (serial)
3275 Even if the mouse is not in the above list, it may be compatible
3276 with one in the list.
3277 Refer to the manual page for
3279 for compatibility information.
3281 It should also be noted that while this is enabled, any
3282 other client of the mouse (such as an X server) should access
3283 the mouse through the virtual mouse device,
3285 and configure it as a
3287 type mouse, since all
3288 mouse data is converted to this single canonical format when
3291 If the client program does not support the
3297 It is the second preferred type.
3304 this is the actual port the mouse is on.
3307 for a COM1 serial mouse,
3311 for a bus mouse, for example.
3316 is set, its value is used as an additional set of flags to pass to the
3319 .It Va "moused_" Ns Ar XXX Ns Va "_flags"
3321 .Va moused_nondefault_enable
3324 daemon is started for a non-default port, the
3325 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3326 set of options has precedence over and replaces the default
3330 is the name of the non-default port, i.e.,\&
3333 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3334 it is possible to set up a different set of default flags for each
3337 For example, you can use
3341 to make your laptop's touchpad more comfortable to use,
3342 but an empty set of options for
3343 .Va moused_ums0_flags
3346 mouse has three or more buttons.
3347 .It Va mousechar_start
3351 the default mouse cursor character range
3352 .Li 0xd0 Ns - Ns Li 0xd3
3354 otherwise the range start is set
3359 Use if the default range is occupied in the language code table.
3360 .It Va allscreens_flags
3364 is run with these options for each of the virtual terminals
3368 will enable the mouse pointer on all virtual terminals
3373 .It Va allscreens_kbdflags
3377 is run with these options for each of the virtual terminals
3383 scrollback (history) buffer to 200 lines.
3390 daemon at system boot time.
3396 .Pa /usr/sbin/cron ) .
3403 these are the flags to pass to
3409 enable the special handling of transitions to and from the
3410 Daylight Saving Time in
3412 (equivalent to using the flag
3419 .Pa /usr/sbin/lpd ) .
3426 daemon at system boot time.
3433 these are the flags to pass to the
3436 .It Va chkprintcap_enable
3442 command before starting the
3445 .It Va chkprintcap_flags
3450 .Va chkprintcap_enable
3453 these are the flags to pass to the
3458 which causes missing directories to be created.
3459 .It Va mta_start_script
3461 This variable specifies the full path to the script to run to start
3462 a mail transfer agent.
3464 .Pa /etc/rc.sendmail .
3468 .Pa /etc/rc.sendmail
3469 uses are documented in the
3474 Indicates the device (usually a swap partition) to which a crash dump
3475 should be written in the event of a system crash.
3476 If the value of this variable is
3478 the first suitable swap device listed in
3480 will be used as dump device.
3481 Otherwise, the value of this variable is passed as the argument to
3483 To disable crash dumps, set this variable to
3487 When the system reboots after a crash and a crash dump is found on the
3488 device specified by the
3492 will save that crash dump and a copy of the kernel to the directory
3496 The default value is
3505 .It Va savecore_flags
3507 If crash dumps are enabled, these are the flags to pass to the
3514 to turn on user and group disk quotas on system startup via the
3516 command for all file systems marked as having quotas enabled in
3518 The kernel must be built with
3520 for disk quotas to function.
3525 to enable user and group disk quota checking via the
3528 .It Va quotacheck_flags
3538 these are the flags to pass to the
3543 which checks quotas for all file systems with quotas enabled in
3545 .It Va quotaon_flags
3551 these are the flags to pass to the
3556 which enables quotas for all file systems with quotas enabled in
3558 .It Va quotaoff_flags
3564 these are the flags to pass to the
3566 utility when shutting down the quota system.
3569 which disables quotas for all file systems with quotas enabled in
3571 .It Va accounting_enable
3575 to enable system accounting through the
3582 to enable iBCS2 (SCO) binary emulation at system initial boot
3584 .It Va ibcs2_loaders
3592 this specifies a list of additional iBCS2 loaders to enable.
3597 to enable Linux/ELF binary emulation at system initial
3603 enable SysVR4 emulation at boot time.
3604 .It Va sysvipc_enable
3608 load System V IPC primitives at boot time.
3609 .It Va clear_tmp_enable
3620 to disable removing of X11 lock files,
3621 and the removal and (secure) recreation
3622 of the various socket directories for X11
3624 .It Va ldconfig_paths
3626 Set to the list of shared library paths to use with
3630 will always be added first, so it need not appear in this list.
3631 .It Va ldconfig32_paths
3633 Set to the list of 32-bit compatibility shared library paths to
3636 .It Va ldconfig_paths_aout
3638 Set to the list of shared library paths to use with
3643 .It Va ldconfig_insecure
3647 utility normally refuses to use directories
3648 which are writable by anyone except root.
3649 Set this variable to
3651 to disable that security check during system startup.
3652 .It Va ldconfig_local_dirs
3654 Set to the list of local
3657 The names of all files in the directories listed will be
3658 passed as arguments to
3660 .It Va ldconfig_local32_dirs
3662 Set to the list of local 32-bit compatibility
3665 The names of all files in the directories listed will be
3666 passed as arguments to
3667 .Dq Nm ldconfig Fl 32 .
3668 .It Va kern_securelevel_enable
3672 to set the kernel security level at system startup.
3673 .It Va kern_securelevel
3675 The kernel security level to set at startup.
3676 The allowed range of
3678 ranges from \-1 (the compile time default) to 3 (the
3682 for the list of possible security levels and their effect
3683 on system operation.
3686 Path to the SSH server program
3687 .Pa ( /usr/sbin/sshd
3695 at system boot time.
3702 these are the flags to pass to the
3707 Path to the FTP server program
3708 .Pa ( /usr/libexec/ftpd
3716 as a stand-alone daemon at system boot time.
3723 these are the additional flags to pass to the
3726 .It Va watchdogd_enable
3732 daemon at boot time.
3733 This requires that the kernel have been compiled with a
3736 .It Va watchdogd_flags
3739 .Va watchdogd_enable
3742 these are the flags passed to the
3745 .It Va devfs_rulesets
3747 List of files containing sets of rules for
3749 .It Va devfs_system_ruleset
3751 Rule name(s) to apply to the system
3754 .It Va devfs_set_rulesets
3756 Pairs of already-mounted
3758 directories and rulesets that should be applied to them.
3759 For example: /mount/dev=ruleset_name
3760 .It Va devfs_load_rulesets
3762 If set, always load the default rulesets listed in
3763 .Va devfs_rulesets .
3764 .It Va performance_cx_lowest
3766 CPU idle state to use while on AC power.
3771 should use the lowest power state available while
3773 indicates that the lowest latency state (less power savings) should be used.
3774 .It Va performance_cpu_freq
3776 CPU clock frequency to use while on AC power.
3781 should use the lowest frequency available while
3783 indicates that the highest frequency (less power savings) should be used.
3784 .It Va economy_cx_lowest
3786 CPU idle state to use when off AC power.
3791 should use the lowest power state available while
3793 indicates that the lowest latency state (less power savings) should be used.
3794 .It Va economy_cpu_freq
3796 CPU clock frequency to use when off AC power.
3801 should use the lowest frequency available while
3803 indicates that the highest frequency (less power savings) should be used.
3808 any configured jails will not be started.
3809 .It Va jail_parallel_start
3813 all configured jails will be started in the background (in parallel).
3816 A space separated list of names for jails.
3817 This is purely a configuration aid to help identify and
3818 configure multiple jails.
3819 The names specified in this list will be used to
3820 identify settings common to an instance of a jail,
3821 and should contain alphanumeric characters only.
3822 Assuming that the jail in question was named
3824 you would have the following dependent variables:
3826 jail_vjail_hostname="jail.example.com"
3827 jail_vjail_ip="192.0.2.100"
3828 jail_vjail_rootdir="/var/jails/vjail/root"
3834 When set, use as default value for
3835 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3838 .It Va jail_interface
3841 When set, use as default value for
3842 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3848 When set, use as default value for
3849 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3852 .It Va jail_mount_enable
3860 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3863 by default for every jail in
3865 .It Va jail_devfs_ruleset
3869 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3870 to given value for every jail in
3872 .It Va jail_devfs_enable
3880 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3883 by default for every jail in
3885 .It Va jail_fdescfs_enable
3893 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3896 by default for every jail in
3898 .It Va jail_procfs_enable
3906 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3909 by default for every jail in
3911 .It Va jail_exec_prestart Ns Aq Ar N
3914 When set, use as default value for
3915 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N
3918 .It Va jail_exec_start
3921 When set, use as default value for
3922 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3925 .It Va jail_exec_afterstart Ns Aq Ar N
3928 When set, use as default value for
3929 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3932 .It Va jail_exec_poststart Ns Aq Ar N
3935 When set, use as default value for
3936 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N
3939 .It Va jail_exec_prestop Ns Aq Ar N
3942 When set, use as default value for
3943 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N
3946 .It Va jail_exec_stop
3948 When set, use as default value for
3949 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3952 .It Va jail_exec_poststop Ns Aq Ar N
3955 When set, use as default value for
3956 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N
3959 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3962 Set to the root directory used by jail
3964 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3967 Set to the fully qualified domain name (FQDN) assigned to jail
3969 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3972 Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail.
3973 The argument can be a sole address or a comma separated list of addresses.
3974 Additionally each address can be prefixed by the name of an interface
3975 followed by a pipe to overwrite
3976 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3979 and/or suffixed by a netmask, prefixlen or prefix.
3980 In case no netmask, prefixlen or prefix is given,
3982 will be used for IPv4 and
3984 will be used for an IPv6 address.
3985 If no address is given for the jail then the jail will be started with
3986 no networking support.
3987 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3990 Set additional IPv4 and/or IPv6 address(es) assigned to the jail.
3991 The sequence starts with
3993 and the numbers have to be strictly ascending.
3994 These entries follow the same syntax as their primary
3995 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3997 The order of the entries can be important as the first address for
3998 each address family found will be the primary address of the jail.
4004 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
4009 These are flags to pass to
4011 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
4014 When set, sets the interface to use when setting IP address alias.
4015 Note that the alias is created at jail startup and removed at jail shutdown.
4016 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fib
4019 When set, the jail is started with the specified forwarding table (sometimes
4020 referred to as a routing table) via
4022 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
4025 .Pa /etc/fstab. Ns Aq Ar jname
4027 This is the file system information file to use for jail
4029 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
4036 mount all file systems from
4037 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
4039 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
4042 When set, defines the device file system ruleset file to use for jail
4044 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
4051 mount the device file system inside jail
4054 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
4061 mount the file-descriptor file system inside jail
4064 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
4071 mount the process file system inside jail
4074 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N
4077 This is the command run as
4080 before jail startup, where
4083 It is run outside the jail.
4084 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
4087 .Dq Li /bin/sh /etc/rc
4089 This is the command executed in a jail at jail startup.
4090 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
4093 This is the command run as
4097 after jail startup, where
4100 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N
4103 This is the command run as
4106 after jail startup, where
4109 It is run outside the jail.
4110 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N
4113 This is the command run as
4116 before jail shutdown, where
4119 It is run outside the jail.
4120 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
4123 .Dq Li /bin/sh /etc/rc.shutdown
4125 This is the command executed in a jail at jail shutdown.
4126 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N
4129 This is the command run as
4132 after jail shutdown, where
4135 It is run outside the jail.
4136 .It Va jail_set_hostname_allow
4140 do not allow the root user in a jail to set its hostname.
4141 .It Va jail_socket_unixiproute_only
4145 do not allow any sockets,
4146 besides UNIX/IP/route sockets,
4147 to be used within a jail.
4148 .It Va jail_sysvipc_allow
4152 allow applications within a jail to use System V IPC.
4153 .\" -----------------------------------------------------
4154 .It Va harvest_interrupt
4158 to use hardware interrupts as an entropy source.
4161 for more information.
4162 .It Va harvest_ethernet
4166 to use LAN traffic as an entropy source.
4169 for more information.
4170 .It Va harvest_p_to_p
4174 to use serial line traffic as an entropy source.
4177 for more information.
4182 to disable caching entropy via
4184 Otherwise set to the directory used to store entropy files in.
4189 to disable caching entropy through reboots.
4190 Otherwise set to the filename used to store cached entropy through
4192 This file should be located on the root file system to seed the
4194 device as early as possible in the boot process.
4195 .It Va entropy_save_sz
4197 Size of the entropy cache files saved by
4200 .It Va entropy_save_num
4202 Number of entropy cache files to save by
4216 Configuration file for
4225 .Pa /var/run/dmesg.boot
4227 .It Va rcshutdown_timeout
4229 If set, start a watchdog timer in the background which will terminate
4233 has not completed within the specified time (in seconds).
4234 Notice that in addition to this soft timeout,
4236 also applies a hard timeout for the execution of
4238 This is configured via
4241 .Va kern.init_shutdown_timeout
4242 and defaults to 120 seconds.
4243 Setting the value of
4244 .Va rcshutdown_timeout
4245 to more than 120 seconds will have no effect until the
4248 .Va kern.init_shutdown_timeout
4250 .It Va virecover_enable
4254 to prevent the system from trying to
4255 recover pre-maturely terminated
4258 .It Va ugidfw_enable
4263 .Xr mac_bsdextended 4
4264 module upon system initialization and load a default
4266 .It Va bsdextended_script
4269 .Xr mac_bsdextended 4
4270 ruleset file to load.
4271 The default value of this variable is
4272 .Pa /etc/rc.bsdextended .
4273 .It Va newsyslog_enable
4280 .It Va newsyslog_flags
4283 .Va newsyslog_enable
4286 these are the flags to pass to the
4291 which causes log files flagged with a
4294 .It Va mdconfig_md Ns Aq Ar X
4304 must be specified and either a
4306 for malloc or swap backed
4314 .Va mdconfig_md Ns Aq Ar X
4315 variables are evaluated until one variable is unset or null.
4316 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4318 Optional arguments passed to
4324 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4326 An ownership specification passed to
4335 device and the mount point will be changed.
4336 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4338 A mode string passed to
4347 device and the mount point will be changed.
4348 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4350 Files to be copied to the mount point of the
4354 after it has been mounted.
4355 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4357 Command to execute after the specified
4362 Note that the command is passed to
4368 variables can be used to reference respectively the
4370 device and the mount point.
4375 one could set the following:
4377 mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4379 .It Va autobridge_interfaces
4381 Set to the list of bridge interfaces that will have newly arriving interfaces
4382 checked against to be automatically added.
4385 then for each whitespace separated
4388 .Va autobridge_ Ns Aq Ar element
4389 variable is assumed to exist which has a whitespace separated list of interface
4390 names to match, these names can use wildcards.
4393 autobridge_interfaces="bridge0"
4394 autobridge_bridge0="tap* dc0 vlan[345]"
4400 enable support for sound mixer.
4401 .It Va hcsecd_enable
4405 enable Bluetooth security daemon.
4406 .It Va hcsecd_config
4408 Configuration file for
4411 .Pa /etc/bluetooth/hcsecd.conf .
4416 enable Bluetooth Service Discovery Protocol daemon.
4424 .It Va sdpd_groupname
4428 group to run as after it initializes.
4431 .It Va sdpd_username
4435 user to run as after it initializes.
4438 .It Va bthidd_enable
4442 enable Bluetooth Human Interface Device daemon.
4443 .It Va bthidd_config
4445 Configuration file for
4448 .Pa /etc/bluetooth/bthidd.conf .
4451 Path to a file, where
4453 will store information about known HID devices.
4455 .Pa /var/db/bthidd.hids .
4456 .It Va rfcomm_pppd_server_enable
4460 enable Bluetooth RFCOMM PPP wrapper daemon.
4461 .It Va rfcomm_pppd_server_profile
4463 The name of the profile to use from
4464 .Pa /etc/ppp/ppp.conf .
4465 Multiple profiles can be specified here.
4466 Also used to specify per-profile overrides.
4467 When the profile name contains any of the characters
4469 they are translated to
4471 for the proposes of the override variable names.
4472 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4474 Overrides local address to listen on.
4480 The address can be specified as BD_ADDR or name.
4481 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4483 Overrides local RFCOMM channel to listen on.
4486 will listen on RFCOMM channel 1.
4487 Must set properly if multiple profiles used in the same time.
4488 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4492 if it should register Serial Port service on the specified RFCOMM channel.
4495 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4499 if it should register Dial-Up Networking service on the specified
4503 .It Va ubthidhci_enable
4507 change the USB Bluetooth controller from HID mode to HCI mode.
4508 You also need to specify the location of USB Bluetooth controller with the
4509 .Va ubthidhci_busnum
4513 .It Va ubthidhci_busnum
4514 Bus number where the USB Bluetooth controller is located.
4517 on your system to find this information.
4518 .It Va ubthidhci_addr
4519 Bus address of the USB Bluetooth controller.
4522 on your system to find this information.
4523 .It Va netwait_enable
4527 delays the start of network-reliant services until
4529 is up and ICMP packets to a destination defined in
4532 Link state is examined first, followed by
4534 an IP address to verify network usability.
4535 If no destination can be reached or timeouts are exceeded,
4536 network services are started anyway with no guarantee that
4537 the network is usable.
4538 Use of this variable requires both
4546 This variable contains a space-delimited list of IP addresses to
4548 DNS hostnames should not be used as resolution is not guaranteed
4549 to be functional at this point.
4550 If multiple IP addresses are specified,
4551 each will be tried until one is successful or the list is exhausted.
4552 .It Va netwait_timeout
4554 Indicates the total number of seconds to perform a
4556 against each IP address in
4558 at a rate of one ping per second.
4559 If any of the pings are successful,
4560 full network connectivity is considered reliable.
4565 Defines the name of the network interface on which watch for link.
4567 is used to monitor the interface, looking for
4568 .Dq Li status: no carrier .
4569 Once gone, the link is considered up.
4572 interface if desired.
4573 .It Va netwait_if_timeout
4575 Defines the total number of seconds to wait for link to become usable,
4576 polled at a 1-second interval.
4580 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4581 .It Pa /etc/defaults/rc.conf
4583 .It Pa /etc/rc.conf.local
4612 .Xr newsyslog.conf 5 ,
4682 .An Jordan K. Hubbard .