4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the system installation utility.
45 is not to run commands or perform system startup actions
47 Instead, it is included by the
48 various generic startup scripts in
50 which conditionalize their
51 internal actions according to the settings found there.
55 file is included from the file
56 .Pa /etc/defaults/rc.conf ,
57 which specifies the default settings for all the available options.
58 Options need only be specified in
60 when the system administrator wishes to override these defaults.
62 .Pa /etc/rc.conf.local
63 is used to override settings in
65 for historical reasons.
68 .Pa /etc/rc.conf.local
69 you can also place smaller configuration files for each
74 .Ao Ar dir Ac Ns Pa /rc.conf.d
75 directories specified in
77 which will be included by the
80 For jail configurations you could use the file
81 .Pa /etc/rc.conf.d/jail
82 to store jail specific configuration options.
86 .Pa /usr/local/etc/rc.d
89 .Pa /usr/local/rc.conf.d/jail
91 .Pa /opt/conf/rc.conf.d/jail
94 .Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
96 all of files in the directory will be loaded.
102 .Dq Ar name Ns Li = Ns Ar value
106 The following list provides a name and short description for each
107 variable that can be set in the
110 .Bl -tag -width indent-two
115 enable output of debug messages from rc scripts.
116 This variable can be helpful in diagnosing mistakes when
117 editing or integrating new scripts.
118 Beware that this produces copious output to the terminal and
124 disable informational messages from the rc scripts.
125 Informational messages are displayed when
126 a condition that is not serious enough to warrant a warning or
134 when faststart is used (e.g., at boot time).
135 .It Va early_late_divider
137 The name of the script that should be used as the
138 delimiter between the
142 stages of the boot process.
143 The early stage should contain all the services needed to
144 get the disks (local or remote) mounted so that the late
145 stage can include scripts contained in the directories
148 variable (see below).
149 Thus, the two likely candidates for this value are
151 for the typical system, and
153 if the system needs remote file
154 systems mounted to get access to the
156 directories; for example when
164 is likely to be an appropriate value.
165 Extreme care should be taken when changing this value,
166 and before changing it one should ensure that there are
167 adequate provisions to recover from a failed boot
168 (such as physical contact with the machine,
169 or reliable remote console access).
170 .It Va always_force_depends
174 scripts use the force_depend function to check whether required
175 services are already running, and to start them if necessary.
176 By default during boot time this check is bypassed if the
177 required service is enabled in
178 .Pa /etc/rc.conf[.local] .
179 Setting this option will bypass that check at boot time and
180 always test whether or not the service is actually running.
181 Enabling this option is likely to increase your boot time if
182 services are enabled that utilize the force_depend check.
183 .It Ao Ar name Ac Ns Va _chroot
186 to this directory before running the service.
187 .It Ao Ar name Ac Ns Va _user
189 Run the service under this user account.
190 .It Ao Ar name Ac Ns Va _group
192 Run the chrooted service under this system group.
194 setting, this setting has no effect if the service is not chrooted.
195 .It Ao Ar name Ac Ns Va _fib
199 value to run the service under.
200 .It Ao Ar name Ac Ns Va _nice
204 value to run the service under.
209 enable support for Automatic Power Management with
217 to handle APM event from userland.
218 This also enables support for APM.
225 these are the flags to pass to the
232 to handle device added, removed or unknown events from the kernel.
239 scripts at boot time.
242 Configuration file for
248 A list of kernel modules to load right after the local
250 Loading modules at this point in the boot process is
251 much faster than doing it via
252 .Pa /boot/loader.conf
253 for those modules not necessary for mounting local disk.
254 .It Va kldxref_enable
261 to automatically rebuild
266 .It Va kldxref_clobber
276 will overwrite existing
283 .It Va kldxref_module_path
288 delimited list of paths containing
300 enable the system power control facility with the
309 these are the flags to pass to the
313 Controls the creation of a
316 Always happens if set to
318 and never happens if set to
320 If set to anything else, a memory file system is created if
324 Controls the size of a created
328 Extra options passed to the
330 utility when the memory file system for
335 which inhibits the use of softupdates on
337 so that file system space is freed without delay
338 after file truncation or deletion.
341 for other options you can use in
344 Controls the creation of a
347 Always happens if set to
349 and never happens if set to
351 If set to anything else, a memory file system is created if
355 Controls the size of a created
359 Extra options passed to the
361 utility when the memory file system for
366 which inhibits the use of softupdates on
368 so that file system space is freed without delay
369 after file truncation or deletion.
372 for other options you can use in
375 Controls the automatic population of the
378 Always happens if set to
380 and never happens if set to
382 If set to anything else, a memory file system is created if
385 Note that this process requires access to certain commands in
389 is mounted on normal systems.
390 .It Va cleanvar_enable
397 List of directories to search for startup script files.
398 .It Va script_name_sep
400 The field separator to use for breaking down the list of startup script files
401 into individual filenames.
402 The default is a space.
403 It is not necessary to change this unless there are startup scripts with names
405 .It Va hostapd_enable
414 The fully qualified domain name (FQDN) of this host on the network.
415 This should almost certainly be set to something meaningful, even if
416 there is no network connection.
419 is used to set the hostname via DHCP,
420 this variable should be set to an empty string.
421 If this value remains unset when the system is done booting
422 your console login will display the default hostname of
426 The NIS domain name of this host, or
429 .It Va dhclient_program
431 Path to the DHCP client program
432 .Pa ( /sbin/dhclient ,
437 .It Va dhclient_flags
439 Additional flags to pass to the DHCP client program.
444 manpage for a description of the command line options available.
445 .It Va dhclient_flags_ Ns Aq Ar iface
446 Additional flags to pass to the DHCP client program running on
449 When specified, this variable overrides
451 .It Va background_dhclient
455 to start the DHCP client in background.
456 This can cause trouble with applications depending on
457 a working network, but it will provide a faster startup
459 .It Va background_dhclient_ Ns Aq Ar iface
460 When specified, this variable overrides the
461 .Va background_dhclient
462 variable for interface
465 .It Va synchronous_dhclient
471 synchronously at startup.
472 This behavior can be overridden on a per-interface basis by replacing
476 .Va ifconfig_ Ns Aq Ar interface
481 .It Va defaultroute_delay
483 When set to a positive value, wait up to this long after configuring
484 DHCP interfaces at startup to give the interfaces time to receive a lease.
485 .It Va firewall_enable
489 to load firewall rules at startup.
490 If the kernel was not built with
491 .Cd "options IPFIREWALL" ,
494 kernel module will be loaded.
496 .Va ipfilter_enable .
497 .It Va firewall_script
499 This variable specifies the full path to the firewall script to run.
501 .Pa /etc/rc.firewall .
504 Names the firewall type from the selection in
505 .Pa /etc/rc.firewall ,
506 or the file which contains the local firewall ruleset.
507 Valid selections from
511 .Bl -tag -width ".Li simple" -compact
513 unrestricted IP access
515 all IP services disabled, except via
518 basic protection for a workstation
520 basic protection for a LAN.
523 If a filename is specified, the full path
525 .It Va firewall_quiet
529 to disable the display of firewall rules on the console during boot.
530 .It Va firewall_logging
534 to enable firewall event logging.
535 This is equivalent to the
536 .Dv IPFIREWALL_VERBOSE
538 .It Va firewall_logif
542 to create pseudo interface
545 For more details, see
548 .It Va firewall_flags
554 specifies a filename.
555 .It Va firewall_coscripts
557 List of executables and/or rc scripts to run after firewall starts/stops.
559 .\" ----- firewall_nat_enable setting --------------------------------
560 .It Va firewall_nat_enable
572 .It Va firewall_nat_interface
578 This is the name of the public interface or IP address on which
579 kernel NAT should run.
580 .It Va firewall_nat_flags
582 Additional configuration parameters for kernel NAT should be placed here.
583 .It Va dummynet_enable
587 will automatically load the
593 .\" -------------------------------------------------------------------
594 .It Va ipfw_netflow_enable
598 will enable netflow logging via
601 By default a ipfw rule is inserted and all packets are duplicated with
602 the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
603 port using protocol version 5.
604 .It Va ipfw_netflow_hook
606 netflow hook name, must be numerical
609 .It Va ipfw_netflow_rule
614 .It Va ipfw_netflow_ip
616 Destination server ip for receiving netflow data
619 .It Va ipfw_netflow_port
621 Destination server port for receiving netflow data
624 .It Va ipfw_netflow_version
626 Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
627 .It Va ipfw_netflow_fib
629 Only match packet in FIB
631 (default is undefined meaning all FIBs).
647 sockets must be enabled in the kernel.
648 If the kernel was not built with
649 .Cd "options IPDIVERT" ,
652 kernel module will be loaded.
653 .It Va natd_interface
655 This is the name of the public interface on which
658 The interface may be given as an interface name or as an IP address.
663 flags should be placed here.
668 flag is automatically added with the above
671 .\" ----- ipfilter_enable setting --------------------------------
672 .It Va ipfilter_enable
683 Typical usage will require putting
685 ipfilter_enable="YES"
703 can be enabled independently.
707 both require at least one of
717 options IPFILTER_DEFAULT_BLOCK
720 in the kernel configuration file is a good idea, too.
721 .\" ----- ipfilter_program setting ------------------------------
722 .It Va ipfilter_program
728 .\" ----- ipfilter_rules setting --------------------------------
729 .It Va ipfilter_rules
734 This variable contains the name of the filter rule definition file.
735 The file is expected to be readable for the
738 .\" ----- ipv6_ipfilter_rules setting ---------------------------
739 .It Va ipv6_ipfilter_rules
744 This variable contains the IPv6 filter rule definition file.
745 The file is expected to be readable for the
748 .\" ----- ipfilter_flags setting --------------------------------
749 .It Va ipfilter_flags
752 This variable contains flags passed to the
755 .\" ----- ipnat_enable setting ----------------------------------
765 network address translation.
768 for a detailed discussion.
769 .\" ----- ipnat_program setting ---------------------------------
776 .\" ----- ipnat_rules setting -----------------------------------
782 This variable contains the name of the file
783 holding the network address translation definition.
784 This file is expected to be readable for the
787 .\" ----- ipnat_flags setting -----------------------------------
791 This variable contains flags passed to the
794 .\" ----- ipmon_enable setting ----------------------------------
809 Setting this variable needs setting
816 for a detailed discussion.
817 .\" ----- ipmon_program setting ---------------------------------
824 .\" ----- ipmon_flags setting -----------------------------------
830 This variable contains flags passed to the
833 Another typical example would be
834 .Dq Fl D Pa /var/log/ipflog
837 log directly to a file bypassing
840 .Pa /etc/newsyslog.conf
841 in such case like this:
843 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
845 .\" ----- ipfs_enable setting -----------------------------------
855 saving the filter and NAT state tables during shutdown
856 and reloading them during startup again.
857 Setting this variable needs setting
866 for a detailed discussion.
872 because the raised securelevel will prevent
874 from saving the state tables at shutdown time.
875 .\" ----- ipfs_program setting ----------------------------------
882 .\" ----- ipfs_flags setting ------------------------------------
886 This variable contains flags passed to the
889 .\" ----- end of added ipf hook ---------------------------------
901 Typical usage will require putting
916 into the kernel, otherwise the
917 kernel module will be loaded.
922 ruleset configuration file
937 these flags are passed to the
939 program when loading the ruleset.
949 which logs packets from the
962 .Pa /var/log/pflog ) .
964 .Pa /etc/newsyslog.conf
965 to adjust logfile rotation for this.
975 This variable contains additional flags passed to the
978 .It Va pflog_instances
980 If logging to more than one
982 interface is desired,
984 is set to the list of
986 instances that should be started at system boot time.
989 is set, for each whitespace-seperated
992 .Ao Ar element Ac Ns Va _dev
994 .Ao Ar element Ac Ns Va _logfile
995 elements are assumed to exist.
996 .Ao Ar element Ac Ns Va _dev
999 interface to be watched by the named
1002 .Ao Ar element Ac Ns Va _logfile
1003 must contain the name of the logfile that will be used by the
1006 .It Va ftpproxy_enable
1017 packet filter in translating ftp connections.
1018 .It Va ftpproxy_flags
1021 This variable contains additional flags passed to the
1024 .It Va ftpproxy_instances
1027 If multiple instances of
1029 are desired at boot time,
1030 .Va ftpproxy_instances
1031 should contain a whitespace-seperated list of instance names.
1034 in the list, a variable named
1035 .Ao Ar element Ac Ns Va _flags
1036 should be defined, containing the command-line flags to be passed to the
1039 .It Va pfsync_enable
1048 state changes to other hosts over the network by means of
1053 must also be set then.
1054 .It Va pfsync_syncdev
1057 This variable specifies the name of the network interface
1059 should operate through.
1060 It must be set accordingly if
1064 .It Va pfsync_syncpeer
1067 This variable is optional.
1068 By default, state change messages are sent out on the synchronisation
1069 interface using IP multicast packets.
1070 The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1072 When a peer address is specified using the
1074 option, the peer address is used as a destination for the pfsync
1075 traffic, and the traffic can then be protected using
1079 manpage for more details about using
1084 .It Va pfsync_ifconfig
1087 This variable can contain additional options to be passed to the
1089 command used to set up
1091 .It Va tcp_extensions
1098 disables certain TCP options as described by
1104 might help remedy such problems with connections as randomly hanging
1105 or other weird behavior.
1106 Some network devices are known
1107 to be broken with respect to these options.
1110 Set to 0 by default.
1114 .Va net.inet.tcp.log_in_vain
1116 .Va net.inet.udp.log_in_vain ,
1121 are set to the given value.
1122 .It Va tcp_keepalive
1129 will disable probing idle TCP connections to verify that the
1130 peer is still up and reachable.
1131 .It Va tcp_drop_synfin
1138 will cause the kernel to ignore TCP frames that have both
1139 the SYN and FIN flags set.
1140 This prevents OS fingerprinting, but may
1141 break some legitimate applications.
1142 .It Va icmp_drop_redirect
1149 will cause the kernel to ignore ICMP REDIRECT packets.
1152 for more information.
1153 .It Va icmp_log_redirect
1160 will cause the kernel to log ICMP REDIRECT packets.
1162 the log messages are not rate-limited, so this option should only be used
1163 for troubleshooting networks.
1166 for more information.
1167 .It Va icmp_bmcastecho
1171 to respond to broadcast or multicast ICMP ping packets.
1174 for more information.
1175 .It Va ip_portrange_first
1179 this is the first port in the default portrange.
1182 for more information.
1183 .It Va ip_portrange_last
1187 this is the last port in the default portrange.
1190 for more information.
1191 .It Va network_interfaces
1193 Set to the list of network interfaces to configure on this host or
1195 (the default) for all current interfaces.
1197 .Va network_interfaces
1198 variable to anything other than the default is deprecated.
1199 Interfaces that the administrator wishes to store configuration for,
1200 but not start at boot should be configured with the
1203 .Va ifconfig_ Ns Aq Ar interface
1204 variables as described below.
1207 .Va ifconfig_ Ns Aq Ar interface
1208 variable is also assumed to exist for each value of
1210 When an interface name contains any of the characters
1212 they are translated to
1215 The variable can contain arguments to
1217 as well as special case-insensitive keywords described below.
1218 Such keywords are removed before passing the value to
1220 while the order of the other arguments is preserved.
1222 It is possible to add IP alias entries using
1224 syntax with the address family keyword such as
1226 Assuming that the interface in question was
1228 it might look something like this:
1230 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1231 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1234 It also possible to configure multiple IP addresses in Classless
1235 Inter-Domain Routing
1238 whose each address component can be a range like
1239 .Li inet 192.0.2.5-23/24
1241 .Li inet6 2001:db8:1-f::1/64 .
1242 This notation allows address and prefix length part only,
1243 not the other address modifiers.
1244 Note that the maximum number of the generated addresses from a range
1245 specification is limited to an integer value specified in
1246 .Va netif_ipexpand_max
1249 because a small typo can unexpectedly generate a large number of addresses.
1250 The default value is
1252 It can be increased by adding the following line into
1255 netif_ipexpand_max="4096"
1259 .Li 192.0.2.5-23/24 ,
1260 the address 192.0.2.5 will be configured with the
1261 netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1262 the non-conflicting netmask /32 as explained in the
1265 Note that this special netmask handling is only for
1267 not for the other address families such as
1270 With the interface in question being
1272 an example could look like:
1274 ifconfig_ed0_alias2="inet 192.0.2.129/27"
1275 ifconfig_ed0_alias3="inet 192.0.2.1-5/28"
1281 .Va ipv4_addrs_ Ns Aq Ar interface
1282 variable was supported for IPv4 CIDR address notation.
1283 It is now deprecated because the functionality was integrated into
1284 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1286 .Va ipv4_addrs_ Ns Aq Ar interface
1287 is still supported for backward compatibility.
1290 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1291 entry with an address family keyword,
1292 its contents are passed to
1294 Execution stops at the first unsuccessful access, so if
1295 something like this is present:
1297 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1298 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1299 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1300 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1303 Then note that alias4 would
1305 be added since the search would
1306 stop with the missing
1309 Because of this difficult to manage behavior,
1311 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1312 variable, which has the same functionality as
1313 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1314 and can have all of entries in a variable like the following:
1316 ifconfig_ed0_aliases="\\
1317 inet 127.0.0.251 netmask 0xffffffff \\
1318 inet 127.0.0.252 netmask 0xffffffff \\
1319 inet 127.0.0.253 netmask 0xffffffff \\
1320 inet 127.0.0.254 netmask 0xffffffff"
1323 It also supports CIDR notation.
1326 .Pa /etc/start_if. Ns Aq Ar interface
1327 file is present, it is read and executed by the
1330 before configuring the interface as specified in the
1331 .Va ifconfig_ Ns Aq Ar interface
1333 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1337 .Va vlans_ Ns Aq Ar interface
1341 interface will be created for each item in the list with the
1345 If a vlan interface's name is a number,
1346 then that number is used as the vlan tag and the new vlan interface is
1348 .Ar interface . Ns Ar tag .
1350 the vlan tag must be specified via a
1353 .Va create_args_ Ns Aq Ar interface
1356 To create a vlan device named
1360 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1363 ifconfig_em0_101="inet 192.0.2.1/24"
1366 To create a vlan device named
1370 with the vlan tag 102:
1373 create_args_myvlan="vlan 102"
1377 .Va wlans_ Ns Aq Ar interface
1381 interface will be created for each item in the list with the
1385 Further wlan cloning arguments may be passed to the
1388 command by setting the
1389 .Va create_args_ Ns Aq Ar interface
1393 devices must be created for each wireless devices as of
1399 may be specified with an
1400 .Va wlandebug_ Ns Aq Ar interface
1402 The contents of this variable will be passed directly to
1406 .Va ifconfig_ Ns Aq Ar interface
1407 contains the keyword
1409 then the interface will not be configured
1411 .Pa /etc/pccard_ether
1413 .Va network_interfaces
1417 It is possible to bring up an interface with DHCP by adding
1420 .Va ifconfig_ Ns Aq Ar interface
1422 For instance, to initialize the
1425 it is possible to use something like:
1430 If you want to configure your wireless interface with
1431 .Xr wpa_supplicant 8
1432 for use with WPA, EAP/LEAP or WEP, you need to add
1435 .Va ifconfig_ Ns Aq Ar interface
1438 On the other hand, if you want to configure your wireless interface with
1443 .Va ifconfig_ Ns Aq Ar interface
1446 will use the settings from
1447 .Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1449 Finally, you can add
1451 options in this variable, in addition to the
1452 .Pa /etc/start_if. Ns Aq Ar interface
1454 For instance, to configure an
1456 wireless device in station mode with an address obtained
1457 via DHCP, using WPA authentication and 802.11b mode, it is
1458 possible to use something like:
1461 ifconfig_wlan0="DHCP WPA mode 11b"
1465 .Va ifconfig_ Ns Aq Ar interface
1466 form, a fallback variable
1467 .Va ifconfig_DEFAULT
1469 It will be used for all interfaces with no
1470 .Va ifconfig_ Ns Aq Ar interface
1472 This is intended to replace the no longer supported
1476 It is also possible to rename an interface by doing:
1478 ifconfig_ed0_name="net0"
1479 ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1483 This variable is deprecated.
1485 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1487 .Va ipv6_activate_all_interfaces
1492 .Dq Li inet6 accept_rtadv
1494 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1496 .Va ipv6_activate_all_interfaces
1501 This variable is deprecated.
1503 .Va ip6addrctl_policy
1508 the default address selection policy table set by
1510 will be IPv6-preferred.
1514 the default address selection policy table set by
1516 will be IPv4-preferred.
1517 .It Va ipv6_activate_all_interfaces
1519 This controls initial configuration on IPv6-capable
1520 interfaces with no corresponding
1521 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1523 Note that it is not always necessary to set this variable to
1525 to use IPv6 functionality on
1527 In most cases, just configuring
1528 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1533 all interfaces which do not have a corresponding
1534 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1535 variable will be marked as
1538 This means that all of IPv6 functionality on that interface
1539 is completely disabled to enforce a security policy.
1540 If the variable is set to
1542 the flag will be cleared on all of the interfaces.
1544 In most cases, just defining an
1545 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1546 for an IPv6-capable interface should be sufficient.
1547 However, if an interface is added dynamically
1548 .Pq by some tunneling protocols such as PPP, for example ,
1549 it is often difficult to define the variable in advance.
1550 In such a case, configuring the
1552 flag can be disabled by setting this variable to
1555 For more details of the
1558 .Dq Li inet6 ifdisabled ,
1568 privacy addresses will be generated for each IPv6
1569 interface as described in RFC 4941.
1570 .It Va ipv6_network_interfaces
1572 This is the IPv6 equivalent of
1573 .Va network_interfaces .
1574 Normally manual configuration of this variable is not needed.
1575 .It Va ipv6_cpe_wanif
1577 If the variable is set to an interface name,
1581 .Dq inet6 -no_radr accept_rtadv
1582 will be added to the specified interface automatically before evaluating
1583 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1587 .Va net.inet6.ip6.rfc6204w3
1589 .Va net.inet6.ip6.no_radr
1592 This means the specified interface will accept ICMPv6 Router
1593 Advertisement messages on that link and add the discovered
1594 routers into the Default Router List.
1595 While the other interfaces can still accept RA messages if the
1596 .Dq inet6 accept_rtadv
1597 option is specified, adding
1598 routes into the Default Router List will be disabled by
1605 Note that ICMPv6 Router Advertisement messages will be
1607 .Va net.inet6.ip6.forwarding
1609 .Pq packet forwarding is enabled
1611 .Va net.inet6.ip6.rfc6204w3
1616 .It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1618 IPv6 functionality on an interface should be configured by
1619 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1620 instead of setting ifconfig parameters in
1621 .Va ifconfig_ Ns Aq Ar interface .
1622 If this variable is empty, all of IPv6 configurations on the
1623 specified interface by other variables such as
1624 .Va ipv6_prefix_ Ns Ao Ar interface Ac
1627 Aliases should be set by
1628 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1634 ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1635 ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1638 Interfaces that have an
1639 .Dq Li inet6 accept_rtadv
1641 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1642 setting will be automatically configured by SLAAC
1643 .Pq StateLess Address AutoConfiguration
1649 Note that a link-local address will be automatically configured in
1650 addition to the configured global-scope addresses because the IPv6
1651 specifications require it on each link.
1652 The address is calculated from the MAC address by using an algorithm
1659 If only a link-local address is needed on the interface,
1660 the following configuration can be used:
1662 ifconfig_ed0_ipv6="inet6 auto_linklocal"
1665 A link-local address can also be configured manually.
1666 This is useful for the default router address of an IPv6 router
1667 so that it does not change when the network interface
1671 ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64"
1673 .It Va ipv6_prefix_ Ns Aq Ar interface
1675 If one or more prefixes are defined in
1676 .Va ipv6_prefix_ Ns Aq Ar interface
1677 addresses based on each prefix and the EUI-64 interface index will be
1678 configured on that interface.
1679 Note that this variable will be ignored when
1680 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1683 For example, the following configuration
1685 ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0"
1688 is equivalent to the following:
1690 ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1691 ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1692 ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1693 ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1696 These Subnet-Router anycast addresses will be added only when
1697 .Va ipv6_gateway_enable
1699 .It Va ipv6_default_interface
1703 this is the default output interface for scoped addresses.
1704 This works only with ipv6_gateway_enable="NO".
1705 .It Va ip6addrctl_enable
1707 This variable is to enable configuring default address selection policy table
1709 The table can be specified in another variable
1710 .Va ip6addrctl_policy .
1712 .Va ip6addrctl_policy
1713 the following keywords can be specified:
1714 .Dq Li ipv4_prefer ,
1715 .Dq Li ipv6_prefer ,
1725 installs a pre-defined policy table described in Section 2.1
1733 is specified, it attempts to read a file
1734 .Pa /etc/ip6addrctl.conf
1736 If this file is found,
1738 reads and installs it.
1739 If not found, a policy is automatically set
1741 .Va ipv6_activate_all_interfaces
1742 variable; if the variable is set to
1744 the IPv6-preferred one is used.
1745 Otherwise IPv4-preferred.
1747 The default value of
1748 .Va ip6addrctl_enable
1750 .Va ip6addrctl_policy
1756 .It Va cloned_interfaces
1758 Set to the list of clonable network interfaces to create on this host.
1759 Further cloning arguments may be passed to the
1762 command for each interface by setting the
1763 .Va create_args_ Ns Aq Ar interface
1765 If an interface name is specified with
1768 the interface will not be destroyed even when
1770 script is invoked with
1773 This is useful when reconfiguring the interface without destroying it.
1775 .Va cloned_interfaces
1776 are automatically appended to
1777 .Va network_interfaces
1779 .It Va cloned_interfaces_sticky
1781 This variable is to globally enable functionality of
1784 .Va cloned_interfaces
1786 The default value is
1788 Even if this variable is specified to
1791 keyword can be used to override it on per interface basis.
1792 .It Va gif_interfaces
1794 This variable is deprecated in favor of
1795 .Va cloned_interfaces .
1798 tunnel interfaces to configure on this host.
1800 .Va gifconfig_ Ns Aq Ar interface
1801 variable is assumed to exist for each value of
1803 The value of this variable is used to configure the link layer of the
1804 tunnel according to the syntax of the
1808 Additionally, this option ensures that each listed interface is created
1813 before attempting to configure it.
1814 .It Va sppp_interfaces
1818 interfaces to configure on this host.
1820 .Va spppconfig_ Ns Aq Ar interface
1821 variable is assumed to exist for each value of
1823 Each interface should also be configured by a general
1824 .Va ifconfig_ Ns Aq Ar interface
1828 for more information about available options.
1838 The name of the profile to use from
1839 .Pa /etc/ppp/ppp.conf .
1840 Also used for per-profile overrides of
1845 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1846 When the profile name contains any of the characters
1848 they are translated to
1850 for the proposes of the override variable names.
1853 Mode in which to run the
1856 .It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1858 Overrides the global
1868 See the manual for a full description.
1873 enables network address translation.
1874 Used in conjunction with
1876 allows hosts on private network addresses access to the Internet using
1877 this host as a network address translating router.
1878 .It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1880 Overrides the global
1884 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1886 Set the unit number to be used for this profile.
1887 See the manual description of
1892 The name of the user under which
1900 .It Va rc_conf_files
1902 This option is used to specify a list of files that will override
1904 .Pa /etc/defaults/rc.conf .
1905 The files will be read in the order in which they are specified and should
1906 include the full path to the file.
1907 By default, the files specified are
1910 .Pa /etc/rc.conf.local
1916 will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1918 .It Va gptboot_enable
1922 .Pa /etc/rc.d/gptboot
1923 will log if the system successfully (or not) booted from a GPT partition,
1929 .It Va gbde_autoattach_all
1934 will attempt to automatically initialize your .bde devices in
1938 List the devices that the script should try to attach,
1943 The directory where the
1945 lockfiles are located.
1946 The default lockfile directory is
1949 The lockfile for each individual
1951 device can be overridden by setting the variable
1952 .Va gbde_lock_ Ns Aq Ar device ,
1955 is the encrypted device without the
1960 .It Va gbde_attach_attempts
1962 Number of times to attempt attaching to a
1964 device, i.e., how many times the user is asked for the pass-phrase.
1968 List of devices to automatically attach on boot.
1969 Note that .eli devices from
1971 are automatically appended to this list.
1974 Number of times user is asked for the pass-phrase.
1975 If empty, it will be taken from
1976 .Va kern.geom.eli.tries
1978 .It Va geli_default_flags
1980 Default flags to use by
1982 when configuring disk encryption.
1983 Flags can be configured for every device separately by defining
1984 .Va geli_ Ns Ao Ar device Ac Ns Va _flags
1986 .It Va geli_autodetach
1988 Specifies if GELI devices should be marked for detach on last close after
1989 file systems are mounted.
1992 This can be changed for every device separately by defining
1993 .Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1995 .It Va root_rw_mount
2000 After the file systems are checked at boot time, the root file system
2001 is remounted as read-write if this is set to
2003 Diskless systems that mount their root file system from a read-only remote
2004 NFS share should set this to
2008 .It Va fsck_y_enable
2013 will be run with the
2015 flag if the initial preen
2016 of the file systems fails.
2017 .It Va background_fsck
2021 the system will attempt to run
2023 in the background where possible.
2024 .It Va background_fsck_delay
2026 The amount of time in seconds to sleep before starting a background
2028 It defaults to sixty seconds to allow large applications such as
2029 the X server to start before disk I/O bandwidth is monopolized by
2031 If set to a negative number, the background file system check will be
2032 delayed indefinitely to allow the administrator to run it at a more
2034 For example it may be run from
2036 by adding a line like
2038 .Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
2044 List of file system types that are network-based.
2045 This list should generally not be modified by end users.
2047 .Va extra_netfs_types
2049 .It Va extra_netfs_types
2051 If set to something other than
2054 this variable extends the list of file system types
2055 for which automatic mounting at startup by
2057 should be delayed until the network is initialized.
2059 a whitespace-separated list of network file system descriptor pairs,
2060 each consisting of a file system type as passed to
2062 and a human-readable, one-word description,
2065 Extending the default list in this way is only necessary
2066 when third party file system types are used.
2067 .It Va syslogd_enable
2074 .It Va syslogd_program
2079 .Pa /usr/sbin/syslogd ) .
2080 .It Va syslogd_flags
2086 these are the flags to pass to
2095 .It Va inetd_program
2100 .Pa /usr/sbin/inetd ) .
2107 these are the flags to pass to
2116 .It Va hastd_program
2128 these are the flags to pass to
2130 .It Va local_unbound_enable
2136 daemon as a local caching resolver.
2141 to start a Kerberos 5 authentication server
2149 this is the path to Kerberos 5 Authentication Server.
2153 This variable contains additional flags to be passed to the Kerberos 5
2154 authentication server.
2155 .It Va kadmind_enable
2161 the Kerberos 5 Administration Daemon; set to
2164 .It Va kadmind_program
2170 this is the path to Kerberos 5 Administration Daemon.
2171 .It Va kpasswdd_enable
2177 the Kerberos 5 Password-Changing Daemon; set to
2180 .It Va kpasswdd_program
2186 this is the path to Kerberos 5 Password-Changing Daemon.
2193 the Kerberos 5 ticket forwarding daemon, at the boot time.
2199 .Pa /usr/libexec/kfd ) .
2206 daemon at boot time.
2213 these are the flags to pass to it.
2220 daemon at boot time.
2227 these are the flags to pass to it.
2230 manpage for more information.
2231 .It Va amd_map_program
2234 the specified program is run to get the list of
2239 maps are stored in NIS, one can set this to
2252 will be updated at boot time to reflect the kernel release
2257 will not be updated.
2258 .It Va nfs_client_enable
2262 run the NFS client daemons at boot time.
2263 .It Va nfs_access_cache
2266 .Va nfs_client_enable
2271 to disable NFS ACCESS RPC caching, or to the number of seconds for which
2273 results should be cached.
2274 A value of 2-10 seconds will substantially reduce network
2275 traffic for many NFS operations.
2276 .It Va nfs_server_enable
2280 run the NFS server daemons at boot time.
2281 .It Va nfs_server_flags
2284 .Va nfs_server_enable
2287 these are the flags to pass to the
2290 .It Va nfsv4_server_enable
2293 .Va nfs_server_enable
2297 .Va nfsv4_server_enable
2300 enable the server for NFSv4 as well as NFSv2 and NFSv3.
2301 .It Va nfsuserd_enable
2307 run the nfsuserd daemon, which is needed for NFSv4 in order
2308 to map between user/group names vs uid/gid numbers.
2310 .Va nfsv4_server_enable
2313 this will be forced enabled.
2314 .It Va nfsuserd_flags
2320 these are the flags to pass to the
2323 .It Va nfscbd_enable
2329 run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2336 these are the flags to pass to the
2339 .It Va mountd_enable
2344 .Va nfs_server_enable
2350 It is commonly needed to run CFS without real NFS used.
2357 these are the flags to pass to the
2360 .It Va weak_mountd_authentication
2364 allow services like PCNFSD to make non-privileged mount
2366 .It Va nfs_reserved_port_only
2370 provide NFS services only on a secure port.
2371 .It Va nfs_bufpackets
2373 If set to a number, indicates the number of packets worth of
2374 socket buffer space to reserve on an NFS client.
2375 The kernel default is typically 4.
2376 Using a higher number may be
2377 useful on gigabit networks to improve performance.
2378 The minimum value is
2379 2 and the maximum is 64.
2380 .It Va rpc_lockd_enable
2384 and also an NFS server or client, run
2387 .It Va rpc_lockd_flags
2390 .Va rpc_lockd_enable
2393 these are the flags to pass to the
2396 .It Va rpc_statd_enable
2400 and also an NFS server or client, run
2403 .It Va rpc_statd_flags
2406 .Va rpc_statd_enable
2409 these are the flags to pass to the
2412 .It Va rpcbind_program
2417 .Pa /usr/sbin/rpcbind ) .
2418 .It Va rpcbind_enable
2424 service at boot time.
2425 .It Va rpcbind_flags
2431 these are the flags to pass to the
2434 .It Va keyserv_enable
2440 daemon on boot for running Secure RPC.
2441 .It Va keyserv_flags
2447 these are the flags to pass to
2450 .It Va pppoed_enable
2456 daemon at boot time to provide PPP over Ethernet services.
2457 .It Va pppoed_ Ns Aq Ar provider
2460 listens to requests to this
2466 argument of the same name.
2469 Additional flags to pass to
2471 .It Va pppoed_interface
2473 The network interface to run
2476 This is mandatory when
2486 service at boot time.
2487 This command is intended for networks of
2488 machines where a consistent
2490 for all hosts must be established.
2491 This is often useful in large NFS
2492 environments where time stamps on files are expected to be consistent
2500 these are the flags to pass to the
2503 .It Va ntpdate_enable
2510 This command is intended to
2511 synchronize the system clock only
2513 from some standard reference.
2514 .It Va ntpdate_config
2516 Configuration file for
2520 .It Va ntpdate_hosts
2522 A whitespace-separated list of NTP servers to synchronize with at startup.
2523 The default is to use the servers listed in
2524 .Va ntpdate_config ,
2525 if that file exists.
2526 .It Va ntpdate_program
2531 .Pa /usr/sbin/ntpdate ) .
2532 .It Va ntpdate_flags
2538 these are the flags to pass to the
2540 command (typically a hostname).
2547 command at boot time.
2553 .Pa /usr/sbin/ntpd ) .
2567 these are the flags to pass to the
2570 .It Va ntpd_sync_on_start
2577 flag, which syncs the system's clock on startup.
2580 for more information regarding the
2583 This is a preferred alternative to using
2588 .It Va nis_client_enable
2594 service at system boot time.
2595 .It Va nis_client_flags
2598 .Va nis_client_enable
2601 these are the flags to pass to the
2604 .It Va nis_ypldap_enable
2610 daemon at system boot time.
2611 .It Va nis_ypldap_flags
2614 .Va nis.ypldap_enable
2617 these are the flags to pass to the
2620 .It Va nis_ypset_enable
2626 daemon at system boot time.
2627 .It Va nis_ypset_flags
2630 .Va nis_ypset_enable
2633 these are the flags to pass to the
2636 .It Va nis_server_enable
2642 daemon at system boot time.
2643 .It Va nis_server_flags
2646 .Va nis_server_enable
2649 these are the flags to pass to the
2652 .It Va nis_ypxfrd_enable
2658 daemon at system boot time.
2659 .It Va nis_ypxfrd_flags
2662 .Va nis_ypxfrd_enable
2665 these are the flags to pass to the
2668 .It Va nis_yppasswdd_enable
2674 daemon at system boot time.
2675 .It Va nis_yppasswdd_flags
2678 .Va nis_yppasswdd_enable
2681 these are the flags to pass to the
2684 .It Va rpc_ypupdated_enable
2690 daemon at system boot time.
2691 .It Va bsnmpd_enable
2697 daemon at system boot time.
2698 Be sure to understand the security implications of running SNMP daemon
2706 these are the flags to pass to the
2709 .It Va defaultrouter
2713 create a default route to this host name or IP address
2714 (use an IP address if this router is also required to get to the
2716 .It Va ipv6_defaultrouter
2718 The IPv6 equivalent of
2720 .It Va static_arp_pairs
2722 Set to the list of static ARP pairs that are to be added at system
2724 For each whitespace separated
2727 .Va static_arp_ Ns Aq Ar element
2728 variable is assumed to exist whose contents will later be passed to a
2733 static_arp_pairs="gw"
2734 static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2736 .It Va static_ndp_pairs
2738 Set to the list of static NDP pairs that are to be added at system
2740 For each whitespace separated
2743 .Va static_ndp_ Ns Aq Ar element
2744 variable is assumed to exist whose contents will later be passed to a
2749 static_ndp_pairs="gw"
2750 static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2752 .It Va static_routes
2754 Set to the list of static routes that are to be added at system
2758 then for each whitespace separated
2761 .Va route_ Ns Aq Ar element
2762 variable is assumed to exist
2763 whose contents will later be passed to a
2768 static_routes="ext mcast:gif0 gif0local:gif0"
2769 route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2770 route_mcast="-net 224.0.0.0/4 -iface gif0"
2771 route_gif0local="-host 169.254.1.1 -iface lo0"
2778 the route is specific to the interface
2780 .It Va ipv6_static_routes
2782 The IPv6 equivalent of
2786 then for each whitespace separated
2789 .Va ipv6_route_ Ns Aq Ar element
2790 variable is assumed to exist
2791 whose contents will later be passed to a
2792 .Dq Nm route Cm add Fl inet6
2794 .It Va gateway_enable
2798 configure host to act as an IP router, e.g.\& to forward packets
2800 .It Va ipv6_gateway_enable
2802 The IPv6 equivalent of
2803 .Va gateway_enable .
2804 .It Va routed_enable
2808 run a routing daemon of some sort, based on the
2813 .It Va route6d_enable
2815 The IPv6 equivalent of
2819 run a routing daemon of some sort, based on the
2824 .It Va routed_program
2830 this is the name of the routing daemon to use.
2831 .It Va route6d_program
2833 The IPv6 equivalent of
2834 .Va routed_program .
2841 these are the flags to pass to the routing daemon.
2842 .It Va route6d_flags
2844 The IPv6 equivalent of
2846 .It Va rtadvd_enable
2852 daemon at boot time.
2855 utility sends ICMPv6 Router Advertisement messages to
2856 the interfaces specified in
2857 .Va rtadvd_interfaces .
2858 This should only be enabled with great care.
2859 You may want to fine-tune
2861 .It Va rtadvd_interfaces
2867 this is the list of interfaces to use.
2872 enable global proxy ARP.
2873 .It Va forward_sourceroute
2881 source-routed packets are forwarded.
2882 .It Va accept_sourceroute
2886 the system will accept source-routed packets directed at it.
2893 daemon at system boot time.
2900 these are the flags to pass to the
2903 .It Va bootparamd_enable
2909 daemon at system boot time.
2910 .It Va bootparamd_flags
2913 .Va bootparamd_enable
2916 these are the flags to pass to the
2919 .It Va stf_interface_ipv4addr
2923 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2925 Specify this entry to enable the 6to4 interface.
2926 .It Va stf_interface_ipv4plen
2928 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2929 An effective value is 0-31.
2930 .It Va stf_interface_ipv6_ifid
2932 IPv6 interface ID for
2936 .It Va stf_interface_ipv6_slaid
2938 IPv6 Site Level Aggregator for
2940 .It Va ipv6_ipv4mapping
2944 this enables IPv4 mapped IPv6 address communication (like
2945 .Li ::ffff:a.b.c.d ) .
2946 .It Va rtsold_enable
2952 daemon to send ICMPv6 Router Solicitation messages.
2959 these are the flags to pass to
2963 For interfaces configured with the
2964 .Dq Li inet6 accept_rtadv
2965 keyword, these are the flags to pass to
2970 is mutually exclusive to
2976 The keyboard bell sound.
2983 if the default behavior is desired.
2984 For details, refer to the
2989 If set to a non-null string, the virtual console's keyboard input is
2995 no keymap is installed, otherwise the value is used to install
2996 the keymap file found in
2997 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3000 .Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3005 The keyboard repeat speed.
3012 if the default behavior is desired.
3017 attempt to program the function keys with the value.
3019 be a single string of the form:
3020 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3023 Can be set to the value of
3026 .Dq Li destructive ,
3029 to set the cursor behavior explicitly or choose the default behavior.
3034 no screen map is installed, otherwise the value is used to install
3035 the screen map file in
3036 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3037 This parameter is ignored when using
3039 as the console driver.
3044 the default 8x16 font value is used for screen size requests, otherwise
3046 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3048 .Pa /usr/share/vt/fonts/ Ns Aq Ar value
3049 is used (depending on the console driver being used).
3054 the default 8x14 font value is used for screen size requests, otherwise
3056 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3058 .Pa /usr/share/vt/fonts/ Ns Aq Ar value
3059 is used (depending on the console driver being used).
3064 the default 8x8 font value is used for screen size requests, otherwise
3066 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3068 .Pa /usr/share/vt/fonts/ Ns Aq Ar value
3069 is used (depending on the console driver being used).
3074 the default screen blanking interval is used, otherwise it is set
3082 this is the actual screen saver to use
3083 .Li ( blank , snake , daemon ,
3085 .It Va moused_nondefault_enable
3089 the mouse device specified on
3090 the command line is not automatically treated as enabled by the
3091 .Pa /etc/rc.d/moused
3093 Having this variable set to
3099 to be enabled as soon as it is plugged in.
3100 .It Va moused_enable
3106 daemon is started for doing cut/paste selection on the console.
3109 This is the protocol type of the mouse connected to this host.
3110 This variable must be set if
3117 is able to detect the appropriate mouse type automatically in many cases.
3118 Set this variable to
3120 to let the daemon detect it, or
3121 select one from the following list if the automatic detection fails.
3123 If the mouse is attached to the PS/2 mouse port, choose
3127 regardless of the brand and model of the mouse.
3129 mouse is attached to the bus mouse port, choose
3133 All other protocols are for serial mice and will not work with
3134 the PS/2 and bus mice.
3135 If this is a USB mouse,
3137 is the only protocol type which will work.
3139 .Bl -tag -width ".Li x10mouseremote" -compact
3141 Microsoft mouse (serial)
3143 Microsoft IntelliMouse (serial)
3145 Mouse systems Corp.\& mouse (serial)
3147 MM Series mouse (serial)
3149 Logitech mouse (serial)
3153 Logitech MouseMan and TrackMan (serial)
3155 ALPS GlidePoint (serial)
3156 .It Li thinkingmouse
3157 Kensington ThinkingMouse (serial)
3161 MM HitTablet (serial)
3162 .It Li x10mouseremote
3163 X10 MouseRemote (serial)
3165 Interlink VersaPad (serial)
3168 Even if the mouse is not in the above list, it may be compatible
3169 with one in the list.
3170 Refer to the manual page for
3172 for compatibility information.
3174 It should also be noted that while this is enabled, any
3175 other client of the mouse (such as an X server) should access
3176 the mouse through the virtual mouse device,
3178 and configure it as a
3180 type mouse, since all
3181 mouse data is converted to this single canonical format when
3184 If the client program does not support the
3190 It is the second preferred type.
3197 this is the actual port the mouse is on.
3200 for a COM1 serial mouse,
3204 for a bus mouse, for example.
3209 is set, its value is used as an additional set of flags to pass to the
3212 .It Va "moused_" Ns Ar XXX Ns Va "_flags"
3214 .Va moused_nondefault_enable
3217 daemon is started for a non-default port, the
3218 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3219 set of options has precedence over and replaces the default
3223 is the name of the non-default port, i.e.,\&
3226 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3227 it is possible to set up a different set of default flags for each
3230 For example, you can use
3234 to make your laptop's touchpad more comfortable to use,
3235 but an empty set of options for
3236 .Va moused_ums0_flags
3239 mouse has three or more buttons.
3240 .It Va mousechar_start
3244 the default mouse cursor character range
3245 .Li 0xd0 Ns - Ns Li 0xd3
3247 otherwise the range start is set
3252 Use if the default range is occupied in the language code table.
3253 .It Va allscreens_flags
3257 is run with these options for each of the virtual terminals
3261 will enable the mouse pointer on all virtual terminals
3266 .It Va allscreens_kbdflags
3270 is run with these options for each of the virtual terminals
3278 scrollback (history) buffer to 200 lines.
3285 daemon at system boot time.
3291 .Pa /usr/sbin/cron ) .
3298 these are the flags to pass to
3304 enable the special handling of transitions to and from the
3305 Daylight Saving Time in
3307 (equivalent to using the flag
3314 .Pa /usr/sbin/lpd ) .
3321 daemon at system boot time.
3328 these are the flags to pass to the
3331 .It Va chkprintcap_enable
3337 command before starting the
3340 .It Va chkprintcap_flags
3345 .Va chkprintcap_enable
3348 these are the flags to pass to the
3353 which causes missing directories to be created.
3354 .It Va mta_start_script
3356 This variable specifies the full path to the script to run to start
3357 a mail transfer agent.
3359 .Pa /etc/rc.sendmail .
3363 .Pa /etc/rc.sendmail
3364 uses are documented in the
3369 Indicates the device (usually a swap partition) to which a crash dump
3370 should be written in the event of a system crash.
3371 If the value of this variable is
3373 the first suitable swap device listed in
3375 will be used as dump device.
3376 Otherwise, the value of this variable is passed as the argument to
3378 To disable crash dumps, set this variable to
3382 When the system reboots after a crash and a crash dump is found on the
3383 device specified by the
3387 will save that crash dump and a copy of the kernel to the directory
3391 The default value is
3402 Path to a public key.
3405 to encrypt a one-time key for a crash dump.
3406 The public key has to match a private key used by
3408 to decrypt a crash dump after reboot.
3412 .It Va savecore_enable
3416 disable automatic extraction of the crash dump from the
3418 .It Va savecore_flags
3420 If crash dumps are enabled, these are the flags to pass to the
3427 to turn on user and group disk quotas on system startup via the
3429 command for all file systems marked as having quotas enabled in
3431 The kernel must be built with
3433 for disk quotas to function.
3438 to enable user and group disk quota checking via the
3441 .It Va quotacheck_flags
3451 these are the flags to pass to the
3456 which checks quotas for all file systems with quotas enabled in
3458 .It Va quotaon_flags
3464 these are the flags to pass to the
3469 which enables quotas for all file systems with quotas enabled in
3471 .It Va quotaoff_flags
3477 these are the flags to pass to the
3479 utility when shutting down the quota system.
3482 which disables quotas for all file systems with quotas enabled in
3484 .It Va accounting_enable
3488 to enable system accounting through the
3495 to enable iBCS2 (SCO) binary emulation at system initial boot
3497 .It Va ibcs2_loaders
3505 this specifies a list of additional iBCS2 loaders to enable.
3506 .It Va firstboot_sentinel
3508 This variable specifies the full path to a
3511 If a file exists with this path,
3515 keyword will be run on startup and the sentinel file will be deleted
3516 after the boot process completes.
3517 The sentinel file must be located on a writable file system which is
3518 mounted no later than
3519 .Va early_late_divider
3520 to function properly.
3527 to enable Linux/ELF binary emulation at system initial
3529 .It Va sysvipc_enable
3533 load System V IPC primitives at boot time.
3534 .It Va clear_tmp_enable
3545 to disable removing of X11 lock files,
3546 and the removal and (secure) recreation
3547 of the various socket directories for X11
3549 .It Va ldconfig_paths
3551 Set to the list of shared library paths to use with
3555 will always be added first, so it need not appear in this list.
3556 .It Va ldconfig32_paths
3558 Set to the list of 32-bit compatibility shared library paths to
3561 .It Va ldconfig_paths_aout
3563 Set to the list of shared library paths to use with
3568 .It Va ldconfig_insecure
3572 utility normally refuses to use directories
3573 which are writable by anyone except root.
3574 Set this variable to
3576 to disable that security check during system startup.
3577 .It Va ldconfig_local_dirs
3579 Set to the list of local
3582 The names of all files in the directories listed will be
3583 passed as arguments to
3585 .It Va ldconfig_local32_dirs
3587 Set to the list of local 32-bit compatibility
3590 The names of all files in the directories listed will be
3591 passed as arguments to
3592 .Dq Nm ldconfig Fl 32 .
3593 .It Va kern_securelevel_enable
3597 to set the kernel security level at system startup.
3598 .It Va kern_securelevel
3600 The kernel security level to set at startup.
3601 The allowed range of
3603 ranges from \-1 (the compile time default) to 3 (the
3607 for the list of possible security levels and their effect
3608 on system operation.
3611 Path to the SSH server program
3612 .Pa ( /usr/sbin/sshd
3620 at system boot time.
3627 these are the flags to pass to the
3632 Path to the FTP server program
3633 .Pa ( /usr/libexec/ftpd
3641 as a stand-alone daemon at system boot time.
3648 these are the additional flags to pass to the
3651 .It Va watchdogd_enable
3657 daemon at boot time.
3658 This requires that the kernel have been compiled with a
3661 .It Va watchdogd_flags
3664 .Va watchdogd_enable
3667 these are the flags passed to the
3670 .It Va devfs_rulesets
3672 List of files containing sets of rules for
3674 .It Va devfs_system_ruleset
3676 Rule name(s) to apply to the system
3679 .It Va devfs_set_rulesets
3681 Pairs of already-mounted
3683 directories and rulesets that should be applied to them.
3684 For example: /mount/dev=ruleset_name
3685 .It Va devfs_load_rulesets
3687 If set, always load the default rulesets listed in
3688 .Va devfs_rulesets .
3689 .It Va performance_cx_lowest
3691 CPU idle state to use while on AC power.
3696 should use the lowest power state available while
3698 indicates that the lowest latency state (less power savings) should be used.
3699 .It Va performance_cpu_freq
3701 CPU clock frequency to use while on AC power.
3706 should use the lowest frequency available while
3708 indicates that the highest frequency (less power savings) should be used.
3709 .It Va economy_cx_lowest
3711 CPU idle state to use when off AC power.
3716 should use the lowest power state available while
3718 indicates that the lowest latency state (less power savings) should be used.
3719 .It Va economy_cpu_freq
3721 CPU clock frequency to use when off AC power.
3726 should use the lowest frequency available while
3728 indicates that the highest frequency (less power savings) should be used.
3733 any configured jails will not be started.
3736 The configuration filename used by
3739 The default value is
3740 .Pa /etc/jail.conf .
3741 .It Va jail_parallel_start
3745 all configured jails will be started in the background (in parallel).
3749 When set, use as default value for
3750 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3755 A space-delimited list of jail names.
3756 When left empty, all of the
3758 instances defined in the configuration file are started.
3759 The names specified in this list control the jail startup order.
3761 instances missing from
3763 must be started manually.
3766 parameter in the configuration file may override this list.
3767 .It Va jail_reverse_stop
3771 all configured jails in
3773 are stopped in reverse order.
3774 .It Va jail_* variables
3775 Note that older releases supported per-jail configuration via
3779 hostname of a jail named
3781 was able to be set by
3782 .Li jail_vjail_hostname .
3783 These per-jail configuration variables are now obsolete in favor of
3786 For backward compatibility,
3787 when per-jail configuration variables are defined,
3789 configuration files are created as
3790 .Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf
3793 The following per-jail parameters are handled by
3795 script out of their corresponding
3798 In addition to them, parameters in
3799 .Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3800 will be added to the configuration file.
3801 They must be a semi-colon
3809 .Bl -tag -width "host.hostname" -offset indent
3812 .Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3813 .It Li host.hostname
3815 .Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3816 .It Li exec.consolelog
3818 .Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3819 The default value is
3820 .Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3823 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
3824 .It Li vnet.interface
3826 .Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
3829 parameter will be enabled and cannot be specified with
3830 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
3831 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3833 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3837 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3840 .Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
3843 .Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3846 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
3847 The parameter name was
3849 in some older releases.
3850 .It Li exec.prestart
3852 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
3853 .It Li exec.poststart
3855 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
3858 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3861 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
3862 .It Li exec.poststop
3864 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
3867 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3869 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3870 contain IPv4 addresses
3873 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3875 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3876 contain IPv6 addresses
3879 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3882 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3883 .It Li devfs_ruleset
3885 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
3886 This must be an integer,
3888 .It Li mount.fdescfs
3890 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3891 .It Li allow.set_hostname
3893 .Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
3894 .It Li allow.rawsocket
3896 .Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
3897 .It Li allow.sysvipc
3899 .Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
3901 .\" -----------------------------------------------------
3905 representing the entropy sources
3906 you wish to harvest.
3909 for more information.
3914 to disable caching entropy via
3916 Otherwise set to the directory
3917 in which the entropy files are stored.
3921 that regularly writes and rotates
3924 will be used at boot time.
3926 .Pa /var/db/entropy .
3931 to disable caching entropy through reboots.
3932 Otherwise set to the name
3933 of a file used to store cached entropy.
3934 This file should be located
3935 on a file system that is readable
3936 before all the volumes specified in
3943 .Pa /var/db/entropy-file
3944 is found it will also be used.
3945 This will be of some use to
3947 .It Va entropy_boot_file
3952 very early caching entropy
3954 Otherwise set to the filename
3956 very early reboot cached entropy.
3957 This file should be located where
3962 The default location is
3964 .It Va entropy_save_sz
3966 Size of the entropy cache files saved by
3969 .It Va entropy_save_num
3971 Number of entropy cache files to save by
3985 Configuration file for
3994 .Pa /var/run/dmesg.boot
3996 .It Va rcshutdown_timeout
3998 If set, start a watchdog timer in the background which will terminate
4002 has not completed within the specified time (in seconds).
4003 Notice that in addition to this soft timeout,
4005 also applies a hard timeout for the execution of
4007 This is configured via
4010 .Va kern.init_shutdown_timeout
4011 and defaults to 120 seconds.
4012 Setting the value of
4013 .Va rcshutdown_timeout
4014 to more than 120 seconds will have no effect until the
4017 .Va kern.init_shutdown_timeout
4019 .It Va virecover_enable
4023 to prevent the system from trying to
4024 recover pre-maturely terminated
4027 .It Va ugidfw_enable
4032 .Xr mac_bsdextended 4
4033 module upon system initialization and load a default
4035 .It Va bsdextended_script
4038 .Xr mac_bsdextended 4
4039 ruleset file to load.
4040 The default value of this variable is
4041 .Pa /etc/rc.bsdextended .
4042 .It Va newsyslog_enable
4049 .It Va newsyslog_flags
4052 .Va newsyslog_enable
4055 these are the flags to pass to the
4060 which causes log files flagged with a
4063 .It Va mdconfig_md Ns Aq Ar X
4073 must be specified and either a
4075 for malloc or swap backed
4083 .Va mdconfig_md Ns Aq Ar X
4084 variables are evaluated until one variable is unset or null.
4085 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4087 Optional arguments passed to
4093 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4095 An ownership specification passed to
4104 device and the mount point will be changed.
4105 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4107 A mode string passed to
4116 device and the mount point will be changed.
4117 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4119 Files to be copied to the mount point of the
4123 after it has been mounted.
4124 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4126 Command to execute after the specified
4131 Note that the command is passed to
4137 variables can be used to reference respectively the
4139 device and the mount point.
4144 one could set the following:
4146 mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4148 .It Va autobridge_interfaces
4150 Set to the list of bridge interfaces that will have newly arriving interfaces
4151 checked against to be automatically added.
4154 then for each whitespace separated
4157 .Va autobridge_ Ns Aq Ar element
4158 variable is assumed to exist which has a whitespace separated list of interface
4159 names to match, these names can use wildcards.
4162 autobridge_interfaces="bridge0"
4163 autobridge_bridge0="tap* dc0 vlan[345]"
4169 enable support for sound mixer.
4170 .It Va hcsecd_enable
4174 enable Bluetooth security daemon.
4175 .It Va hcsecd_config
4177 Configuration file for
4180 .Pa /etc/bluetooth/hcsecd.conf .
4185 enable Bluetooth Service Discovery Protocol daemon.
4193 .It Va sdpd_groupname
4197 group to run as after it initializes.
4200 .It Va sdpd_username
4204 user to run as after it initializes.
4207 .It Va bthidd_enable
4211 enable Bluetooth Human Interface Device daemon.
4212 .It Va bthidd_config
4214 Configuration file for
4217 .Pa /etc/bluetooth/bthidd.conf .
4220 Path to a file, where
4222 will store information about known HID devices.
4224 .Pa /var/db/bthidd.hids .
4225 .It Va rfcomm_pppd_server_enable
4229 enable Bluetooth RFCOMM PPP wrapper daemon.
4230 .It Va rfcomm_pppd_server_profile
4232 The name of the profile to use from
4233 .Pa /etc/ppp/ppp.conf .
4234 Multiple profiles can be specified here.
4235 Also used to specify per-profile overrides.
4236 When the profile name contains any of the characters
4238 they are translated to
4240 for the proposes of the override variable names.
4241 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4243 Overrides local address to listen on.
4249 The address can be specified as BD_ADDR or name.
4250 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4252 Overrides local RFCOMM channel to listen on.
4255 will listen on RFCOMM channel 1.
4256 Must set properly if multiple profiles used in the same time.
4257 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4261 if it should register Serial Port service on the specified RFCOMM channel.
4264 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4268 if it should register Dial-Up Networking service on the specified
4272 .It Va ubthidhci_enable
4276 change the USB Bluetooth controller from HID mode to HCI mode.
4277 You also need to specify the location of USB Bluetooth controller with the
4278 .Va ubthidhci_busnum
4282 .It Va ubthidhci_busnum
4283 Bus number where the USB Bluetooth controller is located.
4286 on your system to find this information.
4287 .It Va ubthidhci_addr
4288 Bus address of the USB Bluetooth controller.
4291 on your system to find this information.
4292 .It Va netwait_enable
4296 delays the start of network-reliant services until
4298 is up and ICMP packets to a destination defined in
4301 Link state is examined first, followed by
4303 an IP address to verify network usability.
4304 If no destination can be reached or timeouts are exceeded,
4305 network services are started anyway with no guarantee that
4306 the network is usable.
4307 Use of this variable requires both
4315 This variable contains a space-delimited list of IP addresses to
4317 DNS hostnames should not be used as resolution is not guaranteed
4318 to be functional at this point.
4319 If multiple IP addresses are specified,
4320 each will be tried until one is successful or the list is exhausted.
4321 .It Va netwait_timeout
4323 Indicates the total number of seconds to perform a
4325 against each IP address in
4327 at a rate of one ping per second.
4328 If any of the pings are successful,
4329 full network connectivity is considered reliable.
4334 Defines the name of the network interface on which watch for link.
4336 is used to monitor the interface, looking for
4337 .Dq Li status: no carrier .
4338 Once gone, the link is considered up.
4341 interface if desired.
4342 .It Va netwait_if_timeout
4344 Defines the total number of seconds to wait for link to become usable,
4345 polled at a 1-second interval.
4353 rules from the defined ruleset.
4354 The kernel must be built with
4357 .Cd "options RCTL" .
4363 This variables contains the
4369 A space-separated list of configuration files used by
4371 The default value is an empty string.
4372 .It Va autofs_enable
4382 daemons at boot time.
4383 .It Va automount_flags
4389 these are the flags to pass to the
4392 By default no flags are passed.
4393 .It Va automountd_flags
4399 these are the flags to pass to the
4402 By default no flags are passed.
4403 .It Va autounmountd_flags
4409 these are the flags to pass to the
4412 By default no flags are passed.
4419 daemon at boot time.
4420 .It Va iscsid_enable
4426 daemon at boot time.
4427 .It Va iscsictl_enable
4433 utility at boot time.
4434 .It Va iscsictl_flags
4440 these are the flags to pass to the
4445 which configures sessions based on the
4450 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4451 .It Pa /etc/defaults/rc.conf
4453 .It Pa /etc/rc.conf.local
4484 .Xr newsyslog.conf 5 ,
4555 .An Jordan K. Hubbard .
projects / FreeBSD / FreeBSD.git / blob