4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the system installation utility,
46 is not to run commands or perform system startup actions
48 Instead, it is included by the
49 various generic startup scripts in
51 which conditionalize their
52 internal actions according to the settings found there.
56 file is included from the file
57 .Pa /etc/defaults/rc.conf ,
58 which specifies the default settings for all the available options.
59 Options need only be specified in
61 when the system administrator wishes to override these defaults.
63 .Pa /etc/rc.conf.local
64 is used to override settings in
66 for historical reasons.
72 .Dq Ar name Ns Li = Ns Ar value
76 The following list provides a name and short description for each
77 variable that can be set in the
80 .Bl -tag -width indent-two
85 enable output of debug messages from rc scripts.
86 This variable can be helpful in diagnosing mistakes when
87 editing or integrating new scripts.
88 Beware that this produces copious output to the terminal and
94 disable informational messages from the rc scripts.
95 Informational messages are displayed when
96 a condition that is not serious enough to warrant a warning or
98 .It Va early_late_divider
100 The name of the script that should be used as the
101 delimiter between the
105 stages of the boot process.
106 The early stage should contain all the services needed to
107 get the disks (local or remote) mounted so that the late
108 stage can include scripts contained in the directories
111 variable (see below).
112 Thus, the two likely candidates for this value are
114 for the typical system, and
116 if the system needs remote file
117 systems mounted to get access to the
119 directories; for example when
127 is likely to be an appropriate value.
128 Extreme care should be taken when changing this value,
129 and before changing it one should ensure that there are
130 adequate provisions to recover from a failed boot
131 (such as physical contact with the machine,
132 or reliable remote console access).
137 no swapfile is installed, otherwise the value is used as the full
138 pathname to a file to use for additional swap space.
143 enable support for Automatic Power Management with
151 to handle APM event from userland.
152 This also enables support for APM.
159 these are the flags to pass to the
166 to handle device added, removed or unknown events from the kernel.
167 .It Va kldxref_enable
174 to automatically rebuild
179 .It Va kldxref_clobber
189 will overwrite existing
196 .It Va kldxref_module_path
201 delimited list of paths containing
213 enable the system power control facility with the
222 these are the flags to pass to the
226 Controls the creation of a
229 Always happens if set to
231 and never happens if set to
233 If set to anything else, a memory file system is created if
237 Controls the size of a created
241 Extra options passed to the
243 utility when the memory file system for
248 which inhibits the use of softupdates on
250 so that file system space is freed without delay
251 after file truncation or deletion.
254 for other options you can use in
257 Controls the creation of a
260 Always happens if set to
262 and never happens if set to
264 If set to anything else, a memory file system is created if
268 Controls the size of a created
272 Extra options passed to the
274 utility when the memory file system for
279 which inhibits the use of softupdates on
281 so that file system space is freed without delay
282 after file truncation or deletion.
285 for other options you can use in
288 Controls the automatic population of the
291 Always happens if set to
293 and never happens if set to
295 If set to anything else, a memory file system is created if
298 Note that this process requires access to certain commands in
302 is mounted on normal systems.
303 .It Va cleanvar_enable
310 List of directories to search for startup script files.
311 .It Va script_name_sep
313 The field separator to use for breaking down the list of startup script files
314 into individual filenames.
315 The default is a space.
316 It is not necessary to change this unless there are startup scripts with names
318 .It Va hostapd_enable
327 The fully qualified domain name (FQDN) of this host on the network.
328 This should almost certainly be set to something meaningful, even if
329 there is no network connection.
332 is used to set the hostname via DHCP,
333 this variable should be set to an empty string.
336 Enable support for IPv6 networking.
337 Note that this requires that the kernel has been compiled with
338 .Cd "options INET6" .
341 The NIS domain name of this host, or
344 .It Va dhclient_program
346 Path to the DHCP client program
347 .Pa ( /sbin/dhclient ,
352 .It Va dhclient_flags
354 Additional flags to pass to the DHCP client program.
359 manpage for a description of the command line options available.
360 .It Va dhclient_flags_ Ns Aq Ar iface
361 Additional flags to pass to the DHCP client program running on
364 When specified, this variable overrides
366 .It Va background_dhclient
370 to start the DHCP client in background.
371 This can cause trouble with applications depending on
372 a working network, but it will provide a faster startup
374 .It Va background_dhclient_ Ns Aq Ar iface
375 When specified, this variable overrides the
376 .Va background_dhclient
377 variable for interface
380 .It Va synchronous_dhclient
386 only in response to interface events and not synchronously at startup.
387 This behavior can be overridden on a per-interface basis by replacing
391 .Va ifconfig_ Ns Aq Ar interface
396 .It Va firewall_enable
400 to load firewall rules at startup.
401 If the kernel was not built with
402 .Cd "options IPFIREWALL" ,
405 kernel module will be loaded.
407 .Va ipfilter_enable .
408 .It Va ipv6_firewall_enable
410 The IPv6 equivalent of
411 .Va firewall_enable .
414 to load IPv6 firewall rules at startup.
415 If the kernel was not built with
416 .Cd "options IPV6FIREWALL" ,
419 kernel module will be loaded.
420 .It Va firewall_script
422 This variable specifies the full path to the firewall script to run.
424 .Pa /etc/rc.firewall .
425 .It Va ipv6_firewall_script
427 The IPv6 equivalent of
428 .Va firewall_script .
431 Names the firewall type from the selection in
432 .Pa /etc/rc.firewall ,
433 or the file which contains the local firewall ruleset.
434 Valid selections from
438 .Bl -tag -width ".Li simple" -compact
440 unrestricted IP access
442 all IP services disabled, except via
445 basic protection for a workstation
447 basic protection for a LAN.
450 If a filename is specified, the full path
452 .It Va ipv6_firewall_type
454 The IPv6 equivalent of
456 .It Va firewall_quiet
460 to disable the display of firewall rules on the console during boot.
461 .It Va ipv6_firewall_quiet
463 The IPv6 equivalent of
465 .It Va firewall_logging
469 to enable firewall event logging.
470 This is equivalent to the
471 .Dv IPFIREWALL_VERBOSE
473 .It Va ipv6_firewall_logging
475 The IPv6 equivalent of
476 .Va firewall_logging .
477 .It Va firewall_flags
483 specifies a filename.
484 .It Va ipv6_firewall_flags
486 The IPv6 equivalent of
503 sockets must be enabled in the kernel.
504 If the kernel was not built with
505 .Cd "options IPDIVERT" ,
508 kernel module will be loaded.
509 .It Va natd_interface
511 This is the name of the public interface on which
514 The interface may be given as an interface name or as an IP address.
519 flags should be placed here.
524 flag is automatically added with the above
527 .\" ----- ipfilter_enable setting --------------------------------
528 .It Va ipfilter_enable
539 Typical usage will require putting
541 ipfilter_enable="YES"
559 can be enabled independently.
563 both require at least one of
573 options IPFILTER_DEFAULT_BLOCK
576 in the kernel configuration file is a good idea, too.
577 .\" ----- ipfilter_program setting ------------------------------
578 .It Va ipfilter_program
584 .\" ----- ipfilter_rules setting --------------------------------
585 .It Va ipfilter_rules
590 This variable contains the name of the filter rule definition file.
591 The file is expected to be readable for the
594 .\" ----- ipv6_ipfilter_rules setting ---------------------------
595 .It Va ipv6_ipfilter_rules
600 This variable contains the IPv6 filter rule definition file.
601 The file is expected to be readable for the
604 .\" ----- ipfilter_flags setting --------------------------------
605 .It Va ipfilter_flags
608 This variable contains flags passed to the
611 .\" ----- ipnat_enable setting ----------------------------------
621 network address translation.
624 for a detailed discussion.
625 .\" ----- ipnat_program setting ---------------------------------
632 .\" ----- ipnat_rules setting -----------------------------------
638 This variable contains the name of the file
639 holding the network address translation definition.
640 This file is expected to be readable for the
643 .\" ----- ipnat_flags setting -----------------------------------
647 This variable contains flags passed to the
650 .\" ----- ipmon_enable setting ----------------------------------
665 Setting this variable needs setting
672 for a detailed discussion.
673 .\" ----- ipmon_program setting ---------------------------------
680 .\" ----- ipmon_flags setting -----------------------------------
686 This variable contains flags passed to the
689 Another typical example would be
690 .Dq Fl D Pa /var/log/ipflog
693 log directly to a file bypassing
696 .Pa /etc/newsyslog.conf
697 in such case like this:
699 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
701 .\" ----- ipfs_enable setting -----------------------------------
711 saving the filter and NAT state tables during shutdown
712 and reloading them during startup again.
713 Setting this variable needs setting
722 for a detailed discussion.
728 because the raised securelevel will prevent
730 from saving the state tables at shutdown time.
731 .\" ----- ipfs_program setting ----------------------------------
738 .\" ----- ipfs_flags setting ------------------------------------
742 This variable contains flags passed to the
745 .\" ----- end of added ipf hook ---------------------------------
757 Typical usage will require putting
772 into the kernel, otherwise the
773 kernel module will be loaded.
778 ruleset configuration file
793 these flags are passed to the
795 program when loading the ruleset.
805 which logs packets from the
818 .Pa /var/log/pflog ) .
820 .Pa /etc/newsyslog.conf
821 to adjust logfile rotation for this.
831 This variable contains additional flags passed to the
834 .It Va ftpproxy_enable
845 packet filter in translating ftp connections.
846 .It Va ftpproxy_flags
849 This variable contains additional flags passed to the
861 state changes to other hosts over the network by means of
866 must also be set then.
867 .It Va pfsync_syncdev
870 This variable specifies the name of the network interface
872 should operate through.
873 It must be set accordingly if
877 .It Va pfsync_syncpeer
880 This variable is optional.
881 By default, state change messages are sent out on the synchronisation
882 interface using IP multicast packets.
883 The protocol is IP protocol 240, PFSYNC, and the multicast group used is
885 When a peer address is specified using the
887 option, the peer address is used as a destination for the pfsync
888 traffic, and the traffic can then be protected using
892 manpage for more details about using
897 .It Va pfsync_ifconfig
900 This variable can contain additional options to be passed to the
902 command used to set up
904 .It Va tcp_extensions
911 disables certain TCP options as described by
917 might help remedy such problems with connections as randomly hanging
918 or other weird behavior.
919 Some network devices are known
920 to be broken with respect to these options.
927 .Va net.inet.tcp.log_in_vain
929 .Va net.inet.udp.log_in_vain ,
934 are set to the given value.
942 will disable probing idle TCP connections to verify that the
943 peer is still up and reachable.
944 .It Va tcp_drop_synfin
951 will cause the kernel to ignore TCP frames that have both
952 the SYN and FIN flags set.
953 This prevents OS fingerprinting, but may
954 break some legitimate applications.
955 This option is only available if the
956 kernel was built with the
959 .It Va icmp_drop_redirect
966 will cause the kernel to ignore ICMP REDIRECT packets.
969 for more information.
970 .It Va icmp_log_redirect
977 will cause the kernel to log ICMP REDIRECT packets.
979 the log messages are not rate-limited, so this option should only be used
980 for troubleshooting networks.
983 for more information.
984 .It Va icmp_bmcastecho
988 to respond to broadcast or multicast ICMP ping packets.
991 for more information.
992 .It Va ip_portrange_first
996 this is the first port in the default portrange.
999 for more information.
1000 .It Va ip_portrange_last
1004 this is the last port in the default portrange.
1007 for more information.
1008 .It Va network_interfaces
1010 Set to the list of network interfaces to configure on this host or
1012 (the default) for all current interfaces.
1014 .Va network_interfaces
1015 variable to anything other than the default is deprecated.
1016 Interfaces that the administrator wishes to store configuration for,
1017 but not start at boot should be configured with the
1020 .Va ifconfig_ Ns Aq Ar interface
1021 variables as described below.
1024 .Va ifconfig_ Ns Aq Ar interface
1025 variable is also assumed to exist for each value of
1027 When an interface name contains any of the characters
1029 they are translated to
1032 The variable can contain arguments to
1034 as well as special case-insensitive keywords described below.
1035 Such keywords are removed before passing the value to
1037 while the order of the other arguments is preserved.
1039 One can configure more than one IPv4 address with the
1040 .Va ipv4_addrs_ Ns Aq Ar interface
1042 One or more IP addresses must be provided in Classless Inter-Domain
1043 Routing (CIDR) address notation, whose last byte can be a range like
1045 In this case the address 192.168.0.5 will be configured with the
1046 netmask /24 and the addresses 192.168.0.6 to 192.168.0.23 with
1047 the non-conflicting netmask /32 as explained in the
1050 With the interface in question being
1052 an example could look like:
1054 ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"
1057 It is also possible to add IP alias entries using
1060 Assuming that the interface in question was
1063 something like this:
1065 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1066 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1071 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1072 entry that is found,
1073 its contents are passed to
1075 Execution stops at the first unsuccessful access, so if
1076 something like this is present:
1078 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1079 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1080 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1081 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1084 Then note that alias4 would
1086 be added since the search would
1087 stop with the missing
1090 Due to this difficult to manage behavior, the
1091 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1095 .Pa /etc/start_if. Ns Aq Ar interface
1096 file is present, it is read and executed by the
1099 before configuring the interface as specified in the
1100 .Va ifconfig_ Ns Aq Ar interface
1102 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1106 .Va ifconfig_ Ns Aq Ar interface
1107 contains the keyword
1109 then the interface will not be configured
1111 .Pa /etc/pccard_ether
1113 .Va network_interfaces
1117 It is possible to bring up an interface with DHCP by adding
1120 .Va ifconfig_ Ns Aq Ar interface
1122 For instance, to initialize the
1125 it is possible to use something like:
1130 Also, if you want to configure your wireless interface with
1131 .Xr wpa_supplicant 8
1132 for use with WPA, EAP/LEAP or WEP, you need to add
1135 .Va ifconfig_ Ns Aq Ar interface
1138 Finally, you can add
1140 options in this variable, in addition to the
1141 .Pa /etc/start_if. Ns Aq Ar interface
1143 For instance, to initialize the
1145 device via DHCP, using WPA authentication and 802.11b mode, it is
1146 possible to use something like:
1148 ifconfig_wi0="DHCP WPA mode 11b"
1152 .Va ifconfig_ Ns Aq Ar interface
1153 form, a fallback variable
1154 .Va ifconfig_DEFAULT
1156 It will be used for all interfaces with no
1157 .Va ifconfig_ Ns Aq Ar interface
1159 This is intended to replace the no longer supported
1163 It is also possible to rename interface by doing:
1165 ifconfig_ed0_name="net0"
1166 ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
1168 .It Va ipv6_network_interfaces
1170 This is the IPv6 equivalent of
1171 .Va network_interfaces .
1172 Instead of setting the ifconfig variables as
1173 .Va ifconfig_ Ns Aq Ar interface
1174 they should be set as
1175 .Va ipv6_ifconfig_ Ns Aq Ar interface .
1176 Aliases should be set as
1177 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
1178 .Va ipv6_prefix_ Ns Aq Ar interface
1180 Interfaces that do not have a
1181 .Va ipv6_ifconfig_ Ns Aq Ar interface
1182 setting will be auto configured by
1185 .Va ipv6_gateway_enable
1188 Note that the IPv6 networking code does not support the
1189 .Pa /etc/start_if. Ns Aq Ar interface
1191 .It Va ipv6_default_interface
1195 this is the default output interface for scoped addresses.
1196 Now this works only for IPv6 link local multicast addresses.
1197 .It Va cloned_interfaces
1199 Set to the list of clonable network interfaces to create on this host.
1201 .Va cloned_interfaces
1202 are automatically appended to
1203 .Va network_interfaces
1205 .It Va fec_interfaces
1209 Fast EtherChannel interfaces to configure on this host.
1211 .Va fecconfig_ Ns Aq Ar interface
1212 variable is assumed to exist for each value of
1214 The value of this variable is used to configure link aggregated interfaces
1215 according to the syntax of the
1216 .Cm NGM_FEC_ADD_IFACE
1220 Additionally, this option ensures that each listed interface is created
1225 before attempting to configure it.
1228 fec_interfaces="fec0"
1229 fecconfig_fec0="em0 em1"
1230 ifconfig_fec0="DHCP"
1232 .It Va gif_interfaces
1236 tunnel interfaces to configure on this host.
1238 .Va gifconfig_ Ns Aq Ar interface
1239 variable is assumed to exist for each value of
1241 The value of this variable is used to configure the link layer of the
1242 tunnel according to the syntax of the
1246 Additionally, this option ensures that each listed interface is created
1251 before attempting to configure it.
1252 .It Va sppp_interfaces
1256 interfaces to configure on this host.
1258 .Va spppconfig_ Ns Aq Ar interface
1259 variable is assumed to exist for each value of
1261 Each interface should also be configured by a general
1262 .Va ifconfig_ Ns Aq Ar interface
1266 for more information about available options.
1276 Mode in which to run the
1285 See the manual for a full description.
1290 enables network address translation.
1291 Used in conjunction with
1293 allows hosts on private network addresses access to the Internet using
1294 this host as a network address translating router.
1297 The name of the profile to use from
1298 .Pa /etc/ppp/ppp.conf .
1301 The name of the user under which
1309 .It Va rc_conf_files
1311 This option is used to specify a list of files that will override
1313 .Pa /etc/defaults/rc.conf .
1314 The files will be read in the order in which they are specified and should
1315 include the full path to the file.
1316 By default, the files specified are
1319 .Pa /etc/rc.conf.local
1325 will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1327 .It Va gbde_autoattach_all
1332 will attempt to automatically initialize your .bde devices in
1336 List the devices that the script should try to attach,
1341 The directory where the
1343 lockfiles are located.
1344 The default lockfile directory is
1347 The lockfile for each individual
1349 device can be overridden by setting the variable
1350 .Va gbde_lock_ Ns Aq Ar device ,
1353 is the encrypted device without the
1358 .It Va gbde_attach_attempts
1360 Number of times to attempt attaching to a
1362 device, i.e., how many times the user is asked for the pass-phrase.
1366 List of devices to automatically attach on boot.
1367 Note that .eli devices from
1369 are automatically appended to this list.
1372 Number of times user is asked for the pass-phrase.
1373 If empty, it will be taken from
1374 .Va kern.geom.eli.tries
1376 .It Va geli_default_flags
1378 Default flags to use by
1380 when configuring disk encryption.
1381 Flags can be configured for every device separately by defining
1382 .Va geli_ Ns Ao Ar device Ac Ns Va _flags
1384 .It Va geli_autodetach
1386 Specifies if GELI devices should be marked for detach on last close after
1387 file systems are mounted.
1390 This can be changed for every device separately by defining
1391 .Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1393 .It Va geli_swap_flags
1394 Options passed to the
1396 utility when encrypted GEOM providers for swap partitions are created.
1398 .Dq Li "-a aes -l 256 -s 4096 -d" .
1399 .It Va root_rw_mount
1404 After the file systems are checked at boot time, the root file system
1405 is remounted as read-write if this is set to
1407 Diskless systems that mount their root file system from a read-only remote
1408 NFS share should set this to
1412 .It Va fsck_y_enable
1417 will be run with the
1419 flag if the initial preen
1420 of the file systems fails.
1421 .It Va background_fsck
1425 the system will attempt to run
1427 in the background where possible.
1428 .It Va background_fsck_delay
1430 The amount of time in seconds to sleep before starting a background
1432 It defaults to sixty seconds to allow large applications such as
1433 the X server to start before disk I/O bandwidth is monopolized by
1435 If set to a negative number, the background file system check will be
1436 delayed indefinitely to allow the administrator to run it at a more
1438 For example it may be run from
1440 by adding a line like
1442 .Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
1448 List of file system types that are network-based.
1449 This list should generally not be modified by end users.
1451 .Va extra_netfs_types
1453 .It Va extra_netfs_types
1455 If set to something other than
1458 this variable extends the list of file system types
1459 for which automatic mounting at startup by
1461 should be delayed until the network is initialized.
1463 a whitespace-separated list of network file system descriptor pairs,
1464 each consisting of a file system type as passed to
1466 and a human-readable, one-word description,
1469 Extending the default list in this way is only necessary
1470 when third party file system types are used.
1471 .It Va syslogd_enable
1478 .It Va syslogd_program
1483 .Pa /usr/sbin/syslogd ) .
1484 .It Va syslogd_flags
1490 these are the flags to pass to
1499 .It Va inetd_program
1504 .Pa /usr/sbin/inetd ) .
1511 these are the flags to pass to
1520 .It Va named_program
1525 .Pa /usr/sbin/named ) .
1532 these are the flags to pass to
1534 .It Va named_pidfile
1536 This is the default path to the
1539 This must match the location in
1545 process should be run as.
1546 .It Va named_chrootdir
1548 The root directory for a name server run in a
1550 environment (default
1554 will not be run in a
1557 .It Va named_chroot_autoupdate
1561 to disable automatic update of the
1564 .It Va named_symlink_enable
1568 to disable symlinking of
1573 .It Va kerberos5_server_enable
1577 to start a Kerberos 5 authentication server
1579 .It Va kerberos5_server
1582 .Va kerberos5_server_enable
1585 this is the path to Kerberos 5 Authentication Server.
1586 .It Va kerberos5_server_flags
1589 This variable contains additional flags to be passed to the Kerberos 5
1590 authentication server.
1591 .It Va kadmind5_server_enable
1597 the Kerberos 5 Administration Daemon; set to
1600 .It Va kadmind5_server
1603 .Va kadmind5_server_enable
1606 this is the path to Kerberos 5 Administration Daemon.
1607 .It Va kpasswdd_server_enable
1613 the Kerberos 5 Password-Changing Daemon; set to
1616 .It Va kpasswdd_server
1619 .Va kpasswdd_server_enable
1622 this is the path to Kerberos 5 Password-Changing Daemon.
1629 daemon at boot time.
1636 these are the flags to pass to it.
1643 daemon at boot time.
1650 these are the flags to pass to it.
1653 manpage for more information.
1654 .It Va amd_map_program
1657 the specified program is run to get the list of
1662 maps are stored in NIS, one can set this to
1675 will be updated at boot time to reflect the kernel release
1680 will not be updated.
1681 .It Va nfs_client_enable
1685 run the NFS client daemons at boot time.
1686 .It Va nfs_access_cache
1689 .Va nfs_client_enable
1694 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1696 results should be cached.
1697 A value of 2-10 seconds will substantially reduce network
1698 traffic for many NFS operations.
1699 .It Va nfs_server_enable
1703 run the NFS server daemons at boot time.
1704 .It Va nfs_server_flags
1707 .Va nfs_server_enable
1710 these are the flags to pass to the
1713 .It Va idmapd_enable
1717 run the ID mapping daemon for NFS version 4.
1724 these are the flags to pass to the
1727 .It Va mountd_enable
1732 .Va nfs_server_enable
1738 It is commonly needed to run CFS without real NFS used.
1745 these are the flags to pass to the
1748 .It Va weak_mountd_authentication
1752 allow services like PCNFSD to make non-privileged mount
1754 .It Va nfs_reserved_port_only
1758 provide NFS services only on a secure port.
1759 .It Va nfs_bufpackets
1761 If set to a number, indicates the number of packets worth of
1762 socket buffer space to reserve on an NFS client.
1763 The kernel default is typically 4.
1764 Using a higher number may be
1765 useful on gigabit networks to improve performance.
1766 The minimum value is
1767 2 and the maximum is 64.
1768 .It Va rpc_lockd_enable
1772 and also an NFS server or client, run
1775 .It Va rpc_lockd_flags
1778 .Va rpc_lockd_enable
1781 these are the flags to pass to the
1784 .It Va rpc_statd_enable
1788 and also an NFS server or client, run
1791 .It Va rpc_statd_flags
1794 .Va rpc_statd_enable
1797 these are the flags to pass to the
1800 .It Va rpcbind_program
1805 .Pa /usr/sbin/rpcbind ) .
1806 .It Va rpcbind_enable
1812 service at boot time.
1813 .It Va rpcbind_flags
1819 these are the flags to pass to the
1822 .It Va keyserv_enable
1828 daemon on boot for running Secure RPC.
1829 .It Va keyserv_flags
1835 these are the flags to pass to
1838 .It Va pppoed_enable
1844 daemon at boot time to provide PPP over Ethernet services.
1845 .It Va pppoed_ Ns Aq Ar provider
1848 listens to requests to this
1854 argument of the same name.
1857 Additional flags to pass to
1859 .It Va pppoed_interface
1861 The network interface to run
1864 This is mandatory when
1874 service at boot time.
1875 This command is intended for networks of
1876 machines where a consistent
1878 for all hosts must be established.
1879 This is often useful in large NFS
1880 environments where time stamps on files are expected to be consistent
1888 these are the flags to pass to the
1891 .It Va ntpdate_enable
1898 This command is intended to
1899 synchronize the system clock only
1901 from some standard reference.
1902 An option to set this up initially
1903 (from a list of known servers) is also provided by the
1905 program when the system is first installed.
1906 .It Va ntpdate_config
1908 Configuration file for
1912 .It Va ntpdate_hosts
1914 A whitespace-separated list of NTP servers to synchronize with at startup.
1915 The default is to use the servers listed in
1916 .Va ntpdate_config ,
1917 if that file exists.
1918 .It Va ntpdate_program
1923 .Pa /usr/sbin/ntpdate ) .
1924 .It Va ntpdate_flags
1930 these are the flags to pass to the
1932 command (typically a hostname).
1939 command at boot time.
1945 .Pa /usr/sbin/ntpd ) .
1959 these are the flags to pass to the
1962 .It Va ntpd_sync_on_start
1969 flag, which syncs the system's clock on startup.
1972 for more information regarding the
1975 This is a preferred alternative to using
1980 .It Va nis_client_enable
1986 service at system boot time.
1987 .It Va nis_client_flags
1990 .Va nis_client_enable
1993 these are the flags to pass to the
1996 .It Va nis_ypset_enable
2002 daemon at system boot time.
2003 .It Va nis_ypset_flags
2006 .Va nis_ypset_enable
2009 these are the flags to pass to the
2012 .It Va nis_server_enable
2018 daemon at system boot time.
2019 .It Va nis_server_flags
2022 .Va nis_server_enable
2025 these are the flags to pass to the
2028 .It Va nis_ypxfrd_enable
2034 daemon at system boot time.
2035 .It Va nis_ypxfrd_flags
2038 .Va nis_ypxfrd_enable
2041 these are the flags to pass to the
2044 .It Va nis_yppasswdd_enable
2050 daemon at system boot time.
2051 .It Va nis_yppasswdd_flags
2054 .Va nis_yppasswdd_enable
2057 these are the flags to pass to the
2060 .It Va rpc_ypupdated_enable
2066 daemon at system boot time.
2067 .It Va bsnmpd_enable
2073 daemon at system boot time.
2074 Be sure to understand the security implications of running SNMP daemon
2082 these are the flags to pass to the
2085 .It Va defaultrouter
2089 create a default route to this host name or IP address
2090 (use an IP address if this router is also required to get to the
2092 .It Va ipv6_defaultrouter
2094 The IPv6 equivalent of
2096 .It Va static_routes
2098 Set to the list of static routes that are to be added at system
2102 then for each whitespace separated
2105 .Va route_ Ns Aq Ar element
2106 variable is assumed to exist
2107 whose contents will later be passed to a
2112 static_routes="mcast gif0local"
2113 route_mcast="-net 224.0.0.0/4 -iface gif0"
2114 route_gif0local="-host 169.254.1.1 -iface lo0"
2116 .It Va ipv6_static_routes
2118 The IPv6 equivalent of
2122 then for each whitespace separated
2125 .Va ipv6_route_ Ns Aq Ar element
2126 variable is assumed to exist
2127 whose contents will later be passed to a
2128 .Dq Nm route Cm add Fl inet6
2130 .It Va natm_static_routes
2136 If not empty then for each whitespace separated
2139 .Va route_ Ns Aq Ar element
2140 variable is assumed to exist whose contents will later be passed to a
2141 .Dq Nm atmconfig Cm natm Cm add
2143 .It Va gateway_enable
2147 configure host to act as an IP router, e.g.\& to forward packets
2149 .It Va ipv6_gateway_enable
2151 The IPv6 equivalent of
2152 .Va gateway_enable .
2153 .It Va router_enable
2157 run a routing daemon of some sort, based on the
2162 .It Va ipv6_router_enable
2164 The IPv6 equivalent of
2168 run a routing daemon of some sort, based on the
2172 .Va ipv6_router_flags .
2179 this is the name of the routing daemon to use.
2182 The IPv6 equivalent of
2190 these are the flags to pass to the routing daemon.
2191 .It Va ipv6_router_flags
2193 The IPv6 equivalent of
2195 .It Va mrouted_enable
2199 run the multicast routing daemon,
2201 .It Va mroute6d_enable
2203 The IPv6 equivalent of
2204 .Va mrouted_enable .
2207 run the IPv6 multicast routing daemon.
2209 Note that multicast routing daemons are no longer included in the
2211 base system, however, both
2215 may be installed from the
2218 .It Va mrouted_flags
2224 these are the flags to pass to the
2227 .It Va mroute6d_flags
2229 The IPv6 equivalent of
2235 these are the flags passed to the IPv6 multicast routing daemon.
2236 .It Va mroute6d_program
2242 this is the path to the IPv6 multicast routing daemon.
2243 .It Va rtadvd_enable
2249 daemon at boot time.
2252 .Va ipv6_gateway_enable
2257 utility sends router advertisement packets to the interfaces specified in
2258 .Va rtadvd_interfaces
2259 and should only be enabled with great care.
2260 You may want to fine-tune
2262 .It Va rtadvd_interfaces
2268 this is the list of interfaces to use.
2269 .It Va ipxgateway_enable
2273 enable the routing of IPX traffic.
2274 .It Va ipxrouted_enable
2280 daemon at system boot time.
2281 .It Va ipxrouted_flags
2284 .Va ipxrouted_enable
2287 these are the flags to pass to the
2294 enable global proxy ARP.
2295 .It Va forward_sourceroute
2303 source-routed packets are forwarded.
2304 .It Va accept_sourceroute
2308 the system will accept source-routed packets directed at it.
2315 daemon at system boot time.
2322 these are the flags to pass to the
2325 .It Va bootparamd_enable
2331 daemon at system boot time.
2332 .It Va bootparamd_flags
2335 .Va bootparamd_enable
2338 these are the flags to pass to the
2341 .It Va stf_interface_ipv4addr
2345 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2347 Specify this entry to enable the 6to4 interface.
2348 .It Va stf_interface_ipv4plen
2350 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2351 An effective value is 0-31.
2352 .It Va stf_interface_ipv6_ifid
2354 IPv6 interface ID for
2358 .It Va stf_interface_ipv6_slaid
2360 IPv6 Site Level Aggregator for
2362 .It Va ipv6_faith_prefix
2366 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
2371 .It Va ipv6_ipv4mapping
2375 this enables IPv4 mapped IPv6 address communication (like
2376 .Li ::ffff:a.b.c.d ) .
2381 to enable the configuration of ATM interfaces at system boot time.
2382 For all of the ATM variables described below, please refer to the
2384 manual page for further details on the available command parameters.
2385 Also refer to the files in
2386 .Pa /usr/share/examples/atm
2387 for more detailed configuration information.
2390 This is a list of physical ATM interface drivers to load.
2395 .It Va atm_netif_ Ns Aq Ar intf
2397 For the ATM physical interface
2399 this variable defines the name prefix and count for the ATM network
2400 interfaces to be created.
2401 The value will be passed as the parameters of an
2402 .Dq Nm atm Cm "set netif" Ar intf
2404 .It Va atm_sigmgr_ Ns Aq Ar intf
2406 For the ATM physical interface
2408 this variable defines the ATM signalling manager to be used.
2409 The value will be passed as the parameters of an
2410 .Dq Nm atm Cm attach Ar intf
2412 .It Va atm_prefix_ Ns Aq Ar intf
2414 For the ATM physical interface
2416 this variable defines the NSAP prefix for interfaces using a UNI signalling
2420 the prefix will automatically be set via the
2423 Otherwise, the value will be passed as the parameters of an
2424 .Dq Nm atm Cm "set prefix" Ar intf
2426 .It Va atm_macaddr_ Ns Aq Ar intf
2428 For the ATM physical interface
2430 this variable defines the MAC address for interfaces using a UNI signalling
2434 the hardware MAC address contained in the ATM interface card will be used.
2435 Otherwise, the value will be passed as the parameters of an
2436 .Dq Nm atm Cm "set mac" Ar intf
2438 .It Va atm_arpserver_ Ns Aq Ar netif
2440 For the ATM network interface
2442 this variable defines the ATM address for a host which is to provide ATMARP
2444 This variable is only applicable to interfaces using a UNI signalling
2448 this host will become an ATMARP server.
2449 The value will be passed as the parameters of an
2450 .Dq Nm atm Cm "set arpserver" Ar netif
2452 .It Va atm_scsparp_ Ns Aq Ar netif
2456 SCSP/ATMARP service for the network interface
2458 will be initiated using the
2463 This variable is only applicable if
2464 .Va atm_arpserver_ Ns Aq Ar netif
2469 Set to the list of ATM PVCs to be added at system
2471 For each whitespace separated
2474 .Va atm_pvc_ Ns Aq Ar element
2475 variable is assumed to exist.
2476 The value of each of these variables
2477 will be passed as the parameters of an
2478 .Dq Nm atm Cm "add pvc"
2482 Set to the list of permanent ATM ARP entries to be added
2483 at system boot time.
2484 For each whitespace separated
2487 .Va atm_arp_ Ns Aq Ar element
2488 variable is assumed to exist.
2489 The value of each of these variables
2490 will be passed as the parameters of an
2491 .Dq Nm atm Cm "add arp"
2493 .It Va natm_interfaces
2497 interfaces that will also be used for HARP through
2499 If this list is not empty all interfaces in the list will be brought up
2505 For this to work the interface drivers must be either compiled into the
2506 kernel or must reside on the root partition.
2509 The keyboard bell sound.
2516 if the default behavior is desired.
2517 For details, refer to the
2522 If set to a non-null string, the virtual console's keyboard input is
2528 no keymap is installed, otherwise the value is used to install
2530 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
2533 The keyboard repeat speed.
2540 if the default behavior is desired.
2545 attempt to program the function keys with the value.
2547 be a single string of the form:
2548 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
2551 Can be set to the value of
2554 .Dq Li destructive ,
2557 to set the cursor behavior explicitly or choose the default behavior.
2562 no screen map is installed, otherwise the value is used to install
2563 the screen map file in
2564 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
2569 the default 8x16 font value is used for screen size requests, otherwise
2571 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2577 the default 8x14 font value is used for screen size requests, otherwise
2579 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2585 the default 8x8 font value is used for screen size requests, otherwise
2587 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2593 the default screen blanking interval is used, otherwise it is set
2601 this is the actual screen saver to use
2602 .Li ( blank , snake , daemon ,
2604 .It Va moused_nondefault_enable
2608 the mouse device specified on
2609 the command line is not automatically treated as enabled by the
2610 .Pa /etc/rc.d/moused
2612 Having this variable set to
2618 to be enabled as soon as it is plugged in.
2619 .It Va moused_enable
2625 daemon is started for doing cut/paste selection on the console.
2628 This is the protocol type of the mouse connected to this host.
2629 This variable must be set if
2636 is able to detect the appropriate mouse type automatically in many cases.
2637 Set this variable to
2639 to let the daemon detect it, or
2640 select one from the following list if the automatic detection fails.
2642 If the mouse is attached to the PS/2 mouse port, choose
2646 regardless of the brand and model of the mouse.
2648 mouse is attached to the bus mouse port, choose
2652 All other protocols are for serial mice and will not work with
2653 the PS/2 and bus mice.
2654 If this is a USB mouse,
2656 is the only protocol type which will work.
2658 .Bl -tag -width ".Li x10mouseremote" -compact
2660 Microsoft mouse (serial)
2662 Microsoft IntelliMouse (serial)
2664 Mouse systems Corp.\& mouse (serial)
2666 MM Series mouse (serial)
2668 Logitech mouse (serial)
2672 Logitech MouseMan and TrackMan (serial)
2674 ALPS GlidePoint (serial)
2675 .It Li thinkingmouse
2676 Kensington ThinkingMouse (serial)
2680 MM HitTablet (serial)
2681 .It Li x10mouseremote
2682 X10 MouseRemote (serial)
2684 Interlink VersaPad (serial)
2687 Even if the mouse is not in the above list, it may be compatible
2688 with one in the list.
2689 Refer to the manual page for
2691 for compatibility information.
2693 It should also be noted that while this is enabled, any
2694 other client of the mouse (such as an X server) should access
2695 the mouse through the virtual mouse device,
2697 and configure it as a
2699 type mouse, since all
2700 mouse data is converted to this single canonical format when
2703 If the client program does not support the
2709 It is the second preferred type.
2716 this is the actual port the mouse is on.
2719 for a COM1 serial mouse,
2723 for a bus mouse, for example.
2728 is set, its value is used as an additional set of flags to pass to the
2731 .It Va "moused_" Ns Ar XXX Ns Va "_flags"
2733 .Va moused_nondefault_enable
2736 daemon is started for a non-default port, the
2737 .Va "moused_" Ns Ar XXX Ns Va "_flags"
2738 set of options has precedence over and replaces the default
2739 .Va moused_flags (where
2741 is the name of the non-default port, i.e.\&
2744 .Va "moused_" Ns Ar XXX Ns Va "_flags"
2745 it is possible to set up a different set of default flags for each
2748 For example, you can use
2752 to make your laptop's touchpad more comfortable to use,
2753 but an empty set of options for
2754 .Va moused_ums0_flags
2757 mouse has three or more buttons.
2758 .It Va mousechar_start
2762 the default mouse cursor character range
2763 .Li 0xd0 Ns - Ns Li 0xd3
2765 otherwise the range start is set
2770 Use if the default range is occupied in the language code table.
2771 .It Va allscreens_flags
2775 is run with these options for each of the virtual terminals
2779 will enable the mouse pointer on all virtual terminals
2784 .It Va allscreens_kbdflags
2788 is run with these options for each of the virtual terminals
2794 scrollback (history) buffer to 200 lines.
2801 daemon at system boot time.
2807 .Pa /usr/sbin/cron ) .
2814 these are the flags to pass to
2820 enable the special handling of transitions to and from the
2821 Daylight Saving Time in
2823 (equivalent to using the flag
2830 .Pa /usr/sbin/lpd ) .
2837 daemon at system boot time.
2844 these are the flags to pass to the
2847 .It Va chkprintcap_enable
2853 command before starting the
2856 .It Va chkprintcap_flags
2861 .Va chkprintcap_enable
2864 these are the flags to pass to the
2869 which causes missing directories to be created.
2870 .It Va mta_start_script
2872 This variable specifies the full path to the script to run to start
2873 a mail transfer agent.
2875 .Pa /etc/rc.sendmail .
2879 .Pa /etc/rc.sendmail
2880 uses are documented in the
2885 Indicates the device (usually a swap partition) to which a crash dump
2886 should be written in the event of a system crash.
2887 If the value of this variable is
2889 the first suitable swap device listed in
2891 will be used as dump device.
2892 Otherwise, the value of this variable is passed as the argument to
2894 To disable crash dumps, set this variable to
2898 When the system reboots after a crash and a crash dump is found on the
2899 device specified by the
2903 will save that crash dump and a copy of the kernel to the directory
2907 The default value is
2916 .It Va savecore_flags
2918 If crash dumps are enabled, these are the flags to pass to the
2921 .It Va enable_quotas
2925 to turn on user and group disk quotas on system startup via the
2927 command for all file systems marked as having quotas enabled in
2929 The kernel must be built with
2931 for disk quotas to function.
2936 to enable user and group disk quota checking via the
2939 .It Va quotacheck_flags
2949 these are the flags to pass to the
2954 which checks quotas for all file systems with quotas enabled in
2956 .It Va quotaon_flags
2962 these are the flags to pass to the
2967 which enables quotas for all file systems with quotas enabled in
2969 .It Va quotaoff_flags
2975 these are the flags to pass to the
2977 utility when shutting down the quota system.
2980 which disables quotas for all file systems with quotas enabled in
2982 .It Va accounting_enable
2986 to enable system accounting through the
2993 to enable iBCS2 (SCO) binary emulation at system initial boot
2995 .It Va ibcs2_loaders
3003 this specifies a list of additional iBCS2 loaders to enable.
3008 to enable Linux/ELF binary emulation at system initial
3014 enable SysVR4 emulation at boot time.
3015 .It Va sysvipc_enable
3019 load System V IPC primitives at boot time.
3020 .It Va clear_tmp_enable
3031 to disable removing of X11 lock files,
3032 and the removal and (secure) recreation
3033 of the various socket directories for X11
3035 .It Va ldconfig_paths
3037 Set to the list of shared library paths to use with
3041 will always be added first, so it need not appear in this list.
3042 .It Va ldconfig32_paths
3044 Set to the list of 32-bit compatibility shared library paths to
3047 .It Va ldconfig_paths_aout
3049 Set to the list of shared library paths to use with
3054 .It Va ldconfig_insecure
3058 utility normally refuses to use directories
3059 which are writable by anyone except root.
3060 Set this variable to
3062 to disable that security check during system startup.
3063 .It Va ldconfig_local_dirs
3065 Set to the list of local
3068 The names of all files in the directories listed will be
3069 passed as arguments to
3071 .It Va ldconfig_local32_dirs
3073 Set to the list of local 32-bit compatibility
3076 The names of all files in the directories listed will be
3077 passed as arguments to
3078 .Dq Nm ldconfig Fl 32 .
3079 .It Va kern_securelevel_enable
3083 to set the kernel security level at system startup.
3084 .It Va kern_securelevel
3086 The kernel security level to set at startup.
3087 The allowed range of
3089 ranges from \-1 (the compile time default) to 3 (the
3093 for the list of possible security levels and their effect
3094 on system operation.
3097 Path to the SSH server program
3098 .Pa ( /usr/sbin/sshd
3106 at system boot time.
3113 these are the flags to pass to the
3118 Path to the FTP server program
3119 .Pa ( /usr/libexec/ftpd
3127 as a stand-alone daemon at system boot time.
3134 these are the additional flags to pass to the
3137 .It Va watchdogd_enable
3143 daemon at boot time.
3144 This requires that the kernel have been compiled with a
3147 .It Va watchdogd_flags
3150 .Va watchdogd_enable
3153 these are the flags passed to the
3156 .It Va performance_cx_lowest
3158 CPU idle state to use while on AC power.
3163 should use the lowest power state available while
3165 indicates that the lowest latency state (less power savings) should be used.
3166 .It Va performance_cpu_freq
3168 CPU clock frequency to use while on AC power.
3173 should use the lowest frequency available while
3175 indicates that the highest frequency (less power savings) should be used.
3176 .It Va economy_cx_lowest
3178 CPU idle state to use when off AC power.
3183 should use the lowest power state available while
3185 indicates that the lowest latency state (less power savings) should be used.
3186 .It Va economy_cpu_freq
3188 CPU clock frequency to use when off AC power.
3193 should use the lowest frequency available while
3195 indicates that the highest frequency (less power savings) should be used.
3200 any configured jails will not be started.
3203 A space separated list of names for jails.
3204 This is purely a configuration aid to help identify and
3205 configure multiple jails.
3206 The names specified in this list will be used to
3207 identify settings common to an instance of a jail.
3208 Assuming that the jail in question was named
3210 you would have the following dependent variables:
3212 jail_vjail_hostname="jail.example.com"
3213 jail_vjail_ip="192.168.1.100"
3214 jail_vjail_rootdir="/var/jails/vjail/root"
3220 When set, use as default value for
3221 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3224 .It Va jail_interface
3227 When set, use as default value for
3228 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3234 When set, use as default value for
3235 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3238 .It Va jail_mount_enable
3246 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3249 by default for every jail in
3251 .It Va jail_devfs_ruleset
3255 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3256 to given value for every jail in
3258 .It Va jail_devfs_enable
3266 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3269 by default for every jail in
3271 .It Va jail_fdescfs_enable
3279 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3282 by default for every jail in
3284 .It Va jail_procfs_enable
3292 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3295 by default for every jail in
3297 .It Va jail_exec_start
3300 When set, use as default value for
3301 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3304 .It Va jail_exec_afterstart Ns Aq Ar N
3307 When set, use as default value for
3308 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3311 .It Va jail_exec_stop
3313 When set, use as default value for
3314 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3317 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3320 Set to the root directory used by jail
3322 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3325 Set to the fully qualified domain name (FQDN) assigned to jail
3327 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3330 Set to the IP address assigned to jail
3332 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3337 These are flags to pass to
3339 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3342 When set, sets the interface to use when setting IP address alias.
3343 Note that the alias is created at jail startup and removed at jail shutdown.
3344 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3347 .Pa /etc/fstab. Ns Aq Ar jname
3349 This is the file system information file to use for jail
3351 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3358 mount all file systems from
3359 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3361 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3364 When set, defines the device file system ruleset file to use for jail
3366 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3373 mount the device file system inside jail
3376 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3383 mount the file-descriptor file system inside jail
3386 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
3393 mount the process file system inside jail
3396 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3399 .Dq Li /bin/sh /etc/rc
3401 This is the command executed at jail startup.
3402 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3405 This is the command run as
3408 after jail startup, where
3411 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3414 .Dq Li /bin/sh /etc/rc.shutdown
3416 This is the command executed at jail shutdown.
3417 .It Va jail_set_hostname_allow
3421 do not allow the root user in a jail to set its hostname.
3422 .It Va jail_socket_unixiproute_only
3426 do not allow any sockets,
3427 besides UNIX/IP/route sockets,
3428 to be used within a jail.
3429 .It Va jail_sysvipc_allow
3433 allow applications within a jail to use System V IPC.
3434 .\" ----- ISDN settings ---------------------------------
3445 at system boot time.
3449 .Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
3451 Additional flags to pass to
3457 for certain tunable parameters).
3463 The terminal type of the output device when
3465 operates in full-screen mode.
3466 .It Va isdn_screenflags
3471 The video mode for full-screen mode (only for
3481 The output device for
3483 in full-screen mode (or
3493 enables the ISDN protocol trace utility
3495 at system boot time.
3496 .It Va isdn_traceflags
3499 .Dq Fl f Pa /var/tmp/isdntrace0
3503 .\" -----------------------------------------------------
3504 .It Va harvest_interrupt
3508 to use hardware interrupts as an entropy source.
3511 for more information.
3512 .It Va harvest_ethernet
3516 to use LAN traffic as an entropy source.
3519 for more information.
3520 .It Va harvest_p_to_p
3524 to use serial line traffic as an entropy source.
3527 for more information.
3532 to disable caching entropy via
3534 Otherwise set to the directory used to store entropy files in.
3539 to disable caching entropy through reboots.
3540 Otherwise set to the filename used to store cached entropy through
3542 This file should be located on the root file system to seed the
3544 device as early as possible in the boot process.
3545 .It Va entropy_save_sz
3547 Size of the entropy cache files saved by
3550 .It Va entropy_save_num
3552 Number of entropy cache files to save by
3566 Configuration file for
3575 .Pa /var/run/dmesg.boot
3577 .It Va rcshutdown_timeout
3579 If set, start a watchdog timer in the background which will terminate
3583 has not completed within the specified time (in seconds).
3584 Notice that in addition to this soft timeout,
3586 also applies a hard timeout for the execution of
3588 This is configured via
3591 .Va kern.init_shutdown_timeout
3592 and defaults to 120 seconds.
3593 Setting the value of
3594 .Va rcshutdown_timeout
3595 to more than 120 seconds will have no effect until the
3598 .Va kern.init_shutdown_timeout
3600 .It Va virecover_enable
3604 to prevent the system from trying to
3605 recover pre-maturely terminated
3608 .It Va ugidfw_enable
3613 .Xr mac_bsdextended 4
3614 module upon system initialization and load a default
3616 .It Va bsdextended_script
3619 .Xr mac_bsdextended 4
3620 ruleset file to load.
3621 The default value of this variable is
3622 .Pa /etc/rc.bsdextended .
3623 .It Va newsyslog_enable
3630 .It Va newsyslog_flags
3633 .Va newsyslog_enable
3636 these are the flags to pass to the
3641 which causes log files flagged with a
3644 .It Va mdconfig_md Ns Aq Ar X
3654 must be specified and either a
3656 for malloc or swap backed
3664 .Va mdconfig_md Ns Aq Ar X
3665 variables are evaluated until one variable is unset or null.
3666 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
3668 Optional arguments passed to
3674 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
3676 An ownership specification passed to
3685 device and the mount point will be changed.
3686 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
3688 A mode string passed to
3697 device and the mount point will be changed.
3698 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
3700 Files to be copied to the mount point of the
3704 after it has been mounted.
3705 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
3707 Command to execute after the specified
3712 Note that the command is passed to
3718 variables can be used to reference respectively the
3720 device and the mount point.
3725 one could set the following:
3727 mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
3729 .It Va ramdisk_units
3731 A list of one or more ramdisk units to configure with
3735 in time to be mounted from
3739 must specify at least a
3742 .Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
3744 Note that this way to configure ramdisks has been deprecated
3747 variables (see above).
3748 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
3756 must be specified, where
3762 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs
3764 Optional arguments passed to
3766 to initialize ramdisk
3768 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner
3770 An ownership specification passed to
3772 after the specified ramdisk unit
3777 device and the mount point will be changed.
3778 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms
3780 A mode string passed to
3782 after the specified ramdisk unit
3787 device and the mount point will be changed.
3788 .It Va autobridge_interfaces
3790 Set to the list of bridge interfaces that will have newly arriving interfaces
3791 checked against to be automatically added.
3794 then for each whitespace separated
3797 .Va autobridge_ Ns Aq Ar element
3798 variable is assumed to exist which has a whitespace separated list of interface
3799 names to match, these names can use wildcards.
3802 autobridge_interfaces="bridge0"
3803 autobridge_bridge0="tap* dc0 vlan[345]"
3809 enable support for sound mixer.
3812 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
3813 .It Pa /etc/defaults/rc.conf
3815 .It Pa /etc/rc.conf.local
3843 .Xr newsyslog.conf 5 ,
3906 .An Jordan K. Hubbard .