4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the system installation utility,
46 is not to run commands or perform system startup actions
48 Instead, it is included by the
49 various generic startup scripts in
51 which conditionalize their
52 internal actions according to the settings found there.
56 file is included from the file
57 .Pa /etc/defaults/rc.conf ,
58 which specifies the default settings for all the available options.
59 Options need only be specified in
61 when the system administrator wishes to override these defaults.
63 .Pa /etc/rc.conf.local
64 is used to override settings in
66 for historical reasons.
72 .Dq Ar name Ns Li = Ns Ar value
76 The following list provides a name and short description for each
77 variable that can be set in the
80 .Bl -tag -width indent-two
85 enable output of debug messages from rc scripts.
86 This variable can be helpful in diagnosing mistakes when
87 editing or integrating new scripts.
88 Beware that this produces copious output to the terminal and
94 disable informational messages from the rc scripts.
95 Informational messages are displayed when
96 a condition that is not serious enough to warrant a warning or
98 .It Va early_late_divider
100 The name of the script that should be used as the
101 delimiter between the
105 stages of the boot process.
106 The early stage should contain all the services needed to
107 get the disks (local or remote) mounted so that the late
108 stage can include scripts contained in the directories
111 variable (see below).
112 Thus, the two likely candidates for this value are
114 for the typical system, and
116 if the system needs remote file
117 systems mounted to get access to the
119 directories; for example when
127 is likely to be an appropriate value.
128 Extreme care should be taken when changing this value,
129 and before changing it one should ensure that there are
130 adequate provisions to recover from a failed boot
131 (such as physical contact with the machine,
132 or reliable remote console access).
137 no swapfile is installed, otherwise the value is used as the full
138 pathname to a file to use for additional swap space.
143 enable support for Automatic Power Management with
151 to handle APM event from userland.
152 This also enables support for APM.
159 these are the flags to pass to the
166 to handle device added, removed or unknown events from the kernel.
173 scripts at boot time.
176 Configuration file for
180 .It Va kldxref_enable
187 to automatically rebuild
192 .It Va kldxref_clobber
202 will overwrite existing
209 .It Va kldxref_module_path
214 delimited list of paths containing
226 enable the system power control facility with the
235 these are the flags to pass to the
239 Controls the creation of a
242 Always happens if set to
244 and never happens if set to
246 If set to anything else, a memory file system is created if
250 Controls the size of a created
254 Extra options passed to the
256 utility when the memory file system for
261 which inhibits the use of softupdates on
263 so that file system space is freed without delay
264 after file truncation or deletion.
267 for other options you can use in
270 Controls the creation of a
273 Always happens if set to
275 and never happens if set to
277 If set to anything else, a memory file system is created if
281 Controls the size of a created
285 Extra options passed to the
287 utility when the memory file system for
292 which inhibits the use of softupdates on
294 so that file system space is freed without delay
295 after file truncation or deletion.
298 for other options you can use in
301 Controls the automatic population of the
304 Always happens if set to
306 and never happens if set to
308 If set to anything else, a memory file system is created if
311 Note that this process requires access to certain commands in
315 is mounted on normal systems.
316 .It Va cleanvar_enable
323 List of directories to search for startup script files.
324 .It Va script_name_sep
326 The field separator to use for breaking down the list of startup script files
327 into individual filenames.
328 The default is a space.
329 It is not necessary to change this unless there are startup scripts with names
331 .It Va hostapd_enable
340 The fully qualified domain name (FQDN) of this host on the network.
341 This should almost certainly be set to something meaningful, even if
342 there is no network connection.
345 is used to set the hostname via DHCP,
346 this variable should be set to an empty string.
349 Enable support for IPv6 networking.
350 Note that this requires that the kernel has been compiled with
351 .Cd "options INET6" .
354 The NIS domain name of this host, or
357 .It Va dhclient_program
359 Path to the DHCP client program
360 .Pa ( /sbin/dhclient ,
365 .It Va dhclient_flags
367 Additional flags to pass to the DHCP client program.
372 manpage for a description of the command line options available.
373 .It Va dhclient_flags_ Ns Aq Ar iface
374 Additional flags to pass to the DHCP client program running on
377 When specified, this variable overrides
379 .It Va background_dhclient
383 to start the DHCP client in background.
384 This can cause trouble with applications depending on
385 a working network, but it will provide a faster startup
387 .It Va background_dhclient_ Ns Aq Ar iface
388 When specified, this variable overrides the
389 .Va background_dhclient
390 variable for interface
393 .It Va synchronous_dhclient
399 only in response to interface events and not synchronously at startup.
400 This behavior can be overridden on a per-interface basis by replacing
404 .Va ifconfig_ Ns Aq Ar interface
409 .It Va firewall_enable
413 to load firewall rules at startup.
414 If the kernel was not built with
415 .Cd "options IPFIREWALL" ,
418 kernel module will be loaded.
420 .Va ipfilter_enable .
421 .It Va ipv6_firewall_enable
423 The IPv6 equivalent of
424 .Va firewall_enable .
427 to load IPv6 firewall rules at startup.
428 If the kernel was not built with
429 .Cd "options IPV6FIREWALL" ,
432 kernel module will be loaded.
433 .It Va firewall_script
435 This variable specifies the full path to the firewall script to run.
437 .Pa /etc/rc.firewall .
438 .It Va ipv6_firewall_script
440 The IPv6 equivalent of
441 .Va firewall_script .
444 Names the firewall type from the selection in
445 .Pa /etc/rc.firewall ,
446 or the file which contains the local firewall ruleset.
447 Valid selections from
451 .Bl -tag -width ".Li simple" -compact
453 unrestricted IP access
455 all IP services disabled, except via
458 basic protection for a workstation
460 basic protection for a LAN.
463 If a filename is specified, the full path
465 .It Va ipv6_firewall_type
467 The IPv6 equivalent of
469 .It Va firewall_quiet
473 to disable the display of firewall rules on the console during boot.
474 .It Va ipv6_firewall_quiet
476 The IPv6 equivalent of
478 .It Va firewall_logging
482 to enable firewall event logging.
483 This is equivalent to the
484 .Dv IPFIREWALL_VERBOSE
486 .It Va ipv6_firewall_logging
488 The IPv6 equivalent of
489 .Va firewall_logging .
490 .It Va firewall_flags
496 specifies a filename.
497 .It Va ipv6_firewall_flags
499 The IPv6 equivalent of
501 .\" ----- firewall_nat_enable setting --------------------------------
502 .It Va firewall_nat_enable
514 .It Va firewall_nat_interface
520 This is the name of the public interface or IP address on which
521 kernel NAT should run.
522 .It Va firewall_nat_flags
524 Additional configuration parameters for kernel NAT should be placed here.
525 .It Va dummynet_enable
529 will automatically load the
535 .\" -------------------------------------------------------------------
551 sockets must be enabled in the kernel.
552 If the kernel was not built with
553 .Cd "options IPDIVERT" ,
556 kernel module will be loaded.
557 .It Va natd_interface
559 This is the name of the public interface on which
562 The interface may be given as an interface name or as an IP address.
567 flags should be placed here.
572 flag is automatically added with the above
575 .\" ----- ipfilter_enable setting --------------------------------
576 .It Va ipfilter_enable
587 Typical usage will require putting
589 ipfilter_enable="YES"
607 can be enabled independently.
611 both require at least one of
621 options IPFILTER_DEFAULT_BLOCK
624 in the kernel configuration file is a good idea, too.
625 .\" ----- ipfilter_program setting ------------------------------
626 .It Va ipfilter_program
632 .\" ----- ipfilter_rules setting --------------------------------
633 .It Va ipfilter_rules
638 This variable contains the name of the filter rule definition file.
639 The file is expected to be readable for the
642 .\" ----- ipv6_ipfilter_rules setting ---------------------------
643 .It Va ipv6_ipfilter_rules
648 This variable contains the IPv6 filter rule definition file.
649 The file is expected to be readable for the
652 .\" ----- ipfilter_flags setting --------------------------------
653 .It Va ipfilter_flags
656 This variable contains flags passed to the
659 .\" ----- ipnat_enable setting ----------------------------------
669 network address translation.
672 for a detailed discussion.
673 .\" ----- ipnat_program setting ---------------------------------
680 .\" ----- ipnat_rules setting -----------------------------------
686 This variable contains the name of the file
687 holding the network address translation definition.
688 This file is expected to be readable for the
691 .\" ----- ipnat_flags setting -----------------------------------
695 This variable contains flags passed to the
698 .\" ----- ipmon_enable setting ----------------------------------
713 Setting this variable needs setting
720 for a detailed discussion.
721 .\" ----- ipmon_program setting ---------------------------------
728 .\" ----- ipmon_flags setting -----------------------------------
734 This variable contains flags passed to the
737 Another typical example would be
738 .Dq Fl D Pa /var/log/ipflog
741 log directly to a file bypassing
744 .Pa /etc/newsyslog.conf
745 in such case like this:
747 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
749 .\" ----- ipfs_enable setting -----------------------------------
759 saving the filter and NAT state tables during shutdown
760 and reloading them during startup again.
761 Setting this variable needs setting
770 for a detailed discussion.
776 because the raised securelevel will prevent
778 from saving the state tables at shutdown time.
779 .\" ----- ipfs_program setting ----------------------------------
786 .\" ----- ipfs_flags setting ------------------------------------
790 This variable contains flags passed to the
793 .\" ----- end of added ipf hook ---------------------------------
805 Typical usage will require putting
820 into the kernel, otherwise the
821 kernel module will be loaded.
826 ruleset configuration file
841 these flags are passed to the
843 program when loading the ruleset.
853 which logs packets from the
866 .Pa /var/log/pflog ) .
868 .Pa /etc/newsyslog.conf
869 to adjust logfile rotation for this.
879 This variable contains additional flags passed to the
882 .It Va ftpproxy_enable
893 packet filter in translating ftp connections.
894 .It Va ftpproxy_flags
897 This variable contains additional flags passed to the
909 state changes to other hosts over the network by means of
914 must also be set then.
915 .It Va pfsync_syncdev
918 This variable specifies the name of the network interface
920 should operate through.
921 It must be set accordingly if
925 .It Va pfsync_syncpeer
928 This variable is optional.
929 By default, state change messages are sent out on the synchronisation
930 interface using IP multicast packets.
931 The protocol is IP protocol 240, PFSYNC, and the multicast group used is
933 When a peer address is specified using the
935 option, the peer address is used as a destination for the pfsync
936 traffic, and the traffic can then be protected using
940 manpage for more details about using
945 .It Va pfsync_ifconfig
948 This variable can contain additional options to be passed to the
950 command used to set up
952 .It Va tcp_extensions
959 disables certain TCP options as described by
965 might help remedy such problems with connections as randomly hanging
966 or other weird behavior.
967 Some network devices are known
968 to be broken with respect to these options.
975 .Va net.inet.tcp.log_in_vain
977 .Va net.inet.udp.log_in_vain ,
982 are set to the given value.
990 will disable probing idle TCP connections to verify that the
991 peer is still up and reachable.
992 .It Va tcp_drop_synfin
999 will cause the kernel to ignore TCP frames that have both
1000 the SYN and FIN flags set.
1001 This prevents OS fingerprinting, but may
1002 break some legitimate applications.
1003 .It Va icmp_drop_redirect
1010 will cause the kernel to ignore ICMP REDIRECT packets.
1013 for more information.
1014 .It Va icmp_log_redirect
1021 will cause the kernel to log ICMP REDIRECT packets.
1023 the log messages are not rate-limited, so this option should only be used
1024 for troubleshooting networks.
1027 for more information.
1028 .It Va icmp_bmcastecho
1032 to respond to broadcast or multicast ICMP ping packets.
1035 for more information.
1036 .It Va ip_portrange_first
1040 this is the first port in the default portrange.
1043 for more information.
1044 .It Va ip_portrange_last
1048 this is the last port in the default portrange.
1051 for more information.
1052 .It Va network_interfaces
1054 Set to the list of network interfaces to configure on this host or
1056 (the default) for all current interfaces.
1058 .Va network_interfaces
1059 variable to anything other than the default is deprecated.
1060 Interfaces that the administrator wishes to store configuration for,
1061 but not start at boot should be configured with the
1064 .Va ifconfig_ Ns Aq Ar interface
1065 variables as described below.
1068 .Va ifconfig_ Ns Aq Ar interface
1069 variable is also assumed to exist for each value of
1071 When an interface name contains any of the characters
1073 they are translated to
1076 The variable can contain arguments to
1078 as well as special case-insensitive keywords described below.
1079 Such keywords are removed before passing the value to
1081 while the order of the other arguments is preserved.
1083 One can configure more than one IPv4 address with the
1084 .Va ipv4_addrs_ Ns Aq Ar interface
1086 One or more IP addresses must be provided in Classless Inter-Domain
1087 Routing (CIDR) address notation, whose last byte can be a range like
1089 In this case the address 192.0.2.5 will be configured with the
1090 netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1091 the non-conflicting netmask /32 as explained in the
1094 With the interface in question being
1096 an example could look like:
1098 ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28"
1101 It is also possible to add IP alias entries using
1104 Assuming that the interface in question was
1107 something like this:
1109 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1110 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1115 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1116 entry that is found,
1117 its contents are passed to
1119 Execution stops at the first unsuccessful access, so if
1120 something like this is present:
1122 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1123 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1124 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1125 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1128 Then note that alias4 would
1130 be added since the search would
1131 stop with the missing
1134 Due to this difficult to manage behavior, the
1135 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1139 .Pa /etc/start_if. Ns Aq Ar interface
1140 file is present, it is read and executed by the
1143 before configuring the interface as specified in the
1144 .Va ifconfig_ Ns Aq Ar interface
1146 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1150 .Va ifconfig_ Ns Aq Ar interface
1151 contains the keyword
1153 then the interface will not be configured
1155 .Pa /etc/pccard_ether
1157 .Va network_interfaces
1161 It is possible to bring up an interface with DHCP by adding
1164 .Va ifconfig_ Ns Aq Ar interface
1166 For instance, to initialize the
1169 it is possible to use something like:
1174 Also, if your interface needs WPA authentication, it is possible to add
1177 .Va ifconfig_ Ns Aq Ar interface
1180 Finally, you can add
1182 options in this variable, in addition to the
1183 .Pa /etc/start_if. Ns Aq Ar interface
1185 For instance, to initialize the
1187 device via DHCP, using WPA authentication and 802.11b mode, it is
1188 possible to use something like:
1190 ifconfig_wi0="DHCP WPA mode 11b"
1194 .Va ifconfig_ Ns Aq Ar interface
1195 form, a fallback variable
1196 .Va ifconfig_DEFAULT
1198 It will be used for all interfaces with no
1199 .Va ifconfig_ Ns Aq Ar interface
1201 This is intended to replace the no longer supported
1205 It is also possible to rename interface by doing:
1207 ifconfig_ed0_name="net0"
1208 ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1210 .It Va ipv6_network_interfaces
1212 This is the IPv6 equivalent of
1213 .Va network_interfaces .
1214 Instead of setting the ifconfig variables as
1215 .Va ifconfig_ Ns Aq Ar interface
1216 they should be set as
1217 .Va ipv6_ifconfig_ Ns Aq Ar interface .
1218 Aliases should be set as
1219 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
1220 .Va ipv6_prefix_ Ns Aq Ar interface
1222 Interfaces that do not have a
1223 .Va ipv6_ifconfig_ Ns Aq Ar interface
1224 setting will be auto configured by
1227 .Va ipv6_gateway_enable
1230 Note that the IPv6 networking code does not support the
1231 .Pa /etc/start_if. Ns Aq Ar interface
1233 .It Va ipv6_default_interface
1237 this is the default output interface for scoped addresses.
1238 Now this works only for IPv6 link local multicast addresses.
1239 .It Va cloned_interfaces
1241 Set to the list of clonable network interfaces to create on this host.
1243 .Va cloned_interfaces
1244 are automatically appended to
1245 .Va network_interfaces
1247 .It Va fec_interfaces
1251 Fast EtherChannel interfaces to configure on this host.
1253 .Va fecconfig_ Ns Aq Ar interface
1254 variable is assumed to exist for each value of
1256 The value of this variable is used to configure link aggregated interfaces
1257 according to the syntax of the
1258 .Cm NGM_FEC_ADD_IFACE
1262 Additionally, this option ensures that each listed interface is created
1267 before attempting to configure it.
1270 fec_interfaces="fec0"
1271 fecconfig_fec0="em0 em1"
1272 ifconfig_fec0="DHCP"
1274 .It Va gif_interfaces
1278 tunnel interfaces to configure on this host.
1280 .Va gifconfig_ Ns Aq Ar interface
1281 variable is assumed to exist for each value of
1283 The value of this variable is used to configure the link layer of the
1284 tunnel according to the syntax of the
1288 Additionally, this option ensures that each listed interface is created
1293 before attempting to configure it.
1294 .It Va sppp_interfaces
1298 interfaces to configure on this host.
1300 .Va spppconfig_ Ns Aq Ar interface
1301 variable is assumed to exist for each value of
1303 Each interface should also be configured by a general
1304 .Va ifconfig_ Ns Aq Ar interface
1308 for more information about available options.
1318 The name of the profile to use from
1319 .Pa /etc/ppp/ppp.conf .
1320 Also used for per-profile overrides of
1325 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1326 When the profile name contains any of the characters
1328 they are translated to
1330 for the proposes of the override variable names.
1333 Mode in which to run the
1336 .It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1338 Overrides the global
1348 See the manual for a full description.
1353 enables network address translation.
1354 Used in conjunction with
1356 allows hosts on private network addresses access to the Internet using
1357 this host as a network address translating router.
1358 .It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1360 Overrides the global
1364 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1366 Set the unit number to be used for this profile.
1367 See the manual description of
1372 The name of the user under which
1380 .It Va rc_conf_files
1382 This option is used to specify a list of files that will override
1384 .Pa /etc/defaults/rc.conf .
1385 The files will be read in the order in which they are specified and should
1386 include the full path to the file.
1387 By default, the files specified are
1390 .Pa /etc/rc.conf.local
1396 will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1398 .It Va gbde_autoattach_all
1403 will attempt to automatically initialize your .bde devices in
1407 List the devices that the script should try to attach,
1412 The directory where the
1414 lockfiles are located.
1415 The default lockfile directory is
1418 The lockfile for each individual
1420 device can be overridden by setting the variable
1421 .Va gbde_lock_ Ns Aq Ar device ,
1424 is the encrypted device without the
1429 .It Va gbde_attach_attempts
1431 Number of times to attempt attaching to a
1433 device, i.e., how many times the user is asked for the pass-phrase.
1437 List of devices to automatically attach on boot.
1438 Note that .eli devices from
1440 are automatically appended to this list.
1443 Number of times user is asked for the pass-phrase.
1444 If empty, it will be taken from
1445 .Va kern.geom.eli.tries
1447 .It Va geli_default_flags
1449 Default flags to use by
1451 when configuring disk encryption.
1452 Flags can be configured for every device separately by defining
1453 .Va geli_ Ns Ao Ar device Ac Ns Va _flags
1455 .It Va geli_autodetach
1457 Specifies if GELI devices should be marked for detach on last close after
1458 file systems are mounted.
1461 This can be changed for every device separately by defining
1462 .Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1464 .It Va geli_swap_flags
1465 Options passed to the
1467 utility when encrypted GEOM providers for swap partitions are created.
1469 .Dq Li "-a aes -l 256 -s 4096 -d" .
1470 .It Va root_rw_mount
1475 After the file systems are checked at boot time, the root file system
1476 is remounted as read-write if this is set to
1478 Diskless systems that mount their root file system from a read-only remote
1479 NFS share should set this to
1483 .It Va fsck_y_enable
1488 will be run with the
1490 flag if the initial preen
1491 of the file systems fails.
1492 .It Va background_fsck
1496 the system will attempt to run
1498 in the background where possible.
1499 .It Va background_fsck_delay
1501 The amount of time in seconds to sleep before starting a background
1503 It defaults to sixty seconds to allow large applications such as
1504 the X server to start before disk I/O bandwidth is monopolized by
1506 If set to a negative number, the background file system check will be
1507 delayed indefinitely to allow the administrator to run it at a more
1509 For example it may be run from
1511 by adding a line like
1513 .Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
1519 List of file system types that are network-based.
1520 This list should generally not be modified by end users.
1522 .Va extra_netfs_types
1524 .It Va extra_netfs_types
1526 If set to something other than
1529 this variable extends the list of file system types
1530 for which automatic mounting at startup by
1532 should be delayed until the network is initialized.
1534 a whitespace-separated list of network file system descriptor pairs,
1535 each consisting of a file system type as passed to
1537 and a human-readable, one-word description,
1540 Extending the default list in this way is only necessary
1541 when third party file system types are used.
1542 .It Va syslogd_enable
1549 .It Va syslogd_program
1554 .Pa /usr/sbin/syslogd ) .
1555 .It Va syslogd_flags
1561 these are the flags to pass to
1570 .It Va inetd_program
1575 .Pa /usr/sbin/inetd ) .
1582 these are the flags to pass to
1591 .It Va named_program
1596 .Pa /usr/sbin/named ) .
1603 these are the flags to pass to
1605 .It Va named_pidfile
1607 This is the default path to the
1610 This must match the location in
1616 process should be run as.
1617 .It Va named_chrootdir
1619 The root directory for a name server run in a
1621 environment (default
1625 will not be run in a
1628 .It Va named_chroot_autoupdate
1632 to disable automatic update of the
1635 .It Va named_symlink_enable
1639 to disable symlinking of
1644 .It Va kerberos5_server_enable
1648 to start a Kerberos 5 authentication server
1650 .It Va kerberos5_server
1653 .Va kerberos5_server_enable
1656 this is the path to Kerberos 5 Authentication Server.
1657 .It Va kerberos5_server_flags
1660 This variable contains additional flags to be passed to the Kerberos 5
1661 authentication server.
1662 .It Va kadmind5_server_enable
1668 the Kerberos 5 Administration Daemon; set to
1671 .It Va kadmind5_server
1674 .Va kadmind5_server_enable
1677 this is the path to Kerberos 5 Administration Daemon.
1678 .It Va kpasswdd_server_enable
1684 the Kerberos 5 Password-Changing Daemon; set to
1687 .It Va kpasswdd_server
1690 .Va kpasswdd_server_enable
1693 this is the path to Kerberos 5 Password-Changing Daemon.
1700 daemon at boot time.
1707 these are the flags to pass to it.
1714 daemon at boot time.
1721 these are the flags to pass to it.
1724 manpage for more information.
1725 .It Va amd_map_program
1728 the specified program is run to get the list of
1733 maps are stored in NIS, one can set this to
1746 will be updated at boot time to reflect the kernel release
1751 will not be updated.
1752 .It Va nfs_client_enable
1756 run the NFS client daemons at boot time.
1757 .It Va nfs_access_cache
1760 .Va nfs_client_enable
1765 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1767 results should be cached.
1768 A value of 2-10 seconds will substantially reduce network
1769 traffic for many NFS operations.
1770 .It Va nfs_server_enable
1774 run the NFS server daemons at boot time.
1775 .It Va nfs_server_flags
1778 .Va nfs_server_enable
1781 these are the flags to pass to the
1784 .It Va idmapd_enable
1788 run the ID mapping daemon for NFS version 4.
1795 these are the flags to pass to the
1798 .It Va mountd_enable
1803 .Va nfs_server_enable
1809 It is commonly needed to run CFS without real NFS used.
1816 these are the flags to pass to the
1819 .It Va weak_mountd_authentication
1823 allow services like PCNFSD to make non-privileged mount
1825 .It Va nfs_reserved_port_only
1829 provide NFS services only on a secure port.
1830 .It Va nfs_bufpackets
1832 If set to a number, indicates the number of packets worth of
1833 socket buffer space to reserve on an NFS client.
1834 The kernel default is typically 4.
1835 Using a higher number may be
1836 useful on gigabit networks to improve performance.
1837 The minimum value is
1838 2 and the maximum is 64.
1839 .It Va rpc_lockd_enable
1843 and also an NFS server or client, run
1846 .It Va rpc_lockd_flags
1849 .Va rpc_lockd_enable
1852 these are the flags to pass to the
1855 .It Va rpc_statd_enable
1859 and also an NFS server or client, run
1862 .It Va rpc_statd_flags
1865 .Va rpc_statd_enable
1868 these are the flags to pass to the
1871 .It Va rpcbind_program
1876 .Pa /usr/sbin/rpcbind ) .
1877 .It Va rpcbind_enable
1883 service at boot time.
1884 .It Va rpcbind_flags
1890 these are the flags to pass to the
1893 .It Va keyserv_enable
1899 daemon on boot for running Secure RPC.
1900 .It Va keyserv_flags
1906 these are the flags to pass to
1909 .It Va pppoed_enable
1915 daemon at boot time to provide PPP over Ethernet services.
1916 .It Va pppoed_ Ns Aq Ar provider
1919 listens to requests to this
1925 argument of the same name.
1928 Additional flags to pass to
1930 .It Va pppoed_interface
1932 The network interface to run
1935 This is mandatory when
1945 service at boot time.
1946 This command is intended for networks of
1947 machines where a consistent
1949 for all hosts must be established.
1950 This is often useful in large NFS
1951 environments where time stamps on files are expected to be consistent
1959 these are the flags to pass to the
1962 .It Va ntpdate_enable
1969 This command is intended to
1970 synchronize the system clock only
1972 from some standard reference.
1973 An option to set this up initially
1974 (from a list of known servers) is also provided by the
1976 program when the system is first installed.
1977 .It Va ntpdate_config
1979 Configuration file for
1983 .It Va ntpdate_hosts
1985 A whitespace-separated list of NTP servers to synchronize with at startup.
1986 The default is to use the servers listed in
1987 .Va ntpdate_config ,
1988 if that file exists.
1989 .It Va ntpdate_program
1994 .Pa /usr/sbin/ntpdate ) .
1995 .It Va ntpdate_flags
2001 these are the flags to pass to the
2003 command (typically a hostname).
2010 command at boot time.
2016 .Pa /usr/sbin/ntpd ) .
2030 these are the flags to pass to the
2033 .It Va ntpd_sync_on_start
2040 flag, which syncs the system's clock on startup.
2043 for more information regarding the
2046 This is a preferred alternative to using
2051 .It Va nis_client_enable
2057 service at system boot time.
2058 .It Va nis_client_flags
2061 .Va nis_client_enable
2064 these are the flags to pass to the
2067 .It Va nis_ypset_enable
2073 daemon at system boot time.
2074 .It Va nis_ypset_flags
2077 .Va nis_ypset_enable
2080 these are the flags to pass to the
2083 .It Va nis_server_enable
2089 daemon at system boot time.
2090 .It Va nis_server_flags
2093 .Va nis_server_enable
2096 these are the flags to pass to the
2099 .It Va nis_ypxfrd_enable
2105 daemon at system boot time.
2106 .It Va nis_ypxfrd_flags
2109 .Va nis_ypxfrd_enable
2112 these are the flags to pass to the
2115 .It Va nis_yppasswdd_enable
2121 daemon at system boot time.
2122 .It Va nis_yppasswdd_flags
2125 .Va nis_yppasswdd_enable
2128 these are the flags to pass to the
2131 .It Va rpc_ypupdated_enable
2137 daemon at system boot time.
2138 .It Va bsnmpd_enable
2144 daemon at system boot time.
2145 Be sure to understand the security implications of running SNMP daemon
2153 these are the flags to pass to the
2156 .It Va defaultrouter
2160 create a default route to this host name or IP address
2161 (use an IP address if this router is also required to get to the
2163 .It Va ipv6_defaultrouter
2165 The IPv6 equivalent of
2167 .It Va static_routes
2169 Set to the list of static routes that are to be added at system
2173 then for each whitespace separated
2176 .Va route_ Ns Aq Ar element
2177 variable is assumed to exist
2178 whose contents will later be passed to a
2183 static_routes="mcast gif0local"
2184 route_mcast="-net 224.0.0.0/4 -iface gif0"
2185 route_gif0local="-host 169.254.1.1 -iface lo0"
2187 .It Va ipv6_static_routes
2189 The IPv6 equivalent of
2193 then for each whitespace separated
2196 .Va ipv6_route_ Ns Aq Ar element
2197 variable is assumed to exist
2198 whose contents will later be passed to a
2199 .Dq Nm route Cm add Fl inet6
2201 .It Va natm_static_routes
2207 If not empty then for each whitespace separated
2210 .Va route_ Ns Aq Ar element
2211 variable is assumed to exist whose contents will later be passed to a
2212 .Dq Nm atmconfig Cm natm Cm add
2214 .It Va gateway_enable
2218 configure host to act as an IP router, e.g.\& to forward packets
2220 .It Va ipv6_gateway_enable
2222 The IPv6 equivalent of
2223 .Va gateway_enable .
2224 .It Va router_enable
2228 run a routing daemon of some sort, based on the
2233 .It Va ipv6_router_enable
2235 The IPv6 equivalent of
2239 run a routing daemon of some sort, based on the
2243 .Va ipv6_router_flags .
2250 this is the name of the routing daemon to use.
2253 The IPv6 equivalent of
2261 these are the flags to pass to the routing daemon.
2262 .It Va ipv6_router_flags
2264 The IPv6 equivalent of
2266 .It Va mrouted_enable
2270 run the multicast routing daemon,
2272 .It Va mroute6d_enable
2274 The IPv6 equivalent of
2275 .Va mrouted_enable .
2278 run the IPv6 multicast routing daemon.
2280 Note that multicast routing daemons are no longer included in the
2282 base system, however, both
2286 may be installed from the
2289 .It Va mrouted_flags
2295 these are the flags to pass to the
2298 .It Va mroute6d_flags
2300 The IPv6 equivalent of
2306 these are the flags passed to the IPv6 multicast routing daemon.
2307 .It Va mroute6d_program
2313 this is the path to the IPv6 multicast routing daemon.
2314 .It Va rtadvd_enable
2320 daemon at boot time.
2323 .Va ipv6_gateway_enable
2328 utility sends router advertisement packets to the interfaces specified in
2329 .Va rtadvd_interfaces
2330 and should only be enabled with great care.
2331 You may want to fine-tune
2333 .It Va rtadvd_interfaces
2339 this is the list of interfaces to use.
2340 .It Va ipxgateway_enable
2344 enable the routing of IPX traffic.
2345 .It Va ipxrouted_enable
2351 daemon at system boot time.
2352 .It Va ipxrouted_flags
2355 .Va ipxrouted_enable
2358 these are the flags to pass to the
2365 enable global proxy ARP.
2366 .It Va forward_sourceroute
2374 source-routed packets are forwarded.
2375 .It Va accept_sourceroute
2379 the system will accept source-routed packets directed at it.
2386 daemon at system boot time.
2393 these are the flags to pass to the
2396 .It Va bootparamd_enable
2402 daemon at system boot time.
2403 .It Va bootparamd_flags
2406 .Va bootparamd_enable
2409 these are the flags to pass to the
2412 .It Va stf_interface_ipv4addr
2416 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2418 Specify this entry to enable the 6to4 interface.
2419 .It Va stf_interface_ipv4plen
2421 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2422 An effective value is 0-31.
2423 .It Va stf_interface_ipv6_ifid
2425 IPv6 interface ID for
2429 .It Va stf_interface_ipv6_slaid
2431 IPv6 Site Level Aggregator for
2433 .It Va ipv6_faith_prefix
2437 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
2442 .It Va ipv6_ipv4mapping
2446 this enables IPv4 mapped IPv6 address communication (like
2447 .Li ::ffff:a.b.c.d ) .
2452 to enable the configuration of ATM interfaces at system boot time.
2453 For all of the ATM variables described below, please refer to the
2455 manual page for further details on the available command parameters.
2456 Also refer to the files in
2457 .Pa /usr/share/examples/atm
2458 for more detailed configuration information.
2461 This is a list of physical ATM interface drivers to load.
2466 .It Va atm_netif_ Ns Aq Ar intf
2468 For the ATM physical interface
2470 this variable defines the name prefix and count for the ATM network
2471 interfaces to be created.
2472 The value will be passed as the parameters of an
2473 .Dq Nm atm Cm "set netif" Ar intf
2475 .It Va atm_sigmgr_ Ns Aq Ar intf
2477 For the ATM physical interface
2479 this variable defines the ATM signalling manager to be used.
2480 The value will be passed as the parameters of an
2481 .Dq Nm atm Cm attach Ar intf
2483 .It Va atm_prefix_ Ns Aq Ar intf
2485 For the ATM physical interface
2487 this variable defines the NSAP prefix for interfaces using a UNI signalling
2491 the prefix will automatically be set via the
2494 Otherwise, the value will be passed as the parameters of an
2495 .Dq Nm atm Cm "set prefix" Ar intf
2497 .It Va atm_macaddr_ Ns Aq Ar intf
2499 For the ATM physical interface
2501 this variable defines the MAC address for interfaces using a UNI signalling
2505 the hardware MAC address contained in the ATM interface card will be used.
2506 Otherwise, the value will be passed as the parameters of an
2507 .Dq Nm atm Cm "set mac" Ar intf
2509 .It Va atm_arpserver_ Ns Aq Ar netif
2511 For the ATM network interface
2513 this variable defines the ATM address for a host which is to provide ATMARP
2515 This variable is only applicable to interfaces using a UNI signalling
2519 this host will become an ATMARP server.
2520 The value will be passed as the parameters of an
2521 .Dq Nm atm Cm "set arpserver" Ar netif
2523 .It Va atm_scsparp_ Ns Aq Ar netif
2527 SCSP/ATMARP service for the network interface
2529 will be initiated using the
2534 This variable is only applicable if
2535 .Va atm_arpserver_ Ns Aq Ar netif
2540 Set to the list of ATM PVCs to be added at system
2542 For each whitespace separated
2545 .Va atm_pvc_ Ns Aq Ar element
2546 variable is assumed to exist.
2547 The value of each of these variables
2548 will be passed as the parameters of an
2549 .Dq Nm atm Cm "add pvc"
2553 Set to the list of permanent ATM ARP entries to be added
2554 at system boot time.
2555 For each whitespace separated
2558 .Va atm_arp_ Ns Aq Ar element
2559 variable is assumed to exist.
2560 The value of each of these variables
2561 will be passed as the parameters of an
2562 .Dq Nm atm Cm "add arp"
2564 .It Va natm_interfaces
2568 interfaces that will also be used for HARP through
2570 If this list is not empty all interfaces in the list will be brought up
2576 For this to work the interface drivers must be either compiled into the
2577 kernel or must reside on the root partition.
2580 The keyboard bell sound.
2587 if the default behavior is desired.
2588 For details, refer to the
2593 If set to a non-null string, the virtual console's keyboard input is
2599 no keymap is installed, otherwise the value is used to install
2601 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
2604 The keyboard repeat speed.
2611 if the default behavior is desired.
2616 attempt to program the function keys with the value.
2618 be a single string of the form:
2619 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
2622 Can be set to the value of
2625 .Dq Li destructive ,
2628 to set the cursor behavior explicitly or choose the default behavior.
2633 no screen map is installed, otherwise the value is used to install
2634 the screen map file in
2635 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
2640 the default 8x16 font value is used for screen size requests, otherwise
2642 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2648 the default 8x14 font value is used for screen size requests, otherwise
2650 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2656 the default 8x8 font value is used for screen size requests, otherwise
2658 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2664 the default screen blanking interval is used, otherwise it is set
2672 this is the actual screen saver to use
2673 .Li ( blank , snake , daemon ,
2675 .It Va moused_nondefault_enable
2679 the mouse device specified on
2680 the command line is not automatically treated as enabled by the
2681 .Pa /etc/rc.d/moused
2683 Having this variable set to
2689 to be enabled as soon as it is plugged in.
2690 .It Va moused_enable
2696 daemon is started for doing cut/paste selection on the console.
2699 This is the protocol type of the mouse connected to this host.
2700 This variable must be set if
2707 is able to detect the appropriate mouse type automatically in many cases.
2708 Set this variable to
2710 to let the daemon detect it, or
2711 select one from the following list if the automatic detection fails.
2713 If the mouse is attached to the PS/2 mouse port, choose
2717 regardless of the brand and model of the mouse.
2719 mouse is attached to the bus mouse port, choose
2723 All other protocols are for serial mice and will not work with
2724 the PS/2 and bus mice.
2725 If this is a USB mouse,
2727 is the only protocol type which will work.
2729 .Bl -tag -width ".Li x10mouseremote" -compact
2731 Microsoft mouse (serial)
2733 Microsoft IntelliMouse (serial)
2735 Mouse systems Corp.\& mouse (serial)
2737 MM Series mouse (serial)
2739 Logitech mouse (serial)
2743 Logitech MouseMan and TrackMan (serial)
2745 ALPS GlidePoint (serial)
2746 .It Li thinkingmouse
2747 Kensington ThinkingMouse (serial)
2751 MM HitTablet (serial)
2752 .It Li x10mouseremote
2753 X10 MouseRemote (serial)
2755 Interlink VersaPad (serial)
2758 Even if the mouse is not in the above list, it may be compatible
2759 with one in the list.
2760 Refer to the manual page for
2762 for compatibility information.
2764 It should also be noted that while this is enabled, any
2765 other client of the mouse (such as an X server) should access
2766 the mouse through the virtual mouse device,
2768 and configure it as a
2770 type mouse, since all
2771 mouse data is converted to this single canonical format when
2774 If the client program does not support the
2780 It is the second preferred type.
2787 this is the actual port the mouse is on.
2790 for a COM1 serial mouse,
2794 for a bus mouse, for example.
2799 is set, its value is used as an additional set of flags to pass to the
2802 .It Va "moused_" Ns Ar XXX Ns Va "_flags"
2804 .Va moused_nondefault_enable
2807 daemon is started for a non-default port, the
2808 .Va "moused_" Ns Ar XXX Ns Va "_flags"
2809 set of options has precedence over and replaces the default
2810 .Va moused_flags (where
2812 is the name of the non-default port, i.e.\&
2815 .Va "moused_" Ns Ar XXX Ns Va "_flags"
2816 it is possible to set up a different set of default flags for each
2819 For example, you can use
2823 to make your laptop's touchpad more comfortable to use,
2824 but an empty set of options for
2825 .Va moused_ums0_flags
2828 mouse has three or more buttons.
2829 .It Va mousechar_start
2833 the default mouse cursor character range
2834 .Li 0xd0 Ns - Ns Li 0xd3
2836 otherwise the range start is set
2841 Use if the default range is occupied in the language code table.
2842 .It Va allscreens_flags
2846 is run with these options for each of the virtual terminals
2850 will enable the mouse pointer on all virtual terminals
2855 .It Va allscreens_kbdflags
2859 is run with these options for each of the virtual terminals
2865 scrollback (history) buffer to 200 lines.
2872 daemon at system boot time.
2878 .Pa /usr/sbin/cron ) .
2885 these are the flags to pass to
2891 enable the special handling of transitions to and from the
2892 Daylight Saving Time in
2894 (equivalent to using the flag
2901 .Pa /usr/sbin/lpd ) .
2908 daemon at system boot time.
2915 these are the flags to pass to the
2918 .It Va chkprintcap_enable
2924 command before starting the
2927 .It Va chkprintcap_flags
2932 .Va chkprintcap_enable
2935 these are the flags to pass to the
2940 which causes missing directories to be created.
2941 .It Va mta_start_script
2943 This variable specifies the full path to the script to run to start
2944 a mail transfer agent.
2946 .Pa /etc/rc.sendmail .
2950 .Pa /etc/rc.sendmail
2951 uses are documented in the
2956 Indicates the device (usually a swap partition) to which a crash dump
2957 should be written in the event of a system crash.
2958 If the value of this variable is
2960 the first suitable swap device listed in
2962 will be used as dump device.
2963 Otherwise, the value of this variable is passed as the argument to
2965 To disable crash dumps, set this variable to
2969 When the system reboots after a crash and a crash dump is found on the
2970 device specified by the
2974 will save that crash dump and a copy of the kernel to the directory
2978 The default value is
2987 .It Va savecore_flags
2989 If crash dumps are enabled, these are the flags to pass to the
2992 .It Va enable_quotas
2996 to turn on user and group disk quotas on system startup via the
2998 command for all file systems marked as having quotas enabled in
3000 The kernel must be built with
3002 for disk quotas to function.
3007 to enable user and group disk quota checking via the
3010 .It Va quotacheck_flags
3020 these are the flags to pass to the
3025 which checks quotas for all file systems with quotas enabled in
3027 .It Va quotaon_flags
3033 these are the flags to pass to the
3038 which enables quotas for all file systems with quotas enabled in
3040 .It Va quotaoff_flags
3046 these are the flags to pass to the
3048 utility when shutting down the quota system.
3051 which disables quotas for all file systems with quotas enabled in
3053 .It Va accounting_enable
3057 to enable system accounting through the
3064 to enable iBCS2 (SCO) binary emulation at system initial boot
3066 .It Va ibcs2_loaders
3074 this specifies a list of additional iBCS2 loaders to enable.
3079 to enable Linux/ELF binary emulation at system initial
3085 enable SysVR4 emulation at boot time.
3086 .It Va sysvipc_enable
3090 load System V IPC primitives at boot time.
3091 .It Va clear_tmp_enable
3102 to disable removing of X11 lock files,
3103 and the removal and (secure) recreation
3104 of the various socket directories for X11
3106 .It Va ldconfig_paths
3108 Set to the list of shared library paths to use with
3112 will always be added first, so it need not appear in this list.
3113 .It Va ldconfig32_paths
3115 Set to the list of 32-bit compatibility shared library paths to
3118 .It Va ldconfig_paths_aout
3120 Set to the list of shared library paths to use with
3125 .It Va ldconfig_insecure
3129 utility normally refuses to use directories
3130 which are writable by anyone except root.
3131 Set this variable to
3133 to disable that security check during system startup.
3134 .It Va ldconfig_local_dirs
3136 Set to the list of local
3139 The names of all files in the directories listed will be
3140 passed as arguments to
3142 .It Va ldconfig_local32_dirs
3144 Set to the list of local 32-bit compatibility
3147 The names of all files in the directories listed will be
3148 passed as arguments to
3149 .Dq Nm ldconfig Fl 32 .
3150 .It Va kern_securelevel_enable
3154 to set the kernel security level at system startup.
3155 .It Va kern_securelevel
3157 The kernel security level to set at startup.
3158 The allowed range of
3160 ranges from \-1 (the compile time default) to 3 (the
3164 for the list of possible security levels and their effect
3165 on system operation.
3168 Path to the SSH server program
3169 .Pa ( /usr/sbin/sshd
3177 at system boot time.
3184 these are the flags to pass to the
3189 Path to the FTP server program
3190 .Pa ( /usr/libexec/ftpd
3198 as a stand-alone daemon at system boot time.
3205 these are the additional flags to pass to the
3208 .It Va watchdogd_enable
3214 daemon at boot time.
3215 This requires that the kernel have been compiled with a
3218 .It Va watchdogd_flags
3221 .Va watchdogd_enable
3224 these are the flags passed to the
3227 .It Va performance_cx_lowest
3229 CPU idle state to use while on AC power.
3234 should use the lowest power state available while
3236 indicates that the lowest latency state (less power savings) should be used.
3237 .It Va performance_cpu_freq
3239 CPU clock frequency to use while on AC power.
3244 should use the lowest frequency available while
3246 indicates that the highest frequency (less power savings) should be used.
3247 .It Va economy_cx_lowest
3249 CPU idle state to use when off AC power.
3254 should use the lowest power state available while
3256 indicates that the lowest latency state (less power savings) should be used.
3257 .It Va economy_cpu_freq
3259 CPU clock frequency to use when off AC power.
3264 should use the lowest frequency available while
3266 indicates that the highest frequency (less power savings) should be used.
3271 any configured jails will not be started.
3274 A space separated list of names for jails.
3275 This is purely a configuration aid to help identify and
3276 configure multiple jails.
3277 The names specified in this list will be used to
3278 identify settings common to an instance of a jail.
3279 Assuming that the jail in question was named
3281 you would have the following dependent variables:
3283 jail_vjail_hostname="jail.example.com"
3284 jail_vjail_ip="192.0.2.100"
3285 jail_vjail_rootdir="/var/jails/vjail/root"
3291 When set, use as default value for
3292 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3295 .It Va jail_interface
3298 When set, use as default value for
3299 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3305 When set, use as default value for
3306 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3309 .It Va jail_mount_enable
3317 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3320 by default for every jail in
3322 .It Va jail_devfs_ruleset
3326 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3327 to given value for every jail in
3329 .It Va jail_devfs_enable
3337 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3340 by default for every jail in
3342 .It Va jail_fdescfs_enable
3350 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3353 by default for every jail in
3355 .It Va jail_procfs_enable
3363 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3366 by default for every jail in
3368 .It Va jail_exec_start
3371 When set, use as default value for
3372 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3375 .It Va jail_exec_afterstart Ns Aq Ar N
3378 When set, use as default value for
3379 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3382 .It Va jail_exec_stop
3384 When set, use as default value for
3385 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3388 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3391 Set to the root directory used by jail
3393 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3396 Set to the fully qualified domain name (FQDN) assigned to jail
3398 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3401 Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail.
3402 The argument can be a sole address or a comma separated list of addresses.
3403 Additionally each address can be prefixed by the name of an interface
3404 followed by a pipe to overwrite
3405 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3408 and/or suffixed by a netmask, prefixlen or prefix.
3409 In case no netmask, prefixlen or prefix is given,
3411 will be used for IPv4 and
3413 will be used for an IPv6 address.
3414 If no address is given for the jail then the jail will be started with
3415 no networking support.
3416 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3419 Set additional IPv4 and/or IPv6 address(es) assigned to the jail.
3420 The sequence starts with
3422 and the numbers have to be strictly ascending.
3423 These entries follow the same syntax as their primary
3424 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3426 The order of the entries can be important as the first address for
3427 each address family found will be the primary address of the jail.
3433 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3438 These are flags to pass to
3440 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3443 When set, sets the interface to use when setting IP address alias.
3444 Note that the alias is created at jail startup and removed at jail shutdown.
3445 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3448 When set, the jail is started with the specified routing table via
3450 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3453 .Pa /etc/fstab. Ns Aq Ar jname
3455 This is the file system information file to use for jail
3457 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3464 mount all file systems from
3465 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3467 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3470 When set, defines the device file system ruleset file to use for jail
3472 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3479 mount the device file system inside jail
3482 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3489 mount the file-descriptor file system inside jail
3492 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
3499 mount the process file system inside jail
3502 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3505 .Dq Li /bin/sh /etc/rc
3507 This is the command executed at jail startup.
3508 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3511 This is the command run as
3514 after jail startup, where
3517 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3520 .Dq Li /bin/sh /etc/rc.shutdown
3522 This is the command executed at jail shutdown.
3523 .It Va jail_set_hostname_allow
3527 do not allow the root user in a jail to set its hostname.
3528 .It Va jail_socket_unixiproute_only
3532 do not allow any sockets,
3533 besides UNIX/IP/route sockets,
3534 to be used within a jail.
3535 .It Va jail_sysvipc_allow
3539 allow applications within a jail to use System V IPC.
3540 .\" ----- ISDN settings ---------------------------------
3551 at system boot time.
3555 .Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
3557 Additional flags to pass to
3563 for certain tunable parameters).
3569 The terminal type of the output device when
3571 operates in full-screen mode.
3572 .It Va isdn_screenflags
3577 The video mode for full-screen mode (only for
3587 The output device for
3589 in full-screen mode (or
3599 enables the ISDN protocol trace utility
3601 at system boot time.
3602 .It Va isdn_traceflags
3605 .Dq Fl f Pa /var/tmp/isdntrace0
3609 .\" -----------------------------------------------------
3610 .It Va harvest_interrupt
3614 to use hardware interrupts as an entropy source.
3617 for more information.
3618 .It Va harvest_ethernet
3622 to use LAN traffic as an entropy source.
3625 for more information.
3626 .It Va harvest_p_to_p
3630 to use serial line traffic as an entropy source.
3633 for more information.
3638 to disable caching entropy via
3640 Otherwise set to the directory used to store entropy files in.
3645 to disable caching entropy through reboots.
3646 Otherwise set to the filename used to store cached entropy through
3648 This file should be located on the root file system to seed the
3650 device as early as possible in the boot process.
3651 .It Va entropy_save_sz
3653 Size of the entropy cache files saved by
3656 .It Va entropy_save_num
3658 Number of entropy cache files to save by
3672 Configuration file for
3681 .Pa /var/run/dmesg.boot
3683 .It Va rcshutdown_timeout
3685 If set, start a watchdog timer in the background which will terminate
3689 has not completed within the specified time (in seconds).
3690 Notice that in addition to this soft timeout,
3692 also applies a hard timeout for the execution of
3694 This is configured via
3697 .Va kern.init_shutdown_timeout
3698 and defaults to 120 seconds.
3699 Setting the value of
3700 .Va rcshutdown_timeout
3701 to more than 120 seconds will have no effect until the
3704 .Va kern.init_shutdown_timeout
3706 .It Va virecover_enable
3710 to prevent the system from trying to
3711 recover pre-maturely terminated
3714 .It Va ugidfw_enable
3719 .Xr mac_bsdextended 4
3720 module upon system initialization and load a default
3722 .It Va bsdextended_script
3725 .Xr mac_bsdextended 4
3726 ruleset file to load.
3727 The default value of this variable is
3728 .Pa /etc/rc.bsdextended .
3729 .It Va newsyslog_enable
3736 .It Va newsyslog_flags
3739 .Va newsyslog_enable
3742 these are the flags to pass to the
3747 which causes log files flagged with a
3750 .It Va mdconfig_md Ns Aq Ar X
3760 must be specified and either a
3762 for malloc or swap backed
3770 .Va mdconfig_md Ns Aq Ar X
3771 variables are evaluated until one variable is unset or null.
3772 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
3774 Optional arguments passed to
3780 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
3782 An ownership specification passed to
3791 device and the mount point will be changed.
3792 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
3794 A mode string passed to
3803 device and the mount point will be changed.
3804 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
3806 Files to be copied to the mount point of the
3810 after it has been mounted.
3811 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
3813 Command to execute after the specified
3818 Note that the command is passed to
3824 variables can be used to reference respectively the
3826 device and the mount point.
3831 one could set the following:
3833 mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
3835 .It Va ramdisk_units
3837 A list of one or more ramdisk units to configure with
3841 in time to be mounted from
3845 must specify at least a
3848 .Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
3850 Note that this way to configure ramdisks has been deprecated
3853 variables (see above).
3854 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
3862 must be specified, where
3868 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs
3870 Optional arguments passed to
3872 to initialize ramdisk
3874 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner
3876 An ownership specification passed to
3878 after the specified ramdisk unit
3883 device and the mount point will be changed.
3884 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms
3886 A mode string passed to
3888 after the specified ramdisk unit
3893 device and the mount point will be changed.
3894 .It Va autobridge_interfaces
3896 Set to the list of bridge interfaces that will have newly arriving interfaces
3897 checked against to be automatically added.
3900 then for each whitespace separated
3903 .Va autobridge_ Ns Aq Ar element
3904 variable is assumed to exist which has a whitespace separated list of interface
3905 names to match, these names can use wildcards.
3908 autobridge_interfaces="bridge0"
3909 autobridge_bridge0="tap* dc0 vlan[345]"
3915 enable support for sound mixer.
3916 .It Va hcsecd_enable
3920 enable Bluetooth security daemon.
3921 .It Va hcsecd_config
3923 Configuration file for
3926 .Pa /etc/bluetooth/hcsecd.conf .
3931 enable Bluetooth Service Discovery Protocol daemon.
3939 .It Va sdpd_groupname
3943 group to run as after it initializes.
3946 .It Va sdpd_username
3950 user to run as after it initializes.
3953 .It Va bthidd_enable
3957 enable Bluetooth Human Interface Device daemon.
3958 .It Va bthidd_config
3960 Configuration file for
3963 .Pa /etc/bluetooth/bthidd.conf .
3966 Path to a file, where
3968 will store information about known HID devices.
3970 .Pa /var/db/bthidd.hids .
3971 .It Va rfcomm_pppd_server_enable
3975 enable Bluetooth RFCOMM PPP wrapper daemon.
3976 .It Va rfcomm_pppd_server_profile
3978 The name of the profile to use from
3979 .Pa /etc/ppp/ppp.conf .
3980 Multiple profiles can be specified here.
3981 Also used to specify per-profile overrides.
3982 When the profile name contains any of the characters
3984 they are translated to
3986 for the proposes of the override variable names.
3987 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
3989 Overrides local address to listen on.
3995 The address can be specified as BD_ADDR or name.
3996 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
3998 Overrides local RFCOMM channel to listen on.
4001 will listen on RFCOMM channel 1.
4002 Must set properly if multiple profiles used in the same time.
4003 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4007 if it should register Serial Port service on the speficied RFCOMM channel.
4010 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4014 if it should register Dial-Up Networking service on the speficied
4020 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4021 .It Pa /etc/defaults/rc.conf
4023 .It Pa /etc/rc.conf.local
4052 .Xr newsyslog.conf 5 ,
4120 .An Jordan K. Hubbard .
projects / FreeBSD / releng / 7.2.git / blob