4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the system installation utility,
46 is not to run commands or perform system startup actions
48 Instead, it is included by the
49 various generic startup scripts in
51 which conditionalize their
52 internal actions according to the settings found there.
56 file is included from the file
57 .Pa /etc/defaults/rc.conf ,
58 which specifies the default settings for all the available options.
59 Options need only be specified in
61 when the system administrator wishes to override these defaults.
63 .Pa /etc/rc.conf.local
64 is used to override settings in
66 for historical reasons.
68 .Pa /etc/rc.conf.local
69 you can also place smaller configuration files for each
73 directory, which will be included by the
76 For jail configurations you could use the file
77 .Pa /etc/rc.conf.d/jail
78 to store jail specific configuration options.
84 .Dq Ar name Ns Li = Ns Ar value
88 The following list provides a name and short description for each
89 variable that can be set in the
92 .Bl -tag -width indent-two
97 enable output of debug messages from rc scripts.
98 This variable can be helpful in diagnosing mistakes when
99 editing or integrating new scripts.
100 Beware that this produces copious output to the terminal and
106 disable informational messages from the rc scripts.
107 Informational messages are displayed when
108 a condition that is not serious enough to warrant a warning or
116 when faststart is used (e.g., at boot time).
117 .It Va early_late_divider
119 The name of the script that should be used as the
120 delimiter between the
124 stages of the boot process.
125 The early stage should contain all the services needed to
126 get the disks (local or remote) mounted so that the late
127 stage can include scripts contained in the directories
130 variable (see below).
131 Thus, the two likely candidates for this value are
133 for the typical system, and
135 if the system needs remote file
136 systems mounted to get access to the
138 directories; for example when
146 is likely to be an appropriate value.
147 Extreme care should be taken when changing this value,
148 and before changing it one should ensure that there are
149 adequate provisions to recover from a failed boot
150 (such as physical contact with the machine,
151 or reliable remote console access).
156 no swapfile is installed, otherwise the value is used as the full
157 pathname to a file to use for additional swap space.
162 enable support for Automatic Power Management with
170 to handle APM event from userland.
171 This also enables support for APM.
178 these are the flags to pass to the
185 to handle device added, removed or unknown events from the kernel.
192 scripts at boot time.
195 Configuration file for
201 A list of kernel modules to load right after the local
203 Loading modules at this point in the boot process is
204 much faster than doing it via
205 .Pa /boot/loader.conf
206 for those modules not necessary for mounting local disk.
207 .It Va kldxref_enable
214 to automatically rebuild
219 .It Va kldxref_clobber
229 will overwrite existing
236 .It Va kldxref_module_path
241 delimited list of paths containing
253 enable the system power control facility with the
262 these are the flags to pass to the
266 Controls the creation of a
269 Always happens if set to
271 and never happens if set to
273 If set to anything else, a memory file system is created if
277 Controls the size of a created
281 Extra options passed to the
283 utility when the memory file system for
288 which inhibits the use of softupdates on
290 so that file system space is freed without delay
291 after file truncation or deletion.
294 for other options you can use in
297 Controls the creation of a
300 Always happens if set to
302 and never happens if set to
304 If set to anything else, a memory file system is created if
308 Controls the size of a created
312 Extra options passed to the
314 utility when the memory file system for
319 which inhibits the use of softupdates on
321 so that file system space is freed without delay
322 after file truncation or deletion.
325 for other options you can use in
328 Controls the automatic population of the
331 Always happens if set to
333 and never happens if set to
335 If set to anything else, a memory file system is created if
338 Note that this process requires access to certain commands in
342 is mounted on normal systems.
343 .It Va cleanvar_enable
350 List of directories to search for startup script files.
351 .It Va script_name_sep
353 The field separator to use for breaking down the list of startup script files
354 into individual filenames.
355 The default is a space.
356 It is not necessary to change this unless there are startup scripts with names
358 .It Va hostapd_enable
367 The fully qualified domain name (FQDN) of this host on the network.
368 This should almost certainly be set to something meaningful, even if
369 there is no network connection.
372 is used to set the hostname via DHCP,
373 this variable should be set to an empty string.
374 If this value remains unset when the system is done booting
375 your console login will display the default hostname of
379 The NIS domain name of this host, or
382 .It Va dhclient_program
384 Path to the DHCP client program
385 .Pa ( /sbin/dhclient ,
390 .It Va dhclient_flags
392 Additional flags to pass to the DHCP client program.
397 manpage for a description of the command line options available.
398 .It Va dhclient_flags_ Ns Aq Ar iface
399 Additional flags to pass to the DHCP client program running on
402 When specified, this variable overrides
404 .It Va background_dhclient
408 to start the DHCP client in background.
409 This can cause trouble with applications depending on
410 a working network, but it will provide a faster startup
412 .It Va background_dhclient_ Ns Aq Ar iface
413 When specified, this variable overrides the
414 .Va background_dhclient
415 variable for interface
418 .It Va synchronous_dhclient
424 synchronously at startup.
425 This behavior can be overridden on a per-interface basis by replacing
429 .Va ifconfig_ Ns Aq Ar interface
434 .It Va defaultroute_delay
436 When set to a positive value, wait up to this long after configuring
437 DHCP interfaces at startup to give the interfaces time to receive a lease.
438 .It Va firewall_enable
442 to load firewall rules at startup.
443 If the kernel was not built with
444 .Cd "options IPFIREWALL" ,
447 kernel module will be loaded.
449 .Va ipfilter_enable .
450 .It Va firewall_script
452 This variable specifies the full path to the firewall script to run.
454 .Pa /etc/rc.firewall .
457 Names the firewall type from the selection in
458 .Pa /etc/rc.firewall ,
459 or the file which contains the local firewall ruleset.
460 Valid selections from
464 .Bl -tag -width ".Li simple" -compact
466 unrestricted IP access
468 all IP services disabled, except via
471 basic protection for a workstation
473 basic protection for a LAN.
476 If a filename is specified, the full path
478 .It Va firewall_quiet
482 to disable the display of firewall rules on the console during boot.
483 .It Va firewall_logging
487 to enable firewall event logging.
488 This is equivalent to the
489 .Dv IPFIREWALL_VERBOSE
491 .It Va firewall_flags
497 specifies a filename.
498 .It Va firewall_coscripts
500 List of executables and/or rc scripts to run after firewall starts/stops.
502 .\" ----- firewall_nat_enable setting --------------------------------
503 .It Va firewall_nat_enable
515 .It Va firewall_nat_interface
521 This is the name of the public interface or IP address on which
522 kernel NAT should run.
523 .It Va firewall_nat_flags
525 Additional configuration parameters for kernel NAT should be placed here.
526 .It Va dummynet_enable
530 will automatically load the
536 .\" -------------------------------------------------------------------
552 sockets must be enabled in the kernel.
553 If the kernel was not built with
554 .Cd "options IPDIVERT" ,
557 kernel module will be loaded.
558 .It Va natd_interface
560 This is the name of the public interface on which
563 The interface may be given as an interface name or as an IP address.
568 flags should be placed here.
573 flag is automatically added with the above
576 .\" ----- ipfilter_enable setting --------------------------------
577 .It Va ipfilter_enable
588 Typical usage will require putting
590 ipfilter_enable="YES"
608 can be enabled independently.
612 both require at least one of
622 options IPFILTER_DEFAULT_BLOCK
625 in the kernel configuration file is a good idea, too.
626 .\" ----- ipfilter_program setting ------------------------------
627 .It Va ipfilter_program
633 .\" ----- ipfilter_rules setting --------------------------------
634 .It Va ipfilter_rules
639 This variable contains the name of the filter rule definition file.
640 The file is expected to be readable for the
643 .\" ----- ipv6_ipfilter_rules setting ---------------------------
644 .It Va ipv6_ipfilter_rules
649 This variable contains the IPv6 filter rule definition file.
650 The file is expected to be readable for the
653 .\" ----- ipfilter_flags setting --------------------------------
654 .It Va ipfilter_flags
657 This variable contains flags passed to the
660 .\" ----- ipnat_enable setting ----------------------------------
670 network address translation.
673 for a detailed discussion.
674 .\" ----- ipnat_program setting ---------------------------------
681 .\" ----- ipnat_rules setting -----------------------------------
687 This variable contains the name of the file
688 holding the network address translation definition.
689 This file is expected to be readable for the
692 .\" ----- ipnat_flags setting -----------------------------------
696 This variable contains flags passed to the
699 .\" ----- ipmon_enable setting ----------------------------------
714 Setting this variable needs setting
721 for a detailed discussion.
722 .\" ----- ipmon_program setting ---------------------------------
729 .\" ----- ipmon_flags setting -----------------------------------
735 This variable contains flags passed to the
738 Another typical example would be
739 .Dq Fl D Pa /var/log/ipflog
742 log directly to a file bypassing
745 .Pa /etc/newsyslog.conf
746 in such case like this:
748 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
750 .\" ----- ipfs_enable setting -----------------------------------
760 saving the filter and NAT state tables during shutdown
761 and reloading them during startup again.
762 Setting this variable needs setting
771 for a detailed discussion.
777 because the raised securelevel will prevent
779 from saving the state tables at shutdown time.
780 .\" ----- ipfs_program setting ----------------------------------
787 .\" ----- ipfs_flags setting ------------------------------------
791 This variable contains flags passed to the
794 .\" ----- end of added ipf hook ---------------------------------
806 Typical usage will require putting
821 into the kernel, otherwise the
822 kernel module will be loaded.
827 ruleset configuration file
842 these flags are passed to the
844 program when loading the ruleset.
854 which logs packets from the
867 .Pa /var/log/pflog ) .
869 .Pa /etc/newsyslog.conf
870 to adjust logfile rotation for this.
880 This variable contains additional flags passed to the
883 .It Va ftpproxy_enable
894 packet filter in translating ftp connections.
895 .It Va ftpproxy_flags
898 This variable contains additional flags passed to the
910 state changes to other hosts over the network by means of
915 must also be set then.
916 .It Va pfsync_syncdev
919 This variable specifies the name of the network interface
921 should operate through.
922 It must be set accordingly if
926 .It Va pfsync_syncpeer
929 This variable is optional.
930 By default, state change messages are sent out on the synchronisation
931 interface using IP multicast packets.
932 The protocol is IP protocol 240, PFSYNC, and the multicast group used is
934 When a peer address is specified using the
936 option, the peer address is used as a destination for the pfsync
937 traffic, and the traffic can then be protected using
941 manpage for more details about using
946 .It Va pfsync_ifconfig
949 This variable can contain additional options to be passed to the
951 command used to set up
953 .It Va tcp_extensions
960 disables certain TCP options as described by
966 might help remedy such problems with connections as randomly hanging
967 or other weird behavior.
968 Some network devices are known
969 to be broken with respect to these options.
976 .Va net.inet.tcp.log_in_vain
978 .Va net.inet.udp.log_in_vain ,
983 are set to the given value.
991 will disable probing idle TCP connections to verify that the
992 peer is still up and reachable.
993 .It Va tcp_drop_synfin
1000 will cause the kernel to ignore TCP frames that have both
1001 the SYN and FIN flags set.
1002 This prevents OS fingerprinting, but may
1003 break some legitimate applications.
1004 .It Va icmp_drop_redirect
1011 will cause the kernel to ignore ICMP REDIRECT packets.
1014 for more information.
1015 .It Va icmp_log_redirect
1022 will cause the kernel to log ICMP REDIRECT packets.
1024 the log messages are not rate-limited, so this option should only be used
1025 for troubleshooting networks.
1028 for more information.
1029 .It Va icmp_bmcastecho
1033 to respond to broadcast or multicast ICMP ping packets.
1036 for more information.
1037 .It Va ip_portrange_first
1041 this is the first port in the default portrange.
1044 for more information.
1045 .It Va ip_portrange_last
1049 this is the last port in the default portrange.
1052 for more information.
1053 .It Va network_interfaces
1055 Set to the list of network interfaces to configure on this host or
1057 (the default) for all current interfaces.
1059 .Va network_interfaces
1060 variable to anything other than the default is deprecated.
1061 Interfaces that the administrator wishes to store configuration for,
1062 but not start at boot should be configured with the
1065 .Va ifconfig_ Ns Aq Ar interface
1066 variables as described below.
1069 .Va ifconfig_ Ns Aq Ar interface
1070 variable is also assumed to exist for each value of
1072 When an interface name contains any of the characters
1074 they are translated to
1077 The variable can contain arguments to
1079 as well as special case-insensitive keywords described below.
1080 Such keywords are removed before passing the value to
1082 while the order of the other arguments is preserved.
1084 One can configure more than one IPv4 address with the
1085 .Va ipv4_addrs_ Ns Aq Ar interface
1087 One or more IP addresses must be provided in Classless Inter-Domain
1088 Routing (CIDR) address notation, whose last byte can be a range like
1090 In this case the address 192.0.2.5 will be configured with the
1091 netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1092 the non-conflicting netmask /32 as explained in the
1095 With the interface in question being
1097 an example could look like:
1099 ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28"
1102 It is also possible to add IP alias entries using
1105 Assuming that the interface in question was
1108 something like this:
1110 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1111 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1116 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1117 entry that is found,
1118 its contents are passed to
1120 Execution stops at the first unsuccessful access, so if
1121 something like this is present:
1123 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1124 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1125 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1126 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1129 Then note that alias4 would
1131 be added since the search would
1132 stop with the missing
1135 Due to this difficult to manage behavior, the
1136 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1140 .Pa /etc/start_if. Ns Aq Ar interface
1141 file is present, it is read and executed by the
1144 before configuring the interface as specified in the
1145 .Va ifconfig_ Ns Aq Ar interface
1147 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1151 .Va vlans_ Ns Aq Ar interface
1155 interface will be created for each item in the list with the
1159 If a vlan interface's name is a number,
1160 then that number is used as the vlan tag and the new vlan interface is
1162 .Ar interface . Ns Ar tag .
1164 the vlan tag must be specified via a
1167 .Va create_args_ Ns Aq Ar interface
1170 To create a vlan device named
1174 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1177 ifconfig_em0_101="inet 192.0.2.1/24"
1180 To create a vlan device named
1184 with the vlan tag 102:
1187 create_args_myvlan="vlan 102"
1191 .Va wlans_ Ns Aq Ar interface
1195 interface will be created for each item in the list with the
1199 Further wlan cloning arguments may be passed to the
1202 command by setting the
1203 .Va create_args_ Ns Aq Ar interface
1207 devices must be created for each wireless devices as of
1213 may be specified with an
1214 .Va wlandebug_ Ns Aq Ar interface
1216 The contents of this variable will be passed directly to
1220 .Va ifconfig_ Ns Aq Ar interface
1221 contains the keyword
1223 then the interface will not be configured
1225 .Pa /etc/pccard_ether
1227 .Va network_interfaces
1231 It is possible to bring up an interface with DHCP by adding
1234 .Va ifconfig_ Ns Aq Ar interface
1236 For instance, to initialize the
1239 it is possible to use something like:
1244 Also, if you want to configure your wireless interface with
1245 .Xr wpa_supplicant 8
1246 for use with WPA, EAP/LEAP or WEP, you need to add
1249 .Va ifconfig_ Ns Aq Ar interface
1252 Finally, you can add
1254 options in this variable, in addition to the
1255 .Pa /etc/start_if. Ns Aq Ar interface
1257 For instance, to configure an
1259 wireless device in station mode with an address obtained
1260 via DHCP, using WPA authentication and 802.11b mode, it is
1261 possible to use something like:
1264 ifconfig_wlan0="DHCP WPA mode 11b"
1268 .Va ifconfig_ Ns Aq Ar interface
1269 form, a fallback variable
1270 .Va ifconfig_DEFAULT
1272 It will be used for all interfaces with no
1273 .Va ifconfig_ Ns Aq Ar interface
1275 This is intended to replace the no longer supported
1279 It is also possible to rename an interface by doing:
1281 ifconfig_ed0_name="net0"
1282 ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1285 This variable is deprecated.
1287 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1289 .Va ipv6_activate_all_interfaces
1295 .Dq Li inet6 accept_rtadv
1297 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1299 .Va ipv6_activate_all_interfaces
1303 This variable is deprecated.
1305 .Va ip6addrctl_policy
1311 the default address selection policy table set by
1313 will be IPv6-preferred.
1317 the default address selection policy table set by
1319 will be IPv4-preferred.
1320 .It Va ipv6_activate_all_interfaces
1322 This controls initial configuration on IPv6-capable
1323 interfaces with no corresponding
1324 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1326 Note that it is not always necessary to set this variable to
1328 to use IPv6 functionality on
1330 In most cases, just configuring
1331 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1336 all interfaces which do not have a corresponding
1337 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1338 variable will be marked as
1341 This means that all of IPv6 functionality on that interface
1342 is completely disabled to enforce a security policy.
1343 If the variable is set to
1345 the flag will be cleared on all of the interfaces.
1347 In most cases, just defining an
1348 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1349 for an IPv6-capable interface should be sufficient.
1350 However, if an interface is added dynamically
1351 .Pq by some tunneling protocols such as PPP, for example ,
1352 it is often difficult to define the variable in advance.
1353 In such a case, configuring the
1355 flag can be disabled by setting this variable to
1358 For more details of the
1361 .Dq Li inet6 ifdisabled ,
1371 privacy addresses will be generated for each IPv6
1372 interface as described in RFC 4941.
1373 .It Va ipv6_network_interfaces
1375 This is the IPv6 equivalent of
1376 .Va network_interfaces .
1377 Normally manual configuration of this variable is not needed.
1379 .It Va ipv6_cpe_wanif
1381 If the variable is set to an interface name,
1385 .Dq inet6 -no_radr accept_rtadv
1386 will be added to the specified interface automatically before evaluating
1387 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1391 .Va net.inet6.ip6.rfc6204w3
1393 .Va net.inet6.ip6.no_radr
1396 This means the specified interface will accept ICMPv6 Router
1397 Advertisement messages on that link and add the discovered
1398 routers into the Default Router List.
1399 While the other interfaces can still accept RA messages if the
1400 .Dq inet6 accept_rtadv
1401 option is specified, adding
1402 routes into the Default Router List will be disabled by
1409 Note that ICMPv6 Router Advertisement messages will be
1411 .Va net.inet6.ip6.forwarding
1413 .Pq packet fowarding is enabled
1415 .Va net.inet6.ip6.rfc6204w3
1420 .It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1422 IPv6 functionality on an interface should be configured by
1423 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1424 instead of setting ifconfig parameters in
1425 .Va ifconfig_ Ns Aq Ar interface .
1426 If this variable is empty, all of IPv6 configurations on the
1427 specified interface by other variables such as
1428 .Va ipv6_prefix_ Ns Ao Ar interface Ac
1431 Aliases should be set by
1432 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1435 keyword. For example:
1437 ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1438 ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1441 Interfaces that have an
1442 .Dq Li inet6 accept_rtadv
1444 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1445 setting will be automatically configured by SLAAC
1446 .Pq StateLess Address AutoConfiguration
1452 Note that a link-local address will be automatically configured in
1453 addition to the configured global-scope addresses because the IPv6
1454 specifications require it on each link.
1455 The address is calculated from the MAC address by using an algorithm
1462 If only a link-local address is needed on the interface,
1463 the following configuration can be used:
1465 ifconfig_ed0_ipv6="inet6 auto_linklocal"
1468 A link-local address can also be configured manually.
1469 This is useful for the default router address of an IPv6 router
1470 so that it does not change when the network interface
1474 ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64"
1476 .It Va ipv6_prefix_ Ns Aq Ar interface
1478 If one or more prefixes are defined in
1479 .Va ipv6_prefix_ Ns Aq Ar interface
1480 addresses based on each prefix and the EUI-64 interface index will be
1481 configured on that interface.
1482 Note that this variable will be ignored when
1483 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1486 For example, the following configuration
1488 ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0"
1491 is equivalent to the following:
1493 ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1494 ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1495 ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1496 ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1499 These Subnet-Router anycast addresses will be added only when
1500 .Va ipv6_gateway_enable
1502 .It Va ipv6_default_interface
1506 this is the default output interface for scoped addresses.
1507 This works only with ipv6_gateway_enable="NO".
1508 .It Va ip6addrctl_enable
1510 This variable is to enable configuring default address selection policy table
1512 The table can be specified in another variable
1513 .Va ip6addrctl_policy .
1515 .Va ip6addrctl_policy
1516 the following keywords can be specified:
1517 .Dq Li ipv4_prefer ,
1518 .Dq Li ipv6_prefer ,
1528 installs a pre-defined policy table described in Section 2.1
1536 is specified, it attempts to read a file
1537 .Pa /etc/ip6addrctl.conf
1538 first. If this file is found,
1540 reads and installs it. If not found, a policy is automatically set
1542 .Va ipv6_activate_all_interfaces
1543 variable; if the variable is set to
1545 the IPv6-preferred one is used. Otherwise IPv4-preferred.
1547 The default value of
1548 .Va ip6addrctl_enable
1550 .Va ip6addrctl_policy
1556 .It Va cloned_interfaces
1558 Set to the list of clonable network interfaces to create on this host.
1559 Further cloning arguments may be passed to the
1562 command for each interface by setting the
1563 .Va create_args_ Ns Aq Ar interface
1566 .Va cloned_interfaces
1567 are automatically appended to
1568 .Va network_interfaces
1570 .It Va fec_interfaces
1574 Fast EtherChannel interfaces to configure on this host.
1576 .Va fecconfig_ Ns Aq Ar interface
1577 variable is assumed to exist for each value of
1579 The value of this variable is used to configure link aggregated interfaces
1580 according to the syntax of the
1581 .Cm NGM_FEC_ADD_IFACE
1585 Additionally, this option ensures that each listed interface is created
1590 before attempting to configure it.
1593 fec_interfaces="fec0"
1594 fecconfig_fec0="em0 em1"
1595 ifconfig_fec0="DHCP"
1597 .It Va gif_interfaces
1601 tunnel interfaces to configure on this host.
1603 .Va gifconfig_ Ns Aq Ar interface
1604 variable is assumed to exist for each value of
1606 The value of this variable is used to configure the link layer of the
1607 tunnel according to the syntax of the
1611 Additionally, this option ensures that each listed interface is created
1616 before attempting to configure it.
1617 .It Va sppp_interfaces
1621 interfaces to configure on this host.
1623 .Va spppconfig_ Ns Aq Ar interface
1624 variable is assumed to exist for each value of
1626 Each interface should also be configured by a general
1627 .Va ifconfig_ Ns Aq Ar interface
1631 for more information about available options.
1641 The name of the profile to use from
1642 .Pa /etc/ppp/ppp.conf .
1643 Also used for per-profile overrides of
1648 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1649 When the profile name contains any of the characters
1651 they are translated to
1653 for the proposes of the override variable names.
1656 Mode in which to run the
1659 .It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1661 Overrides the global
1671 See the manual for a full description.
1676 enables network address translation.
1677 Used in conjunction with
1679 allows hosts on private network addresses access to the Internet using
1680 this host as a network address translating router.
1681 .It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1683 Overrides the global
1687 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1689 Set the unit number to be used for this profile.
1690 See the manual description of
1695 The name of the user under which
1703 .It Va rc_conf_files
1705 This option is used to specify a list of files that will override
1707 .Pa /etc/defaults/rc.conf .
1708 The files will be read in the order in which they are specified and should
1709 include the full path to the file.
1710 By default, the files specified are
1713 .Pa /etc/rc.conf.local
1719 will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1721 .It Va gptboot_enable
1725 .Pa /etc/rc.d/gptboot
1726 will log if the system successfully (or not) booted from a GPT partition,
1732 .It Va gbde_autoattach_all
1737 will attempt to automatically initialize your .bde devices in
1741 List the devices that the script should try to attach,
1746 The directory where the
1748 lockfiles are located.
1749 The default lockfile directory is
1752 The lockfile for each individual
1754 device can be overridden by setting the variable
1755 .Va gbde_lock_ Ns Aq Ar device ,
1758 is the encrypted device without the
1763 .It Va gbde_attach_attempts
1765 Number of times to attempt attaching to a
1767 device, i.e., how many times the user is asked for the pass-phrase.
1771 List of devices to automatically attach on boot.
1772 Note that .eli devices from
1774 are automatically appended to this list.
1777 Number of times user is asked for the pass-phrase.
1778 If empty, it will be taken from
1779 .Va kern.geom.eli.tries
1781 .It Va geli_default_flags
1783 Default flags to use by
1785 when configuring disk encryption.
1786 Flags can be configured for every device separately by defining
1787 .Va geli_ Ns Ao Ar device Ac Ns Va _flags
1789 .It Va geli_autodetach
1791 Specifies if GELI devices should be marked for detach on last close after
1792 file systems are mounted.
1795 This can be changed for every device separately by defining
1796 .Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1798 .It Va geli_swap_flags
1799 Options passed to the
1801 utility when encrypted GEOM providers for swap partitions are created.
1803 .Dq Li "-e aes -l 256 -s 4096 -d" .
1804 .It Va root_rw_mount
1809 After the file systems are checked at boot time, the root file system
1810 is remounted as read-write if this is set to
1812 Diskless systems that mount their root file system from a read-only remote
1813 NFS share should set this to
1817 .It Va fsck_y_enable
1822 will be run with the
1824 flag if the initial preen
1825 of the file systems fails.
1826 .It Va background_fsck
1830 the system will attempt to run
1832 in the background where possible.
1833 .It Va background_fsck_delay
1835 The amount of time in seconds to sleep before starting a background
1837 It defaults to sixty seconds to allow large applications such as
1838 the X server to start before disk I/O bandwidth is monopolized by
1840 If set to a negative number, the background file system check will be
1841 delayed indefinitely to allow the administrator to run it at a more
1843 For example it may be run from
1845 by adding a line like
1847 .Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
1853 List of file system types that are network-based.
1854 This list should generally not be modified by end users.
1856 .Va extra_netfs_types
1858 .It Va extra_netfs_types
1860 If set to something other than
1863 this variable extends the list of file system types
1864 for which automatic mounting at startup by
1866 should be delayed until the network is initialized.
1868 a whitespace-separated list of network file system descriptor pairs,
1869 each consisting of a file system type as passed to
1871 and a human-readable, one-word description,
1874 Extending the default list in this way is only necessary
1875 when third party file system types are used.
1876 .It Va syslogd_enable
1883 .It Va syslogd_program
1888 .Pa /usr/sbin/syslogd ) .
1889 .It Va syslogd_flags
1895 these are the flags to pass to
1904 .It Va inetd_program
1909 .Pa /usr/sbin/inetd ) .
1916 these are the flags to pass to
1925 .It Va hastd_program
1937 these are the flags to pass to
1946 .It Va named_program
1951 .Pa /usr/sbin/named ) .
1956 configuration file, (default
1957 .Pa /etc/namedb/named.conf ) .
1964 these are the flags to pass to
1970 process should be run as.
1971 .It Va named_chrootdir
1973 The root directory for a name server run in a
1975 environment (default
1979 will not be run in a
1982 .It Va named_chroot_autoupdate
1986 to disable automatic update of the
1989 .It Va named_symlink_enable
1993 to disable symlinking of
2002 loop until working name service is established.
2003 .It Va named_wait_host
2005 Name of host to lookup for the named_wait option.
2007 .It Va named_auto_forward
2009 Set to enable automatic creation of a forwarder
2010 configuration file derived from
2011 .Pa /etc/resolv.conf .
2012 .It Va named_auto_forward_only
2014 Set to change the default forwarder configuration from
2018 .It Va kerberos5_server_enable
2022 to start a Kerberos 5 authentication server
2024 .It Va kerberos5_server
2027 .Va kerberos5_server_enable
2030 this is the path to Kerberos 5 Authentication Server.
2031 .It Va kerberos5_server_flags
2034 This variable contains additional flags to be passed to the Kerberos 5
2035 authentication server.
2036 .It Va kadmind5_server_enable
2042 the Kerberos 5 Administration Daemon; set to
2045 .It Va kadmind5_server
2048 .Va kadmind5_server_enable
2051 this is the path to Kerberos 5 Administration Daemon.
2052 .It Va kpasswdd_server_enable
2058 the Kerberos 5 Password-Changing Daemon; set to
2061 .It Va kpasswdd_server
2064 .Va kpasswdd_server_enable
2067 this is the path to Kerberos 5 Password-Changing Daemon.
2074 daemon at boot time.
2081 these are the flags to pass to it.
2088 daemon at boot time.
2095 these are the flags to pass to it.
2098 manpage for more information.
2099 .It Va amd_map_program
2102 the specified program is run to get the list of
2107 maps are stored in NIS, one can set this to
2120 will be updated at boot time to reflect the kernel release
2125 will not be updated.
2126 .It Va nfs_client_enable
2130 run the NFS client daemons at boot time.
2131 .It Va nfs_access_cache
2134 .Va nfs_client_enable
2139 to disable NFS ACCESS RPC caching, or to the number of seconds for which
2141 results should be cached.
2142 A value of 2-10 seconds will substantially reduce network
2143 traffic for many NFS operations.
2144 .It Va nfs_server_enable
2148 run the NFS server daemons at boot time.
2149 .It Va nfs_server_flags
2152 .Va nfs_server_enable
2155 these are the flags to pass to the
2158 .It Va nfsv4_server_enable
2161 .Va nfs_server_enable
2165 .Va nfsv4_server_enable
2168 enable the server for NFSv4 as well as NFSv2 and NFSv3.
2169 .It Va nfsuserd_enable
2175 run the nfsuserd daemon, which is needed for NFSv4 in order
2176 to map between user/group names vs uid/gid numbers.
2178 .Va nfsv4_server_enable
2181 this will be forced enabled.
2182 .It Va nfsuserd_flags
2188 these are the flags to pass to the
2191 .It Va nfscbd_enable
2197 run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2204 these are the flags to pass to the
2207 .It Va oldnfs_server_enable
2210 .Va oldnfs_server_enable
2213 force the NFS server daemons to run the old NFS server code
2214 that does not support NFSv4.
2215 .It Va mountd_enable
2220 .Va nfs_server_enable
2226 It is commonly needed to run CFS without real NFS used.
2233 these are the flags to pass to the
2236 .It Va weak_mountd_authentication
2240 allow services like PCNFSD to make non-privileged mount
2242 .It Va nfs_reserved_port_only
2246 provide NFS services only on a secure port.
2247 .It Va nfs_bufpackets
2249 If set to a number, indicates the number of packets worth of
2250 socket buffer space to reserve on an NFS client.
2251 The kernel default is typically 4.
2252 Using a higher number may be
2253 useful on gigabit networks to improve performance.
2254 The minimum value is
2255 2 and the maximum is 64.
2256 .It Va rpc_lockd_enable
2260 and also an NFS server or client, run
2263 .It Va rpc_lockd_flags
2266 .Va rpc_lockd_enable
2269 these are the flags to pass to the
2272 .It Va rpc_statd_enable
2276 and also an NFS server or client, run
2279 .It Va rpc_statd_flags
2282 .Va rpc_statd_enable
2285 these are the flags to pass to the
2288 .It Va rpcbind_program
2293 .Pa /usr/sbin/rpcbind ) .
2294 .It Va rpcbind_enable
2300 service at boot time.
2301 .It Va rpcbind_flags
2307 these are the flags to pass to the
2310 .It Va keyserv_enable
2316 daemon on boot for running Secure RPC.
2317 .It Va keyserv_flags
2323 these are the flags to pass to
2326 .It Va pppoed_enable
2332 daemon at boot time to provide PPP over Ethernet services.
2333 .It Va pppoed_ Ns Aq Ar provider
2336 listens to requests to this
2342 argument of the same name.
2345 Additional flags to pass to
2347 .It Va pppoed_interface
2349 The network interface to run
2352 This is mandatory when
2362 service at boot time.
2363 This command is intended for networks of
2364 machines where a consistent
2366 for all hosts must be established.
2367 This is often useful in large NFS
2368 environments where time stamps on files are expected to be consistent
2376 these are the flags to pass to the
2379 .It Va ntpdate_enable
2386 This command is intended to
2387 synchronize the system clock only
2389 from some standard reference.
2390 An option to set this up initially
2391 (from a list of known servers) is also provided by the
2393 program when the system is first installed.
2394 .It Va ntpdate_config
2396 Configuration file for
2400 .It Va ntpdate_hosts
2402 A whitespace-separated list of NTP servers to synchronize with at startup.
2403 The default is to use the servers listed in
2404 .Va ntpdate_config ,
2405 if that file exists.
2406 .It Va ntpdate_program
2411 .Pa /usr/sbin/ntpdate ) .
2412 .It Va ntpdate_flags
2418 these are the flags to pass to the
2420 command (typically a hostname).
2427 command at boot time.
2433 .Pa /usr/sbin/ntpd ) .
2447 these are the flags to pass to the
2450 .It Va ntpd_sync_on_start
2457 flag, which syncs the system's clock on startup.
2460 for more information regarding the
2463 This is a preferred alternative to using
2468 .It Va nis_client_enable
2474 service at system boot time.
2475 .It Va nis_client_flags
2478 .Va nis_client_enable
2481 these are the flags to pass to the
2484 .It Va nis_ypset_enable
2490 daemon at system boot time.
2491 .It Va nis_ypset_flags
2494 .Va nis_ypset_enable
2497 these are the flags to pass to the
2500 .It Va nis_server_enable
2506 daemon at system boot time.
2507 .It Va nis_server_flags
2510 .Va nis_server_enable
2513 these are the flags to pass to the
2516 .It Va nis_ypxfrd_enable
2522 daemon at system boot time.
2523 .It Va nis_ypxfrd_flags
2526 .Va nis_ypxfrd_enable
2529 these are the flags to pass to the
2532 .It Va nis_yppasswdd_enable
2538 daemon at system boot time.
2539 .It Va nis_yppasswdd_flags
2542 .Va nis_yppasswdd_enable
2545 these are the flags to pass to the
2548 .It Va rpc_ypupdated_enable
2554 daemon at system boot time.
2555 .It Va bsnmpd_enable
2561 daemon at system boot time.
2562 Be sure to understand the security implications of running SNMP daemon
2570 these are the flags to pass to the
2573 .It Va defaultrouter
2577 create a default route to this host name or IP address
2578 (use an IP address if this router is also required to get to the
2580 .It Va ipv6_defaultrouter
2582 The IPv6 equivalent of
2584 .It Va static_arp_pairs
2586 Set to the list of static ARP pairs that are to be added at system
2588 For each whitespace separated
2591 .Va static_arp_ Ns Aq Ar element
2592 variable is assumed to exist whose contents will later be passed to a
2597 static_arp_pairs="gw"
2598 static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2600 .It Va static_ndp_pairs
2602 Set to the list of static NDP pairs that are to be added at system
2604 For each whitespace separated
2607 .Va static_ndp_ Ns Aq Ar element
2608 variable is assumed to exist whose contents will later be passed to a
2613 static_ndp_pairs="gw"
2614 static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2616 .It Va static_routes
2618 Set to the list of static routes that are to be added at system
2622 then for each whitespace separated
2625 .Va route_ Ns Aq Ar element
2626 variable is assumed to exist
2627 whose contents will later be passed to a
2632 static_routes="mcast gif0local"
2633 route_mcast="-net 224.0.0.0/4 -iface gif0"
2634 route_gif0local="-host 169.254.1.1 -iface lo0"
2636 .It Va ipv6_static_routes
2638 The IPv6 equivalent of
2642 then for each whitespace separated
2645 .Va ipv6_route_ Ns Aq Ar element
2646 variable is assumed to exist
2647 whose contents will later be passed to a
2648 .Dq Nm route Cm add Fl inet6
2650 .It Va natm_static_routes
2656 If not empty then for each whitespace separated
2659 .Va route_ Ns Aq Ar element
2660 variable is assumed to exist whose contents will later be passed to a
2661 .Dq Nm atmconfig Cm natm Cm add
2663 .It Va gateway_enable
2667 configure host to act as an IP router, e.g.\& to forward packets
2669 .It Va ipv6_gateway_enable
2671 The IPv6 equivalent of
2672 .Va gateway_enable .
2673 .It Va routed_enable
2677 run a routing daemon of some sort, based on the
2682 .It Va route6d_enable
2684 The IPv6 equivalent of
2688 run a routing daemon of some sort, based on the
2693 .It Va routed_program
2699 this is the name of the routing daemon to use.
2700 .It Va route6d_program
2702 The IPv6 equivalent of
2703 .Va routed_program .
2710 these are the flags to pass to the routing daemon.
2711 .It Va route6d_flags
2713 The IPv6 equivalent of
2715 .It Va mrouted_enable
2719 run the multicast routing daemon,
2721 .It Va mroute6d_enable
2723 The IPv6 equivalent of
2724 .Va mrouted_enable .
2727 run the IPv6 multicast routing daemon.
2729 Note that multicast routing daemons are no longer included in the
2731 base system, however, both
2735 may be installed from the
2738 .It Va mrouted_flags
2744 these are the flags to pass to the
2747 .It Va mroute6d_flags
2749 The IPv6 equivalent of
2755 these are the flags passed to the IPv6 multicast routing daemon.
2756 .It Va mroute6d_program
2762 this is the path to the IPv6 multicast routing daemon.
2763 .It Va rtadvd_enable
2769 daemon at boot time.
2772 utility sends ICMPv6 Router Advertisement messages to
2773 the interfaces specified in
2774 .Va rtadvd_interfaces .
2775 This should only be enabled with great care.
2776 You may want to fine-tune
2778 .It Va rtadvd_interfaces
2784 this is the list of interfaces to use.
2785 .It Va ipxgateway_enable
2789 enable the routing of IPX traffic.
2790 .It Va ipxrouted_enable
2796 daemon at system boot time.
2797 .It Va ipxrouted_flags
2800 .Va ipxrouted_enable
2803 these are the flags to pass to the
2810 enable global proxy ARP.
2811 .It Va forward_sourceroute
2819 source-routed packets are forwarded.
2820 .It Va accept_sourceroute
2824 the system will accept source-routed packets directed at it.
2831 daemon at system boot time.
2838 these are the flags to pass to the
2841 .It Va bootparamd_enable
2847 daemon at system boot time.
2848 .It Va bootparamd_flags
2851 .Va bootparamd_enable
2854 these are the flags to pass to the
2857 .It Va stf_interface_ipv4addr
2861 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2863 Specify this entry to enable the 6to4 interface.
2864 .It Va stf_interface_ipv4plen
2866 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2867 An effective value is 0-31.
2868 .It Va stf_interface_ipv6_ifid
2870 IPv6 interface ID for
2874 .It Va stf_interface_ipv6_slaid
2876 IPv6 Site Level Aggregator for
2878 .It Va ipv6_faith_prefix
2882 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
2887 .It Va ipv6_ipv4mapping
2891 this enables IPv4 mapped IPv6 address communication (like
2892 .Li ::ffff:a.b.c.d ) .
2897 to enable the configuration of ATM interfaces at system boot time.
2898 For all of the ATM variables described below, please refer to the
2900 manual page for further details on the available command parameters.
2901 Also refer to the files in
2902 .Pa /usr/share/examples/atm
2903 for more detailed configuration information.
2906 This is a list of physical ATM interface drivers to load.
2911 .It Va atm_netif_ Ns Aq Ar intf
2913 For the ATM physical interface
2915 this variable defines the name prefix and count for the ATM network
2916 interfaces to be created.
2917 The value will be passed as the parameters of an
2918 .Dq Nm atm Cm "set netif" Ar intf
2920 .It Va atm_sigmgr_ Ns Aq Ar intf
2922 For the ATM physical interface
2924 this variable defines the ATM signalling manager to be used.
2925 The value will be passed as the parameters of an
2926 .Dq Nm atm Cm attach Ar intf
2928 .It Va atm_prefix_ Ns Aq Ar intf
2930 For the ATM physical interface
2932 this variable defines the NSAP prefix for interfaces using a UNI signalling
2936 the prefix will automatically be set via the
2939 Otherwise, the value will be passed as the parameters of an
2940 .Dq Nm atm Cm "set prefix" Ar intf
2942 .It Va atm_macaddr_ Ns Aq Ar intf
2944 For the ATM physical interface
2946 this variable defines the MAC address for interfaces using a UNI signalling
2950 the hardware MAC address contained in the ATM interface card will be used.
2951 Otherwise, the value will be passed as the parameters of an
2952 .Dq Nm atm Cm "set mac" Ar intf
2954 .It Va atm_arpserver_ Ns Aq Ar netif
2956 For the ATM network interface
2958 this variable defines the ATM address for a host which is to provide ATMARP
2960 This variable is only applicable to interfaces using a UNI signalling
2964 this host will become an ATMARP server.
2965 The value will be passed as the parameters of an
2966 .Dq Nm atm Cm "set arpserver" Ar netif
2968 .It Va atm_scsparp_ Ns Aq Ar netif
2972 SCSP/ATMARP service for the network interface
2974 will be initiated using the
2979 This variable is only applicable if
2980 .Va atm_arpserver_ Ns Aq Ar netif
2985 Set to the list of ATM PVCs to be added at system
2987 For each whitespace separated
2990 .Va atm_pvc_ Ns Aq Ar element
2991 variable is assumed to exist.
2992 The value of each of these variables
2993 will be passed as the parameters of an
2994 .Dq Nm atm Cm "add pvc"
2998 Set to the list of permanent ATM ARP entries to be added
2999 at system boot time.
3000 For each whitespace separated
3003 .Va atm_arp_ Ns Aq Ar element
3004 variable is assumed to exist.
3005 The value of each of these variables
3006 will be passed as the parameters of an
3007 .Dq Nm atm Cm "add arp"
3009 .It Va natm_interfaces
3013 interfaces that will also be used for HARP through
3015 If this list is not empty all interfaces in the list will be brought up
3021 For this to work the interface drivers must be either compiled into the
3022 kernel or must reside on the root partition.
3025 The keyboard bell sound.
3032 if the default behavior is desired.
3033 For details, refer to the
3038 If set to a non-null string, the virtual console's keyboard input is
3044 no keymap is installed, otherwise the value is used to install
3046 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
3049 The keyboard repeat speed.
3056 if the default behavior is desired.
3061 attempt to program the function keys with the value.
3063 be a single string of the form:
3064 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3067 Can be set to the value of
3070 .Dq Li destructive ,
3073 to set the cursor behavior explicitly or choose the default behavior.
3078 no screen map is installed, otherwise the value is used to install
3079 the screen map file in
3080 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3085 the default 8x16 font value is used for screen size requests, otherwise
3087 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3093 the default 8x14 font value is used for screen size requests, otherwise
3095 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3101 the default 8x8 font value is used for screen size requests, otherwise
3103 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3109 the default screen blanking interval is used, otherwise it is set
3117 this is the actual screen saver to use
3118 .Li ( blank , snake , daemon ,
3120 .It Va moused_nondefault_enable
3124 the mouse device specified on
3125 the command line is not automatically treated as enabled by the
3126 .Pa /etc/rc.d/moused
3128 Having this variable set to
3134 to be enabled as soon as it is plugged in.
3135 .It Va moused_enable
3141 daemon is started for doing cut/paste selection on the console.
3144 This is the protocol type of the mouse connected to this host.
3145 This variable must be set if
3152 is able to detect the appropriate mouse type automatically in many cases.
3153 Set this variable to
3155 to let the daemon detect it, or
3156 select one from the following list if the automatic detection fails.
3158 If the mouse is attached to the PS/2 mouse port, choose
3162 regardless of the brand and model of the mouse.
3164 mouse is attached to the bus mouse port, choose
3168 All other protocols are for serial mice and will not work with
3169 the PS/2 and bus mice.
3170 If this is a USB mouse,
3172 is the only protocol type which will work.
3174 .Bl -tag -width ".Li x10mouseremote" -compact
3176 Microsoft mouse (serial)
3178 Microsoft IntelliMouse (serial)
3180 Mouse systems Corp.\& mouse (serial)
3182 MM Series mouse (serial)
3184 Logitech mouse (serial)
3188 Logitech MouseMan and TrackMan (serial)
3190 ALPS GlidePoint (serial)
3191 .It Li thinkingmouse
3192 Kensington ThinkingMouse (serial)
3196 MM HitTablet (serial)
3197 .It Li x10mouseremote
3198 X10 MouseRemote (serial)
3200 Interlink VersaPad (serial)
3203 Even if the mouse is not in the above list, it may be compatible
3204 with one in the list.
3205 Refer to the manual page for
3207 for compatibility information.
3209 It should also be noted that while this is enabled, any
3210 other client of the mouse (such as an X server) should access
3211 the mouse through the virtual mouse device,
3213 and configure it as a
3215 type mouse, since all
3216 mouse data is converted to this single canonical format when
3219 If the client program does not support the
3225 It is the second preferred type.
3232 this is the actual port the mouse is on.
3235 for a COM1 serial mouse,
3239 for a bus mouse, for example.
3244 is set, its value is used as an additional set of flags to pass to the
3247 .It Va "moused_" Ns Ar XXX Ns Va "_flags"
3249 .Va moused_nondefault_enable
3252 daemon is started for a non-default port, the
3253 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3254 set of options has precedence over and replaces the default
3255 .Va moused_flags (where
3257 is the name of the non-default port, i.e.\&
3260 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3261 it is possible to set up a different set of default flags for each
3264 For example, you can use
3268 to make your laptop's touchpad more comfortable to use,
3269 but an empty set of options for
3270 .Va moused_ums0_flags
3273 mouse has three or more buttons.
3274 .It Va mousechar_start
3278 the default mouse cursor character range
3279 .Li 0xd0 Ns - Ns Li 0xd3
3281 otherwise the range start is set
3286 Use if the default range is occupied in the language code table.
3287 .It Va allscreens_flags
3291 is run with these options for each of the virtual terminals
3295 will enable the mouse pointer on all virtual terminals
3300 .It Va allscreens_kbdflags
3304 is run with these options for each of the virtual terminals
3310 scrollback (history) buffer to 200 lines.
3317 daemon at system boot time.
3323 .Pa /usr/sbin/cron ) .
3330 these are the flags to pass to
3336 enable the special handling of transitions to and from the
3337 Daylight Saving Time in
3339 (equivalent to using the flag
3346 .Pa /usr/sbin/lpd ) .
3353 daemon at system boot time.
3360 these are the flags to pass to the
3363 .It Va chkprintcap_enable
3369 command before starting the
3372 .It Va chkprintcap_flags
3377 .Va chkprintcap_enable
3380 these are the flags to pass to the
3385 which causes missing directories to be created.
3386 .It Va mta_start_script
3388 This variable specifies the full path to the script to run to start
3389 a mail transfer agent.
3391 .Pa /etc/rc.sendmail .
3395 .Pa /etc/rc.sendmail
3396 uses are documented in the
3401 Indicates the device (usually a swap partition) to which a crash dump
3402 should be written in the event of a system crash.
3403 If the value of this variable is
3405 the first suitable swap device listed in
3407 will be used as dump device.
3408 Otherwise, the value of this variable is passed as the argument to
3410 To disable crash dumps, set this variable to
3414 When the system reboots after a crash and a crash dump is found on the
3415 device specified by the
3419 will save that crash dump and a copy of the kernel to the directory
3423 The default value is
3432 .It Va savecore_flags
3434 If crash dumps are enabled, these are the flags to pass to the
3441 to turn on user and group disk quotas on system startup via the
3443 command for all file systems marked as having quotas enabled in
3445 The kernel must be built with
3447 for disk quotas to function.
3452 to enable user and group disk quota checking via the
3455 .It Va quotacheck_flags
3465 these are the flags to pass to the
3470 which checks quotas for all file systems with quotas enabled in
3472 .It Va quotaon_flags
3478 these are the flags to pass to the
3483 which enables quotas for all file systems with quotas enabled in
3485 .It Va quotaoff_flags
3491 these are the flags to pass to the
3493 utility when shutting down the quota system.
3496 which disables quotas for all file systems with quotas enabled in
3498 .It Va accounting_enable
3502 to enable system accounting through the
3509 to enable iBCS2 (SCO) binary emulation at system initial boot
3511 .It Va ibcs2_loaders
3519 this specifies a list of additional iBCS2 loaders to enable.
3524 to enable Linux/ELF binary emulation at system initial
3530 enable SysVR4 emulation at boot time.
3531 .It Va sysvipc_enable
3535 load System V IPC primitives at boot time.
3536 .It Va clear_tmp_enable
3547 to disable removing of X11 lock files,
3548 and the removal and (secure) recreation
3549 of the various socket directories for X11
3551 .It Va ldconfig_paths
3553 Set to the list of shared library paths to use with
3557 will always be added first, so it need not appear in this list.
3558 .It Va ldconfig32_paths
3560 Set to the list of 32-bit compatibility shared library paths to
3563 .It Va ldconfig_paths_aout
3565 Set to the list of shared library paths to use with
3570 .It Va ldconfig_insecure
3574 utility normally refuses to use directories
3575 which are writable by anyone except root.
3576 Set this variable to
3578 to disable that security check during system startup.
3579 .It Va ldconfig_local_dirs
3581 Set to the list of local
3584 The names of all files in the directories listed will be
3585 passed as arguments to
3587 .It Va ldconfig_local32_dirs
3589 Set to the list of local 32-bit compatibility
3592 The names of all files in the directories listed will be
3593 passed as arguments to
3594 .Dq Nm ldconfig Fl 32 .
3595 .It Va kern_securelevel_enable
3599 to set the kernel security level at system startup.
3600 .It Va kern_securelevel
3602 The kernel security level to set at startup.
3603 The allowed range of
3605 ranges from \-1 (the compile time default) to 3 (the
3609 for the list of possible security levels and their effect
3610 on system operation.
3613 Path to the SSH server program
3614 .Pa ( /usr/sbin/sshd
3622 at system boot time.
3629 these are the flags to pass to the
3634 Path to the FTP server program
3635 .Pa ( /usr/libexec/ftpd
3643 as a stand-alone daemon at system boot time.
3650 these are the additional flags to pass to the
3653 .It Va watchdogd_enable
3659 daemon at boot time.
3660 This requires that the kernel have been compiled with a
3663 .It Va watchdogd_flags
3666 .Va watchdogd_enable
3669 these are the flags passed to the
3672 .It Va performance_cx_lowest
3674 CPU idle state to use while on AC power.
3679 should use the lowest power state available while
3681 indicates that the lowest latency state (less power savings) should be used.
3682 .It Va performance_cpu_freq
3684 CPU clock frequency to use while on AC power.
3689 should use the lowest frequency available while
3691 indicates that the highest frequency (less power savings) should be used.
3692 .It Va economy_cx_lowest
3694 CPU idle state to use when off AC power.
3699 should use the lowest power state available while
3701 indicates that the lowest latency state (less power savings) should be used.
3702 .It Va economy_cpu_freq
3704 CPU clock frequency to use when off AC power.
3709 should use the lowest frequency available while
3711 indicates that the highest frequency (less power savings) should be used.
3716 any configured jails will not be started.
3717 .It jail_parallel_start
3721 all configured jails will be started in the background (= in parallel).
3724 A space separated list of names for jails.
3725 This is purely a configuration aid to help identify and
3726 configure multiple jails.
3727 The names specified in this list will be used to
3728 identify settings common to an instance of a jail,
3729 and should contain alphanumeric characters only.
3730 Assuming that the jail in question was named
3732 you would have the following dependent variables:
3734 jail_vjail_hostname="jail.example.com"
3735 jail_vjail_ip="192.0.2.100"
3736 jail_vjail_rootdir="/var/jails/vjail/root"
3742 When set, use as default value for
3743 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3746 .It Va jail_interface
3749 When set, use as default value for
3750 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3756 When set, use as default value for
3757 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3760 .It Va jail_mount_enable
3768 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3771 by default for every jail in
3773 .It Va jail_devfs_ruleset
3777 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3778 to given value for every jail in
3780 .It Va jail_devfs_enable
3788 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3791 by default for every jail in
3793 .It Va jail_fdescfs_enable
3801 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3804 by default for every jail in
3806 .It Va jail_procfs_enable
3814 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3817 by default for every jail in
3819 .It Va jail_exec_prestart Ns Aq Ar N
3822 When set, use as default value for
3823 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N
3826 .It Va jail_exec_start
3829 When set, use as default value for
3830 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3833 .It Va jail_exec_afterstart Ns Aq Ar N
3836 When set, use as default value for
3837 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3840 .It Va jail_exec_poststart Ns Aq Ar N
3843 When set, use as default value for
3844 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N
3847 .It Va jail_exec_prestop Ns Aq Ar N
3850 When set, use as default value for
3851 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N
3854 .It Va jail_exec_stop
3856 When set, use as default value for
3857 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3860 .It Va jail_exec_poststop Ns Aq Ar N
3863 When set, use as default value for
3864 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N
3867 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3870 Set to the root directory used by jail
3872 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3875 Set to the fully qualified domain name (FQDN) assigned to jail
3877 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3880 Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail.
3881 The argument can be a sole address or a comma separated list of addresses.
3882 Additionally each address can be prefixed by the name of an interface
3883 followed by a pipe to overwrite
3884 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3887 and/or suffixed by a netmask, prefixlen or prefix.
3888 In case no netmask, prefixlen or prefix is given,
3890 will be used for IPv4 and
3892 will be used for an IPv6 address.
3893 If no address is given for the jail then the jail will be started with
3894 no networking support.
3895 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3898 Set additional IPv4 and/or IPv6 address(es) assigned to the jail.
3899 The sequence starts with
3901 and the numbers have to be strictly ascending.
3902 These entries follow the same syntax as their primary
3903 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3905 The order of the entries can be important as the first address for
3906 each address family found will be the primary address of the jail.
3912 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3917 These are flags to pass to
3919 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3922 When set, sets the interface to use when setting IP address alias.
3923 Note that the alias is created at jail startup and removed at jail shutdown.
3924 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3927 When set, the jail is started with the specified forwarding table (sometimes
3928 referred to as a routing table) via
3930 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3933 .Pa /etc/fstab. Ns Aq Ar jname
3935 This is the file system information file to use for jail
3937 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3944 mount all file systems from
3945 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3947 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3950 When set, defines the device file system ruleset file to use for jail
3952 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3959 mount the device file system inside jail
3962 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3969 mount the file-descriptor file system inside jail
3972 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
3979 mount the process file system inside jail
3982 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N
3985 This is the command run as
3988 before jail startup, where
3991 It is run outside the jail.
3992 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3995 .Dq Li /bin/sh /etc/rc
3997 This is the command executed in a jail at jail startup.
3998 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
4001 This is the command run as
4005 after jail startup, where
4008 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N
4011 This is the command run as
4014 after jail startup, where
4017 It is run outside the jail.
4018 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N
4021 This is the command run as
4024 before jail shutdown, where
4027 It is run outside the jail.
4028 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
4031 .Dq Li /bin/sh /etc/rc.shutdown
4033 This is the command executed in a jail at jail shutdown.
4034 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N
4037 This is the command run as
4040 after jail shutdown, where
4043 It is run outside the jail.
4044 .It Va jail_set_hostname_allow
4048 do not allow the root user in a jail to set its hostname.
4049 .It Va jail_socket_unixiproute_only
4053 do not allow any sockets,
4054 besides UNIX/IP/route sockets,
4055 to be used within a jail.
4056 .It Va jail_sysvipc_allow
4060 allow applications within a jail to use System V IPC.
4061 .\" -----------------------------------------------------
4062 .It Va harvest_interrupt
4066 to use hardware interrupts as an entropy source.
4069 for more information.
4070 .It Va harvest_ethernet
4074 to use LAN traffic as an entropy source.
4077 for more information.
4078 .It Va harvest_p_to_p
4082 to use serial line traffic as an entropy source.
4085 for more information.
4090 to disable caching entropy via
4092 Otherwise set to the directory used to store entropy files in.
4097 to disable caching entropy through reboots.
4098 Otherwise set to the filename used to store cached entropy through
4100 This file should be located on the root file system to seed the
4102 device as early as possible in the boot process.
4103 .It Va entropy_save_sz
4105 Size of the entropy cache files saved by
4108 .It Va entropy_save_num
4110 Number of entropy cache files to save by
4124 Configuration file for
4133 .Pa /var/run/dmesg.boot
4135 .It Va rcshutdown_timeout
4137 If set, start a watchdog timer in the background which will terminate
4141 has not completed within the specified time (in seconds).
4142 Notice that in addition to this soft timeout,
4144 also applies a hard timeout for the execution of
4146 This is configured via
4149 .Va kern.init_shutdown_timeout
4150 and defaults to 120 seconds.
4151 Setting the value of
4152 .Va rcshutdown_timeout
4153 to more than 120 seconds will have no effect until the
4156 .Va kern.init_shutdown_timeout
4158 .It Va virecover_enable
4162 to prevent the system from trying to
4163 recover pre-maturely terminated
4166 .It Va ugidfw_enable
4171 .Xr mac_bsdextended 4
4172 module upon system initialization and load a default
4174 .It Va bsdextended_script
4177 .Xr mac_bsdextended 4
4178 ruleset file to load.
4179 The default value of this variable is
4180 .Pa /etc/rc.bsdextended .
4181 .It Va newsyslog_enable
4188 .It Va newsyslog_flags
4191 .Va newsyslog_enable
4194 these are the flags to pass to the
4199 which causes log files flagged with a
4202 .It Va mdconfig_md Ns Aq Ar X
4212 must be specified and either a
4214 for malloc or swap backed
4222 .Va mdconfig_md Ns Aq Ar X
4223 variables are evaluated until one variable is unset or null.
4224 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4226 Optional arguments passed to
4232 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4234 An ownership specification passed to
4243 device and the mount point will be changed.
4244 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4246 A mode string passed to
4255 device and the mount point will be changed.
4256 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4258 Files to be copied to the mount point of the
4262 after it has been mounted.
4263 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4265 Command to execute after the specified
4270 Note that the command is passed to
4276 variables can be used to reference respectively the
4278 device and the mount point.
4283 one could set the following:
4285 mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4287 .It Va autobridge_interfaces
4289 Set to the list of bridge interfaces that will have newly arriving interfaces
4290 checked against to be automatically added.
4293 then for each whitespace separated
4296 .Va autobridge_ Ns Aq Ar element
4297 variable is assumed to exist which has a whitespace separated list of interface
4298 names to match, these names can use wildcards.
4301 autobridge_interfaces="bridge0"
4302 autobridge_bridge0="tap* dc0 vlan[345]"
4308 enable support for sound mixer.
4309 .It Va hcsecd_enable
4313 enable Bluetooth security daemon.
4314 .It Va hcsecd_config
4316 Configuration file for
4319 .Pa /etc/bluetooth/hcsecd.conf .
4324 enable Bluetooth Service Discovery Protocol daemon.
4332 .It Va sdpd_groupname
4336 group to run as after it initializes.
4339 .It Va sdpd_username
4343 user to run as after it initializes.
4346 .It Va bthidd_enable
4350 enable Bluetooth Human Interface Device daemon.
4351 .It Va bthidd_config
4353 Configuration file for
4356 .Pa /etc/bluetooth/bthidd.conf .
4359 Path to a file, where
4361 will store information about known HID devices.
4363 .Pa /var/db/bthidd.hids .
4364 .It Va rfcomm_pppd_server_enable
4368 enable Bluetooth RFCOMM PPP wrapper daemon.
4369 .It Va rfcomm_pppd_server_profile
4371 The name of the profile to use from
4372 .Pa /etc/ppp/ppp.conf .
4373 Multiple profiles can be specified here.
4374 Also used to specify per-profile overrides.
4375 When the profile name contains any of the characters
4377 they are translated to
4379 for the proposes of the override variable names.
4380 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4382 Overrides local address to listen on.
4388 The address can be specified as BD_ADDR or name.
4389 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4391 Overrides local RFCOMM channel to listen on.
4394 will listen on RFCOMM channel 1.
4395 Must set properly if multiple profiles used in the same time.
4396 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4400 if it should register Serial Port service on the specified RFCOMM channel.
4403 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4407 if it should register Dial-Up Networking service on the specified
4411 .It Va ubthidhci_enable
4415 change the USB Bluetooth controller from HID mode to HCI mode.
4416 You also need to specify the location of USB Bluetooth controller with the
4417 .Va ubthidhci_busnum
4421 .It Va ubthidhci_busnum
4422 Bus number where the USB Bluetooth controller is located.
4425 on your system to find this information.
4426 .It Va ubthidhci_addr
4427 Bus address of the USB Bluetooth controller.
4430 on your system to find this information.
4431 .It Va netwait_enable
4435 delays the start of network-reliant services until
4437 is up and ICMP packets to a destination defined in
4440 Link state is examined first, followed by
4442 an IP address to verify network usability.
4443 If no destination can be reached or timeouts are exceeded,
4444 network services are started anyway with no guarantee that
4445 the network is usable.
4446 Use of this variable requires both
4454 This variable contains a space-delimited list of IP addresses to
4456 DNS hostnames should not be used as resolution is not guaranteed
4457 to be functional at this point.
4458 If multiple IP addresses are specified,
4459 each will be tried until one is successful or the list is exhausted.
4460 .It Va netwait_timeout
4462 Indicates the total number of seconds to perform a
4464 against each IP address in
4466 at a rate of one ping per second.
4467 If any of the pings are successful,
4468 full network connectivity is considered reliable.
4473 Defines the name of the network interface on which watch for link.
4475 is used to monitor the interface, looking for
4476 .Dq Li status: no carrier .
4477 Once gone, the link is considered up.
4480 interface if desired.
4481 .It Va netwait_if_timeout
4483 Defines the total number of seconds to wait for link to become usable,
4484 polled at a 1-second interval.
4488 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4489 .It Pa /etc/defaults/rc.conf
4491 .It Pa /etc/rc.conf.local
4520 .Xr newsyslog.conf 5 ,
4589 .An Jordan K. Hubbard .
projects / FreeBSD / releng / 9.0.git / blob