4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the system installation utility.
45 is not to run commands or perform system startup actions
47 Instead, it is included by the
48 various generic startup scripts in
50 which conditionalize their
51 internal actions according to the settings found there.
55 file is included from the file
56 .Pa /etc/defaults/rc.conf ,
57 which specifies the default settings for all the available options.
58 Options need only be specified in
60 when the system administrator wishes to override these defaults.
62 .Pa /etc/rc.conf.local
63 is used to override settings in
65 for historical reasons.
67 .Pa /etc/rc.conf.local
68 you can also place smaller configuration files for each
72 directory, which will be included by the
75 For jail configurations you could use the file
76 .Pa /etc/rc.conf.d/jail
77 to store jail specific configuration options.
83 .Dq Ar name Ns Li = Ns Ar value
87 The following list provides a name and short description for each
88 variable that can be set in the
91 .Bl -tag -width indent-two
96 enable output of debug messages from rc scripts.
97 This variable can be helpful in diagnosing mistakes when
98 editing or integrating new scripts.
99 Beware that this produces copious output to the terminal and
105 disable informational messages from the rc scripts.
106 Informational messages are displayed when
107 a condition that is not serious enough to warrant a warning or
115 when faststart is used (e.g., at boot time).
116 .It Va early_late_divider
118 The name of the script that should be used as the
119 delimiter between the
123 stages of the boot process.
124 The early stage should contain all the services needed to
125 get the disks (local or remote) mounted so that the late
126 stage can include scripts contained in the directories
129 variable (see below).
130 Thus, the two likely candidates for this value are
132 for the typical system, and
134 if the system needs remote file
135 systems mounted to get access to the
137 directories; for example when
145 is likely to be an appropriate value.
146 Extreme care should be taken when changing this value,
147 and before changing it one should ensure that there are
148 adequate provisions to recover from a failed boot
149 (such as physical contact with the machine,
150 or reliable remote console access).
151 .It Va always_force_depends
155 scripts use the force_depend function to check whether required
156 services are already running, and to start them if necessary.
157 By default during boot time this check is bypassed if the
158 required service is enabled in
159 .Pa /etc/rc.conf[.local] .
160 Setting this option will bypass that check at boot time and
161 always test whether or not the service is actually running.
162 Enabling this option is likely to increase your boot time if
163 services are enabled that utilize the force_depend check.
164 .It Ao Ar name Ac Ns Va _chroot
167 to this directory before running the service.
168 .It Ao Ar name Ac Ns Va _user
170 Run the service under this user account.
171 .It Ao Ar name Ac Ns Va _group
173 Run the chrooted service under this system group. Unlike the _user
174 setting, this setting has no effect if the service is not chrooted.
175 .It Ao Ar name Ac Ns Va _fib
179 value to run the service under.
180 .It Ao Ar name Ac Ns Va _nice
184 value to run the service under.
189 enable support for Automatic Power Management with
197 to handle APM event from userland.
198 This also enables support for APM.
205 these are the flags to pass to the
212 to handle device added, removed or unknown events from the kernel.
219 scripts at boot time.
222 Configuration file for
228 A list of kernel modules to load right after the local
230 Loading modules at this point in the boot process is
231 much faster than doing it via
232 .Pa /boot/loader.conf
233 for those modules not necessary for mounting local disk.
234 .It Va kldxref_enable
241 to automatically rebuild
246 .It Va kldxref_clobber
256 will overwrite existing
263 .It Va kldxref_module_path
268 delimited list of paths containing
280 enable the system power control facility with the
289 these are the flags to pass to the
293 Controls the creation of a
296 Always happens if set to
298 and never happens if set to
300 If set to anything else, a memory file system is created if
304 Controls the size of a created
308 Extra options passed to the
310 utility when the memory file system for
315 which inhibits the use of softupdates on
317 so that file system space is freed without delay
318 after file truncation or deletion.
321 for other options you can use in
324 Controls the creation of a
327 Always happens if set to
329 and never happens if set to
331 If set to anything else, a memory file system is created if
335 Controls the size of a created
339 Extra options passed to the
341 utility when the memory file system for
346 which inhibits the use of softupdates on
348 so that file system space is freed without delay
349 after file truncation or deletion.
352 for other options you can use in
355 Controls the automatic population of the
358 Always happens if set to
360 and never happens if set to
362 If set to anything else, a memory file system is created if
365 Note that this process requires access to certain commands in
369 is mounted on normal systems.
370 .It Va cleanvar_enable
377 List of directories to search for startup script files.
378 .It Va script_name_sep
380 The field separator to use for breaking down the list of startup script files
381 into individual filenames.
382 The default is a space.
383 It is not necessary to change this unless there are startup scripts with names
385 .It Va hostapd_enable
394 The fully qualified domain name (FQDN) of this host on the network.
395 This should almost certainly be set to something meaningful, even if
396 there is no network connection.
399 is used to set the hostname via DHCP,
400 this variable should be set to an empty string.
401 If this value remains unset when the system is done booting
402 your console login will display the default hostname of
406 The NIS domain name of this host, or
409 .It Va dhclient_program
411 Path to the DHCP client program
412 .Pa ( /sbin/dhclient ,
417 .It Va dhclient_flags
419 Additional flags to pass to the DHCP client program.
424 manpage for a description of the command line options available.
425 .It Va dhclient_flags_ Ns Aq Ar iface
426 Additional flags to pass to the DHCP client program running on
429 When specified, this variable overrides
431 .It Va background_dhclient
435 to start the DHCP client in background.
436 This can cause trouble with applications depending on
437 a working network, but it will provide a faster startup
439 .It Va background_dhclient_ Ns Aq Ar iface
440 When specified, this variable overrides the
441 .Va background_dhclient
442 variable for interface
445 .It Va synchronous_dhclient
451 synchronously at startup.
452 This behavior can be overridden on a per-interface basis by replacing
456 .Va ifconfig_ Ns Aq Ar interface
461 .It Va defaultroute_delay
463 When set to a positive value, wait up to this long after configuring
464 DHCP interfaces at startup to give the interfaces time to receive a lease.
465 .It Va firewall_enable
469 to load firewall rules at startup.
470 If the kernel was not built with
471 .Cd "options IPFIREWALL" ,
474 kernel module will be loaded.
476 .Va ipfilter_enable .
477 .It Va firewall_script
479 This variable specifies the full path to the firewall script to run.
481 .Pa /etc/rc.firewall .
484 Names the firewall type from the selection in
485 .Pa /etc/rc.firewall ,
486 or the file which contains the local firewall ruleset.
487 Valid selections from
491 .Bl -tag -width ".Li simple" -compact
493 unrestricted IP access
495 all IP services disabled, except via
498 basic protection for a workstation
500 basic protection for a LAN.
503 If a filename is specified, the full path
505 .It Va firewall_quiet
509 to disable the display of firewall rules on the console during boot.
510 .It Va firewall_logging
514 to enable firewall event logging.
515 This is equivalent to the
516 .Dv IPFIREWALL_VERBOSE
518 .It Va firewall_logif
522 to create pseudo interface
525 For more details, see
528 .It Va firewall_flags
534 specifies a filename.
535 .It Va firewall_coscripts
537 List of executables and/or rc scripts to run after firewall starts/stops.
539 .\" ----- firewall_nat_enable setting --------------------------------
540 .It Va firewall_nat_enable
552 .It Va firewall_nat_interface
558 This is the name of the public interface or IP address on which
559 kernel NAT should run.
560 .It Va firewall_nat_flags
562 Additional configuration parameters for kernel NAT should be placed here.
563 .It Va dummynet_enable
567 will automatically load the
573 .\" -------------------------------------------------------------------
589 sockets must be enabled in the kernel.
590 If the kernel was not built with
591 .Cd "options IPDIVERT" ,
594 kernel module will be loaded.
595 .It Va natd_interface
597 This is the name of the public interface on which
600 The interface may be given as an interface name or as an IP address.
605 flags should be placed here.
610 flag is automatically added with the above
613 .\" ----- ipfilter_enable setting --------------------------------
614 .It Va ipfilter_enable
625 Typical usage will require putting
627 ipfilter_enable="YES"
645 can be enabled independently.
649 both require at least one of
659 options IPFILTER_DEFAULT_BLOCK
662 in the kernel configuration file is a good idea, too.
663 .\" ----- ipfilter_program setting ------------------------------
664 .It Va ipfilter_program
670 .\" ----- ipfilter_rules setting --------------------------------
671 .It Va ipfilter_rules
676 This variable contains the name of the filter rule definition file.
677 The file is expected to be readable for the
680 .\" ----- ipv6_ipfilter_rules setting ---------------------------
681 .It Va ipv6_ipfilter_rules
686 This variable contains the IPv6 filter rule definition file.
687 The file is expected to be readable for the
690 .\" ----- ipfilter_flags setting --------------------------------
691 .It Va ipfilter_flags
694 This variable contains flags passed to the
697 .\" ----- ipnat_enable setting ----------------------------------
707 network address translation.
710 for a detailed discussion.
711 .\" ----- ipnat_program setting ---------------------------------
718 .\" ----- ipnat_rules setting -----------------------------------
724 This variable contains the name of the file
725 holding the network address translation definition.
726 This file is expected to be readable for the
729 .\" ----- ipnat_flags setting -----------------------------------
733 This variable contains flags passed to the
736 .\" ----- ipmon_enable setting ----------------------------------
751 Setting this variable needs setting
758 for a detailed discussion.
759 .\" ----- ipmon_program setting ---------------------------------
766 .\" ----- ipmon_flags setting -----------------------------------
772 This variable contains flags passed to the
775 Another typical example would be
776 .Dq Fl D Pa /var/log/ipflog
779 log directly to a file bypassing
782 .Pa /etc/newsyslog.conf
783 in such case like this:
785 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
787 .\" ----- ipfs_enable setting -----------------------------------
797 saving the filter and NAT state tables during shutdown
798 and reloading them during startup again.
799 Setting this variable needs setting
808 for a detailed discussion.
814 because the raised securelevel will prevent
816 from saving the state tables at shutdown time.
817 .\" ----- ipfs_program setting ----------------------------------
824 .\" ----- ipfs_flags setting ------------------------------------
828 This variable contains flags passed to the
831 .\" ----- end of added ipf hook ---------------------------------
843 Typical usage will require putting
858 into the kernel, otherwise the
859 kernel module will be loaded.
864 ruleset configuration file
879 these flags are passed to the
881 program when loading the ruleset.
891 which logs packets from the
904 .Pa /var/log/pflog ) .
906 .Pa /etc/newsyslog.conf
907 to adjust logfile rotation for this.
917 This variable contains additional flags passed to the
920 .It Va ftpproxy_enable
931 packet filter in translating ftp connections.
932 .It Va ftpproxy_flags
935 This variable contains additional flags passed to the
947 state changes to other hosts over the network by means of
952 must also be set then.
953 .It Va pfsync_syncdev
956 This variable specifies the name of the network interface
958 should operate through.
959 It must be set accordingly if
963 .It Va pfsync_syncpeer
966 This variable is optional.
967 By default, state change messages are sent out on the synchronisation
968 interface using IP multicast packets.
969 The protocol is IP protocol 240, PFSYNC, and the multicast group used is
971 When a peer address is specified using the
973 option, the peer address is used as a destination for the pfsync
974 traffic, and the traffic can then be protected using
978 manpage for more details about using
983 .It Va pfsync_ifconfig
986 This variable can contain additional options to be passed to the
988 command used to set up
990 .It Va tcp_extensions
997 disables certain TCP options as described by
1003 might help remedy such problems with connections as randomly hanging
1004 or other weird behavior.
1005 Some network devices are known
1006 to be broken with respect to these options.
1009 Set to 0 by default.
1013 .Va net.inet.tcp.log_in_vain
1015 .Va net.inet.udp.log_in_vain ,
1020 are set to the given value.
1021 .It Va tcp_keepalive
1028 will disable probing idle TCP connections to verify that the
1029 peer is still up and reachable.
1030 .It Va tcp_drop_synfin
1037 will cause the kernel to ignore TCP frames that have both
1038 the SYN and FIN flags set.
1039 This prevents OS fingerprinting, but may
1040 break some legitimate applications.
1041 .It Va icmp_drop_redirect
1048 will cause the kernel to ignore ICMP REDIRECT packets.
1051 for more information.
1052 .It Va icmp_log_redirect
1059 will cause the kernel to log ICMP REDIRECT packets.
1061 the log messages are not rate-limited, so this option should only be used
1062 for troubleshooting networks.
1065 for more information.
1066 .It Va icmp_bmcastecho
1070 to respond to broadcast or multicast ICMP ping packets.
1073 for more information.
1074 .It Va ip_portrange_first
1078 this is the first port in the default portrange.
1081 for more information.
1082 .It Va ip_portrange_last
1086 this is the last port in the default portrange.
1089 for more information.
1090 .It Va network_interfaces
1092 Set to the list of network interfaces to configure on this host or
1094 (the default) for all current interfaces.
1096 .Va network_interfaces
1097 variable to anything other than the default is deprecated.
1098 Interfaces that the administrator wishes to store configuration for,
1099 but not start at boot should be configured with the
1102 .Va ifconfig_ Ns Aq Ar interface
1103 variables as described below.
1106 .Va ifconfig_ Ns Aq Ar interface
1107 variable is also assumed to exist for each value of
1109 When an interface name contains any of the characters
1111 they are translated to
1114 The variable can contain arguments to
1116 as well as special case-insensitive keywords described below.
1117 Such keywords are removed before passing the value to
1119 while the order of the other arguments is preserved.
1121 It is possible to add IP alias entries using
1123 syntax with the address family keyword such as
1125 Assuming that the interface in question was
1127 it might look something like this:
1129 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1130 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1133 It also possible to configure multiple IP addresses in Classless
1134 Inter-Domain Routing
1137 whose each address component can be a range like
1138 .Li inet 192.0.2.5-23/24
1140 .Li inet6 2001:db8:1-f::1/64 .
1141 This notation allows address and prefix length part only,
1142 not the other address modifiers.
1145 .Li 192.0.2.5-23/24 ,
1146 the address 192.0.2.5 will be configured with the
1147 netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1148 the non-conflicting netmask /32 as explained in the
1151 Note that this special netmask handling is only for
1153 not for the other address families such as
1156 With the interface in question being
1158 an example could look like:
1160 ifconfig_ed0_alias2="inet 192.0.2.129/27"
1161 ifconfig_ed0_alias3="inet 192.0.2.1-5/28"
1167 .Va ipv4_addrs_ Ns Aq Ar interface
1168 variable was supported for IPv4 CIDR address notation.
1169 It is now deprecated because the functionality was integrated into
1170 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1172 .Va ipv4_addrs_ Ns Aq Ar interface
1173 is still supported for backward compatibility.
1176 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1177 entry with an address family keyword,
1178 its contents are passed to
1180 Execution stops at the first unsuccessful access, so if
1181 something like this is present:
1183 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1184 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1185 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1186 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1189 Then note that alias4 would
1191 be added since the search would
1192 stop with the missing
1195 Because of this difficult to manage behavior,
1197 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1198 variable, which has the same functionality as
1199 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1200 and can have all of entries in a variable like the following:
1202 ifconfig_ed0_aliases="\\
1203 inet 127.0.0.251 netmask 0xffffffff \\
1204 inet 127.0.0.252 netmask 0xffffffff \\
1205 inet 127.0.0.253 netmask 0xffffffff \\
1206 inet 127.0.0.254 netmask 0xffffffff"
1209 It also supports CIDR notation.
1212 .Pa /etc/start_if. Ns Aq Ar interface
1213 file is present, it is read and executed by the
1216 before configuring the interface as specified in the
1217 .Va ifconfig_ Ns Aq Ar interface
1219 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1223 .Va vlans_ Ns Aq Ar interface
1227 interface will be created for each item in the list with the
1231 If a vlan interface's name is a number,
1232 then that number is used as the vlan tag and the new vlan interface is
1234 .Ar interface . Ns Ar tag .
1236 the vlan tag must be specified via a
1239 .Va create_args_ Ns Aq Ar interface
1242 To create a vlan device named
1246 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1249 ifconfig_em0_101="inet 192.0.2.1/24"
1252 To create a vlan device named
1256 with the vlan tag 102:
1259 create_args_myvlan="vlan 102"
1263 .Va wlans_ Ns Aq Ar interface
1267 interface will be created for each item in the list with the
1271 Further wlan cloning arguments may be passed to the
1274 command by setting the
1275 .Va create_args_ Ns Aq Ar interface
1279 devices must be created for each wireless devices as of
1285 may be specified with an
1286 .Va wlandebug_ Ns Aq Ar interface
1288 The contents of this variable will be passed directly to
1292 .Va ifconfig_ Ns Aq Ar interface
1293 contains the keyword
1295 then the interface will not be configured
1297 .Pa /etc/pccard_ether
1299 .Va network_interfaces
1303 It is possible to bring up an interface with DHCP by adding
1306 .Va ifconfig_ Ns Aq Ar interface
1308 For instance, to initialize the
1311 it is possible to use something like:
1316 If you want to configure your wireless interface with
1317 .Xr wpa_supplicant 8
1318 for use with WPA, EAP/LEAP or WEP, you need to add
1321 .Va ifconfig_ Ns Aq Ar interface
1324 On the other hand, if you want to configure your wireless interface with
1329 .Va ifconfig_ Ns Aq Ar interface
1332 will use the settings from
1333 .Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1335 Finally, you can add
1337 options in this variable, in addition to the
1338 .Pa /etc/start_if. Ns Aq Ar interface
1340 For instance, to configure an
1342 wireless device in station mode with an address obtained
1343 via DHCP, using WPA authentication and 802.11b mode, it is
1344 possible to use something like:
1347 ifconfig_wlan0="DHCP WPA mode 11b"
1351 .Va ifconfig_ Ns Aq Ar interface
1352 form, a fallback variable
1353 .Va ifconfig_DEFAULT
1355 It will be used for all interfaces with no
1356 .Va ifconfig_ Ns Aq Ar interface
1358 This is intended to replace the no longer supported
1362 It is also possible to rename an interface by doing:
1364 ifconfig_ed0_name="net0"
1365 ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1369 This variable is deprecated.
1371 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1373 .Va ipv6_activate_all_interfaces
1378 .Dq Li inet6 accept_rtadv
1380 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1382 .Va ipv6_activate_all_interfaces
1387 This variable is deprecated.
1389 .Va ip6addrctl_policy
1394 the default address selection policy table set by
1396 will be IPv6-preferred.
1400 the default address selection policy table set by
1402 will be IPv4-preferred.
1403 .It Va ipv6_activate_all_interfaces
1405 This controls initial configuration on IPv6-capable
1406 interfaces with no corresponding
1407 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1409 Note that it is not always necessary to set this variable to
1411 to use IPv6 functionality on
1413 In most cases, just configuring
1414 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1419 all interfaces which do not have a corresponding
1420 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1421 variable will be marked as
1424 This means that all of IPv6 functionality on that interface
1425 is completely disabled to enforce a security policy.
1426 If the variable is set to
1428 the flag will be cleared on all of the interfaces.
1430 In most cases, just defining an
1431 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1432 for an IPv6-capable interface should be sufficient.
1433 However, if an interface is added dynamically
1434 .Pq by some tunneling protocols such as PPP, for example ,
1435 it is often difficult to define the variable in advance.
1436 In such a case, configuring the
1438 flag can be disabled by setting this variable to
1441 For more details of the
1444 .Dq Li inet6 ifdisabled ,
1454 privacy addresses will be generated for each IPv6
1455 interface as described in RFC 4941.
1456 .It Va ipv6_network_interfaces
1458 This is the IPv6 equivalent of
1459 .Va network_interfaces .
1460 Normally manual configuration of this variable is not needed.
1462 .It Va ipv6_cpe_wanif
1464 If the variable is set to an interface name,
1468 .Dq inet6 -no_radr accept_rtadv
1469 will be added to the specified interface automatically before evaluating
1470 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1474 .Va net.inet6.ip6.rfc6204w3
1476 .Va net.inet6.ip6.no_radr
1479 This means the specified interface will accept ICMPv6 Router
1480 Advertisement messages on that link and add the discovered
1481 routers into the Default Router List.
1482 While the other interfaces can still accept RA messages if the
1483 .Dq inet6 accept_rtadv
1484 option is specified, adding
1485 routes into the Default Router List will be disabled by
1492 Note that ICMPv6 Router Advertisement messages will be
1494 .Va net.inet6.ip6.forwarding
1496 .Pq packet forwarding is enabled
1498 .Va net.inet6.ip6.rfc6204w3
1503 .It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1505 IPv6 functionality on an interface should be configured by
1506 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1507 instead of setting ifconfig parameters in
1508 .Va ifconfig_ Ns Aq Ar interface .
1509 If this variable is empty, all of IPv6 configurations on the
1510 specified interface by other variables such as
1511 .Va ipv6_prefix_ Ns Ao Ar interface Ac
1514 Aliases should be set by
1515 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1521 ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1522 ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1525 Interfaces that have an
1526 .Dq Li inet6 accept_rtadv
1528 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1529 setting will be automatically configured by SLAAC
1530 .Pq StateLess Address AutoConfiguration
1536 Note that a link-local address will be automatically configured in
1537 addition to the configured global-scope addresses because the IPv6
1538 specifications require it on each link.
1539 The address is calculated from the MAC address by using an algorithm
1546 If only a link-local address is needed on the interface,
1547 the following configuration can be used:
1549 ifconfig_ed0_ipv6="inet6 auto_linklocal"
1552 A link-local address can also be configured manually.
1553 This is useful for the default router address of an IPv6 router
1554 so that it does not change when the network interface
1558 ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64"
1560 .It Va ipv6_prefix_ Ns Aq Ar interface
1562 If one or more prefixes are defined in
1563 .Va ipv6_prefix_ Ns Aq Ar interface
1564 addresses based on each prefix and the EUI-64 interface index will be
1565 configured on that interface.
1566 Note that this variable will be ignored when
1567 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1570 For example, the following configuration
1572 ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0"
1575 is equivalent to the following:
1577 ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1578 ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1579 ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1580 ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1583 These Subnet-Router anycast addresses will be added only when
1584 .Va ipv6_gateway_enable
1586 .It Va ipv6_default_interface
1590 this is the default output interface for scoped addresses.
1591 This works only with ipv6_gateway_enable="NO".
1592 .It Va ip6addrctl_enable
1594 This variable is to enable configuring default address selection policy table
1596 The table can be specified in another variable
1597 .Va ip6addrctl_policy .
1599 .Va ip6addrctl_policy
1600 the following keywords can be specified:
1601 .Dq Li ipv4_prefer ,
1602 .Dq Li ipv6_prefer ,
1612 installs a pre-defined policy table described in Section 2.1
1620 is specified, it attempts to read a file
1621 .Pa /etc/ip6addrctl.conf
1623 If this file is found,
1625 reads and installs it.
1626 If not found, a policy is automatically set
1628 .Va ipv6_activate_all_interfaces
1629 variable; if the variable is set to
1631 the IPv6-preferred one is used.
1632 Otherwise IPv4-preferred.
1634 The default value of
1635 .Va ip6addrctl_enable
1637 .Va ip6addrctl_policy
1643 .It Va cloned_interfaces
1645 Set to the list of clonable network interfaces to create on this host.
1646 Further cloning arguments may be passed to the
1649 command for each interface by setting the
1650 .Va create_args_ Ns Aq Ar interface
1652 If an interface name is specified with
1655 the interface will not be destroyed even when
1657 script is invoked with
1660 This is useful when reconfiguring the interface without destroying it.
1662 .Va cloned_interfaces
1663 are automatically appended to
1664 .Va network_interfaces
1666 .It Va cloned_interfaces_sticky
1668 This variable is to globally enable functionality of
1671 .Va cloned_interfaces
1673 The default value is
1675 Even if this variable is specified to
1678 keyword can be used to override it on per interface basis.
1679 .It Va fec_interfaces
1683 Fast EtherChannel interfaces to configure on this host.
1685 .Va fecconfig_ Ns Aq Ar interface
1686 variable is assumed to exist for each value of
1688 The value of this variable is used to configure link aggregated interfaces
1689 according to the syntax of the
1690 .Cm NGM_FEC_ADD_IFACE
1694 Additionally, this option ensures that each listed interface is created
1699 before attempting to configure it.
1702 fec_interfaces="fec0"
1703 fecconfig_fec0="em0 em1"
1704 ifconfig_fec0="DHCP"
1706 .It Va gif_interfaces
1708 This variable is deprecated in favor of
1709 .Va cloned_interfaces .
1712 tunnel interfaces to configure on this host.
1714 .Va gifconfig_ Ns Aq Ar interface
1715 variable is assumed to exist for each value of
1717 The value of this variable is used to configure the link layer of the
1718 tunnel according to the syntax of the
1722 Additionally, this option ensures that each listed interface is created
1727 before attempting to configure it.
1728 .It Va sppp_interfaces
1732 interfaces to configure on this host.
1734 .Va spppconfig_ Ns Aq Ar interface
1735 variable is assumed to exist for each value of
1737 Each interface should also be configured by a general
1738 .Va ifconfig_ Ns Aq Ar interface
1742 for more information about available options.
1752 The name of the profile to use from
1753 .Pa /etc/ppp/ppp.conf .
1754 Also used for per-profile overrides of
1759 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1760 When the profile name contains any of the characters
1762 they are translated to
1764 for the proposes of the override variable names.
1767 Mode in which to run the
1770 .It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1772 Overrides the global
1782 See the manual for a full description.
1787 enables network address translation.
1788 Used in conjunction with
1790 allows hosts on private network addresses access to the Internet using
1791 this host as a network address translating router.
1792 .It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1794 Overrides the global
1798 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1800 Set the unit number to be used for this profile.
1801 See the manual description of
1806 The name of the user under which
1814 .It Va rc_conf_files
1816 This option is used to specify a list of files that will override
1818 .Pa /etc/defaults/rc.conf .
1819 The files will be read in the order in which they are specified and should
1820 include the full path to the file.
1821 By default, the files specified are
1824 .Pa /etc/rc.conf.local
1830 will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1832 .It Va gptboot_enable
1836 .Pa /etc/rc.d/gptboot
1837 will log if the system successfully (or not) booted from a GPT partition,
1843 .It Va gbde_autoattach_all
1848 will attempt to automatically initialize your .bde devices in
1852 List the devices that the script should try to attach,
1857 The directory where the
1859 lockfiles are located.
1860 The default lockfile directory is
1863 The lockfile for each individual
1865 device can be overridden by setting the variable
1866 .Va gbde_lock_ Ns Aq Ar device ,
1869 is the encrypted device without the
1874 .It Va gbde_attach_attempts
1876 Number of times to attempt attaching to a
1878 device, i.e., how many times the user is asked for the pass-phrase.
1882 List of devices to automatically attach on boot.
1883 Note that .eli devices from
1885 are automatically appended to this list.
1888 Number of times user is asked for the pass-phrase.
1889 If empty, it will be taken from
1890 .Va kern.geom.eli.tries
1892 .It Va geli_default_flags
1894 Default flags to use by
1896 when configuring disk encryption.
1897 Flags can be configured for every device separately by defining
1898 .Va geli_ Ns Ao Ar device Ac Ns Va _flags
1900 .It Va geli_autodetach
1902 Specifies if GELI devices should be marked for detach on last close after
1903 file systems are mounted.
1906 This can be changed for every device separately by defining
1907 .Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1909 .It Va root_rw_mount
1914 After the file systems are checked at boot time, the root file system
1915 is remounted as read-write if this is set to
1917 Diskless systems that mount their root file system from a read-only remote
1918 NFS share should set this to
1922 .It Va fsck_y_enable
1927 will be run with the
1929 flag if the initial preen
1930 of the file systems fails.
1931 .It Va background_fsck
1935 the system will attempt to run
1937 in the background where possible.
1938 .It Va background_fsck_delay
1940 The amount of time in seconds to sleep before starting a background
1942 It defaults to sixty seconds to allow large applications such as
1943 the X server to start before disk I/O bandwidth is monopolized by
1945 If set to a negative number, the background file system check will be
1946 delayed indefinitely to allow the administrator to run it at a more
1948 For example it may be run from
1950 by adding a line like
1952 .Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
1958 List of file system types that are network-based.
1959 This list should generally not be modified by end users.
1961 .Va extra_netfs_types
1963 .It Va extra_netfs_types
1965 If set to something other than
1968 this variable extends the list of file system types
1969 for which automatic mounting at startup by
1971 should be delayed until the network is initialized.
1973 a whitespace-separated list of network file system descriptor pairs,
1974 each consisting of a file system type as passed to
1976 and a human-readable, one-word description,
1979 Extending the default list in this way is only necessary
1980 when third party file system types are used.
1981 .It Va syslogd_enable
1988 .It Va syslogd_program
1993 .Pa /usr/sbin/syslogd ) .
1994 .It Va syslogd_flags
2000 these are the flags to pass to
2009 .It Va inetd_program
2014 .Pa /usr/sbin/inetd ) .
2021 these are the flags to pass to
2030 .It Va hastd_program
2042 these are the flags to pass to
2044 .It Va local_unbound_enable
2050 daemon as a local caching resolver.
2058 .It Va named_program
2063 .Pa /usr/sbin/named ) .
2068 configuration file, (default
2069 .Pa /etc/namedb/named.conf ) .
2076 these are the flags to pass to
2082 process should be run as.
2083 .It Va named_chrootdir
2085 The root directory for a name server run in a
2087 environment (default
2091 will not be run in a
2094 .It Va named_chroot_autoupdate
2098 to disable automatic update of the
2101 .It Va named_symlink_enable
2105 to disable symlinking of
2114 loop until working name service is established.
2115 .It Va named_wait_host
2117 Name of host to lookup for the named_wait option.
2119 .It Va named_auto_forward
2121 Set to enable automatic creation of a forwarder
2122 configuration file derived from
2123 .Pa /etc/resolv.conf .
2124 .It Va named_auto_forward_only
2126 Set to change the default forwarder configuration from
2130 .It Va kerberos5_server_enable
2134 to start a Kerberos 5 authentication server
2136 .It Va kerberos5_server
2139 .Va kerberos5_server_enable
2142 this is the path to Kerberos 5 Authentication Server.
2143 .It Va kerberos5_server_flags
2146 This variable contains additional flags to be passed to the Kerberos 5
2147 authentication server.
2148 .It Va kadmind5_server_enable
2154 the Kerberos 5 Administration Daemon; set to
2157 .It Va kadmind5_server
2160 .Va kadmind5_server_enable
2163 this is the path to Kerberos 5 Administration Daemon.
2164 .It Va kpasswdd_server_enable
2170 the Kerberos 5 Password-Changing Daemon; set to
2173 .It Va kpasswdd_server
2176 .Va kpasswdd_server_enable
2179 this is the path to Kerberos 5 Password-Changing Daemon.
2186 the Kerberos 5 ticket forwarding daemon, at the boot time.
2192 .Pa /usr/libexec/kfd ) .
2199 daemon at boot time.
2206 these are the flags to pass to it.
2213 daemon at boot time.
2220 these are the flags to pass to it.
2223 manpage for more information.
2224 .It Va amd_map_program
2227 the specified program is run to get the list of
2232 maps are stored in NIS, one can set this to
2245 will be updated at boot time to reflect the kernel release
2250 will not be updated.
2251 .It Va nfs_client_enable
2255 run the NFS client daemons at boot time.
2256 .It Va nfs_access_cache
2259 .Va nfs_client_enable
2264 to disable NFS ACCESS RPC caching, or to the number of seconds for which
2266 results should be cached.
2267 A value of 2-10 seconds will substantially reduce network
2268 traffic for many NFS operations.
2269 .It Va nfs_server_enable
2273 run the NFS server daemons at boot time.
2274 .It Va nfs_server_flags
2277 .Va nfs_server_enable
2280 these are the flags to pass to the
2283 .It Va nfsv4_server_enable
2286 .Va nfs_server_enable
2290 .Va nfsv4_server_enable
2293 enable the server for NFSv4 as well as NFSv2 and NFSv3.
2294 .It Va nfsuserd_enable
2300 run the nfsuserd daemon, which is needed for NFSv4 in order
2301 to map between user/group names vs uid/gid numbers.
2303 .Va nfsv4_server_enable
2306 this will be forced enabled.
2307 .It Va nfsuserd_flags
2313 these are the flags to pass to the
2316 .It Va nfscbd_enable
2322 run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2329 these are the flags to pass to the
2332 .It Va oldnfs_server_enable
2335 .Va oldnfs_server_enable
2338 force the NFS server daemons to run the old NFS server code
2339 that does not support NFSv4.
2340 .It Va mountd_enable
2345 .Va nfs_server_enable
2351 It is commonly needed to run CFS without real NFS used.
2358 these are the flags to pass to the
2361 .It Va weak_mountd_authentication
2365 allow services like PCNFSD to make non-privileged mount
2367 .It Va nfs_reserved_port_only
2371 provide NFS services only on a secure port.
2372 .It Va nfs_bufpackets
2374 If set to a number, indicates the number of packets worth of
2375 socket buffer space to reserve on an NFS client.
2376 The kernel default is typically 4.
2377 Using a higher number may be
2378 useful on gigabit networks to improve performance.
2379 The minimum value is
2380 2 and the maximum is 64.
2381 .It Va rpc_lockd_enable
2385 and also an NFS server or client, run
2388 .It Va rpc_lockd_flags
2391 .Va rpc_lockd_enable
2394 these are the flags to pass to the
2397 .It Va rpc_statd_enable
2401 and also an NFS server or client, run
2404 .It Va rpc_statd_flags
2407 .Va rpc_statd_enable
2410 these are the flags to pass to the
2413 .It Va rpcbind_program
2418 .Pa /usr/sbin/rpcbind ) .
2419 .It Va rpcbind_enable
2425 service at boot time.
2426 .It Va rpcbind_flags
2432 these are the flags to pass to the
2435 .It Va keyserv_enable
2441 daemon on boot for running Secure RPC.
2442 .It Va keyserv_flags
2448 these are the flags to pass to
2451 .It Va pppoed_enable
2457 daemon at boot time to provide PPP over Ethernet services.
2458 .It Va pppoed_ Ns Aq Ar provider
2461 listens to requests to this
2467 argument of the same name.
2470 Additional flags to pass to
2472 .It Va pppoed_interface
2474 The network interface to run
2477 This is mandatory when
2487 service at boot time.
2488 This command is intended for networks of
2489 machines where a consistent
2491 for all hosts must be established.
2492 This is often useful in large NFS
2493 environments where time stamps on files are expected to be consistent
2501 these are the flags to pass to the
2504 .It Va ntpdate_enable
2511 This command is intended to
2512 synchronize the system clock only
2514 from some standard reference.
2515 .It Va ntpdate_config
2517 Configuration file for
2521 .It Va ntpdate_hosts
2523 A whitespace-separated list of NTP servers to synchronize with at startup.
2524 The default is to use the servers listed in
2525 .Va ntpdate_config ,
2526 if that file exists.
2527 .It Va ntpdate_program
2532 .Pa /usr/sbin/ntpdate ) .
2533 .It Va ntpdate_flags
2539 these are the flags to pass to the
2541 command (typically a hostname).
2548 command at boot time.
2554 .Pa /usr/sbin/ntpd ) .
2568 these are the flags to pass to the
2571 .It Va ntpd_sync_on_start
2578 flag, which syncs the system's clock on startup.
2581 for more information regarding the
2584 This is a preferred alternative to using
2589 .It Va nis_client_enable
2595 service at system boot time.
2596 .It Va nis_client_flags
2599 .Va nis_client_enable
2602 these are the flags to pass to the
2605 .It Va nis_ypset_enable
2611 daemon at system boot time.
2612 .It Va nis_ypset_flags
2615 .Va nis_ypset_enable
2618 these are the flags to pass to the
2621 .It Va nis_server_enable
2627 daemon at system boot time.
2628 .It Va nis_server_flags
2631 .Va nis_server_enable
2634 these are the flags to pass to the
2637 .It Va nis_ypxfrd_enable
2643 daemon at system boot time.
2644 .It Va nis_ypxfrd_flags
2647 .Va nis_ypxfrd_enable
2650 these are the flags to pass to the
2653 .It Va nis_yppasswdd_enable
2659 daemon at system boot time.
2660 .It Va nis_yppasswdd_flags
2663 .Va nis_yppasswdd_enable
2666 these are the flags to pass to the
2669 .It Va rpc_ypupdated_enable
2675 daemon at system boot time.
2676 .It Va bsnmpd_enable
2682 daemon at system boot time.
2683 Be sure to understand the security implications of running SNMP daemon
2691 these are the flags to pass to the
2694 .It Va defaultrouter
2698 create a default route to this host name or IP address
2699 (use an IP address if this router is also required to get to the
2701 .It Va ipv6_defaultrouter
2703 The IPv6 equivalent of
2705 .It Va static_arp_pairs
2707 Set to the list of static ARP pairs that are to be added at system
2709 For each whitespace separated
2712 .Va static_arp_ Ns Aq Ar element
2713 variable is assumed to exist whose contents will later be passed to a
2718 static_arp_pairs="gw"
2719 static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2721 .It Va static_ndp_pairs
2723 Set to the list of static NDP pairs that are to be added at system
2725 For each whitespace separated
2728 .Va static_ndp_ Ns Aq Ar element
2729 variable is assumed to exist whose contents will later be passed to a
2734 static_ndp_pairs="gw"
2735 static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2737 .It Va static_routes
2739 Set to the list of static routes that are to be added at system
2743 then for each whitespace separated
2746 .Va route_ Ns Aq Ar element
2747 variable is assumed to exist
2748 whose contents will later be passed to a
2753 static_routes="ext mcast:gif0 gif0local:gif0"
2754 route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2755 route_mcast="-net 224.0.0.0/4 -iface gif0"
2756 route_gif0local="-host 169.254.1.1 -iface lo0"
2763 the route is specific to the interface
2765 .It Va ipv6_static_routes
2767 The IPv6 equivalent of
2771 then for each whitespace separated
2774 .Va ipv6_route_ Ns Aq Ar element
2775 variable is assumed to exist
2776 whose contents will later be passed to a
2777 .Dq Nm route Cm add Fl inet6
2779 .It Va natm_static_routes
2785 If not empty then for each whitespace separated
2788 .Va route_ Ns Aq Ar element
2789 variable is assumed to exist whose contents will later be passed to a
2790 .Dq Nm atmconfig Cm natm Cm add
2792 .It Va gateway_enable
2796 configure host to act as an IP router, e.g.\& to forward packets
2798 .It Va ipv6_gateway_enable
2800 The IPv6 equivalent of
2801 .Va gateway_enable .
2802 .It Va routed_enable
2806 run a routing daemon of some sort, based on the
2811 .It Va route6d_enable
2813 The IPv6 equivalent of
2817 run a routing daemon of some sort, based on the
2822 .It Va routed_program
2828 this is the name of the routing daemon to use.
2829 .It Va route6d_program
2831 The IPv6 equivalent of
2832 .Va routed_program .
2839 these are the flags to pass to the routing daemon.
2840 .It Va route6d_flags
2842 The IPv6 equivalent of
2844 .It Va mrouted_enable
2848 run the multicast routing daemon,
2850 .It Va mroute6d_enable
2852 The IPv6 equivalent of
2853 .Va mrouted_enable .
2856 run the IPv6 multicast routing daemon.
2858 Note that multicast routing daemons are no longer included in the
2860 base system, however, both
2864 may be installed from the
2867 .It Va mrouted_flags
2873 these are the flags to pass to the
2876 .It Va mroute6d_flags
2878 The IPv6 equivalent of
2884 these are the flags passed to the IPv6 multicast routing daemon.
2885 .It Va mroute6d_program
2891 this is the path to the IPv6 multicast routing daemon.
2892 .It Va rtadvd_enable
2898 daemon at boot time.
2901 utility sends ICMPv6 Router Advertisement messages to
2902 the interfaces specified in
2903 .Va rtadvd_interfaces .
2904 This should only be enabled with great care.
2905 You may want to fine-tune
2907 .It Va rtadvd_interfaces
2913 this is the list of interfaces to use.
2914 .It Va ipxgateway_enable
2918 enable the routing of IPX traffic.
2919 .It Va ipxrouted_enable
2925 daemon at system boot time.
2926 .It Va ipxrouted_flags
2929 .Va ipxrouted_enable
2932 these are the flags to pass to the
2939 enable global proxy ARP.
2940 .It Va forward_sourceroute
2948 source-routed packets are forwarded.
2949 .It Va accept_sourceroute
2953 the system will accept source-routed packets directed at it.
2960 daemon at system boot time.
2967 these are the flags to pass to the
2970 .It Va bootparamd_enable
2976 daemon at system boot time.
2977 .It Va bootparamd_flags
2980 .Va bootparamd_enable
2983 these are the flags to pass to the
2986 .It Va stf_interface_ipv4addr
2990 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2992 Specify this entry to enable the 6to4 interface.
2993 .It Va stf_interface_ipv4plen
2995 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2996 An effective value is 0-31.
2997 .It Va stf_interface_ipv6_ifid
2999 IPv6 interface ID for
3003 .It Va stf_interface_ipv6_slaid
3005 IPv6 Site Level Aggregator for
3007 .It Va ipv6_faith_prefix
3011 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
3016 .It Va ipv6_ipv4mapping
3020 this enables IPv4 mapped IPv6 address communication (like
3021 .Li ::ffff:a.b.c.d ) .
3022 .It Va rtsold_enable
3028 daemon to send ICMPv6 Router Solicitation messages.
3035 these are the flags to pass to
3039 For interfaces configured with the
3040 .Dq Li inet6 accept_rtadv
3041 keyword, these are the flags to pass to
3046 is mutually exclusive to
3054 to enable the configuration of ATM interfaces at system boot time.
3055 For all of the ATM variables described below, please refer to the
3057 manual page for further details on the available command parameters.
3058 Also refer to the files in
3059 .Pa /usr/share/examples/atm
3060 for more detailed configuration information.
3063 This is a list of physical ATM interface drivers to load.
3068 .It Va atm_netif_ Ns Aq Ar intf
3070 For the ATM physical interface
3072 this variable defines the name prefix and count for the ATM network
3073 interfaces to be created.
3074 The value will be passed as the parameters of an
3075 .Dq Nm atm Cm "set netif" Ar intf
3077 .It Va atm_sigmgr_ Ns Aq Ar intf
3079 For the ATM physical interface
3081 this variable defines the ATM signalling manager to be used.
3082 The value will be passed as the parameters of an
3083 .Dq Nm atm Cm attach Ar intf
3085 .It Va atm_prefix_ Ns Aq Ar intf
3087 For the ATM physical interface
3089 this variable defines the NSAP prefix for interfaces using a UNI signalling
3093 the prefix will automatically be set via the
3096 Otherwise, the value will be passed as the parameters of an
3097 .Dq Nm atm Cm "set prefix" Ar intf
3099 .It Va atm_macaddr_ Ns Aq Ar intf
3101 For the ATM physical interface
3103 this variable defines the MAC address for interfaces using a UNI signalling
3107 the hardware MAC address contained in the ATM interface card will be used.
3108 Otherwise, the value will be passed as the parameters of an
3109 .Dq Nm atm Cm "set mac" Ar intf
3111 .It Va atm_arpserver_ Ns Aq Ar netif
3113 For the ATM network interface
3115 this variable defines the ATM address for a host which is to provide ATMARP
3117 This variable is only applicable to interfaces using a UNI signalling
3121 this host will become an ATMARP server.
3122 The value will be passed as the parameters of an
3123 .Dq Nm atm Cm "set arpserver" Ar netif
3125 .It Va atm_scsparp_ Ns Aq Ar netif
3129 SCSP/ATMARP service for the network interface
3131 will be initiated using the
3136 This variable is only applicable if
3137 .Va atm_arpserver_ Ns Aq Ar netif
3142 Set to the list of ATM PVCs to be added at system
3144 For each whitespace separated
3147 .Va atm_pvc_ Ns Aq Ar element
3148 variable is assumed to exist.
3149 The value of each of these variables
3150 will be passed as the parameters of an
3151 .Dq Nm atm Cm "add pvc"
3155 Set to the list of permanent ATM ARP entries to be added
3156 at system boot time.
3157 For each whitespace separated
3160 .Va atm_arp_ Ns Aq Ar element
3161 variable is assumed to exist.
3162 The value of each of these variables
3163 will be passed as the parameters of an
3164 .Dq Nm atm Cm "add arp"
3166 .It Va natm_interfaces
3170 interfaces that will also be used for HARP through
3172 If this list is not empty all interfaces in the list will be brought up
3178 For this to work the interface drivers must be either compiled into the
3179 kernel or must reside on the root partition.
3182 The keyboard bell sound.
3189 if the default behavior is desired.
3190 For details, refer to the
3195 If set to a non-null string, the virtual console's keyboard input is
3201 no keymap is installed, otherwise the value is used to install
3203 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
3206 The keyboard repeat speed.
3213 if the default behavior is desired.
3218 attempt to program the function keys with the value.
3220 be a single string of the form:
3221 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3224 Can be set to the value of
3227 .Dq Li destructive ,
3230 to set the cursor behavior explicitly or choose the default behavior.
3235 no screen map is installed, otherwise the value is used to install
3236 the screen map file in
3237 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3242 the default 8x16 font value is used for screen size requests, otherwise
3244 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3250 the default 8x14 font value is used for screen size requests, otherwise
3252 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3258 the default 8x8 font value is used for screen size requests, otherwise
3260 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3266 the default screen blanking interval is used, otherwise it is set
3274 this is the actual screen saver to use
3275 .Li ( blank , snake , daemon ,
3277 .It Va moused_nondefault_enable
3281 the mouse device specified on
3282 the command line is not automatically treated as enabled by the
3283 .Pa /etc/rc.d/moused
3285 Having this variable set to
3291 to be enabled as soon as it is plugged in.
3292 .It Va moused_enable
3298 daemon is started for doing cut/paste selection on the console.
3301 This is the protocol type of the mouse connected to this host.
3302 This variable must be set if
3309 is able to detect the appropriate mouse type automatically in many cases.
3310 Set this variable to
3312 to let the daemon detect it, or
3313 select one from the following list if the automatic detection fails.
3315 If the mouse is attached to the PS/2 mouse port, choose
3319 regardless of the brand and model of the mouse.
3321 mouse is attached to the bus mouse port, choose
3325 All other protocols are for serial mice and will not work with
3326 the PS/2 and bus mice.
3327 If this is a USB mouse,
3329 is the only protocol type which will work.
3331 .Bl -tag -width ".Li x10mouseremote" -compact
3333 Microsoft mouse (serial)
3335 Microsoft IntelliMouse (serial)
3337 Mouse systems Corp.\& mouse (serial)
3339 MM Series mouse (serial)
3341 Logitech mouse (serial)
3345 Logitech MouseMan and TrackMan (serial)
3347 ALPS GlidePoint (serial)
3348 .It Li thinkingmouse
3349 Kensington ThinkingMouse (serial)
3353 MM HitTablet (serial)
3354 .It Li x10mouseremote
3355 X10 MouseRemote (serial)
3357 Interlink VersaPad (serial)
3360 Even if the mouse is not in the above list, it may be compatible
3361 with one in the list.
3362 Refer to the manual page for
3364 for compatibility information.
3366 It should also be noted that while this is enabled, any
3367 other client of the mouse (such as an X server) should access
3368 the mouse through the virtual mouse device,
3370 and configure it as a
3372 type mouse, since all
3373 mouse data is converted to this single canonical format when
3376 If the client program does not support the
3382 It is the second preferred type.
3389 this is the actual port the mouse is on.
3392 for a COM1 serial mouse,
3396 for a bus mouse, for example.
3401 is set, its value is used as an additional set of flags to pass to the
3404 .It Va "moused_" Ns Ar XXX Ns Va "_flags"
3406 .Va moused_nondefault_enable
3409 daemon is started for a non-default port, the
3410 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3411 set of options has precedence over and replaces the default
3415 is the name of the non-default port, i.e.,\&
3418 .Va "moused_" Ns Ar XXX Ns Va "_flags"
3419 it is possible to set up a different set of default flags for each
3422 For example, you can use
3426 to make your laptop's touchpad more comfortable to use,
3427 but an empty set of options for
3428 .Va moused_ums0_flags
3431 mouse has three or more buttons.
3432 .It Va mousechar_start
3436 the default mouse cursor character range
3437 .Li 0xd0 Ns - Ns Li 0xd3
3439 otherwise the range start is set
3444 Use if the default range is occupied in the language code table.
3445 .It Va allscreens_flags
3449 is run with these options for each of the virtual terminals
3453 will enable the mouse pointer on all virtual terminals
3458 .It Va allscreens_kbdflags
3462 is run with these options for each of the virtual terminals
3468 scrollback (history) buffer to 200 lines.
3475 daemon at system boot time.
3481 .Pa /usr/sbin/cron ) .
3488 these are the flags to pass to
3494 enable the special handling of transitions to and from the
3495 Daylight Saving Time in
3497 (equivalent to using the flag
3504 .Pa /usr/sbin/lpd ) .
3511 daemon at system boot time.
3518 these are the flags to pass to the
3521 .It Va chkprintcap_enable
3527 command before starting the
3530 .It Va chkprintcap_flags
3535 .Va chkprintcap_enable
3538 these are the flags to pass to the
3543 which causes missing directories to be created.
3544 .It Va mta_start_script
3546 This variable specifies the full path to the script to run to start
3547 a mail transfer agent.
3549 .Pa /etc/rc.sendmail .
3553 .Pa /etc/rc.sendmail
3554 uses are documented in the
3559 Indicates the device (usually a swap partition) to which a crash dump
3560 should be written in the event of a system crash.
3561 If the value of this variable is
3563 the first suitable swap device listed in
3565 will be used as dump device.
3566 Otherwise, the value of this variable is passed as the argument to
3568 To disable crash dumps, set this variable to
3572 When the system reboots after a crash and a crash dump is found on the
3573 device specified by the
3577 will save that crash dump and a copy of the kernel to the directory
3581 The default value is
3590 .It Va savecore_flags
3592 If crash dumps are enabled, these are the flags to pass to the
3599 to turn on user and group disk quotas on system startup via the
3601 command for all file systems marked as having quotas enabled in
3603 The kernel must be built with
3605 for disk quotas to function.
3610 to enable user and group disk quota checking via the
3613 .It Va quotacheck_flags
3623 these are the flags to pass to the
3628 which checks quotas for all file systems with quotas enabled in
3630 .It Va quotaon_flags
3636 these are the flags to pass to the
3641 which enables quotas for all file systems with quotas enabled in
3643 .It Va quotaoff_flags
3649 these are the flags to pass to the
3651 utility when shutting down the quota system.
3654 which disables quotas for all file systems with quotas enabled in
3656 .It Va accounting_enable
3660 to enable system accounting through the
3667 to enable iBCS2 (SCO) binary emulation at system initial boot
3669 .It Va ibcs2_loaders
3677 this specifies a list of additional iBCS2 loaders to enable.
3682 to enable Linux/ELF binary emulation at system initial
3688 enable SysVR4 emulation at boot time.
3689 .It Va sysvipc_enable
3693 load System V IPC primitives at boot time.
3694 .It Va clear_tmp_enable
3705 to disable removing of X11 lock files,
3706 and the removal and (secure) recreation
3707 of the various socket directories for X11
3709 .It Va ldconfig_paths
3711 Set to the list of shared library paths to use with
3715 will always be added first, so it need not appear in this list.
3716 .It Va ldconfig32_paths
3718 Set to the list of 32-bit compatibility shared library paths to
3721 .It Va ldconfig_paths_aout
3723 Set to the list of shared library paths to use with
3728 .It Va ldconfig_insecure
3732 utility normally refuses to use directories
3733 which are writable by anyone except root.
3734 Set this variable to
3736 to disable that security check during system startup.
3737 .It Va ldconfig_local_dirs
3739 Set to the list of local
3742 The names of all files in the directories listed will be
3743 passed as arguments to
3745 .It Va ldconfig_local32_dirs
3747 Set to the list of local 32-bit compatibility
3750 The names of all files in the directories listed will be
3751 passed as arguments to
3752 .Dq Nm ldconfig Fl 32 .
3753 .It Va kern_securelevel_enable
3757 to set the kernel security level at system startup.
3758 .It Va kern_securelevel
3760 The kernel security level to set at startup.
3761 The allowed range of
3763 ranges from \-1 (the compile time default) to 3 (the
3767 for the list of possible security levels and their effect
3768 on system operation.
3771 Path to the SSH server program
3772 .Pa ( /usr/sbin/sshd
3780 at system boot time.
3787 these are the flags to pass to the
3792 Path to the FTP server program
3793 .Pa ( /usr/libexec/ftpd
3801 as a stand-alone daemon at system boot time.
3808 these are the additional flags to pass to the
3811 .It Va watchdogd_enable
3817 daemon at boot time.
3818 This requires that the kernel have been compiled with a
3821 .It Va watchdogd_flags
3824 .Va watchdogd_enable
3827 these are the flags passed to the
3830 .It Va devfs_rulesets
3832 List of files containing sets of rules for
3834 .It Va devfs_system_ruleset
3836 Rule name(s) to apply to the system
3839 .It Va devfs_set_rulesets
3841 Pairs of already-mounted
3843 directories and rulesets that should be applied to them.
3844 For example: /mount/dev=ruleset_name
3845 .It Va devfs_load_rulesets
3847 If set, always load the default rulesets listed in
3848 .Va devfs_rulesets .
3849 .It Va performance_cx_lowest
3851 CPU idle state to use while on AC power.
3856 should use the lowest power state available while
3858 indicates that the lowest latency state (less power savings) should be used.
3859 .It Va performance_cpu_freq
3861 CPU clock frequency to use while on AC power.
3866 should use the lowest frequency available while
3868 indicates that the highest frequency (less power savings) should be used.
3869 .It Va economy_cx_lowest
3871 CPU idle state to use when off AC power.
3876 should use the lowest power state available while
3878 indicates that the lowest latency state (less power savings) should be used.
3879 .It Va economy_cpu_freq
3881 CPU clock frequency to use when off AC power.
3886 should use the lowest frequency available while
3888 indicates that the highest frequency (less power savings) should be used.
3893 any configured jails will not be started.
3896 The configuration filename used by
3899 The default value is
3900 .Pa /etc/jail.conf .
3901 .It Va jail_parallel_start
3905 all configured jails will be started in the background (in parallel).
3909 When set, use as default value for
3910 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3915 A space separated list of names for jails.
3916 If this variable is empty,
3919 instances in the configuration file will be configured.
3920 This is purely a configuration aid to help identify and
3921 configure multiple jails.
3922 The names specified in this list will be used to
3923 identify settings common to an instance of a jail,
3924 and should contain alphanumeric characters only.
3925 The literal jail name of
3929 .It Va jail_* variables
3930 Note that older releases supported per-jail configuration via
3934 hostname of a jail named
3936 was able to be set by
3937 .Li jail_vjail_hostname .
3938 These per-jail configuration variables are now obsolete in favor of
3941 For backward compatibility,
3942 when per-jail configuration variables are defined,
3944 configuration files are created as
3945 .Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf
3948 The following per-jail parameters are handled by
3950 script out of their corresponding
3953 In addition to them, parameters in
3954 .Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3955 will be added to the configuration file.
3956 They must be a semi-colon
3964 .Bl -tag -width "host.hostname" -offset indent
3967 .Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3968 .It Li host.hostname
3970 .Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3971 .It Li exec.consolelog
3973 .Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3974 The default value is
3975 .Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3978 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
3979 .It Li vnet.interface
3981 .Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
3984 parameter will be enabled and cannot be specified with
3985 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
3986 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3988 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3992 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3995 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3997 .Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable.
4000 .Va jail_ Ns Ao Ar jname Ac Ns Va _fib
4003 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
4004 The parameter name was
4006 in some older releases.
4007 .It Li exec.prestart
4009 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
4010 .It Li exec.poststart
4012 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
4015 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
4018 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
4019 .It Li exec.poststop
4021 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
4024 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4026 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4027 contain IPv4 addresses
4030 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4032 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4033 contain IPv6 addresses
4036 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
4039 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
4040 .It Li devfs_ruleset
4042 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
4043 This must be an integer,
4045 .It Li allow.set_hostname
4047 .Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
4048 .It Li allow.rawsocket
4050 .Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
4051 .It Li allow.sysvipc
4053 .Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
4055 .\" -----------------------------------------------------
4056 .It Va harvest_interrupt
4060 to use hardware interrupts as an entropy source.
4063 for more information.
4064 .It Va harvest_ethernet
4068 to use LAN traffic as an entropy source.
4071 for more information.
4072 .It Va harvest_p_to_p
4076 to use serial line traffic as an entropy source.
4079 for more information.
4084 to disable caching entropy via
4086 Otherwise set to the directory used to store entropy files in.
4091 to disable caching entropy through reboots.
4092 Otherwise set to the filename used to store cached entropy through
4094 This file should be located on the root file system to seed the
4096 device as early as possible in the boot process.
4097 .It Va entropy_save_sz
4099 Size of the entropy cache files saved by
4102 .It Va entropy_save_num
4104 Number of entropy cache files to save by
4118 Configuration file for
4127 .Pa /var/run/dmesg.boot
4129 .It Va rcshutdown_timeout
4131 If set, start a watchdog timer in the background which will terminate
4135 has not completed within the specified time (in seconds).
4136 Notice that in addition to this soft timeout,
4138 also applies a hard timeout for the execution of
4140 This is configured via
4143 .Va kern.init_shutdown_timeout
4144 and defaults to 120 seconds.
4145 Setting the value of
4146 .Va rcshutdown_timeout
4147 to more than 120 seconds will have no effect until the
4150 .Va kern.init_shutdown_timeout
4152 .It Va virecover_enable
4156 to prevent the system from trying to
4157 recover pre-maturely terminated
4160 .It Va ugidfw_enable
4165 .Xr mac_bsdextended 4
4166 module upon system initialization and load a default
4168 .It Va bsdextended_script
4171 .Xr mac_bsdextended 4
4172 ruleset file to load.
4173 The default value of this variable is
4174 .Pa /etc/rc.bsdextended .
4175 .It Va newsyslog_enable
4182 .It Va newsyslog_flags
4185 .Va newsyslog_enable
4188 these are the flags to pass to the
4193 which causes log files flagged with a
4196 .It Va mdconfig_md Ns Aq Ar X
4206 must be specified and either a
4208 for malloc or swap backed
4216 .Va mdconfig_md Ns Aq Ar X
4217 variables are evaluated until one variable is unset or null.
4218 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4220 Optional arguments passed to
4226 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4228 An ownership specification passed to
4237 device and the mount point will be changed.
4238 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4240 A mode string passed to
4249 device and the mount point will be changed.
4250 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4252 Files to be copied to the mount point of the
4256 after it has been mounted.
4257 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4259 Command to execute after the specified
4264 Note that the command is passed to
4270 variables can be used to reference respectively the
4272 device and the mount point.
4277 one could set the following:
4279 mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4281 .It Va autobridge_interfaces
4283 Set to the list of bridge interfaces that will have newly arriving interfaces
4284 checked against to be automatically added.
4287 then for each whitespace separated
4290 .Va autobridge_ Ns Aq Ar element
4291 variable is assumed to exist which has a whitespace separated list of interface
4292 names to match, these names can use wildcards.
4295 autobridge_interfaces="bridge0"
4296 autobridge_bridge0="tap* dc0 vlan[345]"
4302 enable support for sound mixer.
4303 .It Va hcsecd_enable
4307 enable Bluetooth security daemon.
4308 .It Va hcsecd_config
4310 Configuration file for
4313 .Pa /etc/bluetooth/hcsecd.conf .
4318 enable Bluetooth Service Discovery Protocol daemon.
4326 .It Va sdpd_groupname
4330 group to run as after it initializes.
4333 .It Va sdpd_username
4337 user to run as after it initializes.
4340 .It Va bthidd_enable
4344 enable Bluetooth Human Interface Device daemon.
4345 .It Va bthidd_config
4347 Configuration file for
4350 .Pa /etc/bluetooth/bthidd.conf .
4353 Path to a file, where
4355 will store information about known HID devices.
4357 .Pa /var/db/bthidd.hids .
4358 .It Va rfcomm_pppd_server_enable
4362 enable Bluetooth RFCOMM PPP wrapper daemon.
4363 .It Va rfcomm_pppd_server_profile
4365 The name of the profile to use from
4366 .Pa /etc/ppp/ppp.conf .
4367 Multiple profiles can be specified here.
4368 Also used to specify per-profile overrides.
4369 When the profile name contains any of the characters
4371 they are translated to
4373 for the proposes of the override variable names.
4374 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4376 Overrides local address to listen on.
4382 The address can be specified as BD_ADDR or name.
4383 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4385 Overrides local RFCOMM channel to listen on.
4388 will listen on RFCOMM channel 1.
4389 Must set properly if multiple profiles used in the same time.
4390 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4394 if it should register Serial Port service on the specified RFCOMM channel.
4397 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4401 if it should register Dial-Up Networking service on the specified
4405 .It Va ubthidhci_enable
4409 change the USB Bluetooth controller from HID mode to HCI mode.
4410 You also need to specify the location of USB Bluetooth controller with the
4411 .Va ubthidhci_busnum
4415 .It Va ubthidhci_busnum
4416 Bus number where the USB Bluetooth controller is located.
4419 on your system to find this information.
4420 .It Va ubthidhci_addr
4421 Bus address of the USB Bluetooth controller.
4424 on your system to find this information.
4425 .It Va netwait_enable
4429 delays the start of network-reliant services until
4431 is up and ICMP packets to a destination defined in
4434 Link state is examined first, followed by
4436 an IP address to verify network usability.
4437 If no destination can be reached or timeouts are exceeded,
4438 network services are started anyway with no guarantee that
4439 the network is usable.
4440 Use of this variable requires both
4448 This variable contains a space-delimited list of IP addresses to
4450 DNS hostnames should not be used as resolution is not guaranteed
4451 to be functional at this point.
4452 If multiple IP addresses are specified,
4453 each will be tried until one is successful or the list is exhausted.
4454 .It Va netwait_timeout
4456 Indicates the total number of seconds to perform a
4458 against each IP address in
4460 at a rate of one ping per second.
4461 If any of the pings are successful,
4462 full network connectivity is considered reliable.
4467 Defines the name of the network interface on which watch for link.
4469 is used to monitor the interface, looking for
4470 .Dq Li status: no carrier .
4471 Once gone, the link is considered up.
4474 interface if desired.
4475 .It Va netwait_if_timeout
4477 Defines the total number of seconds to wait for link to become usable,
4478 polled at a 1-second interval.
4482 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4483 .It Pa /etc/defaults/rc.conf
4485 .It Pa /etc/rc.conf.local
4514 .Xr newsyslog.conf 5 ,
4585 .An Jordan K. Hubbard .
projects / FreeBSD / stable / 10.git / blob