4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the system installation utility,
46 is not to run commands or perform system startup actions
48 Instead, it is included by the
49 various generic startup scripts in
51 which conditionalize their
52 internal actions according to the settings found there.
56 file is included from the file
57 .Pa /etc/defaults/rc.conf ,
58 which specifies the default settings for all the available options.
59 Options need only be specified in
61 when the system administrator wishes to override these defaults.
63 .Pa /etc/rc.conf.local
64 is used to override settings in
66 for historical reasons.
72 .Dq Ar name Ns Li = Ns Ar value
76 The following list provides a name and short description for each
77 variable that can be set in the
80 .Bl -tag -width indent-two
85 enable output of debug messages from rc scripts.
86 This variable can be helpful in diagnosing mistakes when
87 editing or integrating new scripts.
88 Beware that this produces copious output to the terminal and
94 disable informational messages from the rc scripts.
95 Informational messages are displayed when
96 a condition that is not serious enough to warrant a warning or
98 .It Va early_late_divider
100 The name of the script that should be used as the
101 delimiter between the
105 stages of the boot process.
106 The early stage should contain all the services needed to
107 get the disks (local or remote) mounted so that the late
108 stage can include scripts contained in the directories
111 variable (see below).
112 Thus, the two likely candidates for this value are
114 for the typical system, and
116 if the system needs remote file
117 systems mounted to get access to the
119 directories; for example when
127 is likely to be an appropriate value.
128 Extreme care should be taken when changing this value,
129 and before changing it one should ensure that there are
130 adequate provisions to recover from a failed boot
131 (such as physical contact with the machine,
132 or reliable remote console access).
137 no swapfile is installed, otherwise the value is used as the full
138 pathname to a file to use for additional swap space.
143 enable support for Automatic Power Management with
151 to handle APM event from userland.
152 This also enables support for APM.
159 these are the flags to pass to the
166 to handle device added, removed or unknown events from the kernel.
173 scripts at boot time.
176 Configuration file for
180 .It Va kldxref_enable
187 to automatically rebuild
192 .It Va kldxref_clobber
202 will overwrite existing
209 .It Va kldxref_module_path
214 delimited list of paths containing
226 enable the system power control facility with the
235 these are the flags to pass to the
239 Controls the creation of a
242 Always happens if set to
244 and never happens if set to
246 If set to anything else, a memory file system is created if
250 Controls the size of a created
254 Extra options passed to the
256 utility when the memory file system for
261 which inhibits the use of softupdates on
263 so that file system space is freed without delay
264 after file truncation or deletion.
267 for other options you can use in
270 Controls the creation of a
273 Always happens if set to
275 and never happens if set to
277 If set to anything else, a memory file system is created if
281 Controls the size of a created
285 Extra options passed to the
287 utility when the memory file system for
292 which inhibits the use of softupdates on
294 so that file system space is freed without delay
295 after file truncation or deletion.
298 for other options you can use in
301 Controls the automatic population of the
304 Always happens if set to
306 and never happens if set to
308 If set to anything else, a memory file system is created if
311 Note that this process requires access to certain commands in
315 is mounted on normal systems.
316 .It Va cleanvar_enable
323 List of directories to search for startup script files.
324 .It Va script_name_sep
326 The field separator to use for breaking down the list of startup script files
327 into individual filenames.
328 The default is a space.
329 It is not necessary to change this unless there are startup scripts with names
331 .It Va hostapd_enable
340 The fully qualified domain name (FQDN) of this host on the network.
341 This should almost certainly be set to something meaningful, even if
342 there is no network connection.
345 is used to set the hostname via DHCP,
346 this variable should be set to an empty string.
349 Enable support for IPv6 networking.
350 Note that this requires that the kernel has been compiled with
351 .Cd "options INET6" .
354 The NIS domain name of this host, or
357 .It Va dhclient_program
359 Path to the DHCP client program
360 .Pa ( /sbin/dhclient ,
365 .It Va dhclient_flags
367 Additional flags to pass to the DHCP client program.
372 manpage for a description of the command line options available.
373 .It Va dhclient_flags_ Ns Aq Ar iface
374 Additional flags to pass to the DHCP client program running on
377 When specified, this variable overrides
379 .It Va background_dhclient
383 to start the DHCP client in background.
384 This can cause trouble with applications depending on
385 a working network, but it will provide a faster startup
387 .It Va background_dhclient_ Ns Aq Ar iface
388 When specified, this variable overrides the
389 .Va background_dhclient
390 variable for interface
393 .It Va synchronous_dhclient
399 synchronously at startup.
400 This behavior can be overridden on a per-interface basis by replacing
404 .Va ifconfig_ Ns Aq Ar interface
409 .It Va defaultroute_delay
411 When set to a positive value, wait up to this long after configuring
412 DHCP interfaces at startup to give the interfaces time to receive a lease.
413 .It Va firewall_enable
417 to load firewall rules at startup.
418 If the kernel was not built with
419 .Cd "options IPFIREWALL" ,
422 kernel module will be loaded.
424 .Va ipfilter_enable .
425 .It Va ipv6_firewall_enable
427 The IPv6 equivalent of
428 .Va firewall_enable .
431 to load IPv6 firewall rules at startup.
432 If the kernel was not built with
433 .Cd "options IPV6FIREWALL" ,
436 kernel module will be loaded.
437 .It Va firewall_script
439 This variable specifies the full path to the firewall script to run.
441 .Pa /etc/rc.firewall .
442 .It Va ipv6_firewall_script
444 The IPv6 equivalent of
445 .Va firewall_script .
448 Names the firewall type from the selection in
449 .Pa /etc/rc.firewall ,
450 or the file which contains the local firewall ruleset.
451 Valid selections from
455 .Bl -tag -width ".Li simple" -compact
457 unrestricted IP access
459 all IP services disabled, except via
462 basic protection for a workstation
464 basic protection for a LAN.
467 If a filename is specified, the full path
469 .It Va ipv6_firewall_type
471 The IPv6 equivalent of
473 .It Va firewall_quiet
477 to disable the display of firewall rules on the console during boot.
478 .It Va ipv6_firewall_quiet
480 The IPv6 equivalent of
482 .It Va firewall_logging
486 to enable firewall event logging.
487 This is equivalent to the
488 .Dv IPFIREWALL_VERBOSE
490 .It Va ipv6_firewall_logging
492 The IPv6 equivalent of
493 .Va firewall_logging .
494 .It Va firewall_flags
500 specifies a filename.
501 .It Va ipv6_firewall_flags
503 The IPv6 equivalent of
505 .\" ----- firewall_nat_enable setting --------------------------------
506 .It Va firewall_nat_enable
518 .It Va firewall_nat_interface
524 This is the name of the public interface or IP address on which
525 kernel NAT should run.
526 .It Va firewall_nat_flags
528 Additional configuration parameters for kernel NAT should be placed here.
529 .It Va dummynet_enable
533 will automatically load the
539 .\" -------------------------------------------------------------------
555 sockets must be enabled in the kernel.
556 If the kernel was not built with
557 .Cd "options IPDIVERT" ,
560 kernel module will be loaded.
561 .It Va natd_interface
563 This is the name of the public interface on which
566 The interface may be given as an interface name or as an IP address.
571 flags should be placed here.
576 flag is automatically added with the above
579 .\" ----- ipfilter_enable setting --------------------------------
580 .It Va ipfilter_enable
591 Typical usage will require putting
593 ipfilter_enable="YES"
611 can be enabled independently.
615 both require at least one of
625 options IPFILTER_DEFAULT_BLOCK
628 in the kernel configuration file is a good idea, too.
629 .\" ----- ipfilter_program setting ------------------------------
630 .It Va ipfilter_program
636 .\" ----- ipfilter_rules setting --------------------------------
637 .It Va ipfilter_rules
642 This variable contains the name of the filter rule definition file.
643 The file is expected to be readable for the
646 .\" ----- ipv6_ipfilter_rules setting ---------------------------
647 .It Va ipv6_ipfilter_rules
652 This variable contains the IPv6 filter rule definition file.
653 The file is expected to be readable for the
656 .\" ----- ipfilter_flags setting --------------------------------
657 .It Va ipfilter_flags
660 This variable contains flags passed to the
663 .\" ----- ipnat_enable setting ----------------------------------
673 network address translation.
676 for a detailed discussion.
677 .\" ----- ipnat_program setting ---------------------------------
684 .\" ----- ipnat_rules setting -----------------------------------
690 This variable contains the name of the file
691 holding the network address translation definition.
692 This file is expected to be readable for the
695 .\" ----- ipnat_flags setting -----------------------------------
699 This variable contains flags passed to the
702 .\" ----- ipmon_enable setting ----------------------------------
717 Setting this variable needs setting
724 for a detailed discussion.
725 .\" ----- ipmon_program setting ---------------------------------
732 .\" ----- ipmon_flags setting -----------------------------------
738 This variable contains flags passed to the
741 Another typical example would be
742 .Dq Fl D Pa /var/log/ipflog
745 log directly to a file bypassing
748 .Pa /etc/newsyslog.conf
749 in such case like this:
751 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
753 .\" ----- ipfs_enable setting -----------------------------------
763 saving the filter and NAT state tables during shutdown
764 and reloading them during startup again.
765 Setting this variable needs setting
774 for a detailed discussion.
780 because the raised securelevel will prevent
782 from saving the state tables at shutdown time.
783 .\" ----- ipfs_program setting ----------------------------------
790 .\" ----- ipfs_flags setting ------------------------------------
794 This variable contains flags passed to the
797 .\" ----- end of added ipf hook ---------------------------------
809 Typical usage will require putting
824 into the kernel, otherwise the
825 kernel module will be loaded.
830 ruleset configuration file
845 these flags are passed to the
847 program when loading the ruleset.
857 which logs packets from the
870 .Pa /var/log/pflog ) .
872 .Pa /etc/newsyslog.conf
873 to adjust logfile rotation for this.
883 This variable contains additional flags passed to the
886 .It Va ftpproxy_enable
897 packet filter in translating ftp connections.
898 .It Va ftpproxy_flags
901 This variable contains additional flags passed to the
913 state changes to other hosts over the network by means of
918 must also be set then.
919 .It Va pfsync_syncdev
922 This variable specifies the name of the network interface
924 should operate through.
925 It must be set accordingly if
929 .It Va pfsync_syncpeer
932 This variable is optional.
933 By default, state change messages are sent out on the synchronisation
934 interface using IP multicast packets.
935 The protocol is IP protocol 240, PFSYNC, and the multicast group used is
937 When a peer address is specified using the
939 option, the peer address is used as a destination for the pfsync
940 traffic, and the traffic can then be protected using
944 manpage for more details about using
949 .It Va pfsync_ifconfig
952 This variable can contain additional options to be passed to the
954 command used to set up
956 .It Va tcp_extensions
963 disables certain TCP options as described by
969 might help remedy such problems with connections as randomly hanging
970 or other weird behavior.
971 Some network devices are known
972 to be broken with respect to these options.
979 .Va net.inet.tcp.log_in_vain
981 .Va net.inet.udp.log_in_vain ,
986 are set to the given value.
994 will disable probing idle TCP connections to verify that the
995 peer is still up and reachable.
996 .It Va tcp_drop_synfin
1003 will cause the kernel to ignore TCP frames that have both
1004 the SYN and FIN flags set.
1005 This prevents OS fingerprinting, but may
1006 break some legitimate applications.
1007 .It Va icmp_drop_redirect
1014 will cause the kernel to ignore ICMP REDIRECT packets.
1017 for more information.
1018 .It Va icmp_log_redirect
1025 will cause the kernel to log ICMP REDIRECT packets.
1027 the log messages are not rate-limited, so this option should only be used
1028 for troubleshooting networks.
1031 for more information.
1032 .It Va icmp_bmcastecho
1036 to respond to broadcast or multicast ICMP ping packets.
1039 for more information.
1040 .It Va ip_portrange_first
1044 this is the first port in the default portrange.
1047 for more information.
1048 .It Va ip_portrange_last
1052 this is the last port in the default portrange.
1055 for more information.
1056 .It Va network_interfaces
1058 Set to the list of network interfaces to configure on this host or
1060 (the default) for all current interfaces.
1062 .Va network_interfaces
1063 variable to anything other than the default is deprecated.
1064 Interfaces that the administrator wishes to store configuration for,
1065 but not start at boot should be configured with the
1068 .Va ifconfig_ Ns Aq Ar interface
1069 variables as described below.
1072 .Va ifconfig_ Ns Aq Ar interface
1073 variable is also assumed to exist for each value of
1075 When an interface name contains any of the characters
1077 they are translated to
1080 The variable can contain arguments to
1082 as well as special case-insensitive keywords described below.
1083 Such keywords are removed before passing the value to
1085 while the order of the other arguments is preserved.
1087 One can configure more than one IPv4 address with the
1088 .Va ipv4_addrs_ Ns Aq Ar interface
1090 One or more IP addresses must be provided in Classless Inter-Domain
1091 Routing (CIDR) address notation, whose last byte can be a range like
1093 In this case the address 192.0.2.5 will be configured with the
1094 netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1095 the non-conflicting netmask /32 as explained in the
1098 With the interface in question being
1100 an example could look like:
1102 ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28"
1105 It is also possible to add IP alias entries using
1108 Assuming that the interface in question was
1111 something like this:
1113 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1114 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1119 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1120 entry that is found,
1121 its contents are passed to
1123 Execution stops at the first unsuccessful access, so if
1124 something like this is present:
1126 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1127 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1128 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1129 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1132 Then note that alias4 would
1134 be added since the search would
1135 stop with the missing
1138 Due to this difficult to manage behavior, the
1139 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1143 .Pa /etc/start_if. Ns Aq Ar interface
1144 file is present, it is read and executed by the
1147 before configuring the interface as specified in the
1148 .Va ifconfig_ Ns Aq Ar interface
1150 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1154 .Va wlans_ Ns Aq Ar interface
1158 interface will be created for each item in the list with the
1162 Further wlan cloning arguments may be passed to the
1165 command by setting the
1166 .Va create_args_ Ns Aq Ar interface
1170 devices must be created for each wireless devices as of
1176 may be specified with an
1177 .Va wlandebug_ Ns Aq Ar interface
1179 The contents of this variable will be passed directly to
1183 .Va ifconfig_ Ns Aq Ar interface
1184 contains the keyword
1186 then the interface will not be configured
1188 .Pa /etc/pccard_ether
1190 .Va network_interfaces
1194 It is possible to bring up an interface with DHCP by adding
1197 .Va ifconfig_ Ns Aq Ar interface
1199 For instance, to initialize the
1202 it is possible to use something like:
1207 Also, if you want to configure your wireless interface with
1208 .Xr wpa_supplicant 8
1209 for use with WPA, EAP/LEAP or WEP, you need to add
1212 .Va ifconfig_ Ns Aq Ar interface
1215 Finally, you can add
1217 options in this variable, in addition to the
1218 .Pa /etc/start_if. Ns Aq Ar interface
1220 For instance, configure an
1222 wireless device in station mode with an address obtained
1223 via DHCP, using WPA authentication and 802.11b mode, it is
1224 possible to use something like:
1227 ifconfig_wlan0="DHCP WPA mode 11b"
1231 .Va ifconfig_ Ns Aq Ar interface
1232 form, a fallback variable
1233 .Va ifconfig_DEFAULT
1235 It will be used for all interfaces with no
1236 .Va ifconfig_ Ns Aq Ar interface
1238 This is intended to replace the no longer supported
1242 It is also possible to rename interface by doing:
1244 ifconfig_ed0_name="net0"
1245 ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1247 .It Va ipv6_network_interfaces
1249 This is the IPv6 equivalent of
1250 .Va network_interfaces .
1251 Instead of setting the ifconfig variables as
1252 .Va ifconfig_ Ns Aq Ar interface
1253 they should be set as
1254 .Va ipv6_ifconfig_ Ns Aq Ar interface .
1255 Aliases should be set as
1256 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
1257 .Va ipv6_prefix_ Ns Aq Ar interface
1259 Interfaces that do not have a
1260 .Va ipv6_ifconfig_ Ns Aq Ar interface
1261 setting will be auto configured by
1264 .Va ipv6_gateway_enable
1267 Note that the IPv6 networking code does not support the
1268 .Pa /etc/start_if. Ns Aq Ar interface
1270 .It Va ipv6_default_interface
1274 this is the default output interface for scoped addresses.
1275 Now this works only for IPv6 link local multicast addresses.
1276 .It Va cloned_interfaces
1278 Set to the list of clonable network interfaces to create on this host.
1280 .Va cloned_interfaces
1281 are automatically appended to
1282 .Va network_interfaces
1284 .It Va fec_interfaces
1288 Fast EtherChannel interfaces to configure on this host.
1290 .Va fecconfig_ Ns Aq Ar interface
1291 variable is assumed to exist for each value of
1293 The value of this variable is used to configure link aggregated interfaces
1294 according to the syntax of the
1295 .Cm NGM_FEC_ADD_IFACE
1299 Additionally, this option ensures that each listed interface is created
1304 before attempting to configure it.
1307 fec_interfaces="fec0"
1308 fecconfig_fec0="em0 em1"
1309 ifconfig_fec0="DHCP"
1311 .It Va gif_interfaces
1315 tunnel interfaces to configure on this host.
1317 .Va gifconfig_ Ns Aq Ar interface
1318 variable is assumed to exist for each value of
1320 The value of this variable is used to configure the link layer of the
1321 tunnel according to the syntax of the
1325 Additionally, this option ensures that each listed interface is created
1330 before attempting to configure it.
1331 .It Va sppp_interfaces
1335 interfaces to configure on this host.
1337 .Va spppconfig_ Ns Aq Ar interface
1338 variable is assumed to exist for each value of
1340 Each interface should also be configured by a general
1341 .Va ifconfig_ Ns Aq Ar interface
1345 for more information about available options.
1355 The name of the profile to use from
1356 .Pa /etc/ppp/ppp.conf .
1357 Also used for per-profile overrides of
1362 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1363 When the profile name contains any of the characters
1365 they are translated to
1367 for the proposes of the override variable names.
1370 Mode in which to run the
1373 .It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1375 Overrides the global
1385 See the manual for a full description.
1390 enables network address translation.
1391 Used in conjunction with
1393 allows hosts on private network addresses access to the Internet using
1394 this host as a network address translating router.
1395 .It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1397 Overrides the global
1401 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1403 Set the unit number to be used for this profile.
1404 See the manual description of
1409 The name of the user under which
1417 .It Va rc_conf_files
1419 This option is used to specify a list of files that will override
1421 .Pa /etc/defaults/rc.conf .
1422 The files will be read in the order in which they are specified and should
1423 include the full path to the file.
1424 By default, the files specified are
1427 .Pa /etc/rc.conf.local
1433 will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1435 .It Va gbde_autoattach_all
1440 will attempt to automatically initialize your .bde devices in
1444 List the devices that the script should try to attach,
1449 The directory where the
1451 lockfiles are located.
1452 The default lockfile directory is
1455 The lockfile for each individual
1457 device can be overridden by setting the variable
1458 .Va gbde_lock_ Ns Aq Ar device ,
1461 is the encrypted device without the
1466 .It Va gbde_attach_attempts
1468 Number of times to attempt attaching to a
1470 device, i.e., how many times the user is asked for the pass-phrase.
1474 List of devices to automatically attach on boot.
1475 Note that .eli devices from
1477 are automatically appended to this list.
1480 Number of times user is asked for the pass-phrase.
1481 If empty, it will be taken from
1482 .Va kern.geom.eli.tries
1484 .It Va geli_default_flags
1486 Default flags to use by
1488 when configuring disk encryption.
1489 Flags can be configured for every device separately by defining
1490 .Va geli_ Ns Ao Ar device Ac Ns Va _flags
1492 .It Va geli_autodetach
1494 Specifies if GELI devices should be marked for detach on last close after
1495 file systems are mounted.
1498 This can be changed for every device separately by defining
1499 .Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1501 .It Va geli_swap_flags
1502 Options passed to the
1504 utility when encrypted GEOM providers for swap partitions are created.
1506 .Dq Li "-e aes -l 256 -s 4096 -d" .
1507 .It Va root_rw_mount
1512 After the file systems are checked at boot time, the root file system
1513 is remounted as read-write if this is set to
1515 Diskless systems that mount their root file system from a read-only remote
1516 NFS share should set this to
1520 .It Va fsck_y_enable
1525 will be run with the
1527 flag if the initial preen
1528 of the file systems fails.
1529 .It Va background_fsck
1533 the system will attempt to run
1535 in the background where possible.
1536 .It Va background_fsck_delay
1538 The amount of time in seconds to sleep before starting a background
1540 It defaults to sixty seconds to allow large applications such as
1541 the X server to start before disk I/O bandwidth is monopolized by
1543 If set to a negative number, the background file system check will be
1544 delayed indefinitely to allow the administrator to run it at a more
1546 For example it may be run from
1548 by adding a line like
1550 .Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
1556 List of file system types that are network-based.
1557 This list should generally not be modified by end users.
1559 .Va extra_netfs_types
1561 .It Va extra_netfs_types
1563 If set to something other than
1566 this variable extends the list of file system types
1567 for which automatic mounting at startup by
1569 should be delayed until the network is initialized.
1571 a whitespace-separated list of network file system descriptor pairs,
1572 each consisting of a file system type as passed to
1574 and a human-readable, one-word description,
1577 Extending the default list in this way is only necessary
1578 when third party file system types are used.
1579 .It Va syslogd_enable
1586 .It Va syslogd_program
1591 .Pa /usr/sbin/syslogd ) .
1592 .It Va syslogd_flags
1598 these are the flags to pass to
1607 .It Va inetd_program
1612 .Pa /usr/sbin/inetd ) .
1619 these are the flags to pass to
1628 .It Va named_program
1633 .Pa /usr/sbin/named ) .
1638 configuration file, (default
1639 .Pa /etc/namedb/named.conf ) .
1646 these are the flags to pass to
1648 .It Va named_pidfile
1650 This is the default path to the
1653 This must match the location in
1659 process should be run as.
1660 .It Va named_chrootdir
1662 The root directory for a name server run in a
1664 environment (default
1668 will not be run in a
1671 .It Va named_chroot_autoupdate
1675 to disable automatic update of the
1678 .It Va named_symlink_enable
1682 to disable symlinking of
1691 loop until working name service is established.
1692 .It Va named_wait_host
1694 Name of host to lookup for the named_wait option.
1696 .It Va named_auto_forward
1698 Set to enable automatic creation of a forwarder
1699 configuration file derived from
1700 .Pa /etc/resolv.conf .
1701 .It Va named_auto_forward_only
1703 Set to change the default forwarder configuration from
1707 .It Va kerberos5_server_enable
1711 to start a Kerberos 5 authentication server
1713 .It Va kerberos5_server
1716 .Va kerberos5_server_enable
1719 this is the path to Kerberos 5 Authentication Server.
1720 .It Va kerberos5_server_flags
1723 This variable contains additional flags to be passed to the Kerberos 5
1724 authentication server.
1725 .It Va kadmind5_server_enable
1731 the Kerberos 5 Administration Daemon; set to
1734 .It Va kadmind5_server
1737 .Va kadmind5_server_enable
1740 this is the path to Kerberos 5 Administration Daemon.
1741 .It Va kpasswdd_server_enable
1747 the Kerberos 5 Password-Changing Daemon; set to
1750 .It Va kpasswdd_server
1753 .Va kpasswdd_server_enable
1756 this is the path to Kerberos 5 Password-Changing Daemon.
1763 daemon at boot time.
1770 these are the flags to pass to it.
1777 daemon at boot time.
1784 these are the flags to pass to it.
1787 manpage for more information.
1788 .It Va amd_map_program
1791 the specified program is run to get the list of
1796 maps are stored in NIS, one can set this to
1809 will be updated at boot time to reflect the kernel release
1814 will not be updated.
1815 .It Va nfs_client_enable
1819 run the NFS client daemons at boot time.
1820 .It Va nfs_access_cache
1823 .Va nfs_client_enable
1828 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1830 results should be cached.
1831 A value of 2-10 seconds will substantially reduce network
1832 traffic for many NFS operations.
1833 .It Va nfs_server_enable
1837 run the NFS server daemons at boot time.
1838 .It Va nfs_server_flags
1841 .Va nfs_server_enable
1844 these are the flags to pass to the
1847 .It Va idmapd_enable
1851 run the ID mapping daemon for NFS version 4.
1858 these are the flags to pass to the
1861 .It Va mountd_enable
1866 .Va nfs_server_enable
1872 It is commonly needed to run CFS without real NFS used.
1879 these are the flags to pass to the
1882 .It Va weak_mountd_authentication
1886 allow services like PCNFSD to make non-privileged mount
1888 .It Va nfs_reserved_port_only
1892 provide NFS services only on a secure port.
1893 .It Va nfs_bufpackets
1895 If set to a number, indicates the number of packets worth of
1896 socket buffer space to reserve on an NFS client.
1897 The kernel default is typically 4.
1898 Using a higher number may be
1899 useful on gigabit networks to improve performance.
1900 The minimum value is
1901 2 and the maximum is 64.
1902 .It Va rpc_lockd_enable
1906 and also an NFS server or client, run
1909 .It Va rpc_lockd_flags
1912 .Va rpc_lockd_enable
1915 these are the flags to pass to the
1918 .It Va rpc_statd_enable
1922 and also an NFS server or client, run
1925 .It Va rpc_statd_flags
1928 .Va rpc_statd_enable
1931 these are the flags to pass to the
1934 .It Va rpcbind_program
1939 .Pa /usr/sbin/rpcbind ) .
1940 .It Va rpcbind_enable
1946 service at boot time.
1947 .It Va rpcbind_flags
1953 these are the flags to pass to the
1956 .It Va keyserv_enable
1962 daemon on boot for running Secure RPC.
1963 .It Va keyserv_flags
1969 these are the flags to pass to
1972 .It Va pppoed_enable
1978 daemon at boot time to provide PPP over Ethernet services.
1979 .It Va pppoed_ Ns Aq Ar provider
1982 listens to requests to this
1988 argument of the same name.
1991 Additional flags to pass to
1993 .It Va pppoed_interface
1995 The network interface to run
1998 This is mandatory when
2008 service at boot time.
2009 This command is intended for networks of
2010 machines where a consistent
2012 for all hosts must be established.
2013 This is often useful in large NFS
2014 environments where time stamps on files are expected to be consistent
2022 these are the flags to pass to the
2025 .It Va ntpdate_enable
2032 This command is intended to
2033 synchronize the system clock only
2035 from some standard reference.
2036 An option to set this up initially
2037 (from a list of known servers) is also provided by the
2039 program when the system is first installed.
2040 .It Va ntpdate_config
2042 Configuration file for
2046 .It Va ntpdate_hosts
2048 A whitespace-separated list of NTP servers to synchronize with at startup.
2049 The default is to use the servers listed in
2050 .Va ntpdate_config ,
2051 if that file exists.
2052 .It Va ntpdate_program
2057 .Pa /usr/sbin/ntpdate ) .
2058 .It Va ntpdate_flags
2064 these are the flags to pass to the
2066 command (typically a hostname).
2073 command at boot time.
2079 .Pa /usr/sbin/ntpd ) .
2093 these are the flags to pass to the
2096 .It Va ntpd_sync_on_start
2103 flag, which syncs the system's clock on startup.
2106 for more information regarding the
2109 This is a preferred alternative to using
2114 .It Va nis_client_enable
2120 service at system boot time.
2121 .It Va nis_client_flags
2124 .Va nis_client_enable
2127 these are the flags to pass to the
2130 .It Va nis_ypset_enable
2136 daemon at system boot time.
2137 .It Va nis_ypset_flags
2140 .Va nis_ypset_enable
2143 these are the flags to pass to the
2146 .It Va nis_server_enable
2152 daemon at system boot time.
2153 .It Va nis_server_flags
2156 .Va nis_server_enable
2159 these are the flags to pass to the
2162 .It Va nis_ypxfrd_enable
2168 daemon at system boot time.
2169 .It Va nis_ypxfrd_flags
2172 .Va nis_ypxfrd_enable
2175 these are the flags to pass to the
2178 .It Va nis_yppasswdd_enable
2184 daemon at system boot time.
2185 .It Va nis_yppasswdd_flags
2188 .Va nis_yppasswdd_enable
2191 these are the flags to pass to the
2194 .It Va rpc_ypupdated_enable
2200 daemon at system boot time.
2201 .It Va bsnmpd_enable
2207 daemon at system boot time.
2208 Be sure to understand the security implications of running SNMP daemon
2216 these are the flags to pass to the
2219 .It Va defaultrouter
2223 create a default route to this host name or IP address
2224 (use an IP address if this router is also required to get to the
2226 .It Va ipv6_defaultrouter
2228 The IPv6 equivalent of
2230 .It Va static_routes
2232 Set to the list of static routes that are to be added at system
2236 then for each whitespace separated
2239 .Va route_ Ns Aq Ar element
2240 variable is assumed to exist
2241 whose contents will later be passed to a
2246 static_routes="mcast gif0local"
2247 route_mcast="-net 224.0.0.0/4 -iface gif0"
2248 route_gif0local="-host 169.254.1.1 -iface lo0"
2250 .It Va ipv6_static_routes
2252 The IPv6 equivalent of
2256 then for each whitespace separated
2259 .Va ipv6_route_ Ns Aq Ar element
2260 variable is assumed to exist
2261 whose contents will later be passed to a
2262 .Dq Nm route Cm add Fl inet6
2264 .It Va natm_static_routes
2270 If not empty then for each whitespace separated
2273 .Va route_ Ns Aq Ar element
2274 variable is assumed to exist whose contents will later be passed to a
2275 .Dq Nm atmconfig Cm natm Cm add
2277 .It Va gateway_enable
2281 configure host to act as an IP router, e.g.\& to forward packets
2283 .It Va ipv6_gateway_enable
2285 The IPv6 equivalent of
2286 .Va gateway_enable .
2287 .It Va router_enable
2291 run a routing daemon of some sort, based on the
2296 .It Va ipv6_router_enable
2298 The IPv6 equivalent of
2302 run a routing daemon of some sort, based on the
2306 .Va ipv6_router_flags .
2313 this is the name of the routing daemon to use.
2316 The IPv6 equivalent of
2324 these are the flags to pass to the routing daemon.
2325 .It Va ipv6_router_flags
2327 The IPv6 equivalent of
2329 .It Va mrouted_enable
2333 run the multicast routing daemon,
2335 .It Va mroute6d_enable
2337 The IPv6 equivalent of
2338 .Va mrouted_enable .
2341 run the IPv6 multicast routing daemon.
2343 Note that multicast routing daemons are no longer included in the
2345 base system, however, both
2349 may be installed from the
2352 .It Va mrouted_flags
2358 these are the flags to pass to the
2361 .It Va mroute6d_flags
2363 The IPv6 equivalent of
2369 these are the flags passed to the IPv6 multicast routing daemon.
2370 .It Va mroute6d_program
2376 this is the path to the IPv6 multicast routing daemon.
2377 .It Va rtadvd_enable
2383 daemon at boot time.
2386 .Va ipv6_gateway_enable
2391 utility sends router advertisement packets to the interfaces specified in
2392 .Va rtadvd_interfaces
2393 and should only be enabled with great care.
2394 You may want to fine-tune
2396 .It Va rtadvd_interfaces
2402 this is the list of interfaces to use.
2403 .It Va ipxgateway_enable
2407 enable the routing of IPX traffic.
2408 .It Va ipxrouted_enable
2414 daemon at system boot time.
2415 .It Va ipxrouted_flags
2418 .Va ipxrouted_enable
2421 these are the flags to pass to the
2428 enable global proxy ARP.
2429 .It Va forward_sourceroute
2437 source-routed packets are forwarded.
2438 .It Va accept_sourceroute
2442 the system will accept source-routed packets directed at it.
2449 daemon at system boot time.
2456 these are the flags to pass to the
2459 .It Va bootparamd_enable
2465 daemon at system boot time.
2466 .It Va bootparamd_flags
2469 .Va bootparamd_enable
2472 these are the flags to pass to the
2475 .It Va stf_interface_ipv4addr
2479 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2481 Specify this entry to enable the 6to4 interface.
2482 .It Va stf_interface_ipv4plen
2484 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2485 An effective value is 0-31.
2486 .It Va stf_interface_ipv6_ifid
2488 IPv6 interface ID for
2492 .It Va stf_interface_ipv6_slaid
2494 IPv6 Site Level Aggregator for
2496 .It Va ipv6_faith_prefix
2500 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
2505 .It Va ipv6_ipv4mapping
2509 this enables IPv4 mapped IPv6 address communication (like
2510 .Li ::ffff:a.b.c.d ) .
2515 to enable the configuration of ATM interfaces at system boot time.
2516 For all of the ATM variables described below, please refer to the
2518 manual page for further details on the available command parameters.
2519 Also refer to the files in
2520 .Pa /usr/share/examples/atm
2521 for more detailed configuration information.
2524 This is a list of physical ATM interface drivers to load.
2529 .It Va atm_netif_ Ns Aq Ar intf
2531 For the ATM physical interface
2533 this variable defines the name prefix and count for the ATM network
2534 interfaces to be created.
2535 The value will be passed as the parameters of an
2536 .Dq Nm atm Cm "set netif" Ar intf
2538 .It Va atm_sigmgr_ Ns Aq Ar intf
2540 For the ATM physical interface
2542 this variable defines the ATM signalling manager to be used.
2543 The value will be passed as the parameters of an
2544 .Dq Nm atm Cm attach Ar intf
2546 .It Va atm_prefix_ Ns Aq Ar intf
2548 For the ATM physical interface
2550 this variable defines the NSAP prefix for interfaces using a UNI signalling
2554 the prefix will automatically be set via the
2557 Otherwise, the value will be passed as the parameters of an
2558 .Dq Nm atm Cm "set prefix" Ar intf
2560 .It Va atm_macaddr_ Ns Aq Ar intf
2562 For the ATM physical interface
2564 this variable defines the MAC address for interfaces using a UNI signalling
2568 the hardware MAC address contained in the ATM interface card will be used.
2569 Otherwise, the value will be passed as the parameters of an
2570 .Dq Nm atm Cm "set mac" Ar intf
2572 .It Va atm_arpserver_ Ns Aq Ar netif
2574 For the ATM network interface
2576 this variable defines the ATM address for a host which is to provide ATMARP
2578 This variable is only applicable to interfaces using a UNI signalling
2582 this host will become an ATMARP server.
2583 The value will be passed as the parameters of an
2584 .Dq Nm atm Cm "set arpserver" Ar netif
2586 .It Va atm_scsparp_ Ns Aq Ar netif
2590 SCSP/ATMARP service for the network interface
2592 will be initiated using the
2597 This variable is only applicable if
2598 .Va atm_arpserver_ Ns Aq Ar netif
2603 Set to the list of ATM PVCs to be added at system
2605 For each whitespace separated
2608 .Va atm_pvc_ Ns Aq Ar element
2609 variable is assumed to exist.
2610 The value of each of these variables
2611 will be passed as the parameters of an
2612 .Dq Nm atm Cm "add pvc"
2616 Set to the list of permanent ATM ARP entries to be added
2617 at system boot time.
2618 For each whitespace separated
2621 .Va atm_arp_ Ns Aq Ar element
2622 variable is assumed to exist.
2623 The value of each of these variables
2624 will be passed as the parameters of an
2625 .Dq Nm atm Cm "add arp"
2627 .It Va natm_interfaces
2631 interfaces that will also be used for HARP through
2633 If this list is not empty all interfaces in the list will be brought up
2639 For this to work the interface drivers must be either compiled into the
2640 kernel or must reside on the root partition.
2643 The keyboard bell sound.
2650 if the default behavior is desired.
2651 For details, refer to the
2656 If set to a non-null string, the virtual console's keyboard input is
2662 no keymap is installed, otherwise the value is used to install
2664 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
2667 The keyboard repeat speed.
2674 if the default behavior is desired.
2679 attempt to program the function keys with the value.
2681 be a single string of the form:
2682 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
2685 Can be set to the value of
2688 .Dq Li destructive ,
2691 to set the cursor behavior explicitly or choose the default behavior.
2696 no screen map is installed, otherwise the value is used to install
2697 the screen map file in
2698 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
2703 the default 8x16 font value is used for screen size requests, otherwise
2705 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2711 the default 8x14 font value is used for screen size requests, otherwise
2713 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2719 the default 8x8 font value is used for screen size requests, otherwise
2721 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2727 the default screen blanking interval is used, otherwise it is set
2735 this is the actual screen saver to use
2736 .Li ( blank , snake , daemon ,
2738 .It Va moused_nondefault_enable
2742 the mouse device specified on
2743 the command line is not automatically treated as enabled by the
2744 .Pa /etc/rc.d/moused
2746 Having this variable set to
2752 to be enabled as soon as it is plugged in.
2753 .It Va moused_enable
2759 daemon is started for doing cut/paste selection on the console.
2762 This is the protocol type of the mouse connected to this host.
2763 This variable must be set if
2770 is able to detect the appropriate mouse type automatically in many cases.
2771 Set this variable to
2773 to let the daemon detect it, or
2774 select one from the following list if the automatic detection fails.
2776 If the mouse is attached to the PS/2 mouse port, choose
2780 regardless of the brand and model of the mouse.
2782 mouse is attached to the bus mouse port, choose
2786 All other protocols are for serial mice and will not work with
2787 the PS/2 and bus mice.
2788 If this is a USB mouse,
2790 is the only protocol type which will work.
2792 .Bl -tag -width ".Li x10mouseremote" -compact
2794 Microsoft mouse (serial)
2796 Microsoft IntelliMouse (serial)
2798 Mouse systems Corp.\& mouse (serial)
2800 MM Series mouse (serial)
2802 Logitech mouse (serial)
2806 Logitech MouseMan and TrackMan (serial)
2808 ALPS GlidePoint (serial)
2809 .It Li thinkingmouse
2810 Kensington ThinkingMouse (serial)
2814 MM HitTablet (serial)
2815 .It Li x10mouseremote
2816 X10 MouseRemote (serial)
2818 Interlink VersaPad (serial)
2821 Even if the mouse is not in the above list, it may be compatible
2822 with one in the list.
2823 Refer to the manual page for
2825 for compatibility information.
2827 It should also be noted that while this is enabled, any
2828 other client of the mouse (such as an X server) should access
2829 the mouse through the virtual mouse device,
2831 and configure it as a
2833 type mouse, since all
2834 mouse data is converted to this single canonical format when
2837 If the client program does not support the
2843 It is the second preferred type.
2850 this is the actual port the mouse is on.
2853 for a COM1 serial mouse,
2857 for a bus mouse, for example.
2862 is set, its value is used as an additional set of flags to pass to the
2865 .It Va "moused_" Ns Ar XXX Ns Va "_flags"
2867 .Va moused_nondefault_enable
2870 daemon is started for a non-default port, the
2871 .Va "moused_" Ns Ar XXX Ns Va "_flags"
2872 set of options has precedence over and replaces the default
2873 .Va moused_flags (where
2875 is the name of the non-default port, i.e.\&
2878 .Va "moused_" Ns Ar XXX Ns Va "_flags"
2879 it is possible to set up a different set of default flags for each
2882 For example, you can use
2886 to make your laptop's touchpad more comfortable to use,
2887 but an empty set of options for
2888 .Va moused_ums0_flags
2891 mouse has three or more buttons.
2892 .It Va mousechar_start
2896 the default mouse cursor character range
2897 .Li 0xd0 Ns - Ns Li 0xd3
2899 otherwise the range start is set
2904 Use if the default range is occupied in the language code table.
2905 .It Va allscreens_flags
2909 is run with these options for each of the virtual terminals
2913 will enable the mouse pointer on all virtual terminals
2918 .It Va allscreens_kbdflags
2922 is run with these options for each of the virtual terminals
2928 scrollback (history) buffer to 200 lines.
2935 daemon at system boot time.
2941 .Pa /usr/sbin/cron ) .
2948 these are the flags to pass to
2954 enable the special handling of transitions to and from the
2955 Daylight Saving Time in
2957 (equivalent to using the flag
2964 .Pa /usr/sbin/lpd ) .
2971 daemon at system boot time.
2978 these are the flags to pass to the
2981 .It Va chkprintcap_enable
2987 command before starting the
2990 .It Va chkprintcap_flags
2995 .Va chkprintcap_enable
2998 these are the flags to pass to the
3003 which causes missing directories to be created.
3004 .It Va mta_start_script
3006 This variable specifies the full path to the script to run to start
3007 a mail transfer agent.
3009 .Pa /etc/rc.sendmail .
3013 .Pa /etc/rc.sendmail
3014 uses are documented in the
3019 Indicates the device (usually a swap partition) to which a crash dump
3020 should be written in the event of a system crash.
3021 If the value of this variable is
3023 the first suitable swap device listed in
3025 will be used as dump device.
3026 Otherwise, the value of this variable is passed as the argument to
3028 To disable crash dumps, set this variable to
3032 When the system reboots after a crash and a crash dump is found on the
3033 device specified by the
3037 will save that crash dump and a copy of the kernel to the directory
3041 The default value is
3050 .It Va savecore_flags
3052 If crash dumps are enabled, these are the flags to pass to the
3059 to turn on user and group disk quotas on system startup via the
3061 command for all file systems marked as having quotas enabled in
3063 The kernel must be built with
3065 for disk quotas to function.
3070 to enable user and group disk quota checking via the
3073 .It Va quotacheck_flags
3083 these are the flags to pass to the
3088 which checks quotas for all file systems with quotas enabled in
3090 .It Va quotaon_flags
3096 these are the flags to pass to the
3101 which enables quotas for all file systems with quotas enabled in
3103 .It Va quotaoff_flags
3109 these are the flags to pass to the
3111 utility when shutting down the quota system.
3114 which disables quotas for all file systems with quotas enabled in
3116 .It Va accounting_enable
3120 to enable system accounting through the
3127 to enable iBCS2 (SCO) binary emulation at system initial boot
3129 .It Va ibcs2_loaders
3137 this specifies a list of additional iBCS2 loaders to enable.
3142 to enable Linux/ELF binary emulation at system initial
3148 enable SysVR4 emulation at boot time.
3149 .It Va sysvipc_enable
3153 load System V IPC primitives at boot time.
3154 .It Va clear_tmp_enable
3165 to disable removing of X11 lock files,
3166 and the removal and (secure) recreation
3167 of the various socket directories for X11
3169 .It Va ldconfig_paths
3171 Set to the list of shared library paths to use with
3175 will always be added first, so it need not appear in this list.
3176 .It Va ldconfig32_paths
3178 Set to the list of 32-bit compatibility shared library paths to
3181 .It Va ldconfig_paths_aout
3183 Set to the list of shared library paths to use with
3188 .It Va ldconfig_insecure
3192 utility normally refuses to use directories
3193 which are writable by anyone except root.
3194 Set this variable to
3196 to disable that security check during system startup.
3197 .It Va ldconfig_local_dirs
3199 Set to the list of local
3202 The names of all files in the directories listed will be
3203 passed as arguments to
3205 .It Va ldconfig_local32_dirs
3207 Set to the list of local 32-bit compatibility
3210 The names of all files in the directories listed will be
3211 passed as arguments to
3212 .Dq Nm ldconfig Fl 32 .
3213 .It Va kern_securelevel_enable
3217 to set the kernel security level at system startup.
3218 .It Va kern_securelevel
3220 The kernel security level to set at startup.
3221 The allowed range of
3223 ranges from \-1 (the compile time default) to 3 (the
3227 for the list of possible security levels and their effect
3228 on system operation.
3231 Path to the SSH server program
3232 .Pa ( /usr/sbin/sshd
3240 at system boot time.
3247 these are the flags to pass to the
3252 Path to the FTP server program
3253 .Pa ( /usr/libexec/ftpd
3261 as a stand-alone daemon at system boot time.
3268 these are the additional flags to pass to the
3271 .It Va watchdogd_enable
3277 daemon at boot time.
3278 This requires that the kernel have been compiled with a
3281 .It Va watchdogd_flags
3284 .Va watchdogd_enable
3287 these are the flags passed to the
3290 .It Va performance_cx_lowest
3292 CPU idle state to use while on AC power.
3297 should use the lowest power state available while
3299 indicates that the lowest latency state (less power savings) should be used.
3300 .It Va performance_cpu_freq
3302 CPU clock frequency to use while on AC power.
3307 should use the lowest frequency available while
3309 indicates that the highest frequency (less power savings) should be used.
3310 .It Va economy_cx_lowest
3312 CPU idle state to use when off AC power.
3317 should use the lowest power state available while
3319 indicates that the lowest latency state (less power savings) should be used.
3320 .It Va economy_cpu_freq
3322 CPU clock frequency to use when off AC power.
3327 should use the lowest frequency available while
3329 indicates that the highest frequency (less power savings) should be used.
3334 any configured jails will not be started.
3337 A space separated list of names for jails.
3338 This is purely a configuration aid to help identify and
3339 configure multiple jails.
3340 The names specified in this list will be used to
3341 identify settings common to an instance of a jail.
3342 Assuming that the jail in question was named
3344 you would have the following dependent variables:
3346 jail_vjail_hostname="jail.example.com"
3347 jail_vjail_ip="192.0.2.100"
3348 jail_vjail_rootdir="/var/jails/vjail/root"
3354 When set, use as default value for
3355 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3358 .It Va jail_interface
3361 When set, use as default value for
3362 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3368 When set, use as default value for
3369 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3372 .It Va jail_mount_enable
3380 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3383 by default for every jail in
3385 .It Va jail_devfs_ruleset
3389 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3390 to given value for every jail in
3392 .It Va jail_devfs_enable
3400 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3403 by default for every jail in
3405 .It Va jail_fdescfs_enable
3413 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3416 by default for every jail in
3418 .It Va jail_procfs_enable
3426 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3429 by default for every jail in
3431 .It Va jail_exec_prestart Ns Aq Ar N
3434 When set, use as default value for
3435 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N
3438 .It Va jail_exec_start
3441 When set, use as default value for
3442 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3445 .It Va jail_exec_afterstart Ns Aq Ar N
3448 When set, use as default value for
3449 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3452 .It Va jail_exec_poststart Ns Aq Ar N
3455 When set, use as default value for
3456 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N
3459 .It Va jail_exec_prestop Ns Aq Ar N
3462 When set, use as default value for
3463 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N
3466 .It Va jail_exec_stop
3468 When set, use as default value for
3469 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3472 .It Va jail_exec_poststop Ns Aq Ar N
3475 When set, use as default value for
3476 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N
3479 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3482 Set to the root directory used by jail
3484 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3487 Set to the fully qualified domain name (FQDN) assigned to jail
3489 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3492 Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail.
3493 The argument can be a sole address or a comma separated list of addresses.
3494 Additionally each address can be prefixed by the name of an interface
3495 followed by a pipe to overwrite
3496 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3499 and/or suffixed by a netmask, prefixlen or prefix.
3500 In case no netmask, prefixlen or prefix is given,
3502 will be used for IPv4 and
3504 will be used for an IPv6 address.
3505 If no address is given for the jail then the jail will be started with
3506 no networking support.
3507 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3510 Set additional IPv4 and/or IPv6 address(es) assigned to the jail.
3511 The sequence starts with
3513 and the numbers have to be strictly ascending.
3514 These entries follow the same syntax as their primary
3515 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3517 The order of the entries can be important as the first address for
3518 each address family found will be the primary address of the jail.
3524 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3529 These are flags to pass to
3531 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3534 When set, sets the interface to use when setting IP address alias.
3535 Note that the alias is created at jail startup and removed at jail shutdown.
3536 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3539 When set, the jail is started with the specified forwarding table (sometimes
3540 referred to as a routing table) via
3542 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3545 .Pa /etc/fstab. Ns Aq Ar jname
3547 This is the file system information file to use for jail
3549 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3556 mount all file systems from
3557 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3559 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3562 When set, defines the device file system ruleset file to use for jail
3564 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3571 mount the device file system inside jail
3574 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3581 mount the file-descriptor file system inside jail
3584 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
3591 mount the process file system inside jail
3594 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N
3597 This is the command run as
3600 before jail startup, where
3603 It is run outside the jail.
3604 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3607 .Dq Li /bin/sh /etc/rc
3609 This is the command executed in a jail at jail startup.
3610 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3613 This is the command run as
3617 after jail startup, where
3620 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N
3623 This is the command run as
3626 after jail startup, where
3629 It is run outside the jail.
3630 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N
3633 This is the command run as
3636 before jail shutdown, where
3639 It is run outside the jail.
3640 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3643 .Dq Li /bin/sh /etc/rc.shutdown
3645 This is the command executed in a jail at jail shutdown.
3646 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N
3649 This is the command run as
3652 after jail shutdown, where
3655 It is run outside the jail.
3656 .It Va jail_set_hostname_allow
3660 do not allow the root user in a jail to set its hostname.
3661 .It Va jail_socket_unixiproute_only
3665 do not allow any sockets,
3666 besides UNIX/IP/route sockets,
3667 to be used within a jail.
3668 .It Va jail_sysvipc_allow
3672 allow applications within a jail to use System V IPC.
3673 .\" -----------------------------------------------------
3674 .It Va harvest_interrupt
3678 to use hardware interrupts as an entropy source.
3681 for more information.
3682 .It Va harvest_ethernet
3686 to use LAN traffic as an entropy source.
3689 for more information.
3690 .It Va harvest_p_to_p
3694 to use serial line traffic as an entropy source.
3697 for more information.
3702 to disable caching entropy via
3704 Otherwise set to the directory used to store entropy files in.
3709 to disable caching entropy through reboots.
3710 Otherwise set to the filename used to store cached entropy through
3712 This file should be located on the root file system to seed the
3714 device as early as possible in the boot process.
3715 .It Va entropy_save_sz
3717 Size of the entropy cache files saved by
3720 .It Va entropy_save_num
3722 Number of entropy cache files to save by
3736 Configuration file for
3745 .Pa /var/run/dmesg.boot
3747 .It Va rcshutdown_timeout
3749 If set, start a watchdog timer in the background which will terminate
3753 has not completed within the specified time (in seconds).
3754 Notice that in addition to this soft timeout,
3756 also applies a hard timeout for the execution of
3758 This is configured via
3761 .Va kern.init_shutdown_timeout
3762 and defaults to 120 seconds.
3763 Setting the value of
3764 .Va rcshutdown_timeout
3765 to more than 120 seconds will have no effect until the
3768 .Va kern.init_shutdown_timeout
3770 .It Va virecover_enable
3774 to prevent the system from trying to
3775 recover pre-maturely terminated
3778 .It Va ugidfw_enable
3783 .Xr mac_bsdextended 4
3784 module upon system initialization and load a default
3786 .It Va bsdextended_script
3789 .Xr mac_bsdextended 4
3790 ruleset file to load.
3791 The default value of this variable is
3792 .Pa /etc/rc.bsdextended .
3793 .It Va newsyslog_enable
3800 .It Va newsyslog_flags
3803 .Va newsyslog_enable
3806 these are the flags to pass to the
3811 which causes log files flagged with a
3814 .It Va mdconfig_md Ns Aq Ar X
3824 must be specified and either a
3826 for malloc or swap backed
3834 .Va mdconfig_md Ns Aq Ar X
3835 variables are evaluated until one variable is unset or null.
3836 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
3838 Optional arguments passed to
3844 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
3846 An ownership specification passed to
3855 device and the mount point will be changed.
3856 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
3858 A mode string passed to
3867 device and the mount point will be changed.
3868 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
3870 Files to be copied to the mount point of the
3874 after it has been mounted.
3875 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
3877 Command to execute after the specified
3882 Note that the command is passed to
3888 variables can be used to reference respectively the
3890 device and the mount point.
3895 one could set the following:
3897 mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
3899 .It Va ramdisk_units
3901 A list of one or more ramdisk units to configure with
3905 in time to be mounted from
3909 must specify at least a
3912 .Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
3914 Note that this way to configure ramdisks has been deprecated
3917 variables (see above).
3918 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
3926 must be specified, where
3932 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs
3934 Optional arguments passed to
3936 to initialize ramdisk
3938 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner
3940 An ownership specification passed to
3942 after the specified ramdisk unit
3947 device and the mount point will be changed.
3948 .It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms
3950 A mode string passed to
3952 after the specified ramdisk unit
3957 device and the mount point will be changed.
3958 .It Va autobridge_interfaces
3960 Set to the list of bridge interfaces that will have newly arriving interfaces
3961 checked against to be automatically added.
3964 then for each whitespace separated
3967 .Va autobridge_ Ns Aq Ar element
3968 variable is assumed to exist which has a whitespace separated list of interface
3969 names to match, these names can use wildcards.
3972 autobridge_interfaces="bridge0"
3973 autobridge_bridge0="tap* dc0 vlan[345]"
3979 enable support for sound mixer.
3980 .It Va hcsecd_enable
3984 enable Bluetooth security daemon.
3985 .It Va hcsecd_config
3987 Configuration file for
3990 .Pa /etc/bluetooth/hcsecd.conf .
3995 enable Bluetooth Service Discovery Protocol daemon.
4003 .It Va sdpd_groupname
4007 group to run as after it initializes.
4010 .It Va sdpd_username
4014 user to run as after it initializes.
4017 .It Va bthidd_enable
4021 enable Bluetooth Human Interface Device daemon.
4022 .It Va bthidd_config
4024 Configuration file for
4027 .Pa /etc/bluetooth/bthidd.conf .
4030 Path to a file, where
4032 will store information about known HID devices.
4034 .Pa /var/db/bthidd.hids .
4035 .It Va rfcomm_pppd_server_enable
4039 enable Bluetooth RFCOMM PPP wrapper daemon.
4040 .It Va rfcomm_pppd_server_profile
4042 The name of the profile to use from
4043 .Pa /etc/ppp/ppp.conf .
4044 Multiple profiles can be specified here.
4045 Also used to specify per-profile overrides.
4046 When the profile name contains any of the characters
4048 they are translated to
4050 for the proposes of the override variable names.
4051 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4053 Overrides local address to listen on.
4059 The address can be specified as BD_ADDR or name.
4060 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4062 Overrides local RFCOMM channel to listen on.
4065 will listen on RFCOMM channel 1.
4066 Must set properly if multiple profiles used in the same time.
4067 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4071 if it should register Serial Port service on the speficied RFCOMM channel.
4074 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4078 if it should register Dial-Up Networking service on the speficied
4084 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4085 .It Pa /etc/defaults/rc.conf
4087 .It Pa /etc/rc.conf.local
4116 .Xr newsyslog.conf 5 ,
4183 .An Jordan K. Hubbard .