diff options
| author | Jacob McDonnell <jacob@jacobmcdonnell.com> | 2026-04-25 19:55:43 -0400 |
|---|---|---|
| committer | Jacob McDonnell <jacob@jacobmcdonnell.com> | 2026-04-25 19:55:43 -0400 |
| commit | ac5e55f5f2af5b92794c2aded46c6bae85b5f5ed (patch) | |
| tree | 9367490586c84cba28652e443e3166d66c33b0d9 /static/freebsd/man5/rc.conf.5 3.html | |
| parent | 253e67c8b3a72b3a4757fdbc5845297628db0a4a (diff) | |
docs: Added All FreeBSD Manuals
Diffstat (limited to 'static/freebsd/man5/rc.conf.5 3.html')
| -rw-r--r-- | static/freebsd/man5/rc.conf.5 3.html | 3187 |
1 files changed, 3187 insertions, 0 deletions
diff --git a/static/freebsd/man5/rc.conf.5 3.html b/static/freebsd/man5/rc.conf.5 3.html new file mode 100644 index 00000000..90b6a018 --- /dev/null +++ b/static/freebsd/man5/rc.conf.5 3.html @@ -0,0 +1,3187 @@ +<table class="head"> + <tr> + <td class="head-ltitle">RC.CONF(5)</td> + <td class="head-vol">File Formats Manual</td> + <td class="head-rtitle">RC.CONF(5)</td> + </tr> +</table> +<div class="manual-text"> +<section class="Sh"> +<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> +<p class="Pp"><code class="Nm">rc.conf</code> — <span class="Nd">system + configuration information</span></p> +</section> +<section class="Sh"> +<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> +<p class="Pp">The file <code class="Nm">rc.conf</code> contains descriptive + information about the local host name, configuration details for any + potential network interfaces and which services should be started up at + system initial boot time. In new installations, the + <code class="Nm">rc.conf</code> file is generally initialized by the system + installation utility.</p> +<p class="Pp">The purpose of <code class="Nm">rc.conf</code> is not to run + commands or perform system startup actions directly. Instead, it is included + by the various generic startup scripts in <span class="Pa">/etc</span> which + conditionalize their internal actions according to the settings found + there.</p> +<p class="Pp">The <span class="Pa">/etc/rc.conf</span> file is included from the + file <span class="Pa">/etc/defaults/rc.conf</span>, which specifies the + default settings for all the available options. Options need only be + specified in <span class="Pa">/etc/rc.conf</span> when the system + administrator wishes to override these defaults. The file + <span class="Pa">/etc/defaults/vendor.conf</span> allows vendors to override + <span class="Ux">FreeBSD</span> defaults. The file + <span class="Pa">/etc/rc.conf.local</span> is used to override settings in + <span class="Pa">/etc/rc.conf</span> for historical reasons.</p> +<p class="Pp">The sysrc(8) command provides a scripting interface to modify + system config files.</p> +<p class="Pp">In addition to <span class="Pa">/etc/rc.conf.local</span> you can + also place smaller configuration files for each <a class="Xr">rc(8)</a> + script in the <span class="Pa">/etc/rc.conf.d</span> directory or + ⟨<var class="Ar">dir</var>⟩<span class="Pa">/rc.conf.d</span> + directories (where ⟨<var class="Ar">dir</var>⟩ is each entry + specified in <var class="Va">local_startup</var>, but with any trailing + <span class="Pa">/rc.d</span> stripped), which will be included by the + <var class="Va">load_rc_config</var> function. For jail configurations you + could use the file <span class="Pa">/etc/rc.conf.d/jail</span> to store + jail-specific configuration options. If <var class="Va">local_startup</var> + contains <span class="Pa">/usr/local/etc/rc.d</span> and + <span class="Pa">/opt/conf</span>, + <span class="Pa">/usr/local/etc/rc.conf.d/jail</span> and + <span class="Pa">/opt/conf/rc.conf.d/jail</span> will be loaded. If + ⟨<var class="Ar">dir</var>⟩<span class="Pa">/rc.conf.d/</span>⟨<var class="Ar">name</var>⟩ + is a directory then all of the files in the directory will be loaded. See + also the <var class="Va">rc_conf_files</var> variable below.</p> +<p class="Pp">Options are set with + “<var class="Ar">name</var><code class="Li">=</code><var class="Ar">value</var>” + assignments that use <a class="Xr">sh(1)</a> syntax. The following list + provides a name and short description for each variable that can be set in + the <code class="Nm">rc.conf</code> file:</p> +<dl class="Bl-tag"> + <dt id="rc_debug"><var class="Va">rc_debug</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, enable output of debug + messages from rc scripts. This variable can be helpful in diagnosing + mistakes when editing or integrating new scripts. Beware that this + produces copious output to the terminal and + <a class="Xr">syslog(3)</a>.</dd> + <dt id="rc_info"><var class="Va">rc_info</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">NO</code>”, disable informational messages + from the rc scripts. Informational messages are displayed when a condition + that is not serious enough to warrant a warning or an error occurs.</dd> + <dt id="rc_startmsgs"><var class="Va">rc_startmsgs</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, show “Starting + foo:” when faststart is used (e.g., at boot time).</dd> + <dt id="early_late_divider"><var class="Va">early_late_divider</var></dt> + <dd>(<var class="Vt">str</var>) The name of the script that should be used as + the delimiter between the “early” and “late” + stages of the boot process. The early stage should contain all the + services needed to get the disks (local or remote) mounted so that the + late stage can include scripts contained in the directories listed in the + <var class="Va">local_startup</var> variable (see below). Thus, the two + likely candidates for this value are + <span class="Pa">mountcritlocal</span> for the typical system, and + <span class="Pa">mountcritremote</span> if the system needs remote file + systems mounted to get access to the <var class="Va">local_startup</var> + directories; for example when <span class="Pa">/usr/local</span> is NFS + mounted. For <span class="Pa">rc.conf</span> within a + <a class="Xr">jail(8)</a> <span class="Pa">NETWORKING</span> is likely to + be an appropriate value. Extreme care should be taken when changing this + value, and before changing it one should ensure that there are adequate + provisions to recover from a failed boot (such as physical contact with + the machine, or reliable remote console access).</dd> + <dt id="always_force_depends"><var class="Va">always_force_depends</var></dt> + <dd>(<var class="Vt">bool</var>) Various <span class="Pa">rc.d</span> scripts + use the force_depend function to check whether required services are + already running, and to start them if necessary. By default during boot + time this check is bypassed if the required service is enabled in + <span class="Pa">/etc/rc.conf[.local]</span>. Setting this option will + bypass that check at boot time and always test whether or not the service + is actually running. Enabling this option is likely to increase your boot + time if services are enabled that utilize the force_depend check.</dd> + <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_audit_user</var></dt> + <dd>(<var class="Vt">str</var>) A user name or UID to use as the + <a class="Xr">audit(4)</a> user for the service. Run the chrooted service + under this system group. By default, when an unprvileged user restarts a + service using a utility such as sudo or doas, the service's will audit + session will point to the unprivileged user, which may be undesirable. In + that case, this variable can be used to override the audit user using + <a class="Xr">setaudit(8)</a>.</dd> + <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_chroot</var></dt> + <dd>(<var class="Vt">str</var>) <a class="Xr">chroot(8)</a> to this directory + before running the service.</dd> + <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_cpuset</var></dt> + <dd>(<var class="Vt">str</var>) A list of CPUs to run the service on. Passed + to <a class="Xr">cpuset(1)</a> using the <code class="Fl">-l</code> + flag.</dd> + <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_fib</var></dt> + <dd>(<var class="Vt">int</var>) The <a class="Xr">setfib(1)</a> value to run + the service under.</dd> + <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_group</var></dt> + <dd>(<var class="Vt">str</var>) Unlike the + ⟨<var class="Ar">name</var>⟩<var class="Va">_user</var> + setting, this setting has no effect if the service is not chrooted.</dd> + <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_limits</var></dt> + <dd>(<var class="Vt">str</var>) Resource limits to apply to the service using + <a class="Xr">limits(1)</a>. By default, resource limits are based on the + login class defined in + ⟨<var class="Ar">name</var>⟩<var class="Va">_login_class</var>.</dd> + <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_login_class</var></dt> + <dd>(<var class="Vt">str</var>) Login class to be used with + ⟨<var class="Ar">name</var>⟩<var class="Va">_limits</var>. + Defaults to “<code class="Li">daemon</code>”.</dd> + <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_nice</var></dt> + <dd>(<var class="Vt">int</var>) The <a class="Xr">nice(1)</a> value to run the + service under.</dd> + <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_oomprotect</var></dt> + <dd>(<var class="Vt">str</var>) Use <a class="Xr">protect(1)</a> to prevent + the service from being killed when swap space is exhausted. Use + “<code class="Li">YES</code>” to protect only the service + itself, and “<code class="Li">ALL</code>” to protect the + service and all its child processes. + <p class="Pp">Please note that rc scripts which redefine</p> + <div class="Bd Bd-indent"><code class="Li">${argument}_cmd</code></div> + (see <a class="Xr">rc.subr(8)</a>) such as PostgreSQL will not inherit the + OOM killer protection. + <p class="Pp">This variable has no effect on services running within a + <a class="Xr">jail(8)</a>.</p> + </dd> + <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_setup</var></dt> + <dd>(<var class="Vt">str</var>) Run the specified setup script right before + starting the actual service command. Useful for automatic configuration + file generation.</dd> + <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_umask</var></dt> + <dd>(<var class="Vt">int</var>) Run the service using this + <a class="Xr">umask(1)</a> value.</dd> + <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_user</var></dt> + <dd>(<var class="Vt">str</var>) Run the service under this user account.</dd> + <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_svcj</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, auto-jail the service with + inherited filesystem and other jail properties depending on + ⟨<var class="Ar">name</var>⟩<var class="Va">_svcj_options</var>.</dd> + <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_svcj_ipaddrs</var></dt> + <dd>(<var class="Vt">str</var>) A list of IP addresses that the service jail + will be permitted to use. If this is not specified, the service jail will + be permitted to use all assigned IP addresses if networking is enabled in + the jail.</dd> + <dt>⟨<var class="Ar">name</var>⟩<var class="Va">_svcj_options</var></dt> + <dd>(<var class="Vt">str</var>) A list of jail properties for the service. See + <a class="Sx" href="#SERVICE_JAILS">SERVICE JAILS</a> for a list of valid + properties.</dd> + <dt id="apm_enable"><var class="Va">apm_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, enable support for Automatic + Power Management with the <a class="Xr">apm(8)</a> command.</dd> + <dt id="apmd_enable"><var class="Va">apmd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Run <a class="Xr">apmd(8)</a> to handle APM + event from userland. This also enables support for APM.</dd> + <dt id="apmd_flags"><var class="Va">apmd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">apmd_enable</var> is set to + “<code class="Li">YES</code>”, these are the flags to pass + to the <a class="Xr">apmd(8)</a> daemon.</dd> + <dt id="devd_enable"><var class="Va">devd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Run <a class="Xr">devd(8)</a> to handle + device added, removed or unknown events from the kernel.</dd> + <dt id="ddb_enable"><var class="Va">ddb_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Run <a class="Xr">ddb(8)</a> to install + <a class="Xr">ddb(4)</a> scripts at boot time.</dd> + <dt id="ddb_config"><var class="Va">ddb_config</var></dt> + <dd>(<var class="Vt">str</var>) Configuration file for + <a class="Xr">ddb(8)</a>. Default + <span class="Pa">/etc/ddb.conf</span>.</dd> + <dt id="devmatch_enable"><var class="Va">devmatch_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">NO</code>”, disable auto-loading of kernel + modules with <a class="Xr">devmatch(8)</a>.</dd> + <dt id="devmatch_blocklist"><var class="Va">devmatch_blocklist</var></dt> + <dd>(<var class="Vt">str</var>) A whitespace-separated list of kernel modules + to be ignored by <a class="Xr">devmatch(8)</a>. In addition, the + <a class="Xr">kenv(1)</a> <var class="Va">devmatch_blocklist</var> is + appended to this variable to allow disabling of + <a class="Xr">devmatch(8)</a> loaded modules from the boot loader.</dd> + <dt id="devmatch_blacklist"><var class="Va">devmatch_blacklist</var></dt> + <dd>(<var class="Vt">str</var>) This variable is deprecated. Use + <var class="Va">devmatch_blocklist</var> instead. A whitespace-separated + list of kernel modules to be ignored by + <a class="Xr">devmatch(8)</a>.</dd> + <dt id="kld_list"><var class="Va">kld_list</var></dt> + <dd>(<var class="Vt">str</var>) A whitespace-separated list of kernel modules + to load right after the local disks are mounted, without any + <span class="Pa">.ko</span> extension or path.</dd> + <dt id="kldxref_enable"><var class="Va">kldxref_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">NO</code>” by default. Set to + “<code class="Li">YES</code>” to automatically rebuild + <span class="Pa">linker.hints</span> files with + <a class="Xr">kldxref(8)</a> at boot time.</dd> + <dt id="kldxref_clobber"><var class="Va">kldxref_clobber</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">NO</code>” by default. If + <var class="Va">kldxref_enable</var> is true, setting to + “<code class="Li">YES</code>” will overwrite existing + <span class="Pa">linker.hints</span> files at boot time. Otherwise, only + missing <span class="Pa">linker.hints</span> files are generated.</dd> + <dt id="kldxref_module_path"><var class="Va">kldxref_module_path</var></dt> + <dd>(<var class="Vt">str</var>) Empty by default. A semi-colon + (‘<code class="Li">;</code>’) delimited list of paths + containing <a class="Xr">kld(4)</a> modules. If empty, the contents of the + <var class="Va">kern.module_path</var> <a class="Xr">sysctl(8)</a> are + used.</dd> + <dt id="powerd_enable"><var class="Va">powerd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, enable the system power + control facility with the <a class="Xr">powerd(8)</a> daemon.</dd> + <dt id="powerd_flags"><var class="Va">powerd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">powerd_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">powerd(8)</a> daemon.</dd> + <dt id="svcj_all_enable"><var class="Va">svcj_all_enable</var></dt> + <dd>Enable auto-jailing of all services which are not explicitly excluded. See + <a class="Sx" href="#SERVICE_JAILS">SERVICE JAILS</a> for more info.</dd> + <dt id="tmpmfs"><var class="Va">tmpmfs</var></dt> + <dd>Controls the creation of a <span class="Pa">/tmp</span> memory file + system. Always happens if set to + “<code class="Li">YES</code>” and never happens if set to + “<code class="Li">NO</code>”. If set to anything else, a + memory file system is created if <span class="Pa">/tmp</span> is not + writable.</dd> + <dt id="tmpsize"><var class="Va">tmpsize</var></dt> + <dd>Controls the size of a created <span class="Pa">/tmp</span> memory file + system.</dd> + <dt id="tmpmfs_flags"><var class="Va">tmpmfs_flags</var></dt> + <dd>Extra options passed to the <a class="Xr">mdmfs(8)</a> utility when the + memory file system for <span class="Pa">/tmp</span> is created. The + default is “<code class="Li">-S</code>”, which inhibits the + use of softupdates on <span class="Pa">/tmp</span> so that file system + space is freed without delay after file truncation or deletion. See + <a class="Xr">mdmfs(8)</a> for other options you can use in + <var class="Va">tmpmfs_flags</var>.</dd> + <dt id="varmfs"><var class="Va">varmfs</var></dt> + <dd>Controls the creation of a <span class="Pa">/var</span> memory file + system. Always happens if set to + “<code class="Li">YES</code>” and never happens if set to + “<code class="Li">NO</code>”. If set to anything else, a + memory file system is created if <span class="Pa">/var</span> is not + writable.</dd> + <dt id="varsize"><var class="Va">varsize</var></dt> + <dd>Controls the size of a created <span class="Pa">/var</span> memory file + system.</dd> + <dt id="varmfs_flags"><var class="Va">varmfs_flags</var></dt> + <dd>Extra options passed to the <a class="Xr">mdmfs(8)</a> utility when the + memory file system for <span class="Pa">/var</span> is created. The + default is “<code class="Li">-S</code>”, which inhibits the + use of softupdates on <span class="Pa">/var</span> so that file system + space is freed without delay after file truncation or deletion. See + <a class="Xr">mdmfs(8)</a> for other options you can use in + <var class="Va">varmfs_flags</var>.</dd> + <dt id="populate_var"><var class="Va">populate_var</var></dt> + <dd>Controls the automatic population of the <span class="Pa">/var</span> file + system. Always happens if set to + “<code class="Li">YES</code>” and never happens if set to + “<code class="Li">NO</code>”. If set to anything else, a + memory file system is created if <span class="Pa">/var</span> is not + writable. Note that this process requires access to certain commands in + <span class="Pa">/usr</span> before <span class="Pa">/usr</span> is + mounted on normal systems.</dd> + <dt id="cleanvar_enable"><var class="Va">cleanvar_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Clean the <span class="Pa">/var</span> + directory.</dd> + <dt id="var_run_enable"><var class="Va">var_run_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to "YES" to enable saving of + the <span class="Pa">/var/run</span> directory structure into an mtree + file at shutdown and the reload of the <span class="Pa">/var/run</span> + directory structure at boot.</dd> + <dt id="var_run_autosave"><var class="Va">var_run_autosave</var></dt> + <dd>(<var class="Vt">bool</var>) In some cases it may be undesirable to save + <span class="Pa">/var/run</span> at shutdown. When set to "NO" + <span class="Pa">/var/run</span> is loaded at reboot but not saved at + shutdown. Typically in this scenario ‘<code class="Li">service + var_run save</code>’ would be performed to save a copy of the + <span class="Pa">/var/run</span> directory structure once, to be reloaded + during all subsequent reboots.</dd> + <dt id="var_run_mtree"><var class="Va">var_run_mtree</var></dt> + <dd>(<var class="Vt">str</var>) Where to save the + <span class="Pa">/var/run</span> mtree. The default location is + <span class="Pa">/var/db/mtree/BSD.var-run.mtree</span>.</dd> + <dt id="local_startup"><var class="Va">local_startup</var></dt> + <dd>(<var class="Vt">str</var>) List of directories to search for startup + script files.</dd> + <dt id="script_name_sep"><var class="Va">script_name_sep</var></dt> + <dd>(<var class="Vt">str</var>) The field separator to use for breaking down + the list of startup script files into individual filenames. The default is + a space. It is not necessary to change this unless there are startup + scripts with names containing spaces.</dd> + <dt id="hostapd_enable"><var class="Va">hostapd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to start + <a class="Xr">hostapd(8)</a> at system boot time.</dd> + <dt id="hostname"><var class="Va">hostname</var></dt> + <dd>(<var class="Vt">str</var>) The fully qualified domain name (FQDN) of this + host on the network. This should almost certainly be set to something + meaningful, even if there is no network connection. If + <a class="Xr">dhclient(8)</a> is used to set the hostname via DHCP, this + variable should be set to an empty string. Within a + <a class="Xr">jail(8)</a> the hostname is generally already set and this + variable may be absent. If this value remains unset when the system is + done booting your console login will display the default hostname of + “Amnesiac”.</dd> + <dt id="nisdomainname"><var class="Va">nisdomainname</var></dt> + <dd>(<var class="Vt">str</var>) The NIS domain name of this host, or + “<code class="Li">NO</code>” if NIS is not used.</dd> + <dt id="hostid_enable"><var class="Va">hostid_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">NO</code>”, disable the generation or + saving of the <span class="Pa">hostid</span> and + <span class="Pa">machine-id</span> files at system boot and shutdown.</dd> + <dt id="hostid_file"><var class="Va">hostid_file</var></dt> + <dd>(<var class="Vt">str</var>) Path to the <span class="Pa">hostid</span> + file, default <span class="Pa">/etc/hostid</span>.</dd> + <dt id="hostid_uuidgen_flags"><var class="Va">hostid_uuidgen_flags</var></dt> + <dd>(<var class="Vt">str</var>) Flags passed to <a class="Xr">uuidgen(1)</a> + when generating a software host UUID. This is used only if the system + cannot determine a hardware UUID. Set to + “<code class="Li">-r</code>” by default.</dd> + <dt id="machine_id_file"><var class="Va">machine_id_file</var></dt> + <dd>(<var class="Vt">str</var>) Path to the <span class="Pa">machine-id</span> + file, default <span class="Pa">/etc/machine-id</span>.</dd> + <dt id="dhclient_program"><var class="Va">dhclient_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to the DHCP client program, defaulting to + <span class="Pa">/sbin/dhclient</span>.</dd> + <dt id="dhclient_flags"><var class="Va">dhclient_flags</var></dt> + <dd>(<var class="Vt">str</var>) Additional flags to pass to the DHCP client + program. See the <a class="Xr">dhclient(8)</a> manpage for a description + of the command line options available.</dd> + <dt id="dhclient_flags_"><var class="Va">dhclient_flags_</var>⟨<var class="Ar">iface</var>⟩</dt> + <dd>Additional flags to pass to the DHCP client program running on + <var class="Ar">iface</var> only. When specified, this variable overrides + <var class="Va">dhclient_flags</var>.</dd> + <dt id="background_dhclient"><var class="Va">background_dhclient</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to start the DHCP client in + background. This can cause trouble with applications depending on a + working network, but it will provide a faster startup in many cases.</dd> + <dt id="background_dhclient_"><var class="Va">background_dhclient_</var>⟨<var class="Ar">iface</var>⟩</dt> + <dd>When specified, this variable overrides the + <var class="Va">background_dhclient</var> variable for interface + <var class="Ar">iface</var> only.</dd> + <dt id="dhclient_arpwait"><var class="Va">dhclient_arpwait</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">NO</code>” to stop + <a class="Xr">dhclient(8)</a> from waiting for ARP resolution, to make the + system boot faster. This may be done on networks where the DHCP server is + certain to know whether an address is available.</dd> + <dt id="synchronous_dhclient"><var class="Va">synchronous_dhclient</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to start + <a class="Xr">dhclient(8)</a> synchronously at startup. This behavior can + be overridden on a per-interface basis by replacing the + “<code class="Li">DHCP</code>” keyword in the + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ + variable with “<code class="Li">SYNCDHCP</code>” or + “<code class="Li">NOSYNCDHCP</code>”.</dd> + <dt id="defaultroute_delay"><var class="Va">defaultroute_delay</var></dt> + <dd>(<var class="Vt">int</var>) When set to a positive value, wait up to this + long after configuring DHCP interfaces at startup to give the interfaces + time to receive a lease.</dd> + <dt id="firewall_enable"><var class="Va">firewall_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to load firewall rules at + startup. If the kernel was not built with <code class="Cd">options + IPFIREWALL</code>, the <span class="Pa">ipfw.ko</span> kernel module will + be loaded. See also <var class="Va">ipfilter_enable</var>.</dd> + <dt id="firewall_script"><var class="Va">firewall_script</var></dt> + <dd>(<var class="Vt">str</var>) This variable specifies the full path to the + firewall script to run. The default is + <span class="Pa">/etc/rc.firewall</span>.</dd> + <dt id="firewall_type"><var class="Va">firewall_type</var></dt> + <dd>(<var class="Vt">str</var>) Names the firewall type from the selection in + <span class="Pa">/etc/rc.firewall</span>, or the file which contains the + local firewall ruleset. Valid selections from + <span class="Pa">/etc/rc.firewall</span> are: + <p class="Pp"></p> + <dl class="Bl-tag Bl-compact"> + <dt id="open"><a class="permalink" href="#open"><code class="Li">open</code></a></dt> + <dd>unrestricted IP access</dd> + <dt id="closed"><a class="permalink" href="#closed"><code class="Li">closed</code></a></dt> + <dd>all IP services disabled, except via + “<code class="Li">lo0</code>”</dd> + <dt id="client"><a class="permalink" href="#client"><code class="Li">client</code></a></dt> + <dd>basic protection for a workstation</dd> + <dt id="workstation"><a class="permalink" href="#workstation"><code class="Li">workstation</code></a></dt> + <dd>basic protection for a workstation using stateful firewalling</dd> + <dt id="simple"><a class="permalink" href="#simple"><code class="Li">simple</code></a></dt> + <dd>basic protection for a LAN.</dd> + </dl> + <p class="Pp">If a filename is specified, the full path must be given.</p> + <p class="Pp">Most of the predefined rulesets define additional + configuration variables. These are documented in + <span class="Pa">/etc/rc.firewall</span>.</p> + </dd> + <dt id="firewall_quiet"><var class="Va">firewall_quiet</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to disable the display of + firewall rules on the console during boot.</dd> + <dt id="firewall_logging"><var class="Va">firewall_logging</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to enable firewall event + logging. This is equivalent to the + <code class="Dv">IPFIREWALL_VERBOSE</code> kernel option.</dd> + <dt id="firewall_logif"><var class="Va">firewall_logif</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to create pseudo interface + <code class="Li">ipfw0</code> for logging. For more details, see + <a class="Xr">ipfw(8)</a> manual page.</dd> + <dt id="firewall_flags"><var class="Va">firewall_flags</var></dt> + <dd>(<var class="Vt">str</var>) Flags passed to <a class="Xr">ipfw(8)</a> if + <var class="Va">firewall_type</var> specifies a filename.</dd> + <dt id="firewall_coscripts"><var class="Va">firewall_coscripts</var></dt> + <dd>(<var class="Vt">str</var>) List of executables and/or rc scripts to run + after firewall starts/stops. Default is empty.</dd> + <dt id="firewall_nat_enable"><var class="Va">firewall_nat_enable</var></dt> + <dd>(<var class="Vt">bool</var>) The <a class="Xr">ipfw(8)</a> equivalent of + <var class="Va">natd_enable</var>. Setting this to + “<code class="Li">YES</code>” will automatically load the + <a class="Xr">ipfw(8)</a> NAT kernel module if + <var class="Va">firewall_enable</var> is also set to + “<code class="Li">YES</code>”.</dd> + <dt id="firewall_nat_interface"><var class="Va">firewall_nat_interface</var></dt> + <dd>(<var class="Vt">str</var>) The <a class="Xr">ipfw(8)</a> equivalent of + <var class="Va">natd_interface</var>. This is the name of the public + interface or IP address on which kernel NAT should run.</dd> + <dt id="firewall_nat_flags"><var class="Va">firewall_nat_flags</var></dt> + <dd>(<var class="Vt">str</var>) Additional configuration parameters for kernel + NAT should be placed here.</dd> + <dt id="firewall_nat64_enable"><var class="Va">firewall_nat64_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Setting this to + “<code class="Li">YES</code>” will automatically load the + <a class="Xr">ipfw(8)</a> NAT64 kernel module if + <var class="Va">firewall_enable</var> is also set to + “<code class="Li">YES</code>”.</dd> + <dt id="firewall_nptv6_enable"><var class="Va">firewall_nptv6_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Setting this to + “<code class="Li">YES</code>” will automatically load the + <a class="Xr">ipfw(8)</a> NPTv6 kernel module if + <var class="Va">firewall_enable</var> is also set to + “<code class="Li">YES</code>”.</dd> + <dt id="firewall_pmod_enable"><var class="Va">firewall_pmod_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Setting this to + “<code class="Li">YES</code>” will automatically load the + <a class="Xr">ipfw(8)</a> pmod kernel module if + <var class="Va">firewall_enable</var> is also set to + “<code class="Li">YES</code>”.</dd> + <dt id="dummynet_enable"><var class="Va">dummynet_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Setting this to + “<code class="Li">YES</code>” will automatically load the + <a class="Xr">dummynet(4)</a> module if + <var class="Va">firewall_enable</var> is also set to + “<code class="Li">YES</code>”.</dd> + <dt id="ipfw_netflow_enable"><var class="Va">ipfw_netflow_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Setting this to + “<code class="Li">YES</code>” will enable netflow logging + via <a class="Xr">ng_netflow(4)</a>. + <p class="Pp">By default a ipfw rule is inserted and all packets are + duplicated with the ngtee command and netflow packets are sent to + 127.0.0.1 on the netflow port using protocol version 5.</p> + </dd> + <dt id="ipfw_netflow_hook"><var class="Va">ipfw_netflow_hook</var></dt> + <dd>(<var class="Vt">int</var>) netflow hook name, must be numerical (default + <span class="Pa">9995</span>).</dd> + <dt id="ipfw_netflow_rule"><var class="Va">ipfw_netflow_rule</var></dt> + <dd>(<var class="Vt">int</var>) ipfw rule number (default + <span class="Pa">1000</span>).</dd> + <dt id="ipfw_netflow_ip"><var class="Va">ipfw_netflow_ip</var></dt> + <dd>(<var class="Vt">str</var>) Destination server ip for receiving netflow + data (default <span class="Pa">127.0.0.1</span>).</dd> + <dt id="ipfw_netflow_port"><var class="Va">ipfw_netflow_port</var></dt> + <dd>(<var class="Vt">int</var>) Destination server port for receiving netflow + data (default <span class="Pa">9995</span>).</dd> + <dt id="ipfw_netflow_version"><var class="Va">ipfw_netflow_version</var></dt> + <dd>(<var class="Vt">int</var>) Do not set for using version 5 of the netflow + protocol, set it to 9 for using version 9.</dd> + <dt id="ipfw_netflow_fib"><var class="Va">ipfw_netflow_fib</var></dt> + <dd>(<var class="Vt">int</var>) Only match packet in FIB + <span class="Pa">ipfw_netflow_fib</span> (default is undefined meaning all + FIBs).</dd> + <dt id="natd_program"><var class="Va">natd_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">natd(8)</a>.</dd> + <dt id="natd_enable"><var class="Va">natd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to enable + <a class="Xr">natd(8)</a>. <var class="Va">firewall_enable</var> must also + be set to “<code class="Li">YES</code>”, and + <a class="Xr">divert(4)</a> sockets must be enabled in the kernel. If the + kernel was not built with <code class="Cd">options IPDIVERT</code>, the + <span class="Pa">ipdivert.ko</span> kernel module will be loaded.</dd> + <dt id="natd_interface"><var class="Va">natd_interface</var></dt> + <dd>(<var class="Vt">str</var>) This is the name of the public interface on + which <a class="Xr">natd(8)</a> should run. The interface may be given as + an interface name or as an IP address.</dd> + <dt id="natd_flags"><var class="Va">natd_flags</var></dt> + <dd>(<var class="Vt">str</var>) Additional <a class="Xr">natd(8)</a> flags + should be placed here. The <code class="Fl">-n</code> or + <code class="Fl">-a</code> flag is automatically added with the above + <var class="Va">natd_interface</var> as an argument.</dd> + <dt id="ipfilter_enable"><var class="Va">ipfilter_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">NO</code>” by default. Setting this to + “<code class="Li">YES</code>” enables + <a class="Xr">ipf(8)</a> packet filtering. + <p class="Pp">Typical usage will require putting</p> + <div class="Bd Pp Li"> + <pre>ipfilter_enable="YES" +ipnat_enable="YES" +ipmon_enable="YES" +ipfs_enable="YES"</pre> + </div> + <p class="Pp">into <span class="Pa">/etc/rc.conf</span> and editing + <span class="Pa">/etc/ipf.rules</span> and + <span class="Pa">/etc/ipnat.rules</span> appropriately.</p> + <p class="Pp">Note that <var class="Va">ipfilter_enable</var> and + <var class="Va">ipnat_enable</var> can be enabled independently. + <var class="Va">ipmon_enable</var> and <var class="Va">ipfs_enable</var> + both require at least one of <var class="Va">ipfilter_enable</var> and + <var class="Va">ipnat_enable</var> to be enabled.</p> + <p class="Pp">Having</p> + <div class="Bd Pp Li"> + <pre>options IPFILTER +options IPFILTER_LOG +options IPFILTER_DEFAULT_BLOCK</pre> + </div> + <p class="Pp">in the kernel configuration file is a good idea, too.</p> + </dd> + <dt id="ipfilter_program"><var class="Va">ipfilter_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">ipf(8)</a> (default + <span class="Pa">/sbin/ipf</span>).</dd> + <dt id="ipfilter_rules"><var class="Va">ipfilter_rules</var></dt> + <dd>(<var class="Vt">str</var>) Set to <span class="Pa">/etc/ipf.rules</span> + by default. This variable contains the name of the filter rule definition + file. The file is expected to be readable for the <a class="Xr">ipf(8)</a> + command to execute.</dd> + <dt id="ipfilter_flags"><var class="Va">ipfilter_flags</var></dt> + <dd>(<var class="Vt">str</var>) Empty by default. This variable contains flags + passed to the <a class="Xr">ipf(8)</a> program.</dd> + <dt id="ipnat_enable"><var class="Va">ipnat_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">NO</code>” by default. Set it to + “<code class="Li">YES</code>” to enable + <a class="Xr">ipnat(8)</a> network address translation. See + <var class="Va">ipfilter_enable</var> for a detailed discussion.</dd> + <dt id="ipnat_program"><var class="Va">ipnat_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">ipnat(8)</a> (default + <span class="Pa">/sbin/ipnat</span>).</dd> + <dt id="ipnat_rules"><var class="Va">ipnat_rules</var></dt> + <dd>(<var class="Vt">str</var>) Set to + <span class="Pa">/etc/ipnat.rules</span> by default. This variable + contains the name of the file holding the network address translation + definition. This file is expected to be readable for the + <a class="Xr">ipnat(8)</a> command to execute.</dd> + <dt id="ipnat_flags"><var class="Va">ipnat_flags</var></dt> + <dd>(<var class="Vt">str</var>) Empty by default. This variable contains flags + passed to the <a class="Xr">ipnat(8)</a> program.</dd> + <dt id="ipmon_enable"><var class="Va">ipmon_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">NO</code>” by default. Set it to + “<code class="Li">YES</code>” to enable + <a class="Xr">ipmon(8)</a> monitoring (logging <a class="Xr">ipf(8)</a> + and <a class="Xr">ipnat(8)</a> events). Setting this variable needs + setting <var class="Va">ipfilter_enable</var> or + <var class="Va">ipnat_enable</var> too. See + <var class="Va">ipfilter_enable</var> for a detailed discussion.</dd> + <dt id="ipmon_program"><var class="Va">ipmon_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">ipmon(8)</a> (default + <span class="Pa">/sbin/ipmon</span>).</dd> + <dt id="ipmon_flags"><var class="Va">ipmon_flags</var></dt> + <dd>(<var class="Vt">str</var>) Set to + “<code class="Li">-Ds</code>” by default. This variable + contains flags passed to the <a class="Xr">ipmon(8)</a> program. Another + typical example would be “<code class="Fl">-D</code> + <span class="Pa">/var/log/ipflog</span>” to have + <a class="Xr">ipmon(8)</a> log directly to a file bypassing + <a class="Xr">syslogd(8)</a>. Make sure to adjust + <span class="Pa">/etc/newsyslog.conf</span> in such case like this: + <div class="Bd Pp Li"> + <pre>/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid</pre> + </div> + </dd> + <dt id="ipfs_enable"><var class="Va">ipfs_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">NO</code>” by default. Set it to + “<code class="Li">YES</code>” to enable + <a class="Xr">ipfs(8)</a> saving the filter and NAT state tables during + shutdown and reloading them during startup again. Setting this variable + needs setting <var class="Va">ipfilter_enable</var> or + <var class="Va">ipnat_enable</var> to + “<code class="Li">YES</code>” too. See + <var class="Va">ipfilter_enable</var> for a detailed discussion. Note that + if <var class="Va">kern_securelevel</var> is set to 3, + <var class="Va">ipfs_enable</var> cannot be used because the raised + securelevel will prevent <a class="Xr">ipfs(8)</a> from saving the state + tables at shutdown time.</dd> + <dt id="ipfs_program"><var class="Va">ipfs_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">ipfs(8)</a> (default + <span class="Pa">/sbin/ipfs</span>).</dd> + <dt id="ipfs_flags"><var class="Va">ipfs_flags</var></dt> + <dd>(<var class="Vt">str</var>) Empty by default. This variable contains flags + passed to the <a class="Xr">ipfs(8)</a> program.</dd> + <dt id="pf_enable"><var class="Va">pf_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">NO</code>” by default. Setting this to + “<code class="Li">YES</code>” enables + <a class="Xr">pf(4)</a> packet filtering. + <p class="Pp">Typical usage will require putting</p> + <p class="Pp"></p> + <div class="Bd + Bd-indent"><code class="Li">pf_enable="YES"</code></div> + <p class="Pp">into <span class="Pa">/etc/rc.conf</span> and editing + <span class="Pa">/etc/pf.conf</span> appropriately. Adding</p> + <p class="Pp"></p> + <div class="Bd Bd-indent"><code class="Li">device pf</code></div> + <p class="Pp">builds support for <a class="Xr">pf(4)</a> into the kernel, + otherwise the kernel module will be loaded.</p> + </dd> + <dt id="pf_rules"><var class="Va">pf_rules</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">pf(4)</a> ruleset + configuration file (default <span class="Pa">/etc/pf.conf</span>).</dd> + <dt id="pf_program"><var class="Va">pf_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">pfctl(8)</a> (default + <span class="Pa">/sbin/pfctl</span>).</dd> + <dt id="pf_flags"><var class="Va">pf_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">pf_enable</var> is set to + “<code class="Li">YES</code>”, these flags are passed to the + <a class="Xr">pfctl(8)</a> program when loading the ruleset.</dd> + <dt id="pf_fallback_rules_enable"><var class="Va">pf_fallback_rules_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">NO</code>” by default. Setting this to + “<code class="Li">YES</code>” enables loading + <var class="Va">pf_fallback_rules_file</var> or + <var class="Va">pf_fallback_rules</var> in case of a problem when loading + the ruleset in <var class="Va">pf_rules</var>.</dd> + <dt id="pf_fallback_rules_file"><var class="Va">pf_fallback_rules_file</var></dt> + <dd>(<var class="Vt">str</var>) Path to a pf ruleset to load in case of + failure when loading the ruleset in <var class="Va">pf_rules</var> + (default <span class="Pa">/etc/pf-fallback.conf</span>).</dd> + <dt id="pf_fallback_rules"><var class="Va">pf_fallback_rules</var></dt> + <dd>(<var class="Vt">str</var>) A pf ruleset to load in case of failure when + loading the ruleset in <var class="Va">pf_rules</var> and + <var class="Va">pf_fallback_rules_file</var> is not found. Multiple rules + can be set as follows: + <div class="Bd Pp Li"> + <pre>pf_fallback_rules=" + block drop log all + pass in quick on em0" + + </pre> + </div> + The default fallback rule is “block drop log all”</dd> + <dt id="pflog_enable"><var class="Va">pflog_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">NO</code>” by default. Setting this to + “<code class="Li">YES</code>” enables + <a class="Xr">pflogd(8)</a> which logs packets from the + <a class="Xr">pf(4)</a> packet filter.</dd> + <dt id="pflog_logfile"><var class="Va">pflog_logfile</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">pflog_enable</var> is set + to “<code class="Li">YES</code>” this controls where + <a class="Xr">pflogd(8)</a> stores the logfile (default + <span class="Pa">/var/log/pflog</span>). Check + <span class="Pa">/etc/newsyslog.conf</span> to adjust logfile rotation for + this.</dd> + <dt id="pflog_program"><var class="Va">pflog_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">pflogd(8)</a> (default + <span class="Pa">/sbin/pflogd</span>).</dd> + <dt id="pflog_flags"><var class="Va">pflog_flags</var></dt> + <dd>(<var class="Vt">str</var>) Empty by default. This variable contains + additional flags passed to the <a class="Xr">pflogd(8)</a> program.</dd> + <dt id="pflog_instances"><var class="Va">pflog_instances</var></dt> + <dd>(<var class="Vt">str</var>) If logging to more than one + <a class="Xr">pflog(4)</a> interface is desired, + <var class="Va">pflog_instances</var> is set to the list of + <a class="Xr">pflogd(8)</a> instances that should be started at system + boot time. If <var class="Va">pflog_instances</var> is set, for each + whitespace-separated <var class="Ar">element</var> in the list, + ⟨<var class="Ar">element</var>⟩<var class="Va">_dev</var> + and + ⟨<var class="Ar">element</var>⟩<var class="Va">_logfile</var> + elements are assumed to exist. + ⟨<var class="Ar">element</var>⟩<var class="Va">_dev</var> + must contain the <a class="Xr">pflog(4)</a> interface to be watched by the + named <a class="Xr">pflogd(8)</a> instance. + ⟨<var class="Ar">element</var>⟩<var class="Va">_logfile</var> + must contain the name of the logfile that will be used by the + <a class="Xr">pflogd(8)</a> instance.</dd> + <dt id="ftpproxy_enable"><var class="Va">ftpproxy_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">NO</code>” by default. Setting this to + “<code class="Li">YES</code>” enables + <a class="Xr">ftp-proxy(8)</a> which supports the <a class="Xr">pf(4)</a> + packet filter in translating ftp connections.</dd> + <dt id="ftpproxy_flags"><var class="Va">ftpproxy_flags</var></dt> + <dd>(<var class="Vt">str</var>) Empty by default. This variable contains + additional flags passed to the <a class="Xr">ftp-proxy(8)</a> + program.</dd> + <dt id="ftpproxy_instances"><var class="Va">ftpproxy_instances</var></dt> + <dd>(<var class="Vt">str</var>) Empty by default. If multiple instances of + <a class="Xr">ftp-proxy(8)</a> are desired at boot time, + <var class="Va">ftpproxy_instances</var> should contain a + whitespace-separated list of instance names. For each + <var class="Ar">element</var> in the list, a variable named + ⟨<var class="Ar">element</var>⟩<var class="Va">_flags</var> + should be defined, containing the command-line flags to be passed to the + <a class="Xr">ftp-proxy(8)</a> instance.</dd> + <dt id="pfsync_enable"><var class="Va">pfsync_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">NO</code>” by default. Setting this to + “<code class="Li">YES</code>” enables exposing + <a class="Xr">pf(4)</a> state changes to other hosts over the network by + means of <a class="Xr">pfsync(4)</a>. The + <var class="Va">pfsync_syncdev</var> variable must also be set then.</dd> + <dt id="pfsync_syncdev"><var class="Va">pfsync_syncdev</var></dt> + <dd>(<var class="Vt">str</var>) Empty by default. This variable specifies the + name of the network interface <a class="Xr">pfsync(4)</a> should operate + through. It must be set accordingly if <var class="Va">pfsync_enable</var> + is set to “<code class="Li">YES</code>”.</dd> + <dt id="pfsync_syncpeer"><var class="Va">pfsync_syncpeer</var></dt> + <dd>(<var class="Vt">str</var>) Empty by default. This variable is optional. + By default, state change messages are sent out on the synchronisation + interface using IP multicast packets. The protocol is IP protocol 240, + PFSYNC, and the multicast group used is 224.0.0.240. When a peer address + is specified using the <var class="Va">pfsync_syncpeer</var> option, the + peer address is used as a destination for the pfsync traffic, and the + traffic can then be protected using <a class="Xr">ipsec(4)</a>. See the + <a class="Xr">pfsync(4)</a> manpage for more details about using + <a class="Xr">ipsec(4)</a> with <a class="Xr">pfsync(4)</a> + interfaces.</dd> + <dt id="pfsync_ifconfig"><var class="Va">pfsync_ifconfig</var></dt> + <dd>(<var class="Vt">str</var>) Empty by default. This variable can contain + additional options to be passed to the <a class="Xr">ifconfig(8)</a> + command used to set up <a class="Xr">pfsync(4)</a>.</dd> + <dt id="tcp_extensions"><var class="Va">tcp_extensions</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” by default. Setting this to + “<code class="Li">NO</code>” disables certain TCP options as + described by <cite class="Rs"><span class="RsT">RFC 1323</span>.</cite> + Setting this to “<code class="Li">NO</code>” might help + remedy such problems with connections as randomly hanging or other weird + behavior. Some network devices are known to be broken with respect to + these options.</dd> + <dt id="log_in_vain"><var class="Va">log_in_vain</var></dt> + <dd>(<var class="Vt">int</var>) Set to 0 by default. The + <a class="Xr">sysctl(8)</a> variables, + <var class="Va">net.inet.tcp.log_in_vain</var> and + <var class="Va">net.inet.udp.log_in_vain</var>, as described in + <a class="Xr">tcp(4)</a> and <a class="Xr">udp(4)</a>, are set to the + given value.</dd> + <dt id="tcp_keepalive"><var class="Va">tcp_keepalive</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” by default. Setting to + “<code class="Li">NO</code>” will disable probing idle TCP + connections to verify that the peer is still up and reachable.</dd> + <dt id="tcp_drop_synfin"><var class="Va">tcp_drop_synfin</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">NO</code>” by default. Setting to + “<code class="Li">YES</code>” will cause the kernel to + ignore TCP frames that have both the SYN and FIN flags set. This prevents + OS fingerprinting, but may break some legitimate applications.</dd> + <dt id="icmp_drop_redirect"><var class="Va">icmp_drop_redirect</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">AUTO</code>” by default. This setting will + be identical to “<code class="Li">YES</code>”, if a dynamic + routing daemon is enabled, because redirect processing may cause + performance issues for large routing tables. If no such service is + enabled, this setting behaves like a + “<code class="Li">NO</code>”. Setting to + “<code class="Li">YES</code>” will cause the kernel to + ignore ICMP REDIRECT packets. Setting to + “<code class="Li">NO</code>” will cause the kernel to + process ICMP REDIRECT packets. Refer to <a class="Xr">icmp(4)</a> for more + information.</dd> + <dt id="icmp_log_redirect"><var class="Va">icmp_log_redirect</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">NO</code>” by default. Setting to + “<code class="Li">YES</code>” will cause the kernel to log + ICMP REDIRECT packets. Note that the log messages are not rate-limited, so + this option should only be used for troubleshooting networks. Refer to + <a class="Xr">icmp(4)</a> for more information.</dd> + <dt id="icmp_bmcastecho"><var class="Va">icmp_bmcastecho</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to respond to broadcast or + multicast ICMP ping packets. Refer to <a class="Xr">icmp(4)</a> for more + information.</dd> + <dt id="ip_portrange_first"><var class="Va">ip_portrange_first</var></dt> + <dd>(<var class="Vt">int</var>) If not set to + “<code class="Li">NO</code>”, this is the first port in the + default portrange. Refer to <a class="Xr">ip(4)</a> for more + information.</dd> + <dt id="ip_portrange_last"><var class="Va">ip_portrange_last</var></dt> + <dd>(<var class="Vt">int</var>) If not set to + “<code class="Li">NO</code>”, this is the last port in the + default portrange. Refer to <a class="Xr">ip(4)</a> for more + information.</dd> + <dt id="network_interfaces"><var class="Va">network_interfaces</var></dt> + <dd>(<var class="Vt">str</var>) Set to the list of network interfaces to + configure on this host or “<code class="Li">AUTO</code>” + (the default) for all current interfaces. Setting the + <var class="Va">network_interfaces</var> variable to anything other than + the default is deprecated. Interfaces that the administrator wishes to + store configuration for, but not start at boot should be configured with + the “<code class="Li">NOAUTO</code>” keyword in their + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ + variables as described below. + <p class="Pp">An + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ + variable is assumed to exist for each value of + <var class="Ar">interface</var>. When an interface name contains any of + the characters “<code class="Li">.-/+</code>” they are + translated to “<code class="Li">_</code>” before lookup. + For example, the interface <var class="Va">em0.102</var> would be + configured using the variable + <var class="Va">ifconfig_em0_102</var>.</p> + <p class="Pp">The variable can contain arguments to + <a class="Xr">ifconfig(8)</a>, as well as special case-insensitive + keywords described below. Such keywords are removed before passing the + value to <a class="Xr">ifconfig(8)</a> while the order of the other + arguments is preserved.</p> + <p class="Pp">For example, to assign the IPv4 address 192.0.2.1/24 to the + interface em0:</p> + <div class="Bd Pp Li"> + <pre>ifconfig_em0="inet 192.0.2.1/24 up"</pre> + </div> + <p class="Pp">If the variable + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩<span class="Pa">_ipv6</span> + is set, then + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ + does not need to be set unless an IPv4 address should also be assigned + to the interface.</p> + <p class="Pp">It is possible to add IP alias entries using + <a class="Xr">ifconfig(8)</a> syntax with the address family keyword + such as <code class="Li">inet</code>. Assuming that the interface in + question was <code class="Li">em0</code>, it might look something like + this:</p> + <div class="Bd Pp Li"> + <pre>ifconfig_em0_alias0="inet 127.0.0.253/32" +ifconfig_em0_alias1="inet 127.0.0.254/32"</pre> + </div> + <p class="Pp">It also possible to configure multiple IP addresses in + Classless Inter-Domain Routing (CIDR) address notation, whose each + address component can be a range like <code class="Li">inet + 192.0.2.5-23/24</code> or <code class="Li">inet6 + 2001:db8:1-f::1/64</code>. This notation allows address and prefix + length part only, not the other address modifiers. Note that the maximum + number of the generated addresses from a range specification is limited + to an integer value specified in + <var class="Va">netif_ipexpand_max</var> in + <code class="Nm">rc.conf</code> because a small typo can unexpectedly + generate a large number of addresses. The default value is + <code class="Li">2048</code>. It can be increased by adding the + following line into <code class="Nm">rc.conf</code>:</p> + <div class="Bd Pp Li"> + <pre>netif_ipexpand_max="4096"</pre> + </div> + <p class="Pp">In the case of <code class="Li">192.0.2.5-23/24</code>, the + address 192.0.2.5 will be configured with the prefix length /24 and the + addresses 192.0.2.6 to 192.0.2.23 with the non-conflicting prefix length + /32 as explained in the <a class="Xr">ifconfig(8)</a> alias section. + Note that this special CIDR handling is only for + <code class="Li">inet</code>, not for the other address families such as + <code class="Li">inet6</code>.</p> + <p class="Pp">With the interface in question being + <code class="Li">em0</code>, an example could look like:</p> + <div class="Bd Pp Li"> + <pre>ifconfig_em0_alias2="inet 192.0.2.129/27" +ifconfig_em0_alias3="inet 192.0.2.1-5/28"</pre> + </div> + <p class="Pp">and so on.</p> + <p class="Pp">Note that deprecated + <var class="Va">ipv4_addrs_</var>⟨<var class="Ar">interface</var>⟩ + variable was supported for IPv4 CIDR address notation. The + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩<var class="Va">_alias</var>⟨<var class="Ar">n</var>⟩ + variable replaces it, though + <var class="Va">ipv4_addrs_</var>⟨<var class="Ar">interface</var>⟩ + is still supported for backward compatibility.</p> + <p class="Pp">For each + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩<var class="Va">_alias</var>⟨<var class="Ar">n</var>⟩ + entry with an address family keyword, its contents are passed to + <a class="Xr">ifconfig(8)</a>. Execution stops at the first unsuccessful + access, so if something like this is present:</p> + <div class="Bd Pp Li"> + <pre>ifconfig_em0_alias0="inet 127.0.0.251/32" +ifconfig_em0_alias1="inet 127.0.0.252/32" +ifconfig_em0_alias2="inet 127.0.0.253/32" +ifconfig_em0_alias4="inet 127.0.0.254/32"</pre> + </div> + <p class="Pp" id="not">Then note that alias4 would + <a class="permalink" href="#not"><i class="Em">not</i></a> be added + since the search would stop with the missing + “<code class="Li">alias3</code>” entry. Because of this + difficult to manage behavior, there is + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩<var class="Va">_aliases</var> + variable, which has the same functionality as + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩<var class="Va">_alias</var>⟨<var class="Ar">n</var>⟩ + and can have all of the entries in a variable like the following:</p> + <div class="Bd Pp Li"> + <pre>ifconfig_em0_aliases="\ + inet 127.0.0.251/32 \ + inet 127.0.0.252/32 \ + inet 127.0.0.253/32 \ + inet 127.0.0.254/32"</pre> + </div> + <p class="Pp">It also supports netmask notation for backward + compatibility.</p> + <p class="Pp">If the + <span class="Pa">/etc/start_if</span>.⟨<var class="Ar">interface</var>⟩ + file is present, it is read and executed by the <a class="Xr">sh(1)</a> + interpreter before configuring the interface as specified in the + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ + and + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩<var class="Va">_alias</var>⟨<var class="Ar">n</var>⟩ + variables.</p> + <p class="Pp">If a + <var class="Va">vlans_</var>⟨<var class="Ar">interface</var>⟩ + variable is set, a <a class="Xr">vlan(4)</a> interface will be created + for each item in the list with the <var class="Ar">vlandev</var> + argument set to <var class="Ar">interface</var>. If a vlan interface's + name is a number, then that number is used as the vlan tag and the new + vlan interface is named + <var class="Ar">interface</var>.<var class="Ar">tag</var>. Otherwise, + the vlan tag must be specified via a <var class="Va">vlan</var> + parameter in the + <var class="Va">create_args_</var>⟨<var class="Ar">interface</var>⟩ + variable.</p> + <p class="Pp">To create a vlan device named <code class="Li">em0.101</code> + on <code class="Li">em0</code> with the vlan tag 101 and the optional + IPv4 address 192.0.2.1/24:</p> + <div class="Bd Pp Li"> + <pre>vlans_em0="101" +ifconfig_em0_101="inet 192.0.2.1/24"</pre> + </div> + <p class="Pp">To create a vlan device named <code class="Li">myvlan</code> + on <code class="Li">em0</code> with the vlan tag 102:</p> + <div class="Bd Pp Li"> + <pre>vlans_em0="myvlan" +create_args_myvlan="vlan 102"</pre> + </div> + <p class="Pp">If a + <var class="Va">wlans_</var>⟨<var class="Ar">interface</var>⟩ + variable is set, an <a class="Xr">wlan(4)</a> interface will be created + for each item in the list with the <var class="Ar">wlandev</var> + argument set to <var class="Ar">interface</var>. Further wlan cloning + arguments may be passed to the <a class="Xr">ifconfig(8)</a> + <code class="Cm">create</code> command by setting the + <var class="Va">create_args_</var>⟨<var class="Ar">interface</var>⟩ + variable. One or more <a class="Xr">wlan(4)</a> devices must be created + for each wireless device as of <span class="Ux">FreeBSD 8.0</span>. + Debugging flags for <a class="Xr">wlan(4)</a> devices as set by + <a class="Xr">wlandebug(8)</a> may be specified with an + <var class="Va">wlandebug_</var>⟨<var class="Ar">interface</var>⟩ + variable. The contents of this variable will be passed directly to + <a class="Xr">wlandebug(8)</a>.</p> + <p class="Pp">If the + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ + contains the keyword “<code class="Li">NOAUTO</code>” then + the interface will not be configured at boot or by + <span class="Pa">/etc/pccard_ether</span> when + <var class="Va">network_interfaces</var> is set to + “<code class="Li">AUTO</code>”.</p> + <p class="Pp">It is possible to bring up an interface with DHCP by adding + “<code class="Li">DHCP</code>” to the + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ + variable. For instance, to initialize the <code class="Li">em0</code> + device via DHCP, it is possible to use something like:</p> + <div class="Bd Pp Li"> + <pre>ifconfig_em0="DHCP"</pre> + </div> + <p class="Pp">If you want to configure your wireless interface with + <a class="Xr">wpa_supplicant(8)</a> for use with WPA, EAP/LEAP or WEP, + you need to add “<code class="Li">WPA</code>” to the + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ + variable.</p> + <p class="Pp">On the other hand, if you want to configure your wireless + interface with <a class="Xr">hostapd(8)</a>, you need to add + “<code class="Li">HOSTAP</code>” to the + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ + variable. <a class="Xr">hostapd(8)</a> will use the settings from + <span class="Pa">/etc/hostapd-</span>⟨<var class="Ar">interface</var>⟩.conf</p> + <p class="Pp">Finally, you can add <a class="Xr">ifconfig(8)</a> options in + this variable, in addition to the + <span class="Pa">/etc/start_if</span>.⟨<var class="Ar">interface</var>⟩ + file. For instance, to configure an <a class="Xr">ath(4)</a> wireless + device in station mode with an address obtained via DHCP, using WPA + authentication and 802.11b mode, it is possible to use something + like:</p> + <div class="Bd Pp Li"> + <pre>wlans_ath0="wlan0" +ifconfig_wlan0="DHCP WPA mode 11b"</pre> + </div> + <p class="Pp">In addition to the + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ + form, a fallback variable <var class="Va">ifconfig_DEFAULT</var> may be + configured. It will be used for all interfaces with no + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩ + variable.</p> + <p class="Pp">It is also possible to rename an interface by doing:</p> + <div class="Bd Pp Li"> + <pre>ifconfig_em0_name="net0" +ifconfig_net0="inet 192.0.2.1/24"</pre> + </div> + </dd> + <dt id="ipv6_enable"><var class="Va">ipv6_enable</var></dt> + <dd>(<var class="Vt">bool</var>) This variable is deprecated. Use + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6 + and <var class="Va">ipv6_activate_all_interfaces</var> if necessary. + <p class="Pp">If the variable is + “<code class="Li">YES</code>”, + “<code class="Li">inet6 accept_rtadv</code>” is added to + all of + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6 + and the <var class="Va">ipv6_activate_all_interfaces</var> variable is + defined as “<code class="Li">YES</code>”.</p> + </dd> + <dt id="ipv6_prefer"><var class="Va">ipv6_prefer</var></dt> + <dd>(<var class="Vt">bool</var>) This variable is deprecated. Use + <var class="Va">ip6addrctl_policy</var> instead. + <p class="Pp">If the variable is + “<code class="Li">YES</code>”, the default address + selection policy table set by <a class="Xr">ip6addrctl(8)</a> will be + IPv6-preferred.</p> + <p class="Pp">If the variable is “<code class="Li">NO</code>”, + the default address selection policy table set by + <a class="Xr">ip6addrctl(8)</a> will be IPv4-preferred.</p> + </dd> + <dt id="ipv6_activate_all_interfaces"><var class="Va">ipv6_activate_all_interfaces</var></dt> + <dd>(<var class="Vt">bool</var>) This controls initial configuration on + IPv6-capable interfaces with no corresponding + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6 + variable. Note that it is not always necessary to set this variable to + “YES” to use IPv6 functionality on + <span class="Ux">FreeBSD</span>. In most cases, just configuring + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6 + variables works. + <p class="Pp">If the variable is “<code class="Li">NO</code>”, + all interfaces which do not have a corresponding + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6 + variable will be marked as + “<code class="Li">IFDISABLED</code>” at creation. This + means that all IPv6 functionality on that interface is completely + disabled to enforce a security policy. If the variable is set to + “YES”, the flag will be cleared on all of the + interfaces.</p> + <p class="Pp">In most cases, just defining an + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6 + for an IPv6-capable interface should be sufficient. However, if an + interface is added dynamically (by some tunneling protocols such as PPP, + for example), it is often difficult to define the variable in advance. + In such a case, configuring the + “<code class="Li">IFDISABLED</code>” flag can be disabled + by setting this variable to “YES”.</p> + <p class="Pp">For more details of the + “<code class="Li">IFDISABLED</code>” flag and keywords + “<code class="Li">inet6 ifdisabled</code>”, see + <a class="Xr">ifconfig(8)</a>.</p> + <p class="Pp">Default is “<code class="Li">NO</code>”.</p> + </dd> + <dt id="ipv6_privacy"><var class="Va">ipv6_privacy</var></dt> + <dd>(<var class="Vt">bool</var>) If the variable is + “<code class="Li">YES</code>” privacy addresses will be + generated for each IPv6 interface as described in RFC 4941.</dd> + <dt id="ipv6_network_interfaces"><var class="Va">ipv6_network_interfaces</var></dt> + <dd>(<var class="Vt">str</var>) This is the IPv6 equivalent of + <var class="Va">network_interfaces</var>. Normally manual configuration of + this variable is not needed.</dd> + <dt id="ipv6_cpe_wanif"><var class="Va">ipv6_cpe_wanif</var></dt> + <dd>(<var class="Vt">str</var>) If the variable is set to an interface name, + the <a class="Xr">ifconfig(8)</a> options “inet6 -no_radr + accept_rtadv” will be added to the specified interface + automatically before evaluating + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6, + and two <a class="Xr">sysctl(8)</a> variables + <var class="Va">net.inet6.ip6.rfc6204w3</var> and + <var class="Va">net.inet6.ip6.no_radr</var> will be set to 1. + <p class="Pp">This means the specified interface will accept ICMPv6 Router + Advertisement messages on that link and add the discovered routers into + the Default Router List. While the other interfaces can still accept RA + messages if the “inet6 accept_rtadv” option is specified, + adding routes into the Default Router List will be disabled by + “inet6 no_radr” option by default. See + <a class="Xr">ifconfig(8)</a> for more details.</p> + <p class="Pp">Note that ICMPv6 Router Advertisement messages will be + accepted even when <var class="Va">net.inet6.ip6.forwarding</var> is 1 + (packet forwarding is enabled) when + <var class="Va">net.inet6.ip6.rfc6204w3</var> is set to 1.</p> + <p class="Pp">Default is “<code class="Li">NO</code>”.</p> + </dd> + <dt id="ifconfig_"><var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_descr</dt> + <dd>(<var class="Vt">str</var>) This assigns arbitrary description to an + interface. The <a class="Xr">sysctl(8)</a> variable + <var class="Va">net.ifdescr_maxlen</var> limits its length. This static + setting may be overridden by commands started with dynamic interface + configuration utilities like <a class="Xr">dhclient(8)</a> hooks. The + description can be seen with <a class="Xr">ifconfig(8)</a> command and it + may be exported with <a class="Xr">bsnmpd(1)</a> daemon using its MIB-2 + module.</dd> + <dt id="ifconfig_~2"><var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6</dt> + <dd>(<var class="Vt">str</var>) IPv6 functionality on an interface should be + configured by + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6, + instead of setting ifconfig parameters in + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩. + If this variable is empty, all IPv6 configurations on the specified + interface by other variables such as + <var class="Va">ipv6_prefix_</var>⟨<var class="Ar">interface</var>⟩ + will be ignored. + <p class="Pp">Aliases should be set by + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩<var class="Va">_alias</var>⟨<var class="Ar">n</var>⟩ + with “<code class="Li">inet6</code>” keyword. For + example:</p> + <div class="Bd Pp Li"> + <pre>ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" +ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64"</pre> + </div> + <p class="Pp">Interfaces that have an “<code class="Li">inet6 + accept_rtadv</code>” keyword in + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6 + setting will be automatically configured by SLAAC (StateLess Address + AutoConfiguration) described in <cite class="Rs"><span class="RsT">RFC + 4862</span>.</cite></p> + <p class="Pp">Note that a link-local address will be automatically + configured in addition to the configured global-scope addresses because + the IPv6 specifications require it on each link. The address is + calculated from the MAC address by using an algorithm defined in + <cite class="Rs"><span class="RsT">RFC 4862</span>, + <span class="RsO">Section 5.3</span>.</cite></p> + <p class="Pp">If only a link-local address is needed on the interface, the + following configuration can be used:</p> + <div class="Bd Pp Li"> + <pre>ifconfig_em0_ipv6="inet6 auto_linklocal"</pre> + </div> + <p class="Pp">A link-local address can also be configured manually. This is + useful for the default router address of an IPv6 router so that it does + not change when the network interface card is replaced. For example:</p> + <div class="Bd Pp Li"> + <pre>ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64"</pre> + </div> + </dd> + <dt id="ipv6_prefix_"><var class="Va">ipv6_prefix_</var>⟨<var class="Ar">interface</var>⟩</dt> + <dd>(<var class="Vt">str</var>) If one or more prefixes are defined in + <var class="Va">ipv6_prefix_</var>⟨<var class="Ar">interface</var>⟩ + addresses based on each prefix and the EUI-64 interface index will be + configured on that interface. Note that this variable will be ignored when + <var class="Va">ifconfig_</var>⟨<var class="Ar">interface</var>⟩_ipv6 + is empty. + <p class="Pp">For example, the following configuration</p> + <div class="Bd Pp Li"> + <pre>ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"</pre> + </div> + <p class="Pp">is equivalent to the following:</p> + <div class="Bd Pp Li"> + <pre>ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" +ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" +ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" +ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"</pre> + </div> + <p class="Pp">These Subnet-Router anycast addresses will be added only when + <var class="Va">ipv6_gateway_enable</var> is YES.</p> + </dd> + <dt id="ipv6_default_interface"><var class="Va">ipv6_default_interface</var></dt> + <dd>(<var class="Vt">str</var>) If not set to + “<code class="Li">NO</code>”, this is the default output + interface for scoped addresses. This works only with + ipv6_gateway_enable="NO".</dd> + <dt id="ip6addrctl_enable"><var class="Va">ip6addrctl_enable</var></dt> + <dd>(<var class="Vt">bool</var>) This variable is to enable configuring + default address selection policy table (RFC 3484). The table can be + specified in another variable <var class="Va">ip6addrctl_policy</var>. For + <var class="Va">ip6addrctl_policy</var> the following keywords can be + specified: “<code class="Li">ipv4_prefer</code>”, + “<code class="Li">ipv6_prefer</code>”, or + “<code class="Li">AUTO</code>”. + <p class="Pp">If “<code class="Li">ipv4_prefer</code>” or + “<code class="Li">ipv6_prefer</code>” is specified, + <a class="Xr">ip6addrctl(8)</a> installs a pre-defined policy table + described in Section 10.3 (IPv4-preferred) or 2.1 (IPv6-preferred) of + RFC 3484.</p> + <p class="Pp">If “<code class="Li">AUTO</code>” is specified, + it attempts to read a file <span class="Pa">/etc/ip6addrctl.conf</span> + first. If this file is found, <a class="Xr">ip6addrctl(8)</a> reads and + installs it. If not found, a policy is automatically set according to + <var class="Va">ipv6_activate_all_interfaces</var> variable; if the + variable is set to “<code class="Li">YES</code>” the + IPv6-preferred one is used. Otherwise IPv4-preferred.</p> + <p class="Pp">The default value of <var class="Va">ip6addrctl_enable</var> + and <var class="Va">ip6addrctl_policy</var> are + “<code class="Li">YES</code>” and + “<code class="Li">AUTO</code>”, respectively.</p> + </dd> + <dt id="cloned_interfaces"><var class="Va">cloned_interfaces</var></dt> + <dd>(<var class="Vt">str</var>) Set to the list of clonable network interfaces + to create on this host. Further cloning arguments may be passed to the + <a class="Xr">ifconfig(8)</a> <code class="Cm">create</code> command for + each interface by setting the + <var class="Va">create_args_</var>⟨<var class="Ar">interface</var>⟩ + variable. If an interface name is specified with “:sticky” + keyword, the interface will not be destroyed even when + <span class="Pa">rc.d/netif</span> script is invoked with + “stop” argument. This is useful when reconfiguring the + interface without destroying it. Entries in + <var class="Va">cloned_interfaces</var> are automatically appended to + <var class="Va">network_interfaces</var> for configuration.</dd> + <dt id="cloned_interfaces_sticky"><var class="Va">cloned_interfaces_sticky</var></dt> + <dd>(<var class="Vt">bool</var>) This variable is to globally enable + functionality of “:sticky” keyword in + <var class="Va">cloned_interfaces</var> for all interfaces. The default + value is “NO”. Even if this variable is specified to + “YES”, “:nosticky” keyword can be used to + override it on per interface basis.</dd> + <dt id="gif_interfaces"><var class="Va">gif_interfaces</var></dt> + <dd>Set to the list of <a class="Xr">gif(4)</a> tunnel interfaces to configure + on this host. A + <var class="Va">gifconfig_</var>⟨<var class="Ar">interface</var>⟩ + variable is assumed to exist for each value of + <var class="Ar">interface</var>. The value of this variable is used to + configure the link layer of the tunnel using the + <code class="Cm">tunnel</code> option to <a class="Xr">ifconfig(8)</a>. + Additionally, this option ensures that each listed interface is created + via the <code class="Cm">create</code> option to + <a class="Xr">ifconfig(8)</a> before attempting to configure it. + <p class="Pp">For example, configure two <a class="Xr">gif(4)</a> interfaces + with:</p> + <div class="Bd Pp Li"> + <pre>gif_interfaces="gif0 gif1" +gifconfig_gif0="100.64.0.1 100.64.0.2" +ifconfig_gif0="inet 10.0.0.1/30 10.0.0.2" +gifconfig_gif1="inet6 2a00::1 2a01::1" +ifconfig_gif1="inet 10.1.0.1/30 10.1.0.2"</pre> + </div> + </dd> + <dt id="ppp_enable"><var class="Va">ppp_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">ppp(8)</a> daemon.</dd> + <dt id="ppp_profile"><var class="Va">ppp_profile</var></dt> + <dd>(<var class="Vt">str</var>) The name of the profile to use from + <span class="Pa">/etc/ppp/ppp.conf</span>. Also used for per-profile + overrides of <var class="Va">ppp_mode</var> and + <var class="Va">ppp_nat</var>, and + <var class="Va">ppp_</var>⟨<var class="Ar">profile</var>⟩_unit. + When the profile name contains any of the characters + “<code class="Li">.-/+</code>” they are translated to + “<code class="Li">_</code>” for the proposes of the override + variable names.</dd> + <dt id="ppp_mode"><var class="Va">ppp_mode</var></dt> + <dd>(<var class="Vt">str</var>) Mode in which to run the + <a class="Xr">ppp(8)</a> daemon.</dd> + <dt id="ppp_"><var class="Va">ppp_</var>⟨<var class="Ar">profile</var>⟩_mode</dt> + <dd>(<var class="Vt">str</var>) Overrides the global + <var class="Va">ppp_mode</var> for <var class="Ar">profile</var>. Accepted + modes are “<code class="Li">auto</code>”, + “<code class="Li">ddial</code>”, + “<code class="Li">direct</code>” and + “<code class="Li">dedicated</code>”. See the manual for a + full description.</dd> + <dt id="ppp_nat"><var class="Va">ppp_nat</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, enables network address + translation. Used in conjunction with <var class="Va">gateway_enable</var> + allows hosts on private network addresses access to the Internet using + this host as a network address translating router. Default is + “<code class="Li">YES</code>”.</dd> + <dt id="ppp_~2"><var class="Va">ppp_</var>⟨<var class="Ar">profile</var>⟩_nat</dt> + <dd>(<var class="Vt">str</var>) Overrides the global + <var class="Va">ppp_nat</var> for <var class="Ar">profile</var>.</dd> + <dt id="ppp_~3"><var class="Va">ppp_</var>⟨<var class="Ar">profile</var>⟩_unit</dt> + <dd>(<var class="Vt">int</var>) Set the unit number to be used for this + profile. See the manual description of + <code class="Fl">-unit</code><var class="Ar">N</var> for details.</dd> + <dt id="ppp_user"><var class="Va">ppp_user</var></dt> + <dd>(<var class="Vt">str</var>) The name of the user under which + <a class="Xr">ppp(8)</a> should be started. By default, + <a class="Xr">ppp(8)</a> is started as + “<code class="Li">root</code>”.</dd> + <dt id="rc_conf_files"><var class="Va">rc_conf_files</var></dt> + <dd>(<var class="Vt">str</var>) This option is used to specify a list of files + that will override the settings in + <span class="Pa">/etc/defaults/rc.conf</span>. The files will be read in + the order in which they are specified and should include the full path to + the file. By default, the files specified are + <span class="Pa">/etc/rc.conf</span> and + <span class="Pa">/etc/rc.conf.local</span>.</dd> + <dt id="zfs_enable"><var class="Va">zfs_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, + <span class="Pa">/etc/rc.d/zfs</span> will attempt to automatically mount + ZFS file systems and initialize ZFS volumes (ZVOLs).</dd> + <dt id="zpool_reguid"><var class="Va">zpool_reguid</var></dt> + <dd>(<var class="Vt">str</var>) A space-separated list of ZFS pool names for + which new pool GUIDs should be assigned upon first boot. This is useful + when using a ZFS pool copied from a template, such as a virtual machine + image.</dd> + <dt id="zpool_upgrade"><var class="Va">zpool_upgrade</var></dt> + <dd>(<var class="Vt">str</var>) A space-separated list of ZFS pool names for + which the version should be upgraded upon first boot. This is useful when + using a ZFS pool generated by the <a class="Xr">makefs(8)</a> + utility.</dd> + <dt id="gptboot_enable"><var class="Va">gptboot_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, + <span class="Pa">/etc/rc.d/gptboot</span> will log if the system + successfully (or not) booted from a GPT partition, which had the + <var class="Ar">bootonce</var> attribute set using + <a class="Xr">gpart(8)</a> utility.</dd> + <dt id="geli_devices"><var class="Va">geli_devices</var></dt> + <dd>(<var class="Vt">str</var>) List of devices to automatically attach on + boot. Note that .eli devices from <span class="Pa">/etc/fstab</span> are + automatically appended to this list.</dd> + <dt id="geli_groups"><var class="Va">geli_groups</var></dt> + <dd>(<var class="Vt">str</var>) List of groups containing devices to + automatically attach on boot with the same keyfiles and passphrase. This + must be accompanied with a corresponding + <var class="Va">geli_</var>⟨<var class="Ar">group</var>⟩<var class="Va">_devices</var> + variable.</dd> + <dt id="geli_tries"><var class="Va">geli_tries</var></dt> + <dd>(<var class="Vt">int</var>) Number of times user is asked for the + pass-phrase. If empty, it will be taken from + <var class="Va">kern.geom.eli.tries</var> sysctl variable.</dd> + <dt id="geli_default_flags"><var class="Va">geli_default_flags</var></dt> + <dd>(<var class="Vt">str</var>) Default flags to use by + <a class="Xr">geli(8)</a> when configuring disk encryption. Flags can be + configured for every device separately by defining the + <var class="Va">geli_</var>⟨<var class="Ar">device</var>⟩<var class="Va">_flags</var> + variable, and for every group separately by defining the + <var class="Va">geli_</var>⟨<var class="Ar">group</var>⟩<var class="Va">_flags</var> + variable.</dd> + <dt id="geli_autodetach"><var class="Va">geli_autodetach</var></dt> + <dd>(<var class="Vt">str</var>) Specifies if GELI devices should be marked for + detach on last close after file systems are mounted. Default is + “<code class="Li">YES</code>”. This can be changed for every + device separately by defining the + <var class="Va">geli_</var>⟨<var class="Ar">device</var>⟩<var class="Va">_autodetach</var> + variable.</dd> + <dt id="root_rw_mount"><var class="Va">root_rw_mount</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” by default. After the file + systems are checked at boot time, the root file system is remounted as + read-write if this is set to “<code class="Li">YES</code>”. + Diskless systems that mount their root file system from a read-only remote + NFS share should set this to “<code class="Li">NO</code>” in + their <span class="Pa">rc.conf</span>.</dd> + <dt id="fsck_y_enable"><var class="Va">fsck_y_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, <a class="Xr">fsck(8)</a> + will be run with the <code class="Fl">-y</code> flag if the initial preen + of the file systems fails.</dd> + <dt id="background_fsck"><var class="Va">background_fsck</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">NO</code>”, the system will not attempt to + run <a class="Xr">fsck(8)</a> in the background where possible.</dd> + <dt id="background_fsck_delay"><var class="Va">background_fsck_delay</var></dt> + <dd>(<var class="Vt">int</var>) The amount of time in seconds to sleep before + starting a background <a class="Xr">fsck(8)</a>. It defaults to sixty + seconds to allow large applications such as the X server to start before + disk I/O bandwidth is monopolized by <a class="Xr">fsck(8)</a>. If set to + a negative number, the background file system check will be delayed + indefinitely to allow the administrator to run it at a more convenient + time. For example it may be run from <a class="Xr">cron(8)</a> by adding a + line like + <p class="Pp"></p> + <div class="Bd Bd-indent"><code class="Li">0 4 * * * root /etc/rc.d/bgfsck + forcestart</code></div> + <p class="Pp">to <span class="Pa">/etc/crontab</span>.</p> + </dd> + <dt id="netfs_types"><var class="Va">netfs_types</var></dt> + <dd>(<var class="Vt">str</var>) List of file system types that are + network-based. This list should generally not be modified by end users. + Use <var class="Va">extra_netfs_types</var> instead.</dd> + <dt id="extra_netfs_types"><var class="Va">extra_netfs_types</var></dt> + <dd>(<var class="Vt">str</var>) If set to something other than + “<code class="Li">NO</code>” (the default), this variable + extends the list of file system types for which automatic mounting at + startup by <a class="Xr">rc(8)</a> should be delayed until the network is + initialized. It should contain a whitespace-separated list of network file + system descriptor pairs, each consisting of a file system type as passed + to <a class="Xr">mount(8)</a> and a human-readable, one-word description, + joined with a colon (‘<code class="Li">:</code>’). Extending + the default list in this way is only necessary when third party file + system types are used.</dd> + <dt id="syslogd_enable"><var class="Va">syslogd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">syslogd(8)</a> daemon. Note, the + <var class="Va">syslogd_oomprotect</var> variable is set to + “<code class="Li">YES</code>” by default in + <span class="Pa">/etc/defaults/rc.conf</span>.</dd> + <dt id="syslogd_program"><var class="Va">syslogd_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">syslogd(8)</a> (default + <span class="Pa">/usr/sbin/syslogd</span>).</dd> + <dt id="syslogd_flags"><var class="Va">syslogd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">syslogd_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to <a class="Xr">syslogd(8)</a>.</dd> + <dt id="inetd_enable"><var class="Va">inetd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">inetd(8)</a> daemon.</dd> + <dt id="inetd_program"><var class="Va">inetd_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">inetd(8)</a> (default + <span class="Pa">/usr/sbin/inetd</span>).</dd> + <dt id="inetd_flags"><var class="Va">inetd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">inetd_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to <a class="Xr">inetd(8)</a>.</dd> + <dt id="hastd_enable"><var class="Va">hastd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">hastd(8)</a> daemon.</dd> + <dt id="hastd_program"><var class="Va">hastd_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">hastd(8)</a> (default + <span class="Pa">/sbin/hastd</span>).</dd> + <dt id="hastd_flags"><var class="Va">hastd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">hastd_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to <a class="Xr">hastd(8)</a>.</dd> + <dt id="local_unbound_enable"><var class="Va">local_unbound_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">unbound(8)</a> daemon as a local caching DNS resolver. Note, + the <var class="Va">local_unbound_oomprotect</var> variable is set to + “<code class="Li">YES</code>” by default in + <span class="Pa">/etc/defaults/rc.conf</span>.</dd> + <dt id="nscd_enable"><var class="Va">nscd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to start the + <a class="Xr">nscd(8)</a> caching daemon for the + <code class="Nm">nsswitch</code> subsystem.</dd> + <dt id="nscd_flags"><var class="Va">nscd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">nscd_enable</var> is set to + “<code class="Li">YES</code>”, these flags are passed to + <a class="Xr">nscd(8)</a>.</dd> + <dt id="kdc_enable"><var class="Va">kdc_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to start a Kerberos 5 + authentication server at boot time.</dd> + <dt id="kdc_program"><var class="Va">kdc_program</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">kdc_enable</var> is set to + “<code class="Li">YES</code>” this is the path to Kerberos 5 + Authentication Server.</dd> + <dt id="kdc_flags"><var class="Va">kdc_flags</var></dt> + <dd>(<var class="Vt">str</var>) Empty by default. This variable contains + additional flags to be passed to the Kerberos 5 authentication + server.</dd> + <dt id="kadmind_enable"><var class="Va">kadmind_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to start + <a class="Xr">kadmind(8)</a>, the Kerberos 5 Administration Daemon; set to + “<code class="Li">NO</code>” on a slave server.</dd> + <dt id="kadmind_program"><var class="Va">kadmind_program</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">kadmind_enable</var> is set + to “<code class="Li">YES</code>” this is the path to + Kerberos 5 Administration Daemon.</dd> + <dt id="kpasswdd_enable"><var class="Va">kpasswdd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to start + <a class="Xr">kpasswdd(8)</a>, the Kerberos 5 Password-Changing Daemon; + set to “<code class="Li">NO</code>” on a slave server.</dd> + <dt id="kpasswdd_program"><var class="Va">kpasswdd_program</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">kpasswdd_enable</var> is + set to “<code class="Li">YES</code>” this is the path to + Kerberos 5 Password-Changing Daemon.</dd> + <dt id="kfd_enable"><var class="Va">kfd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to start + <a class="Xr">kfd(8)</a>, the Kerberos 5 ticket forwarding daemon, at the + boot time.</dd> + <dt id="kfd_program"><var class="Va">kfd_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">kfd(8)</a> (default + <span class="Pa">/usr/libexec/kfd</span>).</dd> + <dt id="rwhod_enable"><var class="Va">rwhod_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">rwhod(8)</a> daemon at boot time.</dd> + <dt id="rwhod_flags"><var class="Va">rwhod_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">rwhod_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to it.</dd> + <dt id="update_motd"><var class="Va">update_motd</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, + <span class="Pa">/var/run/motd</span> will be updated at boot time to + reflect the kernel release being run. If set to + “<code class="Li">NO</code>”, + <span class="Pa">/var/run/motd</span> will not be updated.</dd> + <dt id="nfs_client_enable"><var class="Va">nfs_client_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the NFS client daemons at + boot time.</dd> + <dt id="nfs_access_cache"><var class="Va">nfs_access_cache</var></dt> + <dd>(<var class="Vt">int</var>) If <var class="Va">nfs_client_enable</var> is + set to “<code class="Li">YES</code>”, this can be set to + “<code class="Li">0</code>” to disable NFS ACCESS RPC + caching, or to the number of seconds for which NFS ACCESS results should + be cached. A value of 2-10 seconds will substantially reduce network + traffic for many NFS operations.</dd> + <dt id="nfs_server_enable"><var class="Va">nfs_server_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the NFS server daemons at + boot time.</dd> + <dt id="nfs_server_flags"><var class="Va">nfs_server_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">nfs_server_enable</var> is + set to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">nfsd(8)</a> daemon.</dd> + <dt id="nfsv4_server_enable"><var class="Va">nfsv4_server_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If <var class="Va">nfs_server_enable</var> is + set to “<code class="Li">YES</code>” and + <var class="Va">nfsv4_server_enable</var> is set to + “<code class="Li">YES</code>”, enable the server for NFSv4 + as well as NFSv2 and NFSv3.</dd> + <dt id="nfsv4_server_only"><var class="Va">nfsv4_server_only</var></dt> + <dd>(<var class="Vt">bool</var>) If <var class="Va">nfs_server_enable</var> is + set to “<code class="Li">YES</code>” and + <var class="Va">nfsv4_server_only</var> is set to + “<code class="Li">YES</code>”, enable the NFS server for + NFSv4 only.</dd> + <dt id="nfs_server_maxio"><var class="Va">nfs_server_maxio</var></dt> + <dd>(<var class="Vt">int</var>) value to set vfs.nfsd.srvmaxio to, which is + the maximum I/O size for the NFS server.</dd> + <dt id="tlsclntd_enable"><var class="Va">tlsclntd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">rpc.tlsclntd(8)</a> daemon, which is needed for NFS-over-TLS + NFS mounts.</dd> + <dt id="tlsservd_enable"><var class="Va">tlsservd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">rpc.tlsservd(8)</a> daemon, which is needed for the + <a class="Xr">nfsd(8)</a> to support NFS-over-TLS NFS mounts.</dd> + <dt id="nfsuserd_enable"><var class="Va">nfsuserd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If <var class="Va">nfsuserd_enable</var> is + set to “<code class="Li">YES</code>”, run the nfsuserd + daemon, which is needed for NFSv4 in order to map between user/group names + vs uid/gid numbers. If <var class="Va">nfsv4_server_enable</var> is set to + “<code class="Li">YES</code>”, this will be forced + enabled.</dd> + <dt id="nfsuserd_flags"><var class="Va">nfsuserd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">nfsuserd_enable</var> is + set to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">nfsuserd(8)</a> daemon.</dd> + <dt id="nfscbd_enable"><var class="Va">nfscbd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If <var class="Va">nfscbd_enable</var> is set + to “<code class="Li">YES</code>”, run the nfscbd daemon, + which enables callbacks/delegations for the NFSv4 client.</dd> + <dt id="nfscbd_flags"><var class="Va">nfscbd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">nfscbd_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">nfscbd(8)</a> daemon.</dd> + <dt id="mountd_enable"><var class="Va">mountd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, and no + <var class="Va">nfs_server_enable</var> is set, start + <a class="Xr">mountd(8)</a>, but not <a class="Xr">nfsd(8)</a> daemon. It + is commonly needed to run CFS without real NFS used.</dd> + <dt id="mountd_flags"><var class="Va">mountd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">mountd_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">mountd(8)</a> daemon.</dd> + <dt id="weak_mountd_authentication"><var class="Va">weak_mountd_authentication</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, allow services like PCNFSD to + make non-privileged mount requests.</dd> + <dt id="nfs_reserved_port_only"><var class="Va">nfs_reserved_port_only</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, provide NFS services only on + a secure port.</dd> + <dt id="nfs_bufpackets"><var class="Va">nfs_bufpackets</var></dt> + <dd>(<var class="Vt">int</var>) If set to a number, indicates the number of + packets worth of socket buffer space to reserve on an NFS client. The + kernel default is typically 4. Using a higher number may be useful on + gigabit networks to improve performance. The minimum value is 2 and the + maximum is 64.</dd> + <dt id="rpc_lockd_enable"><var class="Va">rpc_lockd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>” and also an NFS server or + client, run <a class="Xr">rpc.lockd(8)</a> at boot time.</dd> + <dt id="rpc_lockd_flags"><var class="Va">rpc_lockd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">rpc_lockd_enable</var> is + set to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">rpc.lockd(8)</a> daemon.</dd> + <dt id="rpc_statd_enable"><var class="Va">rpc_statd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>” and also an NFS server or + client, run <a class="Xr">rpc.statd(8)</a> at boot time.</dd> + <dt id="rpc_statd_flags"><var class="Va">rpc_statd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">rpc_statd_enable</var> is + set to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">rpc.statd(8)</a> daemon.</dd> + <dt id="rpcbind_program"><var class="Va">rpcbind_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">rpcbind(8)</a> (default + <span class="Pa">/usr/sbin/rpcbind</span>).</dd> + <dt id="rpcbind_enable"><var class="Va">rpcbind_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">rpcbind(8)</a> service at boot time.</dd> + <dt id="rpcbind_flags"><var class="Va">rpcbind_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">rpcbind_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">rpcbind(8)</a> daemon.</dd> + <dt id="pppoed_enable"><var class="Va">pppoed_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">pppoed(8)</a> daemon at boot time to provide PPP over + Ethernet services.</dd> + <dt id="pppoed_"><var class="Va">pppoed_</var>⟨<var class="Ar">provider</var>⟩</dt> + <dd>(<var class="Vt">str</var>) <a class="Xr">pppoed(8)</a> listens to + requests to this <var class="Ar">provider</var> and ultimately runs + <a class="Xr">ppp(8)</a> with a <var class="Ar">system</var> argument of + the same name.</dd> + <dt id="pppoed_flags"><var class="Va">pppoed_flags</var></dt> + <dd>(<var class="Vt">str</var>) Additional flags to pass to + <a class="Xr">pppoed(8)</a>.</dd> + <dt id="pppoed_interface"><var class="Va">pppoed_interface</var></dt> + <dd>(<var class="Vt">str</var>) The network interface to run + <a class="Xr">pppoed(8)</a> on. This is mandatory when + <var class="Va">pppoed_enable</var> is set to + “<code class="Li">YES</code>”.</dd> + <dt id="ntpdate_enable"><var class="Va">ntpdate_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run + <a class="Xr">ntpdate(8)</a> at system startup. This command is intended + to synchronize the system clock only + <a class="permalink" href="#once"><i class="Em" id="once">once</i></a> + from some standard reference. + <p class="Pp">Note that the use of the + <var class="Va">ntpd_sync_on_start</var> variable is a preferred + alternative to the <a class="Xr">ntpdate(8)</a> utility as + <a class="Xr">ntpdate(8)</a> is to be retired from the NTP + distribution.</p> + </dd> + <dt id="ntpdate_config"><var class="Va">ntpdate_config</var></dt> + <dd>(<var class="Vt">str</var>) Configuration file for + <a class="Xr">ntpdate(8)</a>. Default + <span class="Pa">/etc/ntp.conf</span>.</dd> + <dt id="ntpdate_hosts"><var class="Va">ntpdate_hosts</var></dt> + <dd>(<var class="Vt">str</var>) A whitespace-separated list of NTP servers to + synchronize with at startup. The default is to use the servers listed in + <var class="Va">ntpdate_config</var>, if that file exists.</dd> + <dt id="ntpdate_program"><var class="Va">ntpdate_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">ntpdate(8)</a> (default + <span class="Pa">/usr/sbin/ntpdate</span>).</dd> + <dt id="ntpdate_flags"><var class="Va">ntpdate_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">ntpdate_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">ntpdate(8)</a> command (typically a + hostname).</dd> + <dt id="ntpd_enable"><var class="Va">ntpd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">ntpd(8)</a> command at boot time.</dd> + <dt id="ntpd_program"><var class="Va">ntpd_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">ntpd(8)</a> (default + <span class="Pa">/usr/sbin/ntpd</span>).</dd> + <dt id="ntpd_config"><var class="Va">ntpd_config</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">ntpd(8)</a> + configuration file. Default <span class="Pa">/etc/ntp.conf</span>.</dd> + <dt id="ntpd_flags"><var class="Va">ntpd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">ntpd_enable</var> is set to + “<code class="Li">YES</code>”, these are the flags to pass + to the <a class="Xr">ntpd(8)</a> daemon.</dd> + <dt id="ntpd_sync_on_start"><var class="Va">ntpd_sync_on_start</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, <a class="Xr">ntpd(8)</a> is + run with the <code class="Fl">-g</code> flag, which syncs the system's + clock on startup. See <a class="Xr">ntpd(8)</a> for more information + regarding the <code class="Fl">-g</code> option. This is a preferred + alternative to using <a class="Xr">ntpdate(8)</a> or specifying the + <var class="Va">ntpdate_enable</var> variable.</dd> + <dt id="nis_client_enable"><var class="Va">nis_client_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">ypbind(8)</a> service at system boot time.</dd> + <dt id="nis_client_flags"><var class="Va">nis_client_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">nis_client_enable</var> is + set to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">ypbind(8)</a> service.</dd> + <dt id="nis_ypldap_enable"><var class="Va">nis_ypldap_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">ypldap(8)</a> daemon at system boot time.</dd> + <dt id="nis_ypldap_flags"><var class="Va">nis_ypldap_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">nis.ypldap_enable</var> is + set to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">ypldap(8)</a> daemon.</dd> + <dt id="nis_ypset_enable"><var class="Va">nis_ypset_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">ypset(8)</a> daemon at system boot time.</dd> + <dt id="nis_ypset_flags"><var class="Va">nis_ypset_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">nis_ypset_enable</var> is + set to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">ypset(8)</a> daemon.</dd> + <dt id="nis_server_enable"><var class="Va">nis_server_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">ypserv(8)</a> daemon at system boot time.</dd> + <dt id="nis_server_flags"><var class="Va">nis_server_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">nis_server_enable</var> is + set to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">ypserv(8)</a> daemon.</dd> + <dt id="nis_ypxfrd_enable"><var class="Va">nis_ypxfrd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">rpc.ypxfrd(8)</a> daemon at system boot time.</dd> + <dt id="nis_ypxfrd_flags"><var class="Va">nis_ypxfrd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">nis_ypxfrd_enable</var> is + set to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">rpc.ypxfrd(8)</a> daemon.</dd> + <dt id="nis_yppasswdd_enable"><var class="Va">nis_yppasswdd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">rpc.yppasswdd(8)</a> daemon at system boot time.</dd> + <dt id="nis_yppasswdd_flags"><var class="Va">nis_yppasswdd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">nis_yppasswdd_enable</var> + is set to “<code class="Li">YES</code>”, these are the flags + to pass to the <a class="Xr">rpc.yppasswdd(8)</a> daemon.</dd> + <dt id="rpc_ypupdated_enable"><var class="Va">rpc_ypupdated_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <code class="Nm">rpc.ypupdated</code> daemon at system boot time.</dd> + <dt id="bsnmpd_enable"><var class="Va">bsnmpd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">bsnmpd(1)</a> daemon at system boot time. Be sure to + understand the security implications of running an SNMP daemon on your + host.</dd> + <dt id="bsnmpd_flags"><var class="Va">bsnmpd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">bsnmpd_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">bsnmpd(1)</a> daemon.</dd> + <dt id="defaultrouter"><var class="Va">defaultrouter</var></dt> + <dd>(<var class="Vt">str</var>) If not set to + “<code class="Li">NO</code>”, create a default route to this + host name or IP address (use an IP address if this router is also required + to get to the name server!).</dd> + <dt id="defaultrouter_fibN"><var class="Va">defaultrouter_fibN</var></dt> + <dd>(<var class="Vt">str</var>) If not set to + “<code class="Li">NO</code>”, create a default route in FIB + N to this host name or IP address.</dd> + <dt id="ipv6_defaultrouter"><var class="Va">ipv6_defaultrouter</var></dt> + <dd>(<var class="Vt">str</var>) The IPv6 equivalent of + <var class="Va">defaultrouter</var>.</dd> + <dt id="ipv6_defaultrouter_fibN"><var class="Va">ipv6_defaultrouter_fibN</var></dt> + <dd>(<var class="Vt">str</var>) The IPv6 equivalent of + <var class="Va">defaultrouter_fibN</var>.</dd> + <dt id="static_arp_pairs"><var class="Va">static_arp_pairs</var></dt> + <dd>(<var class="Vt">str</var>) Set to the list of static ARP pairs that are + to be added at system boot time. For each whitespace separated + <var class="Ar">element</var> in the value, a + <var class="Va">static_arp_</var>⟨<var class="Ar">element</var>⟩ + variable is assumed to exist whose contents will later be passed to a + “<code class="Nm">arp</code> <code class="Cm">-S</code>” + operation. For example + <div class="Bd Pp Li"> + <pre>static_arp_pairs="gw" +static_arp_gw="192.168.1.1 00:01:02:03:04:05"</pre> + </div> + </dd> + <dt id="static_ndp_pairs"><var class="Va">static_ndp_pairs</var></dt> + <dd>(<var class="Vt">str</var>) Set to the list of static NDP pairs that are + to be added at system boot time. For each whitespace separated + <var class="Ar">element</var> in the value, a + <var class="Va">static_ndp_</var>⟨<var class="Ar">element</var>⟩ + variable is assumed to exist whose contents will later be passed to a + “<code class="Nm">ndp</code> <code class="Cm">-s</code>” + operation. For example + <div class="Bd Pp Li"> + <pre>static_ndp_pairs="gw" +static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"</pre> + </div> + </dd> + <dt id="static_routes"><var class="Va">static_routes</var></dt> + <dd>(<var class="Vt">str</var>) Set to the list of static routes that are to + be added at system boot time. If not set to + “<code class="Li">NO</code>” then for each whitespace + separated <var class="Ar">element</var> in the value, a + <var class="Va">route_</var>⟨<var class="Ar">element</var>⟩ + variable is assumed to exist whose contents will later be passed to a + “<code class="Nm">route</code> <code class="Cm">add</code>” + operation. For example: + <div class="Bd Pp Li"> + <pre>static_routes="ext mcast:gif0 gif0local:gif0" +route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" +route_mcast="-net 224.0.0.0/4 -iface gif0" +route_gif0local="-host 169.254.1.1 -iface lo0"</pre> + </div> + <p class="Pp">When an <var class="Ar">element</var> is in the form of + <code class="Li">name:ifname</code>, the route is specific to the + interface <code class="Li">ifname</code>.</p> + </dd> + <dt id="ipv6_static_routes"><var class="Va">ipv6_static_routes</var></dt> + <dd>(<var class="Vt">str</var>) The IPv6 equivalent of + <var class="Va">static_routes</var>. If not set to + “<code class="Li">NO</code>” then for each whitespace + separated <var class="Ar">element</var> in the value, a + <var class="Va">ipv6_route_</var>⟨<var class="Ar">element</var>⟩ + variable is assumed to exist whose contents will later be passed to a + “<code class="Nm">route</code> <code class="Cm">add</code> + <code class="Fl">-inet6</code>” operation.</dd> + <dt id="gateway_enable"><var class="Va">gateway_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, configure host to act as an + IP router, e.g. to forward packets between interfaces.</dd> + <dt id="ipv6_gateway_enable"><var class="Va">ipv6_gateway_enable</var></dt> + <dd>(<var class="Vt">bool</var>) The IPv6 equivalent of + <var class="Va">gateway_enable</var>.</dd> + <dt id="routed_enable"><var class="Va">routed_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run a routing daemon of some + sort, based on the settings of <var class="Va">routed_program</var> and + <var class="Va">routed_flags</var>.</dd> + <dt id="route6d_enable"><var class="Va">route6d_enable</var></dt> + <dd>(<var class="Vt">bool</var>) The IPv6 equivalent of + <var class="Va">routed_enable</var>. If set to + “<code class="Li">YES</code>”, run a routing daemon of some + sort, based on the settings of <var class="Va">route6d_program</var> and + <var class="Va">route6d_flags</var>.</dd> + <dt id="routed_program"><var class="Va">routed_program</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">routed_enable</var> is set + to “<code class="Li">YES</code>”, this is the name of the + routing daemon to use. The default is <a class="Xr">routed(8)</a>.</dd> + <dt id="route6d_program"><var class="Va">route6d_program</var></dt> + <dd>(<var class="Vt">str</var>) The IPv6 equivalent of + <var class="Va">routed_program</var>. The default is + <a class="Xr">route6d(8)</a>.</dd> + <dt id="routed_flags"><var class="Va">routed_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">routed_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to the routing daemon.</dd> + <dt id="route6d_flags"><var class="Va">route6d_flags</var></dt> + <dd>(<var class="Vt">str</var>) The IPv6 equivalent of + <var class="Va">routed_flags</var>.</dd> + <dt id="rtadvd_enable"><var class="Va">rtadvd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">rtadvd(8)</a> daemon at boot time. The + <a class="Xr">rtadvd(8)</a> utility sends ICMPv6 Router Advertisement + messages to the interfaces specified in + <var class="Va">rtadvd_interfaces</var>. This should only be enabled with + great care. You may want to fine-tune + <a class="Xr">rtadvd.conf(5)</a>.</dd> + <dt id="rtadvd_flags"><var class="Va">rtadvd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">rtadvd_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to <a class="Xr">rtadvd(8)</a>.</dd> + <dt id="rtadvd_interfaces"><var class="Va">rtadvd_interfaces</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">rtadvd_enable</var> is set + to “<code class="Li">YES</code>” this is the list of + interfaces to use.</dd> + <dt id="arpproxy_all"><var class="Va">arpproxy_all</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, enable global proxy ARP.</dd> + <dt id="forward_sourceroute"><var class="Va">forward_sourceroute</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>” and + <var class="Va">gateway_enable</var> is also set to + “<code class="Li">YES</code>”, source-routed packets are + forwarded.</dd> + <dt id="accept_sourceroute"><var class="Va">accept_sourceroute</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, the system will accept + source-routed packets directed at it.</dd> + <dt id="rarpd_enable"><var class="Va">rarpd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">rarpd(8)</a> daemon at system boot time.</dd> + <dt id="rarpd_flags"><var class="Va">rarpd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">rarpd_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">rarpd(8)</a> daemon.</dd> + <dt id="bootparamd_enable"><var class="Va">bootparamd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">bootparamd(8)</a> daemon at system boot time.</dd> + <dt id="bootparamd_flags"><var class="Va">bootparamd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">bootparamd_enable</var> is + set to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">bootparamd(8)</a> daemon.</dd> + <dt id="stf_interface_ipv4addr"><var class="Va">stf_interface_ipv4addr</var></dt> + <dd>(<var class="Vt">str</var>) If not set to + “<code class="Li">NO</code>”, this is the local IPv4 address + for 6to4 (IPv6 over IPv4 tunneling interface). Specify this entry to + enable the 6to4 interface.</dd> + <dt id="stf_interface_ipv4plen"><var class="Va">stf_interface_ipv4plen</var></dt> + <dd>(<var class="Vt">int</var>) Prefix length for 6to4 IPv4 addresses, to + limit peer address range. An effective value is 0-31.</dd> + <dt id="stf_interface_ipv6_ifid"><var class="Va">stf_interface_ipv6_ifid</var></dt> + <dd>(<var class="Vt">str</var>) IPv6 interface ID for + <a class="Xr">stf(4)</a>. This can be set to + “<code class="Li">AUTO</code>”.</dd> + <dt id="stf_interface_ipv6_slaid"><var class="Va">stf_interface_ipv6_slaid</var></dt> + <dd>(<var class="Vt">str</var>) IPv6 Site Level Aggregator for + <a class="Xr">stf(4)</a>.</dd> + <dt id="ipv6_ipv4mapping"><var class="Va">ipv6_ipv4mapping</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>” this enables IPv4 mapped IPv6 + address communication (like <code class="Li">::ffff:a.b.c.d</code>).</dd> + <dt id="rtsold_enable"><var class="Va">rtsold_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to enable the + <a class="Xr">rtsold(8)</a> daemon to send ICMPv6 Router Solicitation + messages.</dd> + <dt id="rtsold_flags"><var class="Va">rtsold_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">rtsold_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to <a class="Xr">rtsold(8)</a>.</dd> + <dt id="rtsol_flags"><var class="Va">rtsol_flags</var></dt> + <dd>(<var class="Vt">str</var>) For interfaces configured with the + “<code class="Li">inet6 accept_rtadv</code>” keyword, these + are the flags to pass to <a class="Xr">rtsol(8)</a>. + <p class="Pp">Note that <var class="Va">rtsold_enable</var> is mutually + exclusive to <var class="Va">rtsol_flags</var>; + <var class="Va">rtsold_enable</var> takes precedence.</p> + </dd> + <dt id="keybell"><var class="Va">keybell</var></dt> + <dd>(<var class="Vt">str</var>) The keyboard bell sound. Set to + “<code class="Li">normal</code>”, + “<code class="Li">visual</code>”, + “<code class="Li">off</code>”, or + “<code class="Li">NO</code>” if the default behavior is + desired. For details, refer to the <a class="Xr">kbdcontrol(1)</a> + manpage.</dd> + <dt id="keyboard"><var class="Va">keyboard</var></dt> + <dd>(<var class="Vt">str</var>) If set to a non-null string, the virtual + console's keyboard input is set to this device.</dd> + <dt id="keymap"><var class="Va">keymap</var></dt> + <dd>(<var class="Vt">str</var>) If set to + “<code class="Li">NO</code>”, no keymap is installed, + otherwise the value is used to install the keymap file found in + <span class="Pa">/usr/share/syscons/keymaps/</span>⟨<var class="Ar">value</var>⟩<span class="Pa">.kbd</span> + (if using <a class="Xr">syscons(4)</a>) or + <span class="Pa">/usr/share/vt/keymaps/</span>⟨<var class="Ar">value</var>⟩<span class="Pa">.kbd</span> + (if using <a class="Xr">vt(4)</a>).</dd> + <dt id="keyrate"><var class="Va">keyrate</var></dt> + <dd>(<var class="Vt">str</var>) The keyboard repeat speed. Set to + “<code class="Li">slow</code>”, + “<code class="Li">normal</code>”, + “<code class="Li">fast</code>”, or + “<code class="Li">NO</code>” if the default behavior is + desired.</dd> + <dt id="keychange"><var class="Va">keychange</var></dt> + <dd>(<var class="Vt">str</var>) If not set to + “<code class="Li">NO</code>”, attempt to program the + function keys with the value. The value should be a single string of the + form: “<var class="Ar">funkey_number new_value</var> + [<var class="Ar">funkey_number new_value ...</var>]”.</dd> + <dt id="cursor"><var class="Va">cursor</var></dt> + <dd>(<var class="Vt">str</var>) Can be set to the value of + “<code class="Li">normal</code>”, + “<code class="Li">blink</code>”, + “<code class="Li">destructive</code>”, or + “<code class="Li">NO</code>” to set the cursor behavior + explicitly or choose the default behavior.</dd> + <dt id="scrnmap"><var class="Va">scrnmap</var></dt> + <dd>(<var class="Vt">str</var>) If set to + “<code class="Li">NO</code>”, no screen map is installed, + otherwise the value is used to install the screen map file in + <span class="Pa">/usr/share/syscons/scrnmaps/</span>⟨<var class="Ar">value</var>⟩. + This parameter is ignored when using <a class="Xr">vt(4)</a> as the + console driver.</dd> + <dt id="font8x16"><var class="Va">font8x16</var></dt> + <dd>(<var class="Vt">str</var>) If set to + “<code class="Li">NO</code>”, the default 8x16 font value is + used for screen size requests, otherwise the value in + <span class="Pa">/usr/share/syscons/fonts/</span>⟨<var class="Ar">value</var>⟩ + or + <span class="Pa">/usr/share/vt/fonts/</span>⟨<var class="Ar">value</var>⟩ + is used (depending on the console driver being used).</dd> + <dt id="font8x14"><var class="Va">font8x14</var></dt> + <dd>(<var class="Vt">str</var>) If set to + “<code class="Li">NO</code>”, the default 8x14 font value is + used for screen size requests, otherwise the value in + <span class="Pa">/usr/share/syscons/fonts/</span>⟨<var class="Ar">value</var>⟩ + or + <span class="Pa">/usr/share/vt/fonts/</span>⟨<var class="Ar">value</var>⟩ + is used (depending on the console driver being used).</dd> + <dt id="font8x8"><var class="Va">font8x8</var></dt> + <dd>(<var class="Vt">str</var>) If set to + “<code class="Li">NO</code>”, the default 8x8 font value is + used for screen size requests, otherwise the value in + <span class="Pa">/usr/share/syscons/fonts/</span>⟨<var class="Ar">value</var>⟩ + or + <span class="Pa">/usr/share/vt/fonts/</span>⟨<var class="Ar">value</var>⟩ + is used (depending on the console driver being used).</dd> + <dt id="blanktime"><var class="Va">blanktime</var></dt> + <dd>(<var class="Vt">int</var>) If set to + “<code class="Li">NO</code>”, the default screen blanking + interval is used, otherwise it is set to <var class="Ar">value</var> + seconds.</dd> + <dt id="saver"><var class="Va">saver</var></dt> + <dd>(<var class="Vt">str</var>) If not set to + “<code class="Li">NO</code>”, this is the actual screen + saver to use (<code class="Li">blank</code>, + <code class="Li">snake</code>, <code class="Li">daemon</code>, etc).</dd> + <dt id="moused_nondefault_enable"><var class="Va">moused_nondefault_enable</var></dt> + <dd>(<var class="Vt">str</var>) If set to + “<code class="Li">NO</code>”, the mouse device specified on + the command line is not automatically treated as enabled by the + <span class="Pa">/etc/rc.d/moused</span> script. Having this variable set + to “<code class="Li">YES</code>” allows a + <a class="Xr">usb(4)</a> mouse, for example, to be enabled as soon as it + is plugged in.</dd> + <dt id="moused_enable"><var class="Va">moused_enable</var></dt> + <dd>(<var class="Vt">str</var>) If set to + “<code class="Li">YES</code>”, the + <a class="Xr">moused(8)</a> daemon is started for doing cut/paste + selection on the console.</dd> + <dt id="moused_type"><var class="Va">moused_type</var></dt> + <dd>(<var class="Vt">str</var>) This is the protocol type of the mouse + connected to this host. This variable must be set if + <var class="Va">moused_enable</var> is set to + “<code class="Li">YES</code>”, but defaults to + “<code class="Li">auto</code>” as the + <a class="Xr">moused(8)</a> daemon is able to detect the appropriate mouse + type automatically in many cases. Set this variable to one from the + following list if the automatic detection fails. + <p class="Pp">If the mouse is attached to the PS/2 mouse port, choose + “<code class="Li">auto</code>” or + “<code class="Li">ps/2</code>”, regardless of the brand + and model of the mouse. Likewise, if the mouse is attached to the bus + mouse port, choose “<code class="Li">auto</code>” or + “<code class="Li">busmouse</code>”. All other protocols + are for serial mice and will not work with the PS/2 and bus mice. If + this is a USB mouse, “<code class="Li">auto</code>” is the + only protocol type which will work.</p> + <p class="Pp"></p> + <dl class="Bl-tag Bl-compact"> + <dt id="microsoft"><a class="permalink" href="#microsoft"><code class="Li">microsoft</code></a></dt> + <dd>Microsoft mouse (serial)</dd> + <dt id="intellimouse"><a class="permalink" href="#intellimouse"><code class="Li">intellimouse</code></a></dt> + <dd>Microsoft IntelliMouse (serial)</dd> + <dt id="mousesystems"><a class="permalink" href="#mousesystems"><code class="Li">mousesystems</code></a></dt> + <dd>Mouse systems Corp. mouse (serial)</dd> + <dt id="mmseries"><a class="permalink" href="#mmseries"><code class="Li">mmseries</code></a></dt> + <dd>MM Series mouse (serial)</dd> + <dt id="logitech"><a class="permalink" href="#logitech"><code class="Li">logitech</code></a></dt> + <dd>Logitech mouse (serial)</dd> + <dt id="busmouse"><a class="permalink" href="#busmouse"><code class="Li">busmouse</code></a></dt> + <dd>A bus mouse</dd> + <dt id="mouseman"><a class="permalink" href="#mouseman"><code class="Li">mouseman</code></a></dt> + <dd>Logitech MouseMan and TrackMan (serial)</dd> + <dt id="glidepoint"><a class="permalink" href="#glidepoint"><code class="Li">glidepoint</code></a></dt> + <dd>ALPS GlidePoint (serial)</dd> + <dt id="thinkingmouse"><a class="permalink" href="#thinkingmouse"><code class="Li">thinkingmouse</code></a></dt> + <dd>Kensington ThinkingMouse (serial)</dd> + <dt id="ps/2"><a class="permalink" href="#ps/2"><code class="Li">ps/2</code></a></dt> + <dd>PS/2 mouse</dd> + <dt id="mmhittab"><a class="permalink" href="#mmhittab"><code class="Li">mmhittab</code></a></dt> + <dd>MM HitTablet (serial)</dd> + <dt id="x10mouseremote"><a class="permalink" href="#x10mouseremote"><code class="Li">x10mouseremote</code></a></dt> + <dd>X10 MouseRemote (serial)</dd> + <dt id="versapad"><a class="permalink" href="#versapad"><code class="Li">versapad</code></a></dt> + <dd>Interlink VersaPad (serial)</dd> + </dl> + <p class="Pp">Even if the mouse is not in the above list, it may be + compatible with one in the list. Refer to the manual page for + <a class="Xr">moused(8)</a> for compatibility information.</p> + <p class="Pp">It should also be noted that while this is enabled, any other + client of the mouse (such as an X server) should access the mouse + through the virtual mouse device, <span class="Pa">/dev/sysmouse</span>, + and configure it as a “<code class="Li">sysmouse</code>” + type mouse, since all mouse data is converted to this single canonical + format when using <a class="Xr">moused(8)</a>. If the client program + does not support the “<code class="Li">sysmouse</code>” + type, specify the “<code class="Li">mousesystems</code>” + type. It is the second preferred type.</p> + </dd> + <dt id="moused_port"><var class="Va">moused_port</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">moused_enable</var> is set + to “<code class="Li">YES</code>”, this is the actual port + the mouse is on. It might be <span class="Pa">/dev/cuau0</span> for a COM1 + serial mouse, or <span class="Pa">/dev/psm0</span> for a PS/2 mouse, for + example.</dd> + <dt id="moused_flags"><var class="Va">moused_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">moused_flags</var> is set, + its value is used as an additional set of flags to pass to the + <a class="Xr">moused(8)</a> daemon.</dd> + <dt id="moused_"><var class="Va">moused_</var><var class="Ar">XXX</var><var class="Va">_flags</var></dt> + <dd>When <var class="Va">moused_nondefault_enable</var> is enabled, and a + <a class="Xr">moused(8)</a> daemon is started for a non-default port, the + <var class="Va">moused_</var><var class="Ar">XXX</var><var class="Va">_flags</var> + set of options has precedence over and replaces the default + <var class="Va">moused_flags</var> (where <var class="Ar">XXX</var> is the + name of the non-default port, i.e., <var class="Ar">ums0</var>). By + setting + <var class="Va">moused_</var><var class="Ar">XXX</var><var class="Va">_flags</var> + it is possible to set up a different set of default flags for each + <a class="Xr">moused(8)</a> instance. For example, you can use + “<code class="Li">-3</code>” for the default + <var class="Va">moused_flags</var> to make your laptop's touchpad more + comfortable to use, but an empty set of options for + <var class="Va">moused_ums0_flags</var> when your <a class="Xr">usb(4)</a> + mouse has three or more buttons.</dd> + <dt id="mousechar_start"><var class="Va">mousechar_start</var></dt> + <dd>(<var class="Vt">int</var>) If set to + “<code class="Li">NO</code>”, the default mouse cursor + character range <code class="Li">0xd0</code>-<code class="Li">0xd3</code> + is used, otherwise the range start is set to <var class="Ar">value</var> + character, see <a class="Xr">vidcontrol(1)</a>. Use if the default range + is occupied in the language code table.</dd> + <dt id="allscreens_flags"><var class="Va">allscreens_flags</var></dt> + <dd>(<var class="Vt">str</var>) If set, <a class="Xr">vidcontrol(1)</a> is run + with these options for each of the virtual terminals + (<span class="Pa">/dev/ttyv*</span>). For example, + “<code class="Fl">-m</code> <code class="Cm">on</code>” will + enable the mouse pointer on all virtual terminals if + <var class="Va">moused_enable</var> is set to + “<code class="Li">YES</code>”.</dd> + <dt id="allscreens_kbdflags"><var class="Va">allscreens_kbdflags</var></dt> + <dd>(<var class="Vt">str</var>) If set, <a class="Xr">kbdcontrol(1)</a> is run + with these options for each of the virtual terminals + (<span class="Pa">/dev/ttyv*</span>). For example, + “<code class="Fl">-h</code> <code class="Li">200</code>” + will set the <a class="Xr">syscons(4)</a> or <a class="Xr">vt(4)</a> + scrollback (history) buffer to 200 lines.</dd> + <dt id="cron_enable"><var class="Va">cron_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">cron(8)</a> daemon at system boot time.</dd> + <dt id="cron_program"><var class="Va">cron_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">cron(8)</a> (default + <span class="Pa">/usr/sbin/cron</span>).</dd> + <dt id="cron_flags"><var class="Va">cron_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">cron_enable</var> is set to + “<code class="Li">YES</code>”, these are the flags to pass + to <a class="Xr">cron(8)</a>.</dd> + <dt id="cron_dst"><var class="Va">cron_dst</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, enable the special handling + of transitions to and from the Daylight Saving Time in + <a class="Xr">cron(8)</a> (equivalent to using the flag + <code class="Fl">-s</code>).</dd> + <dt id="lpd_program"><var class="Va">lpd_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">lpd(8)</a> (default + <span class="Pa">/usr/sbin/lpd</span>).</dd> + <dt id="lpd_enable"><var class="Va">lpd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">lpd(8)</a> daemon at system boot time.</dd> + <dt id="lpd_flags"><var class="Va">lpd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">lpd_enable</var> is set to + “<code class="Li">YES</code>”, these are the flags to pass + to the <a class="Xr">lpd(8)</a> daemon.</dd> + <dt id="chkprintcap_enable"><var class="Va">chkprintcap_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">chkprintcap(8)</a> command before starting the + <a class="Xr">lpd(8)</a> daemon.</dd> + <dt id="chkprintcap_flags"><var class="Va">chkprintcap_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">lpd_enable</var> and + <var class="Va">chkprintcap_enable</var> are set to + “<code class="Li">YES</code>”, these are the flags to pass + to the <a class="Xr">chkprintcap(8)</a> program. The default is + “<code class="Li">-d</code>”, which causes missing + directories to be created.</dd> + <dt id="dumpdev"><var class="Va">dumpdev</var></dt> + <dd>(<var class="Vt">str</var>) Indicates the device (usually a swap + partition) to which a crash dump should be written in the event of a + system crash. If the value of this variable is + “<code class="Li">AUTO</code>”, the first suitable swap + device listed in <span class="Pa">/etc/fstab</span> will be used as dump + device. Otherwise, the value of this variable is passed as the argument to + <a class="Xr">dumpon(8)</a> and <a class="Xr">savecore(8)</a>. To disable + crash dumps, set this variable to + “<code class="Li">NO</code>”.</dd> + <dt id="dumpon_flags"><var class="Va">dumpon_flags</var></dt> + <dd>(<var class="Vt">str</var>) Flags to pass to <a class="Xr">dumpon(8)</a> + when configuring <var class="Va">dumpdev</var> as the system dump + device.</dd> + <dt id="dumpdir"><var class="Va">dumpdir</var></dt> + <dd>(<var class="Vt">str</var>) When the system reboots after a crash and a + crash dump is found on the device specified by the + <var class="Va">dumpdev</var> variable, <a class="Xr">savecore(8)</a> will + save that crash dump and a copy of the kernel to the directory specified + by the <var class="Va">dumpdir</var> variable. The default value is + <span class="Pa">/var/crash</span>. Set to + “<code class="Li">NO</code>” to not run + <a class="Xr">savecore(8)</a> at boot time when + <var class="Va">dumpdir</var> is set.</dd> + <dt id="savecore_enable"><var class="Va">savecore_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">NO</code>”, disable automatic extraction + of the crash dump from the <var class="Va">dumpdev</var>.</dd> + <dt id="savecore_flags"><var class="Va">savecore_flags</var></dt> + <dd>(<var class="Vt">str</var>) If crash dumps are enabled, these are the + flags to pass to the <a class="Xr">savecore(8)</a> utility.</dd> + <dt id="quota_enable"><var class="Va">quota_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to turn on user and group disk + quotas on system startup via the <a class="Xr">quotaon(8)</a> command for + all file systems marked as having quotas enabled in + <span class="Pa">/etc/fstab</span>. The kernel must be built with + <code class="Cd">options QUOTA</code> for disk quotas to function.</dd> + <dt id="check_quotas"><var class="Va">check_quotas</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to enable user and group disk + quota checking via the <a class="Xr">quotacheck(8)</a> command.</dd> + <dt id="quotacheck_flags"><var class="Va">quotacheck_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">quota_enable</var> is set + to “<code class="Li">YES</code>”, and + <var class="Va">check_quotas</var> is set to + “<code class="Li">YES</code>”, these are the flags to pass + to the <a class="Xr">quotacheck(8)</a> utility. The default is + “<code class="Li">-a</code>”, which checks quotas for all + file systems with quotas enabled in + <span class="Pa">/etc/fstab</span>.</dd> + <dt id="quotaon_flags"><var class="Va">quotaon_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">quota_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">quotaon(8)</a> utility. The default is + “<code class="Li">-a</code>”, which enables quotas for all + file systems with quotas enabled in + <span class="Pa">/etc/fstab</span>.</dd> + <dt id="quotaoff_flags"><var class="Va">quotaoff_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">quota_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">quotaoff(8)</a> utility when shutting down the + quota system. The default is “<code class="Li">-a</code>”, + which disables quotas for all file systems with quotas enabled in + <span class="Pa">/etc/fstab</span>.</dd> + <dt id="accounting_enable"><var class="Va">accounting_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to enable system accounting + through the <a class="Xr">accton(8)</a> facility.</dd> + <dt id="firstboot_sentinel"><var class="Va">firstboot_sentinel</var></dt> + <dd>(<var class="Vt">str</var>) This variable specifies the full path to a + “first boot” sentinel file. If a file exists with this path, + <span class="Pa">rc.d</span> scripts with the “firstboot” + keyword will be run on startup and the sentinel file will be deleted after + the boot process completes. The sentinel file must be located on a + writable file system which is mounted no later than + <var class="Va">early_late_divider</var> to function properly. The default + is <span class="Pa">/firstboot</span>.</dd> + <dt id="linux_enable"><var class="Va">linux_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to enable Linux/ELF binary + emulation at system initial boot time.</dd> + <dt id="sysvipc_enable"><var class="Va">sysvipc_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, load System V IPC primitives + at boot time.</dd> + <dt id="clear_tmp_enable"><var class="Va">clear_tmp_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to have + <span class="Pa">/tmp</span> cleaned at startup.</dd> + <dt id="clear_tmp_X"><var class="Va">clear_tmp_X</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">NO</code>” to disable removing of X11 lock + files, and the removal and (secure) recreation of the various socket + directories for X11 related programs.</dd> + <dt id="ldconfig_paths"><var class="Va">ldconfig_paths</var></dt> + <dd>(<var class="Vt">str</var>) Set to the list of shared library paths to use + with <a class="Xr">ldconfig(8)</a>. NOTE: <span class="Pa">/lib</span> and + <span class="Pa">/usr/lib</span> will always be added first, so they need + not appear in this list.</dd> + <dt id="ldconfig32_paths"><var class="Va">ldconfig32_paths</var></dt> + <dd>(<var class="Vt">str</var>) Set to the list of 32-bit compatibility shared + library paths to use with <a class="Xr">ldconfig(8)</a>.</dd> + <dt id="ldconfig_insecure"><var class="Va">ldconfig_insecure</var></dt> + <dd>(<var class="Vt">bool</var>) The <a class="Xr">ldconfig(8)</a> utility + normally refuses to use directories which are writable by anyone except + root. Set this variable to “<code class="Li">YES</code>” to + disable that security check during system startup.</dd> + <dt id="ldconfig_local_dirs"><var class="Va">ldconfig_local_dirs</var></dt> + <dd>(<var class="Vt">str</var>) Set to the list of local + <a class="Xr">ldconfig(8)</a> directories. The names of all files in the + directories listed will be passed as arguments to + <a class="Xr">ldconfig(8)</a>.</dd> + <dt id="ldconfig_local32_dirs"><var class="Va">ldconfig_local32_dirs</var></dt> + <dd>(<var class="Vt">str</var>) Set to the list of local 32-bit compatibility + <a class="Xr">ldconfig(8)</a> directories. The names of all files in the + directories listed will be passed as arguments to + “<code class="Nm">ldconfig</code> + <code class="Fl">-32</code>”.</dd> + <dt id="kern_securelevel_enable"><var class="Va">kern_securelevel_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to set the kernel security + level at system startup.</dd> + <dt id="kern_securelevel"><var class="Va">kern_securelevel</var></dt> + <dd>(<var class="Vt">int</var>) The kernel security level to set at startup. + The allowed range of <var class="Ar">value</var> ranges from -1 (the + compile time default) to 3 (the most secure). See + <a class="Xr">security(7)</a> for the list of possible security levels and + their effect on system operation.</dd> + <dt id="sshd_program"><var class="Va">sshd_program</var></dt> + <dd>(<var class="Vt">str</var>) Path to the SSH server program + (<span class="Pa">/usr/sbin/sshd</span> is the default).</dd> + <dt id="sshd_enable"><var class="Va">sshd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to start + <a class="Xr">sshd(8)</a> at system boot time. Note, the + <var class="Va">sshd_oomprotect</var> variable is set to + “<code class="Li">YES</code>” by default in + <span class="Pa">/etc/defaults/rc.conf</span>.</dd> + <dt id="sshd_flags"><var class="Va">sshd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">sshd_enable</var> is set to + “<code class="Li">YES</code>”, these are the flags to pass + to the <a class="Xr">sshd(8)</a> daemon.</dd> + <dt id="watchdogd_enable"><var class="Va">watchdogd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, start the + <a class="Xr">watchdogd(8)</a> daemon at boot time. This requires that the + kernel have been compiled with a <a class="Xr">watchdog(4)</a> compatible + device.</dd> + <dt id="watchdogd_flags"><var class="Va">watchdogd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">watchdogd_enable</var> is + set to “<code class="Li">YES</code>”, these are the flags + passed to the <a class="Xr">watchdogd(8)</a> daemon.</dd> + <dt id="watchdogd_timeout"><var class="Va">watchdogd_timeout</var></dt> + <dd>(<var class="Vt">int</var>) If <var class="Va">watchdogd_enable</var> is + set to “<code class="Li">YES</code>”, this is a timeout that + will be used by the <a class="Xr">watchdogd(8)</a> daemon. If this option + is set, it overrides <code class="Fl">-t</code> in + <var class="Va">watchdogd_flags</var>.</dd> + <dt id="watchdogd_shutdown_timeout"><var class="Va">watchdogd_shutdown_timeout</var></dt> + <dd>(<var class="Vt">int</var>) If <var class="Va">watchdogd_enable</var> is + set to “<code class="Li">YES</code>”, this is a timeout that + will be set by the <a class="Xr">watchdogd(8)</a> daemon when it exits + during the system shutdown. This timeout will not be set when returning to + the single-user mode or when the watchdogd service is stopped individually + using the <a class="Xr">service(8)</a> command or the rc.d script. Note + that the timeout will be applied if <a class="Xr">watchdogd(8)</a> is + stopped outside of <a class="Xr">rc(8)</a> framework. If this option is + set, it overrides <code class="Fl">-x</code> in + <var class="Va">watchdogd_flags</var>.</dd> + <dt id="devfs_rulesets"><var class="Va">devfs_rulesets</var></dt> + <dd>(<var class="Vt">str</var>) List of files containing sets of rules for + <a class="Xr">devfs(8)</a>.</dd> + <dt id="devfs_system_ruleset"><var class="Va">devfs_system_ruleset</var></dt> + <dd>(<var class="Vt">str</var>) Rule name(s) to apply to the system + <span class="Pa">/dev</span> itself.</dd> + <dt id="devfs_set_rulesets"><var class="Va">devfs_set_rulesets</var></dt> + <dd>(<var class="Vt">str</var>) Pairs of already-mounted + <span class="Pa">dev</span> directories and rulesets that should be + applied to them. For example: /mount/dev=ruleset_name</dd> + <dt id="devfs_load_rulesets"><var class="Va">devfs_load_rulesets</var></dt> + <dd>(<var class="Vt">bool</var>) If set, always load the default rulesets + listed in <var class="Va">devfs_rulesets</var>.</dd> + <dt id="performance_cx_lowest"><var class="Va">performance_cx_lowest</var></dt> + <dd>(<var class="Vt">str</var>) CPU idle state to use while on AC power. The + string “<code class="Li">LOW</code>” indicates that + <a class="Xr">acpi(4)</a> should use the lowest power state available + while “<code class="Li">HIGH</code>” indicates that the + lowest latency state (less power savings) should be used.</dd> + <dt id="performance_cpu_freq"><var class="Va">performance_cpu_freq</var></dt> + <dd>(<var class="Vt">str</var>) CPU clock frequency to use while on AC power. + The string “<code class="Li">LOW</code>” indicates that + <a class="Xr">cpufreq(4)</a> should use the lowest frequency available + while “<code class="Li">HIGH</code>” indicates that the + highest frequency (less power savings) should be used.</dd> + <dt id="economy_cx_lowest"><var class="Va">economy_cx_lowest</var></dt> + <dd>(<var class="Vt">str</var>) CPU idle state to use when off AC power. The + string “<code class="Li">LOW</code>” indicates that + <a class="Xr">acpi(4)</a> should use the lowest power state available + while “<code class="Li">HIGH</code>” indicates that the + lowest latency state (less power savings) should be used.</dd> + <dt id="economy_cpu_freq"><var class="Va">economy_cpu_freq</var></dt> + <dd>(<var class="Vt">str</var>) CPU clock frequency to use when off AC power. + The string “<code class="Li">LOW</code>” indicates that + <a class="Xr">cpufreq(4)</a> should use the lowest frequency available + while “<code class="Li">HIGH</code>” indicates that the + highest frequency (less power savings) should be used.</dd> + <dt id="jail_enable"><var class="Va">jail_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">NO</code>”, any configured jails will not + be started.</dd> + <dt id="jail_conf"><var class="Va">jail_conf</var></dt> + <dd>(<var class="Vt">str</var>) The configuration filename used by + <a class="Xr">jail(8)</a> utility. The default value is + <span class="Pa">/etc/jail.conf</span>. + <span class="Pa">/etc/jail.</span>⟨<var class="Va">jname</var>⟩<span class="Pa">.conf</span> + and + <span class="Pa">/etc/jail.conf.d/</span>⟨<var class="Va">jname</var>⟩<span class="Pa">.conf</span> + will also be used if ⟨<var class="Va">jname</var>⟩ is set in + <var class="Va">jail_list</var>.</dd> + <dt id="jail_parallel_start"><var class="Va">jail_parallel_start</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, all configured jails will be + started in the background (in parallel).</dd> + <dt id="jail_flags"><var class="Va">jail_flags</var></dt> + <dd>(<var class="Vt">str</var>) Unset by default. When set, use as default + value for + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_flags</var> + for every jail in <var class="Va">jail_list</var>.</dd> + <dt id="jail_list"><var class="Va">jail_list</var></dt> + <dd>(<var class="Vt">str</var>) A space-delimited list of jail names. When + left empty, all of the <a class="Xr">jail(8)</a> instances defined in the + configuration file are started. The names specified in this list control + the jail startup order. <a class="Xr">jail(8)</a> instances missing from + <var class="Va">jail_list</var> must be started manually. Note that a + jail's <var class="Va">depend</var> parameter in the configuration file + may override this list.</dd> + <dt id="jail_reverse_stop"><var class="Va">jail_reverse_stop</var></dt> + <dd>(<var class="Vt">bool</var>) When set to + “<code class="Li">YES</code>”, all configured jails in + <var class="Va">jail_list</var> are stopped in reverse order.</dd> + <dt id="jail_"><var class="Va">jail_</var>* variables</dt> + <dd>Note that older releases supported per-jail configuration via + <code class="Nm">rc.conf</code> variables. For example, hostname of a jail + named <code class="Li">vjail</code> was able to be set by + <code class="Li">jail_vjail_hostname</code>. These per-jail configuration + variables are now obsolete in favor of <a class="Xr">jail(8)</a> + configuration file. For backward compatibility, when per-jail + configuration variables are defined, <a class="Xr">jail(8)</a> + configuration files are created as + <span class="Pa">/var/run/jail</span>.⟨<var class="Ar">jname</var>⟩<span class="Pa">.conf</span> + and used. + <p class="Pp">The following per-jail parameters are handled by + <span class="Pa">rc.d/jail</span> script out of their corresponding + <code class="Nm">rc.conf</code> variables. In addition to them, + parameters in + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_parameters</var> + will be added to the configuration file. They must be a semi-colon + (‘<code class="Li">;</code>’) delimited list of + “key=value”. For more details, see + <a class="Xr">jail(8)</a> manual page.</p> + <div class="Bd-indent"> + <dl class="Bl-tag"> + <dt id="path"><a class="permalink" href="#path"><code class="Li">path</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_rootdir</var></dd> + <dt id="host.hostname"><a class="permalink" href="#host.hostname"><code class="Li">host.hostname</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_hostname</var></dd> + <dt id="exec.consolelog"><a class="permalink" href="#exec.consolelog"><code class="Li">exec.consolelog</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_consolelog</var>. + The default value is + <span class="Pa">/var/log/jail_</span>⟨<var class="Ar">jname</var>⟩<span class="Pa">_console.log</span>.</dd> + <dt id="interface"><a class="permalink" href="#interface"><code class="Li">interface</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_interface</var>.</dd> + <dt id="vnet.interface"><a class="permalink" href="#vnet.interface"><code class="Li">vnet.interface</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_vnet_interface</var>. + This implies <code class="Li">vnet</code> parameter will be enabled + and cannot be specified with + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_interface</var>, + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_ip</var> + and/or + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_ip_multi</var>⟨<var class="Ar">n</var>⟩ + at the same time.</dd> + <dt id="fstab"><a class="permalink" href="#fstab"><code class="Li">fstab</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_fstab</var></dd> + <dt id="mount"><a class="permalink" href="#mount"><code class="Li">mount</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_procfs_enable</var>.</dd> + <dt id="exec.fib"><a class="permalink" href="#exec.fib"><code class="Li">exec.fib</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_fib</var></dd> + <dt id="exec.start"><a class="permalink" href="#exec.start"><code class="Li">exec.start</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_exec_start</var>. + The parameter name was <code class="Li">command</code> in some older + releases.</dd> + <dt id="exec.prestart"><a class="permalink" href="#exec.prestart"><code class="Li">exec.prestart</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_exec_prestart</var></dd> + <dt id="exec.poststart"><a class="permalink" href="#exec.poststart"><code class="Li">exec.poststart</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_exec_poststart</var></dd> + <dt id="exec.stop"><a class="permalink" href="#exec.stop"><code class="Li">exec.stop</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_exec_stop</var></dd> + <dt id="exec.prestop"><a class="permalink" href="#exec.prestop"><code class="Li">exec.prestop</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_exec_prestop</var></dd> + <dt id="exec.poststop"><a class="permalink" href="#exec.poststop"><code class="Li">exec.poststop</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_exec_poststop</var></dd> + <dt id="ip4.addr"><a class="permalink" href="#ip4.addr"><code class="Li">ip4.addr</code></a></dt> + <dd>set if + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_ip</var> + or + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_ip_multi</var>⟨<var class="Ar">n</var>⟩ + contain IPv4 addresses</dd> + <dt id="ip6.addr"><a class="permalink" href="#ip6.addr"><code class="Li">ip6.addr</code></a></dt> + <dd>set if + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_ip</var> + or + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_ip_multi</var>⟨<var class="Ar">n</var>⟩ + contain IPv6 addresses</dd> + <dt id="allow.mount"><a class="permalink" href="#allow.mount"><code class="Li">allow.mount</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_mount_enable</var></dd> + <dt id="mount.devfs"><a class="permalink" href="#mount.devfs"><code class="Li">mount.devfs</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_devfs_enable</var></dd> + <dt id="devfs_ruleset"><a class="permalink" href="#devfs_ruleset"><code class="Li">devfs_ruleset</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_devfs_ruleset</var>. + This must be an integer, not a string.</dd> + <dt id="mount.fdescfs"><a class="permalink" href="#mount.fdescfs"><code class="Li">mount.fdescfs</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_fdescfs_enable</var></dd> + <dt id="allow.set_hostname"><a class="permalink" href="#allow.set_hostname"><code class="Li">allow.set_hostname</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_set_hostname_allow</var></dd> + <dt id="allow.rawsocket"><a class="permalink" href="#allow.rawsocket"><code class="Li">allow.rawsocket</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_socket_unixiproute_only</var></dd> + <dt id="allow.sysvipc"><a class="permalink" href="#allow.sysvipc"><code class="Li">allow.sysvipc</code></a></dt> + <dd>set from + <var class="Va">jail_</var>⟨<var class="Ar">jname</var>⟩<var class="Va">_sysvipc_allow</var></dd> + </dl> + </div> + </dd> + <dt id="harvest_mask"><var class="Va">harvest_mask</var></dt> + <dd>(<var class="Vt">int</var>) Set to a bit-mask representing the entropy + sources you wish to harvest. Refer to <a class="Xr">random(4)</a> for more + information.</dd> + <dt id="entropy_dir"><var class="Va">entropy_dir</var></dt> + <dd>(<var class="Vt">str</var>) Set to + “<code class="Li">NO</code>” to disable caching entropy via + <a class="Xr">cron(8)</a>. Otherwise set to the directory in which the + entropy files are stored. To be useful, there must be a system cron job + that regularly writes and rotates files here. All files found will be used + at boot time. The default is <span class="Pa">/var/db/entropy</span>.</dd> + <dt id="entropy_file"><var class="Va">entropy_file</var></dt> + <dd>(<var class="Vt">str</var>) Set to + “<code class="Li">NO</code>” to disable caching entropy + through reboots. Otherwise set to the name of a file used to store cached + entropy. This file should be located on a file system that is readable + before all the volumes specified in <a class="Xr">fstab(5)</a> are + mounted. By default, <span class="Pa">/entropy</span> is used, but if + <span class="Pa">/var/db/entropy-file</span> is found it will also be + used. This will be of some use to <a class="Xr">bsdinstall(8)</a>.</dd> + <dt id="entropy_boot_file"><var class="Va">entropy_boot_file</var></dt> + <dd>(<var class="Vt">str</var>) Set to + “<code class="Li">NO</code>” to disable very early caching + entropy through reboots. Otherwise set to the filename used to read very + early reboot cached entropy. This file should be located where + <a class="Xr">loader(8)</a> can read it. See also + <a class="Xr">loader.conf(5)</a>. The default location is + <span class="Pa">/boot/entropy</span>.</dd> + <dt id="entropy_save_sz"><var class="Va">entropy_save_sz</var></dt> + <dd>(<var class="Vt">int</var>) Size of the entropy cache files saved by + <code class="Nm">save-entropy</code> periodically.</dd> + <dt id="entropy_save_num"><var class="Va">entropy_save_num</var></dt> + <dd>(<var class="Vt">int</var>) Number of entropy cache files to save by + <code class="Nm">save-entropy</code> periodically.</dd> + <dt id="ipsec_enable"><var class="Va">ipsec_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to run + <a class="Xr">setkey(8)</a> on <var class="Va">ipsec_file</var> at boot + time.</dd> + <dt id="ipsec_file"><var class="Va">ipsec_file</var></dt> + <dd>(<var class="Vt">str</var>) Configuration file for + <a class="Xr">setkey(8)</a>.</dd> + <dt id="dmesg_enable"><var class="Va">dmesg_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to save + <a class="Xr">dmesg(8)</a> to <span class="Pa">/var/run/dmesg.boot</span> + on boot.</dd> + <dt id="rcshutdown_timeout"><var class="Va">rcshutdown_timeout</var></dt> + <dd>(<var class="Vt">int</var>) If set, start a watchdog timer in the + background which will terminate <span class="Pa">rc.shutdown</span> if + <a class="Xr">shutdown(8)</a> has not completed within the specified time + (in seconds). Notice that in addition to this soft timeout, + <a class="Xr">init(8)</a> also applies a hard timeout for the execution of + <span class="Pa">rc.shutdown</span>. This is configured via + <a class="Xr">sysctl(8)</a> variable + <var class="Va">kern.init_shutdown_timeout</var> and defaults to 120 + seconds. Setting the value of <var class="Va">rcshutdown_timeout</var> to + more than 120 seconds will have no effect until the + <a class="Xr">sysctl(8)</a> variable + <var class="Va">kern.init_shutdown_timeout</var> is also increased.</dd> + <dt id="virecover_enable"><var class="Va">virecover_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">NO</code>” to prevent the system from + trying to recover prematurely terminated <a class="Xr">vi(1)</a> + sessions.</dd> + <dt id="ugidfw_enable"><var class="Va">ugidfw_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to load the + <a class="Xr">mac_bsdextended(4)</a> module upon system initialization and + load a default ruleset file.</dd> + <dt id="bsdextended_script"><var class="Va">bsdextended_script</var></dt> + <dd>(<var class="Vt">str</var>) The default + <a class="Xr">mac_bsdextended(4)</a> ruleset file to load. The default + value of this variable is + <span class="Pa">/etc/rc.bsdextended</span>.</dd> + <dt id="newsyslog_enable"><var class="Va">newsyslog_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run + <a class="Xr">newsyslog(8)</a> command at startup.</dd> + <dt id="newsyslog_flags"><var class="Va">newsyslog_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">newsyslog_enable</var> is + set to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">newsyslog(8)</a> program. The default is + “<code class="Li">-CN</code>”, which causes log files + flagged with a <code class="Cm">C</code> to be created.</dd> + <dt id="mdconfig_md"><var class="Va">mdconfig_md</var>⟨<var class="Ar">X</var>⟩</dt> + <dd>(<var class="Vt">str</var>) Arguments to <a class="Xr">mdconfig(8)</a> for + <a class="Xr">md(4)</a> device <var class="Ar">X</var>. At minimum a + <code class="Fl">-t</code> <var class="Ar">type</var> must be specified + and either a <code class="Fl">-s</code> <var class="Ar">size</var> for + malloc or swap backed <a class="Xr">md(4)</a> devices or a + <code class="Fl">-f</code> <var class="Ar">file</var> for vnode backed + <a class="Xr">md(4)</a> devices. Note that + <var class="Va">mdconfig_md</var>⟨<var class="Ar">X</var>⟩ + variables are evaluated until one variable is unset or null.</dd> + <dt id="mdconfig_md~2"><var class="Va">mdconfig_md</var>⟨<var class="Ar">X</var>⟩<var class="Va">_newfs</var></dt> + <dd>(<var class="Vt">str</var>) Optional arguments passed to + <a class="Xr">newfs(8)</a> to initialize <a class="Xr">md(4)</a> device + <var class="Ar">X</var>.</dd> + <dt id="mdconfig_md~3"><var class="Va">mdconfig_md</var>⟨<var class="Ar">X</var>⟩<var class="Va">_owner</var></dt> + <dd>(<var class="Vt">str</var>) An ownership specification passed to + <a class="Xr">chown(8)</a> after the specified <a class="Xr">md(4)</a> + device <var class="Ar">X</var> has been mounted. Both the + <a class="Xr">md(4)</a> device and the mount point will be changed.</dd> + <dt id="mdconfig_md~4"><var class="Va">mdconfig_md</var>⟨<var class="Ar">X</var>⟩<var class="Va">_perms</var></dt> + <dd>(<var class="Vt">str</var>) A mode string passed to + <a class="Xr">chmod(1)</a> after the specified <a class="Xr">md(4)</a> + device <var class="Ar">X</var> has been mounted. Both the + <a class="Xr">md(4)</a> device and the mount point will be changed.</dd> + <dt id="mdconfig_md~5"><var class="Va">mdconfig_md</var>⟨<var class="Ar">X</var>⟩<var class="Va">_files</var></dt> + <dd>(<var class="Vt">str</var>) Files to be copied to the mount point of the + <a class="Xr">md(4)</a> device <var class="Ar">X</var> after it has been + mounted.</dd> + <dt id="mdconfig_md~6"><var class="Va">mdconfig_md</var>⟨<var class="Ar">X</var>⟩<var class="Va">_cmd</var></dt> + <dd>(<var class="Vt">str</var>) Command to execute after the specified + <a class="Xr">md(4)</a> device <var class="Ar">X</var> has been mounted. + Note that the command is passed to <code class="Ic">eval</code> and that + both <var class="Va">_dev</var> and <var class="Va">_mp</var> variables + can be used to reference respectively the <a class="Xr">md(4)</a> device + and the mount point. Assuming that the <a class="Xr">md(4)</a> device is + <code class="Li">md0</code>, one could set the following: + <div class="Bd Pp Li"> + <pre>mdconfig_md0_cmd="tar xfzC /var/file.tgz \${_mp}"</pre> + </div> + </dd> + <dt id="autobridge_interfaces"><var class="Va">autobridge_interfaces</var></dt> + <dd>(<var class="Vt">str</var>) Set to the list of bridge interfaces that will + have newly arriving interfaces checked against to be automatically added. + If not set to “<code class="Li">NO</code>” then for each + whitespace separated <var class="Ar">element</var> in the value, a + <var class="Va">autobridge_</var>⟨<var class="Ar">element</var>⟩ + variable is assumed to exist which has a whitespace separated list of + interface names to match, these names can use wildcards. For example: + <div class="Bd Pp Li"> + <pre>autobridge_interfaces="bridge0" +autobridge_bridge0="tap* dc0 vlan[345]"</pre> + </div> + </dd> + <dt id="mixer_enable"><var class="Va">mixer_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, enable support for sound + mixer.</dd> + <dt id="hcsecd_enable"><var class="Va">hcsecd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, enable Bluetooth security + daemon.</dd> + <dt id="hcsecd_config"><var class="Va">hcsecd_config</var></dt> + <dd>(<var class="Vt">str</var>) Configuration file for + <a class="Xr">hcsecd(8)</a>. Default + <span class="Pa">/etc/bluetooth/hcsecd.conf</span>.</dd> + <dt id="sdpd_enable"><var class="Va">sdpd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, enable Bluetooth Service + Discovery Protocol daemon.</dd> + <dt id="sdpd_control"><var class="Va">sdpd_control</var></dt> + <dd>(<var class="Vt">str</var>) Path to <a class="Xr">sdpd(8)</a> control + socket. Default <span class="Pa">/var/run/sdp</span>.</dd> + <dt id="sdpd_groupname"><var class="Va">sdpd_groupname</var></dt> + <dd>(<var class="Vt">str</var>) Sets <a class="Xr">sdpd(8)</a> group to run as + after it initializes. Default + “<code class="Li">nobody</code>”.</dd> + <dt id="sdpd_username"><var class="Va">sdpd_username</var></dt> + <dd>(<var class="Vt">str</var>) Sets <a class="Xr">sdpd(8)</a> user to run as + after it initializes. Default + “<code class="Li">nobody</code>”.</dd> + <dt id="bthidd_enable"><var class="Va">bthidd_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, enable Bluetooth Human + Interface Device daemon.</dd> + <dt id="bthidd_config"><var class="Va">bthidd_config</var></dt> + <dd>(<var class="Vt">str</var>) Configuration file for + <a class="Xr">bthidd(8)</a>. Default + <span class="Pa">/etc/bluetooth/bthidd.conf</span>.</dd> + <dt id="bthidd_hids"><var class="Va">bthidd_hids</var></dt> + <dd>(<var class="Vt">str</var>) Path to a file, where + <a class="Xr">bthidd(8)</a> will store information about known HID + devices. Default <span class="Pa">/var/db/bthidd.hids</span>.</dd> + <dt id="rfcomm_pppd_server_enable"><var class="Va">rfcomm_pppd_server_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, enable Bluetooth RFCOMM PPP + wrapper daemon.</dd> + <dt id="rfcomm_pppd_server_profile"><var class="Va">rfcomm_pppd_server_profile</var></dt> + <dd>(<var class="Vt">str</var>) The name of the profile to use from + <span class="Pa">/etc/ppp/ppp.conf</span>. Multiple profiles can be + specified here. Also used to specify per-profile overrides. When the + profile name contains any of the characters + “<code class="Li">.-/+</code>” they are translated to + “<code class="Li">_</code>” for the proposes of the override + variable names.</dd> + <dt id="rfcomm_pppd_server_"><var class="Va">rfcomm_pppd_server_</var>⟨<var class="Ar">profile</var>⟩_bdaddr</dt> + <dd>(<var class="Vt">str</var>) Overrides local address to listen on. By + default <a class="Xr">rfcomm_pppd(8)</a> will listen on + “<code class="Li">ANY</code>” address. The address can be + specified as BD_ADDR or name.</dd> + <dt id="rfcomm_pppd_server_~2"><var class="Va">rfcomm_pppd_server_</var>⟨<var class="Ar">profile</var>⟩_channel</dt> + <dd>(<var class="Vt">str</var>) Overrides local RFCOMM channel to listen on. + By default <a class="Xr">rfcomm_pppd(8)</a> will listen on RFCOMM channel + 1. Must set properly if multiple profiles used in the same time.</dd> + <dt id="rfcomm_pppd_server_~3"><var class="Va">rfcomm_pppd_server_</var>⟨<var class="Ar">profile</var>⟩_register_sp</dt> + <dd>(<var class="Vt">bool</var>) Tells <a class="Xr">rfcomm_pppd(8)</a> if it + should register Serial Port service on the specified RFCOMM channel. + Default “<code class="Li">NO</code>”.</dd> + <dt id="rfcomm_pppd_server_~4"><var class="Va">rfcomm_pppd_server_</var>⟨<var class="Ar">profile</var>⟩_register_dun</dt> + <dd>(<var class="Vt">bool</var>) Tells <a class="Xr">rfcomm_pppd(8)</a> if it + should register Dial-Up Networking service on the specified RFCOMM + channel. Default “<code class="Li">NO</code>”.</dd> + <dt id="ubthidhci_enable"><var class="Va">ubthidhci_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, change the USB Bluetooth + controller from HID mode to HCI mode. You also need to specify the + location of USB Bluetooth controller with the + <var class="Va">ubthidhci_busnum</var> and + <var class="Va">ubthidhci_addr</var> variables.</dd> + <dt id="ubthidhci_busnum"><var class="Va">ubthidhci_busnum</var></dt> + <dd>Bus number where the USB Bluetooth controller is located. Check the output + of <a class="Xr">usbconfig(8)</a> on your system to find this + information.</dd> + <dt id="ubthidhci_addr"><var class="Va">ubthidhci_addr</var></dt> + <dd>Bus address of the USB Bluetooth controller. Check the output of + <a class="Xr">usbconfig(8)</a> on your system to find this + information.</dd> + <dt id="utx_enable"><var class="Va">utx_enable</var></dt> + <dd>(<var class="Vt">bool</var>) Set to + “<code class="Li">YES</code>” to enable user accounting + through the <a class="Xr">utx(8)</a> facility.</dd> + <dt id="netwait_enable"><var class="Va">netwait_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, delays the start of + network-reliant services until <var class="Va">netwait_if</var> is up, + duplicate address discovery (DAD) has completed, and ICMP packets to a + destination defined in <var class="Va">netwait_ip</var> are flowing. Link + state is examined first, followed by DAD, then + “<code class="Li">pinging</code>” an IP address to verify + network usability. If no destination can be reached or timeouts are + exceeded, network services are started anyway with no guarantee that the + network is usable.</dd> + <dt id="netwait_ip"><var class="Va">netwait_ip</var></dt> + <dd>(<var class="Vt">str</var>) Empty by default. This variable contains a + space-delimited list of IP addresses to <a class="Xr">ping(8)</a>. DNS + hostnames should not be used as resolution is not guaranteed to be + functional at this point. If multiple IP addresses are specified, each + will be tried until one is successful or the list is exhausted.</dd> + <dt id="netwait_timeout"><var class="Va">netwait_timeout</var></dt> + <dd>(<var class="Vt">int</var>) Indicates the total number of seconds to + perform a “<code class="Li">ping</code>” against each IP + address in <var class="Va">netwait_ip</var>, at a rate of one ping per + second. If any of the pings are successful, full network connectivity is + considered reliable. The default is 60.</dd> + <dt id="netwait_if"><var class="Va">netwait_if</var></dt> + <dd>(<var class="Vt">str</var>) Empty by default. Defines the name of the + network interface on which watch for link. <a class="Xr">ifconfig(8)</a> + is used to monitor the interface, looking for + “<code class="Li">status: no carrier</code>”. Once gone, the + link is considered up. This can be a <a class="Xr">vlan(4)</a> interface + if desired.</dd> + <dt id="netwait_if_timeout"><var class="Va">netwait_if_timeout</var></dt> + <dd>(<var class="Vt">int</var>) Defines the total number of seconds to wait + for link to become usable, polled at a 1-second interval. The default is + 30.</dd> + <dt id="netwait_dad"><var class="Va">netwait_dad</var></dt> + <dd>(<var class="Vt">str</var>) Set to + “<code class="Li">NO</code>” by default. Set to + “<code class="Li">YES</code>” to enable waiting for DAD to + complete.</dd> + <dt id="netwait_dad_timeout"><var class="Va">netwait_dad_timeout</var></dt> + <dd>(<var class="Vt">int</var>) Unset by default. Indicates the maximum number + of seconds to wait for DAD to complete. If zero or unset, the timeout will + be one more than the value of the + <var class="Va">net.inet6.ip6.dad_count</var> sysctl variable.</dd> + <dt id="rctl_enable"><var class="Va">rctl_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, load + <a class="Xr">rctl(8)</a> rules from the defined ruleset. The kernel must + be built with <code class="Cd">options RACCT</code> and + <code class="Cd">options RCTL</code>.</dd> + <dt id="rctl_rules"><var class="Va">rctl_rules</var></dt> + <dd>(<var class="Vt">str</var>) Set to <span class="Pa">/etc/rctl.conf</span> + by default. This variables contains the <a class="Xr">rctl.conf(5)</a> + ruleset to load for <a class="Xr">rctl(8)</a>.</dd> + <dt id="iovctl_files"><var class="Va">iovctl_files</var></dt> + <dd>(<var class="Vt">str</var>) A space-separated list of configuration files + used by <a class="Xr">iovctl(8)</a>. The default value is an empty + string.</dd> + <dt id="autofs_enable"><var class="Va">autofs_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, start the + <a class="Xr">automount(8)</a> utility and the + <a class="Xr">automountd(8)</a> and <a class="Xr">autounmountd(8)</a> + daemons at boot time.</dd> + <dt id="automount_flags"><var class="Va">automount_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">autofs_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">automount(8)</a> program. By default no flags + are passed.</dd> + <dt id="automountd_flags"><var class="Va">automountd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">autofs_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">automountd(8)</a> daemon. By default no flags + are passed.</dd> + <dt id="autounmountd_flags"><var class="Va">autounmountd_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">autofs_enable</var> is set + to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">autounmountd(8)</a> daemon. By default no flags + are passed.</dd> + <dt id="ctld_enable"><var class="Va">ctld_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, start the + <a class="Xr">ctld(8)</a> daemon at boot time.</dd> + <dt id="iscsid_enable"><var class="Va">iscsid_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, start the + <a class="Xr">iscsid(8)</a> daemon at boot time.</dd> + <dt id="iscsictl_enable"><var class="Va">iscsictl_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, start the + <a class="Xr">iscsictl(8)</a> utility at boot time.</dd> + <dt id="iscsictl_flags"><var class="Va">iscsictl_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">iscsictl_enable</var> is + set to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">iscsictl(8)</a> program. The default is + “<code class="Li">-Aa</code>”, which configures sessions + based on the <span class="Pa">/etc/iscsi.conf</span> configuration + file.</dd> + <dt id="cfumass_enable"><var class="Va">cfumass_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, create and export an USB LUN + using <a class="Xr">cfumass(4)</a> at boot time.</dd> + <dt id="cfumass_dir"><var class="Va">cfumass_dir</var></dt> + <dd>(<var class="Vt">str</var>) The directory where the files exported by USB + LUN are located. The default directory is + <span class="Pa">/var/cfumass</span>.</dd> + <dt id="service_delete_empty"><var class="Va">service_delete_empty</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, + ‘<code class="Li"><code class="Li">service + delete</code></code>’ removes empty + “<code class="Li">rc.conf.d</code>” files.</dd> + <dt id="zfs_bootonce_activate"><var class="Va">zfs_bootonce_activate</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, and a boot environment marked + bootonce is successfully booted, it will be made permanently active.</dd> + <dt id="zfskeys_enable"><var class="Va">zfskeys_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, enable auto-loading of + encryption keys for encrypted ZFS datasets. For every dataset the script + will first load the appropriate encryption key and then attempt to unlock + the dataset. + <p class="Pp">The script operates only on datasets which are encrypted with + ZFS native encryption and have a ZFS + “<code class="Li">keylocation</code>” dataset property + beginning with “<code class="Li">file://</code>”.</p> + </dd> + <dt id="zfskeys_datasets"><var class="Va">zfskeys_datasets</var></dt> + <dd>(<var class="Vt">str</var>) A whitespace-separated list of ZFS datasets to + unlock. The list is empty by default, which means that the script will + attempt to unlock all datasets.</dd> + <dt id="zfskeys_timeout"><var class="Va">zfskeys_timeout</var></dt> + <dd>(<var class="Vt">int</var>) Define the total number of seconds to wait for + the zfskeys script to unlock an encrypted dataset. The default is 10.</dd> + <dt id="sendmail_enable"><var class="Va">sendmail_enable</var></dt> + <dd>(<var class="Vt">str</var>) If set to + “<code class="Li">YES</code>”, run the + <a class="Xr">sendmail(8)</a> daemon at system boot time. If set to + “<code class="Li">NO</code>”, do not run a + <a class="Xr">sendmail(8)</a> daemon to listen for incoming network mail. + This does not preclude a <a class="Xr">sendmail(8)</a> daemon listening on + the SMTP port of the loopback interface. The + “<code class="Li">NONE</code>” option sets each + <var class="Va">sendmail_enable</var>, + <var class="Va">sendmail_submit_enable</var>, + <var class="Va">sendmail_outbound_enable</var>, + <var class="Va">sendmail_msp_queue_enable</var> to + “<code class="Li">NO</code>”.</dd> + <dt id="sendmail_cert_create"><var class="Va">sendmail_cert_create</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">sendmail_enable</var> is + set to “<code class="Li">YES</code>”, create a signed + certificate <span class="Pa">/etc/mail/certs/host.cert</span> representing + <span class="Pa">/etc/mail/certs/host.key</span> by the CA certificate in + <span class="Pa">/etc/mail/certs/cacert.pem</span>. This will enable + connecting hosts to negotiate STARTTLS allowing incoming email to be + encrypted in transit. <a class="Xr">sendmail(8)</a> needs to be configured + to use these generated files. The default configuration in + <span class="Pa">/etc/mail/freebsd.mc</span> has the required options in + it.</dd> + <dt id="sendmail_cert_cn"><var class="Va">sendmail_cert_cn</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">sendmail_enable</var> is + set to “<code class="Li">YES</code>” and + <var class="Va">sendmail_cert_create</var> is set to + “<code class="Li">YES</code>”, this is the Common Name (CN) + of the certificate that will be created. If + <var class="Va">sendmail_cert_cn</var> is not set, the system's hostname + will be used. If there is no hostname set, + “<code class="Li">amnesiac</code>” will be used.</dd> + <dt id="sendmail_flags"><var class="Va">sendmail_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">sendmail_enable</var> is + set to “<code class="Li">YES</code>”, these are the flags to + pass to the <a class="Xr">sendmail(8)</a> daemon.</dd> + <dt id="sendmail_submit_enable"><var class="Va">sendmail_submit_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>” and + <var class="Va">sendmail_enable</var> is set to + “<code class="Li">NO</code>”, run + <a class="Xr">sendmail(8)</a> using + <var class="Va">sendmail_submit_flags</var> instead of + <var class="Va">sendmail_flags</var>. This is intended to allow local mail + submission via a localhost-only listening SMTP service required for + running <a class="Xr">sendmail(8)</a> as a non-set-user-ID binary. Note + that this does not work inside <a class="Xr">jail(2)</a> systems, as jails + do not allow binding to just the localhost interface.</dd> + <dt id="sendmail_submit_flags"><var class="Va">sendmail_submit_flags</var></dt> + <dd>(<var class="Vt">str</var>) If <var class="Va">sendmail_enable</var> is + set to “<code class="Li">NO</code>” and + <var class="Va">sendmail_submit_enable</var> is set to + “<code class="Li">YES</code>”, these are the flags to pass + to the <a class="Xr">sendmail(8)</a> daemon.</dd> + <dt id="sendmail_outbound_enable"><var class="Va">sendmail_outbound_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>” and both + <var class="Va">sendmail_enable</var> and + <var class="Va">sendmail_submit_enable</var> are set to + “<code class="Li">NO</code>”, run + <a class="Xr">sendmail(8)</a> using + <var class="Va">sendmail_outbound_flags</var> instead of + <var class="Va">sendmail_flags</var>. This is intended to allow local mail + queue management for systems that do not offer a listening SMTP + service.</dd> + <dt id="sendmail_outbound_flags"><var class="Va">sendmail_outbound_flags</var></dt> + <dd>(<var class="Vt">str</var>) If both <var class="Va">sendmail_enable</var> + and <var class="Va">sendmail_submit_enable</var> are set to + “<code class="Li">NO</code>” and + <var class="Va">sendmail_outbound_enable</var> is set to + “<code class="Li">YES</code>”, these are the flags to pass + to the <a class="Xr">sendmail(8)</a> daemon.</dd> + <dt id="sendmail_msp_queue_enable"><var class="Va">sendmail_msp_queue_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, start a client (MSP) queue + runner <a class="Xr">sendmail(8)</a> daemon at system boot time. As of + sendmail 8.12, a separate queue is used for command line submissions. The + client queue runner ensures that nothing is left behind in the submission + queue.</dd> + <dt id="sendmail_msp_queue_flags"><var class="Va">sendmail_msp_queue_flags</var></dt> + <dd>(<var class="Vt">str</var>) If + <var class="Va">sendmail_msp_queue_enable</var> is set to daemon. + “<code class="Li">YES</code>”, these are the flags to pass + to the <a class="Xr">sendmail(8)</a></dd> + <dt id="precious_machine"><var class="Va">precious_machine</var></dt> + <dd>If set to “<code class="Li">YES</code>”, some destructive + actions require removal of the action-specific safe-belts before being + allowed. For instance, the file + <span class="Pa">/var/run/noshutdown</span> is created to prevent + <a class="Xr">shutdown(8)</a> targeted at the wrong machine.</dd> + <dt id="virtual_oss_enable"><var class="Va">virtual_oss_enable</var></dt> + <dd>(<var class="Vt">bool</var>) If set to + “<code class="Li">YES</code>”, run one + <a class="Xr">virtual_oss(8)</a> instance for each configuration defined + in <span class="Pa">virtual_oss_configs</span>.</dd> + <dt id="virtual_oss_configs"><var class="Va">virtual_oss_configs</var></dt> + <dd>(<var class="Vt">str</var>) Space-separated list of + <a class="Xr">virtual_oss(8)</a> configurations. For example: + <div class="Bd Pp Li"> + <pre>virtual_oss_configs="foo bar"</pre> + </div> + <p class="Pp">Configurations need to be defined in + <span class="Pa">virtual_oss_</span>⟨<var class="Ar">config_name</var>⟩. + By default, there is a <span class="Pa">dsp</span> configuration which + replaces the <span class="Pa">/dev/dsp</span> device created by + <a class="Xr">sound(4)</a> with a <a class="Xr">virtual_oss(8)</a> one. + It can be redefined by setting the + <span class="Pa">virtual_oss_dsp</span> variable.</p> + </dd> + <dt id="virtual_oss_"><var class="Va">virtual_oss_</var>⟨<var class="Ar">config_name</var>⟩</dt> + <dd>(<var class="Vt">str</var>) <a class="Xr">virtual_oss(8)</a> argument list + for configuration ⟨<var class="Ar">config_name</var>⟩.</dd> + <dt id="virtual_oss_default_control_device"><var class="Va">virtual_oss_default_control_device</var></dt> + <dd>(<var class="Vt">str</var>) The <a class="Xr">virtual_oss(8)</a> control + device's name corresponding to the default configuration, + <span class="Pa">virtual_oss_dsp</span>. This is set by default to + <span class="Pa">vdsp.ctl</span>. When + <span class="Pa">virtual_oss_dsp</span> is set, it is strongly encouraged + to set this variable as well, and use it as the <code class="Fl">-t</code> + option's argument in <span class="Pa">virtual_oss_dsp</span>, because it + is used by other programs and scripts, such as + <span class="Pa">/etc/devd/snd.conf</span>.</dd> +</dl> +</section> +<section class="Sh"> +<h1 class="Sh" id="SERVICE_JAILS"><a class="permalink" href="#SERVICE_JAILS">SERVICE + JAILS</a></h1> +<p class="Pp">The service jails part of the rc system automatically puts a + service into a jail. This jail inherits the filesystem and various other + parts of the parent (if you allow child-jails in your jails, service jails + can be used in jails) depending on the content of the + ⟨<var class="Ar">name</var>⟩<var class="Va">_svcj_options</var> + variable. Typically this variable is set inside rc scripts, but it can be + overridden in the rc config. Valid options for + ⟨<var class="Ar">name</var>⟩<var class="Va">_svcj_options</var> + are:</p> +<dl class="Bl-tag"> + <dt>mlock</dt> + <dd>Allows to lock memory pages into the physical memory.</dd> + <dt>netv4</dt> + <dd>Allows IPv4 network access and the ability to bind to reserved ports. If + ⟨<var class="Ar">name</var>⟩<var class="Va">_svcj_ipaddrs</var> + is set, only the IPv4 addresses listed there will be visible to the jail, + otherwise all assigned IPv4 addresses will be visible. This can not be + combined with <span class="Pa">netv6</span>.</dd> + <dt>netv6</dt> + <dd>Allows IPv6 network access and the ability to bind to reserved ports. If + ⟨<var class="Ar">name</var>⟩<var class="Va">_svcj_ipaddrs</var> + is set, only the IPv6 addresses listed there will be visible to the jail, + otherwise all assigned IPv6 addresses will be visible. This can not be + combined with <span class="Pa">netv4</span>.</dd> + <dt>net_basic</dt> + <dd>Equivalent to enabling both <span class="Pa">netv6</span> and + <span class="Pa">netv4</span>.</dd> + <dt>net_raw</dt> + <dd>Allow to open raw sockets. This option can be combined with + <span class="Pa">netv4</span>, <span class="Pa">netv6</span>, + <span class="Pa">net_basic</span>.</dd> + <dt>net_all</dt> + <dd>Allows IPv6 and IPv4 network access as for <span class="Pa">netv4</span> + and <span class="Pa">netv6</span>, allows to open raw sockets, and allows + to open sockets of protocol stacks that have not had jail functionality + added to them.</dd> + <dt>nfsd</dt> + <dd>Allows to run nfsd and affiliated daemons.</dd> + <dt>routing</dt> + <dd>Allows to modify the system routing table.</dd> + <dt>settime</dt> + <dd>Allows to set and slew the system time.</dd> + <dt>sysvipc</dt> + <dd>Inherits the SysV semaphores, SysV shared memory and SysV messages from + the host or the parent jail.</dd> + <dt>sysvipcnew</dt> + <dd>Creates a new namespace for SysV semaphores, SysV shared memory and SysV + messages for this particular service jail.</dd> + <dt>vmm</dt> + <dd>Allows access to <a class="Xr">vmm(4)</a>. This option is only available + when <a class="Xr">vmm(4)</a> is enabled in the kernel.</dd> +</dl> +<p class="Pp">All non-network options can be combined with all other options. + From the SysV options only one option can be specified.</p> +<p class="Pp">If the + ⟨<var class="Ar">name</var>⟩<var class="Va">_svcj</var> + variable is set to “<code class="Li">YES</code>”, this + particular service is started in a service jail named + <var class="Va">svcj-</var><var class="Ar">name</var>.</p> +<p class="Pp">The <var class="Va">svcj_all_enable</var> variable allows to + enable service jails for all services of the system at once. Services which + have ⟨<var class="Ar">name</var>⟩<var class="Va">_svcj</var> + set to “<code class="Li">NO</code>” are excluded. Some + services may set + ⟨<var class="Ar">name</var>⟩<var class="Va">_svcj</var> to + “<code class="Li">NO</code>” in the script to either prevent + service jails for this service at all, or may set it to + “<code class="Li">NO</code>” if it is not set in the rc + config, to exclude it from <var class="Va">svcj_all_enable</var> but allow + to explicitly enable it. The sshd service for example would not see other + jails, if it would run as a service jail. This may or may not be what is + needed, and as such it is excluded from + <var class="Va">svcj_all_enable</var> but can be enabled via setting + <var class="Va">sshd_svcj</var> to + “<code class="Li">YES</code>”.</p> +</section> +<section class="Sh"> +<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1> +<dl class="Bl-tag Bl-compact"> + <dt><span class="Pa">/etc/defaults/rc.conf</span></dt> + <dd style="width: auto;"> </dd> + <dt><span class="Pa">/etc/defaults/vendor.conf</span></dt> + <dd style="width: auto;"> </dd> + <dt><span class="Pa">/etc/rc.conf</span></dt> + <dd style="width: auto;"> </dd> + <dt><span class="Pa">/etc/rc.conf.local</span></dt> + <dd style="width: auto;"> </dd> + <dt><span class="Pa">/etc/rc.conf.d/</span></dt> + <dd style="width: auto;"> </dd> +</dl> +</section> +<section class="Sh"> +<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE + ALSO</a></h1> +<p class="Pp"><a class="Xr">chmod(1)</a>, <a class="Xr">cpuset(1)</a>, + <a class="Xr">gdb(1)</a> (<span class="Pa">ports/devel/gdb</span>), + <a class="Xr">kbdcontrol(1)</a>, <a class="Xr">limits(1)</a>, + <a class="Xr">protect(1)</a>, <a class="Xr">sh(1)</a>, + <a class="Xr">umask(1)</a>, <a class="Xr">uuidgen(1)</a>, + <a class="Xr">vi(1)</a>, <a class="Xr">vidcontrol(1)</a>, + <a class="Xr">bridge(4)</a>, <a class="Xr">dummynet(4)</a>, + <a class="Xr">ip(4)</a>, <a class="Xr">ipf(4)</a>, + <a class="Xr">ipfw(4)</a>, <a class="Xr">ipnat(4)</a>, + <a class="Xr">kld(4)</a>, <a class="Xr">pf(4)</a>, + <a class="Xr">pflog(4)</a>, <a class="Xr">pfsync(4)</a>, + <a class="Xr">tcp(4)</a>, <a class="Xr">udp(4)</a>, + <a class="Xr">exports(5)</a>, <a class="Xr">fstab(5)</a>, + <a class="Xr">ipf(5)</a>, <a class="Xr">ipnat(5)</a>, + <a class="Xr">jail.conf(5)</a>, <a class="Xr">loader.conf(5)</a>, + <a class="Xr">login.conf(5)</a>, <a class="Xr">motd(5)</a>, + <a class="Xr">newsyslog.conf(5)</a>, <a class="Xr">pf.conf(5)</a>, + <a class="Xr">firewall(7)</a>, <a class="Xr">growfs(7)</a>, + <a class="Xr">security(7)</a>, <a class="Xr">tuning(7)</a>, + <a class="Xr">accton(8)</a>, <a class="Xr">apm(8)</a>, + <a class="Xr">bsdinstall(8)</a>, <a class="Xr">bthidd(8)</a>, + <a class="Xr">chkprintcap(8)</a>, <a class="Xr">chown(8)</a>, + <a class="Xr">cron(8)</a>, <a class="Xr">devfs(8)</a>, + <a class="Xr">dhclient(8)</a>, <a class="Xr">geli(8)</a>, + <a class="Xr">hcsecd(8)</a>, <a class="Xr">ifconfig(8)</a>, + <a class="Xr">inetd(8)</a>, <a class="Xr">iovctl(8)</a>, + <a class="Xr">ipf(8)</a>, <a class="Xr">ipfw(8)</a>, + <a class="Xr">ipnat(8)</a>, <a class="Xr">jail(8)</a>, + <a class="Xr">kldxref(8)</a>, <a class="Xr">loader(8)</a>, + <a class="Xr">lpd(8)</a>, <a class="Xr">makewhatis(8)</a>, + <a class="Xr">mdconfig(8)</a>, <a class="Xr">mdmfs(8)</a>, + <a class="Xr">mixer(8)</a>, <a class="Xr">mountd(8)</a>, + <a class="Xr">moused(8)</a>, <a class="Xr">newfs(8)</a>, + <a class="Xr">newsyslog(8)</a>, <a class="Xr">nfsd(8)</a>, + <a class="Xr">ntpd(8)</a>, <a class="Xr">ntpdate(8)</a>, + <a class="Xr">pfctl(8)</a>, <a class="Xr">pflogd(8)</a>, + <a class="Xr">ping(8)</a>, <a class="Xr">powerd(8)</a>, + <a class="Xr">quotacheck(8)</a>, <a class="Xr">quotaon(8)</a>, + <a class="Xr">rc(8)</a>, <a class="Xr">rc.subr(8)</a>, + <a class="Xr">rcorder(8)</a>, <a class="Xr">rfcomm_pppd(8)</a>, + <a class="Xr">route(8)</a>, <a class="Xr">route6d(8)</a>, + <a class="Xr">routed(8)</a>, <a class="Xr">rpc.lockd(8)</a>, + <a class="Xr">rpc.statd(8)</a>, <a class="Xr">rpc.tlsclntd(8)</a>, + <a class="Xr">rpc.tlsservd(8)</a>, <a class="Xr">rpcbind(8)</a>, + <a class="Xr">rwhod(8)</a>, <a class="Xr">savecore(8)</a>, + <a class="Xr">sdpd(8)</a>, <a class="Xr">sendmail(8)</a>, + <a class="Xr">service(8)</a>, <a class="Xr">sshd(8)</a>, + <a class="Xr">swapon(8)</a>, <a class="Xr">sysctl(8)</a>, + <a class="Xr">syslogd(8)</a>, <a class="Xr">sysrc(8)</a>, + <a class="Xr">unbound(8)</a>, <a class="Xr">usbconfig(8)</a>, + <a class="Xr">utx(8)</a>, <a class="Xr">virtual_oss(8)</a>, + <a class="Xr">wlandebug(8)</a>, <a class="Xr">yp(8)</a>, + <a class="Xr">ypbind(8)</a>, <a class="Xr">ypserv(8)</a>, + <a class="Xr">ypset(8)</a></p> +</section> +<section class="Sh"> +<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> +<p class="Pp">The <code class="Nm">rc.conf</code> file appeared in + <span class="Ux">FreeBSD 2.2.2</span>.</p> +</section> +<section class="Sh"> +<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> +<p class="Pp"><span class="An">Jordan K. Hubbard</span>.</p> +</section> +</div> +<table class="foot"> + <tr> + <td class="foot-date">April 2, 2026</td> + <td class="foot-os">FreeBSD 15.0</td> + </tr> +</table> |