4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
26 .\" $DragonFly: src/share/man/man5/rc.conf.5,v 1.59 2008/08/30 17:50:43 swildner Exp $
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions directly.
46 Instead, it is included by the various generic startup scripts in
48 which conditionalize their
49 internal actions according to the settings found there.
52 .Pa /etc/defaults/rc.conf
53 file specifies the default settings for all the available options,
56 file specifies override settings.
57 Options need only be specified in
59 when the system administrator wishes to override the defaults.
61 .Pa /etc/rc.conf.local
62 is used to override settings in
64 for historical reasons.
69 The following list provides a name and short description for each
70 variable that can be set in the
87 These values are case insensitive.
90 postfix in the name of a variables for starting a service can be
93 .Bl -tag -width indent-two
98 enable output of debug messages from rc scripts.
99 This variable can be helpful in diagnosing mistakes when
100 editing or integrating new scripts.
101 Beware that this produces copious output to the terminal and
107 disable informational messages from the rc scripts.
108 Informational messages are displayed when
109 a condition that is not serious enough to warrant a warning or an error occurs.
114 no swapfile is installed, otherwise the value is used as the full
115 pathname to a file to use for additional swap space.
120 enable support for Automatic Power Management with the
127 to handle APM event from userland.
128 This also enables support for APM.
135 these are the flags to pass to the
141 to monitor the status of batteries present in the system.
142 This also enables support for APM.
149 these are the flags to pass to the
152 .It Va sensorsd_enable
161 a sensors monitoring and logging daemon.
162 .It Va sensorsd_flags
165 Additional flags passed to the
168 .It Va pccard_ifconfig
170 List of arguments to be passed to
172 at boot time or on insertion of the card (e.g.\&
173 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
174 for a fixed address or
177 .It Va pccard_ether_delay
179 Set the delay before starting
182 .Pa /etc/pccard_ether
184 This defaults to 5 seconds to work around a bug in the
186 driver which can lead to system hangs when using some newer
189 .It Va removable_interfaces
191 List of removable network interfaces to be supported by
192 .Pa /etc/pccard_ether .
195 List of directories to search for startup script files.
196 .It Va script_name_sep
198 The field separator to use for breaking down the list of startup script files
199 into individual filenames.
200 The default is a space.
201 It is not necessary to change this unless there are startup scripts with names
203 .It Va hostapd_enable
212 The fully qualified domain name (FQDN) of this host on the network.
213 This should almost certainly be set to something meaningful, even if
214 there is no network connection.
217 is used to set the hostname via DHCP,
218 this variable should be set to an empty string.
221 Enable support for IPv6 networking.
222 Note that this requires that the kernel have been compiled with
223 .Cd "options INET6" .
226 The NIS domain name of this host, or
229 .It Va dhclient_program
231 Path to the DHCP client program
233 .Pa /sbin/dhclient ) .
234 .It Va dhclient_flags
236 Additional flags to pass to the DHCP client program.
244 If the kernel was not built with
248 kernel module will be loaded.
252 .Va ipfilter_enable .
257 ruleset definition file.
268 these are the flags to pass to
270 when loading the ruleset.
277 which logs packets from
285 this specifies the path of the log file.
296 these are the flags to pass to
298 .It Va firewall_enable
302 to load firewall rules at startup.
303 If the kernel was not built with
304 .Cd "options IPFIREWALL" ,
307 kernel module will be loaded.
311 .Va ipfilter_enable .
312 .It Va ipv6_firewall_enable
314 The IPv6 equivalent of
315 .Va firewall_enable .
318 to load IPv6 firewall rules at startup.
319 If the kernel was not built with
320 .Cd "options IPV6FIREWALL" ,
323 kernel module will be loaded.
324 .It Va firewall_script
326 The full path to the firewall script to run
328 .Pa /etc/rc.firewall ) .
329 .It Va ipv6_firewall_script
331 The IPv6 equivalent of
332 .Va firewall_script .
335 Names the firewall type from the selection in
336 .Pa /etc/rc.firewall ,
337 or the file which contains the local firewall ruleset.
338 Valid selections from
342 .Bl -tag -width ".Li simple" -compact
344 unrestricted IP access
346 all IP services disabled, except via
349 basic protection for a workstation on a LAN
355 If a filename is specified, the full path must be given.
356 .It Va firewall_trusted_nets
358 List of trusted networks (if
362 .It Va firewall_trusted_interfaces
364 List of trusted network interfaces (if
368 .It Va firewall_allowed_icmp_types
370 List of allowed ICMP types (if
374 .It Va firewall_open_tcp_ports
376 List of TCP ports to open (if
380 .It Va firewall_open_udp_ports
382 List of UDP ports to open (if
386 .It Va ipv6_firewall_type
388 The IPv6 equivalent of
390 .It Va firewall_quiet
394 to disable the display of firewall rules on the console during boot.
395 .It Va ipv6_firewall_quiet
397 The IPv6 equivalent of
399 .It Va firewall_logging
403 to enable firewall event logging.
404 This is equivalent to the
405 .Dv IPFIREWALL_VERBOSE
407 .It Va ipv6_firewall_logging
409 The IPv6 equivalent of
410 .Va firewall_logging .
411 .It Va firewall_flags
417 specifies a filename.
418 .It Va ipv6_firewall_flags
420 The IPv6 equivalent of
437 sockets must be enabled in the kernel.
438 .It Va natd_interface
440 This is the name of the public interface on which
443 The interface may be given as an interface name or as an IP address.
448 flags should be placed here.
453 flag is automatically added with the above
456 .\" ----- ipfilter_enable setting --------------------------------
457 .It Va ipfilter_enable
468 Typical usage will require putting
470 ipfilter_enable="YES"
488 can be enabled independently.
492 both require at least one of
502 options IPFILTER_DEFAULT_BLOCK
505 in the kernel configuration file is a good idea, too.
509 .Va firewall_enable .
510 .\" ----- ipfilter_program setting ------------------------------
511 .It Va ipfilter_program
517 .\" ----- ipfilter_rules setting --------------------------------
518 .It Va ipfilter_rules
523 The name of the filter rule definition file.
524 The file is expected to be readable for the
527 .\" ----- ipv6_ipfilter_rules setting ---------------------------
528 .It Va ipv6_ipfilter_rules
533 The name of the IPv6 filter rule definition file.
534 The file is expected to be readable for the
537 .\" ----- ipfilter_flags setting --------------------------------
538 .It Va ipfilter_flags
544 .\" ----- ipnat_enable setting ----------------------------------
554 network address translation.
557 for a detailed discussion.
558 .\" ----- ipnat_program setting ---------------------------------
565 .\" ----- ipnat_rules setting -----------------------------------
572 holding the network address translation definition.
573 This file is expected to be readable for the
576 .\" ----- ipnat_flags setting -----------------------------------
583 .\" ----- ipmon_enable setting ----------------------------------
598 Setting this variable needs setting
605 for a detailed discussion.
606 .\" ----- ipmon_program setting ---------------------------------
613 .\" ----- ipmon_flags setting -----------------------------------
622 Another typical example would be
623 .Dq Fl D Pa /var/log/ipflog
626 log directly to a file bypassing
629 .Pa /etc/newsyslog.conf
630 in such case like this:
632 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
634 .\" ----- ipfs_enable setting -----------------------------------
644 saving the filter and NAT state tables during shutdown
645 and reloading them during startup again.
646 Setting this variable needs setting
655 for a detailed discussion.
660 cannot be used because the raised securelevel will prevent
662 from saving the state tables at shutdown time.
663 .\" ----- ipfs_program setting ----------------------------------
670 .\" ----- ipfs_flags setting ------------------------------------
677 .\" ----- end of added ipf hook ---------------------------------
678 .It Va tcp_extensions
685 disables certain TCP options as described by
691 might help remedy such problems with connections as randomly hanging
692 or other weird behavior.
693 Some network devices are known to be broken with respect to these options.
700 .Va net.inet.tcp.log_in_vain
702 .Va net.inet.udp.log_in_vain ,
707 are set to the given value.
715 will disable probing idle TCP connections to verify that the
716 peer is still up and reachable.
717 .It Va tcp_drop_synfin
724 will cause the kernel to ignore TCP frames that have both
725 the SYN and FIN flags set.
726 This prevents OS fingerprinting, but may break some legitimate applications.
727 This option is only available if the kernel was built with the
730 .It Va icmp_drop_redirect
737 will cause the kernel to ignore ICMP REDIRECT packets.
740 for more information.
741 .It Va icmp_log_redirect
748 will cause the kernel to log ICMP REDIRECT packets.
750 the log messages are not rate-limited, so this option should only be used
751 for troubleshooting networks.
754 for more information.
755 .It Va icmp_bmcastecho
759 to respond to broadcast or multicast ICMP ping packets.
762 for more information.
763 .It Va ip_portrange_first
767 this is the first port in the default portrange.
770 for more information.
771 .It Va ip_portrange_last
775 this is the last port in the default portrange.
778 for more information.
780 .It Va ifconfig_ Ns Aq Ar interface
784 Typically includes IP address.
785 Assuming that the interface in question was
787 it might look something like this:
789 ifconfig_ed0="inet 10.0.0.1 netmask 0xffff0000"
793 .Pa /etc/start_if. Ns Aq Ar interface
794 file is present, it is read and executed by the
796 interpreter before configuring the interface as specified in the
797 .Va ifconfig_ Ns Aq Ar interface
799 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
802 It is possible to bring up an interface with DHCP by adding
805 .Va ifconfig_ Ns Aq Ar interface
807 For instance, to initialize the
809 device via DHCP, it is possible to use something like:
814 Also, if your interface needs WPA authentication, it is possible to add
817 .Va ifconfig_ Ns Aq Ar interface
820 .Xr wpa_supplicant 8 .
822 .Xr wpa_supplicant.conf 5
823 for configuring authentication information.
827 options in this variable, in addition to the
828 .Pa /etc/start_if. Ns Aq Ar interface
830 For instance, to initialize the
832 device via DHCP, using WPA authentication and 802.11b mode, it is
833 possible to use something like:
835 ifconfig_wi0="up DHCP WPA mode 11b"
839 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
841 Configuration to establish an additional network address for
843 Assuming that the interface in question was
845 it might look something like this:
847 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
848 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
853 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
854 entry that is found, its contents are passed to
856 Execution stops at the first unsuccessful access, so if
857 something like this is present:
859 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
860 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
861 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
862 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
865 Then note that alias4 would
867 be added since the search would stop with the missing alias3 entry.
870 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _name
874 It is possible to rename interface by doing:
876 ifconfig_ed0_name="net0"
877 ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
879 .It Va network_interfaces
881 The list of network interfaces to configure on this host,
884 to configure all network interfaces
887 For example, if the only network devices to be configured are the loopback device
891 driver, this could be set to
894 .Va ifconfig_ Ns Aq Ar interface
895 variable is assumed to exist for each value of
897 .It Va ipv6_network_interfaces
899 This is the IPv6 equivalent of
900 .Va network_interfaces .
901 Instead of setting the ifconfig variables as
902 .Va ifconfig_ Ns Aq Ar interface
903 they should be set as
904 .Va ipv6_ifconfig_ Ns Aq Ar interface .
905 Aliases should be set as
906 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
907 Interfaces that do not have a
908 .Va ipv6_ifconfig_ Ns Aq Ar interface
909 setting will be auto configured by
912 .Va ipv6_gateway_enable
915 Note that the IPv6 networking code does not support the
916 .Pa /etc/start_if. Ns Aq Ar interface
918 .It Va ipv6_prefix_ Ns Aq Ar interface
922 prefixlen 64 is used.
923 .It Va ipv6_default_interface
927 this is the default output interface for scoped addresses.
928 Now this works only for IPv6 link local multicast addresses.
929 .It Va cloned_interfaces
931 Set to the list of clonable network interfaces to create on this host.
933 .Va cloned_interfaces
934 are automatically appended to
935 .Va network_interfaces
937 .It Va gif_interfaces
941 tunnel interfaces to configure on this host.
943 .Va gifconfig_ Ns Aq Ar interface
944 variable is assumed to exist for each value of
946 The value of this variable is used to configure the link layer of the
947 tunnel according to the syntax of the
951 Additionally, this option ensures that each listed interface is created via the
955 before attempting to configure it.
956 .It Va sppp_interfaces
960 interfaces to configure on this host.
962 .Va spppconfig_ Ns Aq Ar interface
963 variable is assumed to exist for each value of
965 Each interface should also be configured by a general
966 .Va ifconfig_ Ns Aq Ar interface
970 for more information about available options.
980 Mode in which to run the
989 See the manual for a full description.
994 enables network address translation.
995 Used in conjunction with
997 allows hosts on private network addresses access to the Internet using
998 this host as a network address translating router.
1001 The name of the profile to use from
1002 .Pa /etc/ppp/ppp.conf .
1005 The name of the user under which
1012 .It Va rc_conf_files
1014 This option is used to specify a list of files that will override
1016 .Pa /etc/defaults/rc.conf .
1017 The files will be read in the order in which they are specified and should
1018 include the full path to the file.
1019 By default, the files specified are
1022 .Pa /etc/rc.conf.local
1023 .It Va fsck_y_enable
1028 will be run with the
1030 flag if the initial preen of the file systems fails.
1033 List of file system types that are network-based.
1034 This list should generally not be modified by end users.
1036 .Va extra_netfs_types
1038 .It Va extra_netfs_types
1040 If set to something other than
1042 (the default), this variable extends the list of file system types
1043 for which automatic mounting at startup by
1045 should be delayed until the network is initialized.
1047 a whitespace-separated list of network file system descriptor pairs,
1048 each consisting of a file system type as passed to
1050 and a human-readable, one-word description, joined with a colon
1052 Extending the default list in this way is only necessary
1053 when third party file system types are used.
1054 .It Va syslogd_enable
1061 .It Va syslogd_program
1066 .Pa /usr/sbin/syslogd ) .
1067 .It Va syslogd_flags
1073 these are the flags to pass to
1082 .It Va inetd_program
1087 .Pa /usr/sbin/inetd ) .
1094 these are the flags to pass to
1103 .It Va named_program
1108 .Pa /usr/sbin/named ) .
1115 these are the flags to pass to
1117 .It Va named_pidfile
1119 This is the default path to the
1122 Change it if you change the location in
1123 .Pa /etc/namedb/named.conf .
1124 .It Va named_chrootdir
1126 The root directory for a name server run in a
1131 will not be run in a
1134 .It Va kerberos5_server_enable
1138 to start a Kerberos 5 authentication server at boot time.
1139 .It Va kerberos5_server_program
1142 .Va kerberos5_server_enable
1145 this is the path to Kerberos 5 Authentication Server.
1146 .It Va kadmind5_server_enable
1152 the Kerberos 5 Administration Daemon; set to
1155 .It Va kadmind5_server_program
1158 .Va kadmind5_server_enable
1161 this is the path to Kerberos 5 Administration Daemon.
1162 .It Va kpasswdd_server_enable
1168 the Kerberos 5 Password-Changing Daemon; set to
1171 .It Va kpasswdd_server_program
1174 .Va kpasswdd_server_enable
1177 this is the path to Kerberos 5 Password-Changing Daemon.
1184 daemon at boot time.
1191 these are the flags to pass to it.
1198 daemon at boot time.
1205 these are the flags to pass to it.
1208 manpage for more information.
1209 .It Va amd_map_program
1211 If set, the specified program is run to get the list of
1216 maps are stored in NIS, one can set this to run
1228 will be updated at boot time to reflect the kernel release being run.
1232 will not be updated.
1233 .It Va nfs_client_enable
1237 run the NFS client daemons at boot time.
1238 .It Va nfs_client_flags
1241 .Va nfs_client_enable
1244 these are the flags to pass to the
1247 .It Va nfs_access_cache
1250 .Va nfs_client_enable
1255 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1256 NFS ACCESS results should be cached.
1257 A value of 2-10 seconds will substantially reduce network traffic for
1258 many NFS operations.
1259 The default is 5 seconds.
1260 Note that the attribute cache holds stat information only.
1261 The NFS data cache is independent of the attribute cache and is only
1262 invalidated when the client detects that the server has modified the
1264 This value specifies a maximum timeout.
1265 The NFS client will automatically use a shorter timeout for files which
1266 have been recently modified.
1267 .It Va nfs_neg_cache
1270 .Va nfs_client_enable
1275 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existent
1276 filenames), or to the number of seconds for which negative lookups should
1278 A value of 2-10 seconds will substantially reduce network
1279 traffic for many NFS operations, especially source code builds.
1280 The default is 3 seconds.
1281 .It Va nfs_server_enable
1285 run the NFS server daemons at boot time.
1286 .It Va nfs_server_flags
1289 .Va nfs_server_enable
1292 these are the flags to pass to the
1295 .It Va mountd_enable
1300 .Va nfs_server_enable
1306 It is commonly needed to run CFS without real NFS used.
1313 these are the flags to pass to the
1316 .It Va weak_mountd_authentication
1320 allow services like PCNFSD to make non-privileged mount requests.
1321 .It Va nfs_reserved_port_only
1325 provide NFS services only on a secure port.
1326 .It Va nfs_bufpackets
1328 If set to a number, indicates the number of packets worth of
1329 socket buffer space to reserve on an NFS client.
1330 The kernel default is typically 4.
1331 Using a higher number may be useful on gigabit networks to improve performance.
1332 The minimum value is 2 and the maximum is 64.
1333 .It Va rpc_umntall_enable
1337 (default) and we are also an NFS client, run
1339 at boot time to clear out old mounts on remote servers.
1344 will not be run at boot time.
1345 .It Va rpc_lockd_enable
1349 and also an NFS server, run
1352 .It Va rpc_statd_enable
1356 and also an NFS server, run
1359 .It Va rpcbind_program
1361 Path to program for rpcbind daemon
1363 .Pa /usr/sbin/portmap ) .
1364 .It Va rpcbind_enable
1371 .It Va rpcbind_flags
1377 these are the flags to pass to
1378 .Va rpcbind_program .
1379 .It Va keyserv_enable
1385 daemon on boot for running Secure RPC.
1386 .It Va keyserv_flags
1392 these are the flags to pass to
1395 .It Va pppoed_enable
1401 daemon at boot time to provide PPP over Ethernet services.
1402 .It Va pppoed_provider
1405 listens to requests to this provider and ultimately runs
1409 argument of the same name.
1412 Additional flags to pass to
1414 .It Va pppoed_interface
1416 The network interface to run
1419 This is mandatory when
1429 service at boot time.
1430 This command is intended for networks of machines where a consistent
1432 for all hosts must be established.
1433 This is often useful in large NFS environments where time stamps on
1434 files are expected to be consistent network-wide.
1441 these are the flags to pass to the
1450 at system boot time.
1451 .It Va dntpd_program
1456 .Pa /usr/sbin/dntpd ) .
1463 these are the flags to pass to the
1466 .It Va btconfig_enable
1470 configure Bluetooth devices via
1472 at system boot time.
1473 .It Va btconfig_devices
1479 this is the list of Bluetooth devices to configure.
1481 .Va btconfig_devices
1482 is not specified, all devices known to the system will be configured.
1484 .Va btconfig_ Ns Aq Ar device
1485 variable can be set to specify parameters to be passed to
1487 .It Va btconfig_args
1493 this is the list of configuration parameters to pass to all Bluetooth
1499 run the Service Discovery Profile daemon
1501 at system boot time.
1508 these are the flags to pass to the
1511 .It Va bthcid_enable
1515 run the Bluetooth Link Key/PIN Code Manager daemon
1517 at system boot time.
1524 these are the flags to pass to the
1527 .It Va nis_client_enable
1533 service at system boot time.
1534 .It Va nis_client_flags
1537 .Va nis_client_enable
1540 these are the flags to pass to the
1543 .It Va nis_ypset_enable
1549 daemon at system boot time.
1550 .It Va nis_ypset_flags
1553 .Va nis_ypset_enable
1556 these are the flags to pass to the
1559 .It Va nis_server_enable
1565 daemon at system boot time.
1566 .It Va nis_server_flags
1569 .Va nis_server_enable
1572 these are the flags to pass to the
1575 .It Va nis_ypxfrd_enable
1581 daemon at system boot time.
1582 .It Va nis_ypxfrd_flags
1585 .Va nis_ypxfrd_enable
1588 these are the flags to pass to the
1591 .It Va nis_yppasswdd_enable
1597 daemon at system boot time.
1598 .It Va nis_yppasswdd_flags
1601 .Va nis_yppasswdd_enable
1604 these are the flags to pass to the
1607 .It Va rpc_ypupdated_enable
1613 daemon at system boot time.
1614 .It Va defaultrouter
1618 create a default route to this host name or IP address
1619 (use an IP address if this router is also required to get to the
1621 .It Va ipv6_defaultrouter
1623 The IPv6 equivalent of
1625 .It Va static_routes
1627 Set to the list of static routes that are to be added at system boot time.
1630 then for each whitespace separated
1633 .Va route_ Ns Aq Ar element
1634 variable is assumed to exist whose contents will later be passed to a
1637 .It Va ipv6_static_routes
1639 The IPv6 equivalent of
1643 then for each whitespace separated
1646 .Va ipv6_route_ Ns Aq Ar element
1647 variable is assumed to exist whose contents will later be passed to a
1648 .Dq Nm route Cm add Fl inet6
1650 .It Va gateway_enable
1654 configure host to act as an IP router, e.g. to forward packets
1656 .It Va ipv6_gateway_enable
1658 The IPv6 equivalent of
1659 .Va gateway_enable .
1660 .It Va router_enable
1664 run a routing daemon of some sort, based on the settings of
1668 .It Va ipv6_router_enable
1670 The IPv6 equivalent of
1674 run a routing daemon of some sort, based on the settings of
1675 .Va ipv6_router_program
1677 .Va ipv6_router_flags .
1678 .It Va router_program
1684 this is the name of the routing daemon to use
1686 .Pa /sbin/routed ) .
1687 .It Va ipv6_router_program
1689 The IPv6 equivalent of
1692 .Pa /sbin/route6d ) .
1699 these are the flags to pass to the routing daemon.
1700 .It Va ipv6_router_flags
1702 The IPv6 equivalent of
1704 .It Va mrouted_enable
1708 run the multicast routing daemon,
1710 .It Va mroute6d_enable
1712 The IPv6 equivalent of
1713 .Va mrouted_enable .
1716 run the IPv6 multicast routing daemon.
1717 Note that no IPv6 multicast routing daemon is included in the
1721 can be installed from the
1724 .It Va mrouted_flags
1730 these are the flags to pass to the
1733 .It Va mroute6d_flags
1735 The IPv6 equivalent of
1741 these are the flags passed to the IPv6 multicast routing daemon.
1742 .It Va mroute6d_program
1748 this is the path to the IPv6 multicast routing daemon.
1749 .It Va rtadvd_enable
1755 daemon at boot time.
1758 .Va ipv6_gateway_enable
1763 utility sends router advertisement packets to the interfaces specified in
1764 .Va rtadvd_interfaces .
1766 and should only be enabled with great care.
1767 You may want to fine-tune
1769 .It Va rtadvd_interfaces
1775 this is the list of interfaces to use.
1776 .It Va rtsold_enable
1782 daemon at boot time.
1785 daemon is used for automatic discovery of non-link local addresses.
1792 these are the flags to pass to the
1795 .It Va ipxgateway_enable
1799 enable the routing of IPX traffic.
1800 .It Va ipxrouted_enable
1806 daemon at system boot time.
1807 .It Va ipxrouted_flags
1810 .Va ipxrouted_enable
1813 these are the flags to pass to the
1820 enable global proxy ARP.
1821 .It Va forward_sourceroute
1829 source-routed packets are forwarded.
1830 .It Va accept_sourceroute
1834 the system will accept source-routed packets directed at it.
1841 daemon at system boot time.
1848 these are the flags to pass to the
1851 .It Va bootparamd_enable
1857 daemon at system boot time.
1858 .It Va bootparamd_flags
1861 .Va bootparamd_enable
1864 these are the flags to pass to the
1867 .It Va stf_interface_ipv4addr
1871 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling interface).
1872 Specify this entry to enable the 6to4 interface.
1873 .It Va stf_interface_ipv4plen
1875 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1876 An effective value is 0-31.
1877 .It Va stf_interface_ipv6_ifid
1879 IPv6 interface ID for
1883 .It Va stf_interface_ipv6_slaid
1885 IPv6 Site Level Aggregator for
1887 .It Va ipv6_faith_prefix
1891 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP translator.
1895 .It Va ipv6_ipv4mapping
1899 this enables IPv4 mapped IPv6 address communication (like
1900 .Li ::ffff:a.b.c.d ) .
1905 to enable the configuration of ATM interfaces at system boot time.
1906 For all of the ATM variables described below, please refer to the
1908 man page for further details on the available command parameters.
1909 Also refer to the files in
1910 .Pa /usr/share/examples/atm
1911 for more detailed configuration information.
1912 .It Va atm_netif_ Ns Aq Ar intf
1914 For the ATM physical interface
1916 this variable defines the name prefix and count for the ATM network
1917 interfaces to be created.
1918 The value will be passed as the parameters of an
1919 .Dq Nm atm Cm "set netif" Ar intf
1921 .It Va atm_sigmgr_ Ns Aq Ar intf
1923 For the ATM physical interface
1925 this variable defines the ATM signalling manager to be used.
1926 The value will be passed as the parameters of an
1927 .Dq Nm atm Cm attach Ar intf
1929 .It Va atm_prefix_ Ns Aq Ar intf
1931 For the ATM physical interface
1933 this variable defines the NSAP prefix for interfaces using a UNI signalling
1937 the prefix will automatically be set via the
1940 Otherwise, the value will be passed as the parameters of an
1941 .Dq Nm atm Cm "set prefix" Ar intf
1943 .It Va atm_macaddr_ Ns Aq Ar intf
1945 For the ATM physical interface
1947 this variable defines the MAC address for interfaces using a UNI signalling
1951 the hardware MAC address contained in the ATM interface card will be used.
1952 Otherwise, the value will be passed as the parameters of an
1953 .Dq Nm atm Cm "set mac" Ar intf
1955 .It Va atm_arpserver_ Ns Aq Ar netif
1957 For the ATM network interface
1959 this variable defines the ATM address for a host which is to provide ATMARP
1961 This variable is only applicable to interfaces using a UNI signalling manager.
1964 this host will become an ATMARP server.
1965 The value will be passed as the parameters of an
1966 .Dq Nm atm Cm "set arpserver" Ar netif
1968 .It Va atm_scsparp_ Ns Aq Ar netif
1972 SCSP/ATMARP service for the network interface
1974 will be initiated using the
1979 This variable is only applicable if
1980 .Va atm_arpserver_ Ns Aq Ar netif
1985 Set to the list of permanent ATM ARP entries to be added at system boot time.
1986 For each whitespace separated
1989 .Va atm_arp_ Ns Aq Ar element
1990 variable is assumed to exist.
1991 The value of each of these variables will be passed as the parameters of an
1992 .Dq Nm atm Cm "add arp"
1996 The keyboard bell sound.
2003 if the default behavior is desired.
2004 For details, refer to the
2011 no keymap is installed, otherwise the value is used to install
2013 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
2016 The keyboard repeat speed.
2023 if the default behavior is desired.
2028 attempt to program the function keys with the value.
2029 The value should be a single string of the form:
2030 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
2033 Can be set to the value of
2036 .Dq Li destructive ,
2039 to set the cursor behavior explicitly or choose the default behavior.
2044 no screen map is installed, otherwise the value is used to install
2045 the screen map file in
2046 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
2051 the default 8x16 font value is used for screen size requests, otherwise
2053 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2059 the default 8x14 font value is used for screen size requests, otherwise
2061 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2067 the default 8x8 font value is used for screen size requests, otherwise
2069 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2075 the default screen blanking interval is used, otherwise it is set to
2082 this is the actual screen saver to use
2083 .Li ( blank , snake , daemon ,
2085 .It Va moused_enable
2091 daemon is started for doing cut/paste selection on the console.
2094 This is the protocol type of the mouse connected to this host.
2095 This variable must be set if
2102 is able to detect the appropriate mouse type automatically in many cases.
2103 Set this variable to
2105 to let the daemon detect it, or
2106 select one from the following list if the automatic detection fails.
2108 If the mouse is attached to the PS/2 mouse port, choose
2112 regardless of the brand and model of the mouse.
2113 Likewise, if the mouse is attached to the bus mouse port, choose
2117 All other protocols are for serial mice and will not work with
2118 the PS/2 and bus mice.
2119 If this is a USB mouse,
2121 is the only protocol type which will work.
2123 .Bl -tag -width ".Li x10mouseremote" -compact
2125 Microsoft mouse (serial)
2127 Microsoft IntelliMouse (serial)
2129 Mouse systems Corp. mouse (serial)
2131 MM Series mouse (serial)
2133 Logitech mouse (serial)
2137 Logitech MouseMan and TrackMan (serial)
2139 ALPS GlidePoint (serial)
2140 .It Li thinkingmouse
2141 Kensington ThinkingMouse (serial)
2145 MM HitTablet (serial)
2146 .It Li x10mouseremote
2147 X10 MouseRemote (serial)
2149 Interlink VersaPad (serial)
2152 Even if the mouse is not in the above list, it may be compatible
2153 with one in the list.
2154 Refer to the man page for
2156 for compatibility information.
2158 It should also be noted that while this is enabled, any
2159 other client of the mouse (such as an X server) should access
2160 the mouse through the virtual mouse device,
2162 and configure it as a
2164 type mouse, since all
2165 mouse data is converted to this single canonical format when using
2167 If the client program does not support the
2172 It is the second preferred type.
2179 this is the actual port the mouse is on.
2182 for a COM1 serial mouse,
2186 for a bus mouse, for example.
2191 is set, these are the additional flags to pass to the
2194 .It Va mousechar_start
2198 the default mouse cursor character range
2199 .Li 0xd0 Ns - Ns Li 0xd3
2200 is used, otherwise the range start is set to
2204 Use if the default range is occupied in the language code table.
2207 Set the size of the history (scrollback) buffer in lines.
2208 .It Va allscreens_flags
2212 is run with these options for each of the virtual terminals
2216 will enable the mouse pointer on all virtual terminals if
2220 .It Va allscreens_kbdflags
2224 is run with these options for each of the virtual terminals
2230 scrollback (history) buffer to 200 lines.
2237 daemon at system boot time.
2243 .Pa /usr/sbin/cron ) .
2250 these are the flags to pass to
2257 .Pa /usr/sbin/lpd ) .
2264 daemon at system boot time.
2271 these are the flags to pass to the
2280 settings across reboots.
2281 .It Va mta_start_script
2283 The full path to the script to run to start
2284 a mail transfer agent.
2286 .Pa /etc/rc.sendmail .
2290 .Pa /etc/rc.sendmail
2291 uses are documented in the
2296 Indicates the device (usually a swap partition) to which a crash dump
2297 should be written in the event of a system crash.
2298 The value of this variable is passed as the argument to
2300 To disable crash dumps, set this variable to
2304 When the system reboots after a crash and a crash dump is found on the
2305 device specified by the
2309 will save that crash dump and a copy of the kernel to the directory
2313 The default value is
2322 .It Va savecore_flags
2324 If crash dumps are enabled, these are the flags to pass to the
2327 .It Va enable_quotas
2331 to turn on user disk quotas on system startup via the
2338 to enable user disk quota checking via the
2341 .It Va accounting_enable
2345 to enable system accounting through the
2352 to enable Linux/ELF binary emulation at system initial boot time.
2353 .It Va sysvipc_enable
2357 load System V IPC primitives at boot time.
2358 .\" ----- cleanvar_enable setting--------------------------------
2359 .It Va cleanvar_enable
2367 .Pa /var/spool/uucp/.Temp/*
2369 .\" ----- clear_tmp_enable setting-------------------------------
2370 .It Va clear_tmp_enable
2377 .\" ----- ldconfig_paths setting --------------------------------
2378 .It Va ldconfig_paths
2380 Set to the list of shared library paths to use with
2384 will always be added first, so it need not appear in this list.
2385 .It Va ldconfig_insecure
2389 utility normally refuses to use directories
2390 which are writable by anyone except root.
2391 Set this variable to
2393 to disable that security check during system startup.
2394 .It Va kern_securelevel
2396 The kernel security level to set at startup.
2397 The allowed range of
2399 ranges from \-1 (the compile time default) to 3 (the most secure).
2402 for the list of possible security levels and their effect on system operation.
2409 at system boot time.
2416 at system boot time.
2419 Path to the SSH server program
2421 .Pa /usr/sbin/sshd ) .
2428 these are the flags to pass to the
2437 at system boot time.
2444 these are the flags to pass to the
2453 daemon at boot time.
2460 these are the flags passed to
2463 .It Va watchdogd_enable
2469 daemon at boot time.
2470 This requires that the kernel have been compiled with
2471 .Cd "options WATCHDOG" .
2476 any configured jails will not be started.
2479 A space separated list of names for jails.
2480 This is purely a configuration aid to help identify and
2481 configure multiple jails.
2482 The names specified in this list will be used to
2483 identify settings common to an instance of a jail.
2484 Assuming that the jail in question was named
2486 you would have the following dependent variables:
2488 jail_vjail_hostname="jail.example.com"
2489 jail_vjail_ip="192.168.1.100"
2490 jail_vjail_rootdir="/var/jails/vjail/root"
2496 When set, use as default value for
2497 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2500 .It Va jail_interface
2503 When set, use as default value for
2504 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2510 When set, use as default value for
2511 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2514 .It Va jail_mount_enable
2522 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2525 by default for every jail in
2527 .It Va jail_fdesc_enable
2535 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2538 by default for every jail in
2540 .It Va jail_procfs_enable
2548 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2551 by default for every jail in
2553 .It Va jail_exec_start
2556 When set, use as default value for
2557 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2560 .It Va jail_exec_stop
2562 When set, use as default value for
2563 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2566 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
2569 Set to the root directory used by jail
2571 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
2574 Set to the fully qualified domain name (FQDN) assigned to jail
2576 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
2579 Set to the IP address assigned to jail
2581 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2586 These are flags to pass to
2588 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2591 When set, sets the interface to use when setting IP address alias.
2592 Note that the alias is created at jail startup and removed at jail shutdown.
2593 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2596 .Pa /etc/fstab. Ns Aq Ar jname
2598 This is the file system information file to use for jail
2600 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2607 mount all file systems from
2608 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2610 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2617 mount the file-descriptor file system inside jail
2620 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2627 mount the process file system inside jail
2630 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2633 .Dq Li /bin/sh /etc/rc
2635 This is the command executed at jail startup.
2636 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2639 .Dq Li /bin/sh /etc/rc.shutdown
2641 This is the command executed at jail shutdown.
2642 .It Va jail_set_hostname_allow
2646 do not allow the root user in a jail to set its hostname.
2647 .It Va jail_socket_unixiproute_only
2651 do not allow any sockets,
2652 besides UNIX/IP/route sockets,
2653 to be used within a jail.
2654 .It Va jail_sysvipc_allow
2658 allow applications within a jail to use System V IPC.
2659 .It Va newsyslog_enable
2665 before syslogd starts.
2666 .It Va newsyslog_flags
2669 .Va newsyslog_enable
2672 these are the flags passed to
2674 .It Va resident_enable
2678 make the dynamic binaries listed in
2679 .Pa /etc/resident.conf
2681 .It Va varsym_enable
2686 .Pa /etc/varsym.conf
2687 to set system-wide variables for variant symlinks.
2692 or a whitespace separated list of IRQ numbers which will be used as a source of
2694 .\" ----- isdn settings ---------------------------------
2704 daemon at system boot time.
2708 .Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
2710 Additional flags to pass to
2716 for certain tunable parameters).
2722 The terminal type of the output device when
2724 operates in full-screen mode.
2725 .It Va isdn_screenflags
2730 The video mode for full-screen mode (only for
2740 The output device for
2742 in full-screen mode (or
2752 enables the ISDN protocol trace utility
2754 at system boot time.
2755 .It Va isdn_traceflags
2758 .Dq Fl f Pa /var/tmp/isdntrace0
2762 .\" -----------------------------------------------------
2767 to disable caching entropy via
2769 Otherwise set to the directory used to store entropy files in.
2774 to disable caching entropy through reboots.
2775 Otherwise set to the filename used to store cached entropy through reboots.
2776 This file should be located on the root file system to seed the
2778 device as early as possible in the boot process.
2790 Configuration file for
2799 .Pa /var/run/dmesg.boot
2801 .It Va rcshutdown_timeout
2803 If set, start a watchdog timer in the background which will terminate
2807 has not completed within the specified time (in seconds).
2810 .Bl -tag -width ".Pa /etc/start_if. Ns Aq Ar interface" -compact
2811 .It Pa /etc/defaults/rc.conf
2813 .It Pa /etc/rc.conf.local
2814 .It Pa /etc/start_if. Ns Aq Ar interface
2832 .Xr resident.conf 5 ,
2895 .An Jordan K. Hubbard .