4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions directly.
46 Instead, it is included by the various generic startup scripts in
48 which conditionalize their
49 internal actions according to the settings found there.
52 .Pa /etc/defaults/rc.conf
53 file specifies the default settings for all the available options,
56 file specifies override settings.
57 Options need only be specified in
59 when the system administrator wishes to override the defaults.
61 .Pa /etc/rc.conf.local
62 is used to override settings in
64 for historical reasons.
66 .Pa /etc/rc.conf.local
67 you can also place smaller configuration files for each
71 directory, which will be included by the
74 For jail configurations you could use the file
75 .Pa /etc/rc.conf.d/jail
76 to store jail specific configuration options.
81 The following list provides a name and short description for each
82 variable that can be set in the
99 These values are case insensitive.
102 postfix in the name of a variable for starting a service can be
105 .Bl -tag -width indent-two
110 enable output of debug messages from rc scripts.
111 This variable can be helpful in diagnosing mistakes when
112 editing or integrating new scripts.
113 Beware that this produces copious output to the terminal and
119 disable informational messages from the rc scripts.
120 Informational messages are displayed when
121 a condition that is not serious enough to warrant a warning or an error occurs.
126 no swapfile is installed, otherwise the value is used as the full
127 pathname to a file to use for additional swap space.
130 driver is needed for a swapfile and will be loaded if it is not
131 already compiled into the kernel or loaded via
137 enable support for Automatic Power Management with the
144 to handle APM event from userland.
145 This also enables support for APM.
152 these are the flags to pass to the
158 to monitor the status of batteries present in the system.
159 This also enables support for APM.
166 these are the flags to pass to the
173 to handle device added, removed or unknown events from the kernel.
180 these are the flags to pass to the
192 a CPU speed control daemon.
193 .It Va sensorsd_enable
202 a sensors monitoring and logging daemon.
203 .It Va sensorsd_flags
206 Additional flags passed to the
209 .It Va sysvipcd_enable
218 a sensors monitoring and logging daemon.
219 .It Va sysvipcd_flags
222 Additional flags passed to the
225 .It Va hotplugd_enable
234 a devices hot plugging monitoring daemon.
235 .It Va hotplugd_flags
238 Additional flags passed to the
241 .It Va pccard_ifconfig
243 List of arguments to be passed to
245 at boot time or on insertion of the card (e.g.\&
246 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
247 for a fixed address or
250 .It Va pccard_ether_delay
252 Set the delay before starting
255 .Pa /etc/pccard_ether
257 This defaults to 5 seconds to work around a bug in the
259 driver which can lead to system hangs when using some newer
262 .It Va removable_interfaces
264 List of removable network interfaces to be supported by
265 .Pa /etc/pccard_ether .
268 List of directories to search for startup script files.
269 .It Va script_name_sep
271 The field separator to use for breaking down the list of startup script files
272 into individual filenames.
273 The default is a space.
274 It is not necessary to change this unless there are startup scripts with names
276 .It Va hostapd_enable
285 The fully qualified domain name (FQDN) of this host on the network.
286 This should almost certainly be set to something meaningful, even if
287 there is no network connection.
290 is used to set the hostname via DHCP,
291 this variable should be set to an empty string.
294 Enable support for IPv6 networking.
295 Note that this requires that the kernel have been compiled with
296 .Cd "options INET6" .
299 The NIS domain name of this host, or
302 .It Va dhclient_program
304 Path to the DHCP client program
306 .Pa /sbin/dhclient ) .
307 .It Va dhclient_flags
309 Additional flags to pass to the DHCP client program.
317 If the kernel was not built with
321 kernel module will be loaded.
323 .Va firewall_enable .
328 ruleset definition file.
339 these are the flags to pass to
341 when loading the ruleset.
348 which logs packets from
356 this specifies the path of the log file.
367 these are the flags to pass to
369 .It Va firewall_enable
373 to load firewall rules at startup.
374 If the kernel was not built with
375 .Cd "options IPFIREWALL" ,
378 kernel module will be loaded.
381 .It Va ipv6_firewall_enable
383 The IPv6 equivalent of
384 .Va firewall_enable .
387 to load IPv6 firewall rules at startup.
388 If the kernel was not built with
389 .Cd "options IPV6FIREWALL" ,
392 kernel module will be loaded.
393 .It Va firewall_script
395 The full path to the firewall script to run
397 .Pa /etc/rc.firewall ) .
398 .It Va ipv6_firewall_script
400 The IPv6 equivalent of
401 .Va firewall_script .
404 Names the firewall type from the selection in
405 .Pa /etc/rc.firewall ,
406 or the file which contains the local firewall ruleset.
407 Valid selections from
411 .Bl -tag -width ".Li simple" -compact
413 unrestricted IP access
415 all IP services disabled, except via
418 basic protection for a workstation on a LAN
424 If a filename is specified, the full path must be given.
425 .It Va firewall_trusted_nets
427 List of trusted networks (if
431 .It Va firewall_trusted_interfaces
433 List of trusted network interfaces (if
437 .It Va firewall_allowed_icmp_types
439 List of allowed ICMP types (if
443 .It Va firewall_open_tcp_ports
445 List of TCP ports to open (if
449 .It Va firewall_open_udp_ports
451 List of UDP ports to open (if
455 .It Va ipv6_firewall_type
457 The IPv6 equivalent of
459 .It Va firewall_quiet
463 to disable the display of firewall rules on the console during boot.
464 .It Va ipv6_firewall_quiet
466 The IPv6 equivalent of
468 .It Va firewall_logging
472 to enable firewall event logging.
473 This is equivalent to the
474 .Dv IPFIREWALL_VERBOSE
476 .It Va ipv6_firewall_logging
478 The IPv6 equivalent of
479 .Va firewall_logging .
480 .It Va firewall_flags
486 specifies a filename.
487 .It Va ipv6_firewall_flags
489 The IPv6 equivalent of
506 sockets must be enabled in the kernel.
507 .It Va natd_interface
509 This is the name of the public interface on which
512 The interface may be given as an interface name or as an IP address.
517 flags should be placed here.
522 flag is automatically added with the above
525 .It Va tcp_extensions
532 disables certain TCP options as described by
538 might help remedy such problems with connections as randomly hanging
539 or other weird behavior.
540 Some network devices are known to be broken with respect to these options.
547 .Va net.inet.tcp.log_in_vain
549 .Va net.inet.udp.log_in_vain ,
554 are set to the given value.
562 will disable probing idle TCP connections to verify that the
563 peer is still up and reachable.
564 .It Va tcp_drop_synfin
571 will cause the kernel to ignore TCP frames that have both
572 the SYN and FIN flags set.
573 This prevents OS fingerprinting, but may break some legitimate applications.
574 This option is only available if the kernel was built with the
577 .It Va icmp_drop_redirect
584 will cause the kernel to ignore ICMP REDIRECT packets.
587 for more information.
588 .It Va icmp_log_redirect
595 will cause the kernel to log ICMP REDIRECT packets.
597 the log messages are not rate-limited, so this option should only be used
598 for troubleshooting networks.
601 for more information.
602 .It Va icmp_bmcastecho
606 to respond to broadcast or multicast ICMP ping packets.
609 for more information.
610 .It Va ip_portrange_first
614 this is the first port in the default portrange.
617 for more information.
618 .It Va ip_portrange_last
622 this is the last port in the default portrange.
625 for more information.
627 .It Va ifconfig_ Ns Aq Ar interface
631 Typically includes IP address.
632 Assuming that the interface in question was
634 it might look something like this:
636 ifconfig_ed0="inet 10.0.0.1 netmask 0xffff0000"
640 .Pa /etc/start_if. Ns Aq Ar interface
641 file is present, it is read and executed by the
643 interpreter before configuring the interface as specified in the
644 .Va ifconfig_ Ns Aq Ar interface
646 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
649 It is possible to bring up an interface with DHCP by adding
652 .Va ifconfig_ Ns Aq Ar interface
654 For instance, to initialize the
656 device via DHCP, it is possible to use something like:
662 .Va vlans_ Ns Aq Ar interface
666 interface will be created for each item in the list with the
670 If a vlan interface's name is a number,
671 then that number is used as the vlan tag and the new vlan interface is
673 .Ar interface . Ns Ar tag .
675 the vlan tag must be specified via a
678 .Va create_args_ Ns Aq Ar interface
681 To create a vlan device named
685 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
688 ifconfig_em0_101="inet 192.0.2.1/24"
691 To create a vlan device named
695 with the vlan tag 102:
698 create_args_myvlan="vlan 102"
702 .Va wlans_ Ns Aq Ar interface
706 interface will be created for each item in the list with the
710 Further wlan cloning arguments may be passed to the
713 command by setting the
714 .Va create_args_ Ns Aq Ar interface
718 devices must be created for each wireless devices as of
724 may be specified with an
725 .Va wlandebug_ Ns Aq Ar interface
727 The contents of this variable will be passed directly to
730 Also, if your interface needs WPA authentication, it is possible to add
733 .Va ifconfig_ Ns Aq Ar interface
736 .Xr wpa_supplicant 8 .
738 .Xr wpa_supplicant.conf 5
739 for configuring authentication information.
743 options in this variable, in addition to the
744 .Pa /etc/start_if. Ns Aq Ar interface
746 For instance, to initialize the
748 device via DHCP, using WPA authentication and 802.11b mode, it is
749 possible to use something like:
752 ifconfig_wlan0="up DHCP WPA mode 11b"
754 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
756 Configuration to establish an additional network address for
758 Assuming that the interface in question was
760 it might look something like this:
762 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
763 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
768 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
769 entry that is found, its contents are passed to
771 Execution stops at the first unsuccessful access, so if
772 something like this is present:
774 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
775 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
776 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
777 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
780 Then note that alias4 would
782 be added since the search would stop with the missing alias3 entry.
783 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _name
787 It is possible to rename interface by doing:
789 ifconfig_ed0_name="net0"
790 ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
792 .It Va network_interfaces
794 The list of network interfaces to configure on this host,
797 to configure all network interfaces
800 For example, if the only network devices to be configured are the loopback device
804 driver, this could be set to
807 .Va ifconfig_ Ns Aq Ar interface
808 variable is assumed to exist for each value of
810 .It Va ipv6_network_interfaces
812 This is the IPv6 equivalent of
813 .Va network_interfaces .
814 Instead of setting the ifconfig variables as
815 .Va ifconfig_ Ns Aq Ar interface
816 they should be set as
817 .Va ipv6_ifconfig_ Ns Aq Ar interface .
818 Aliases should be set as
819 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
820 Interfaces that do not have a
821 .Va ipv6_ifconfig_ Ns Aq Ar interface
822 setting will be auto configured by
825 .Va ipv6_gateway_enable
828 Note that the IPv6 networking code does not support the
829 .Pa /etc/start_if. Ns Aq Ar interface
831 .It Va ipv6_prefix_ Ns Aq Ar interface
835 prefixlen 64 is used.
836 .It Va ipv6_default_interface
840 this is the default output interface for scoped addresses.
841 Now this works only for IPv6 link local multicast addresses.
842 .It Va cloned_interfaces
844 Set to the list of clonable network interfaces to create on this host.
846 .Va cloned_interfaces
847 are automatically appended to
848 .Va network_interfaces
850 .It Va gif_interfaces
854 tunnel interfaces to configure on this host.
856 .Va gifconfig_ Ns Aq Ar interface
857 variable is assumed to exist for each value of
859 The value of this variable is used to configure the link layer of the
860 tunnel according to the syntax of the
864 Additionally, this option ensures that each listed interface is created via the
868 before attempting to configure it.
869 .It Va sppp_interfaces
873 interfaces to configure on this host.
875 .Va spppconfig_ Ns Aq Ar interface
876 variable is assumed to exist for each value of
878 Each interface should also be configured by a general
879 .Va ifconfig_ Ns Aq Ar interface
883 for more information about available options.
893 Mode in which to run the
902 See the manual for a full description.
907 enables network address translation.
908 Used in conjunction with
910 allows hosts on private network addresses access to the Internet using
911 this host as a network address translating router.
914 The name of the profile to use from
915 .Pa /etc/ppp/ppp.conf .
918 The name of the user under which
927 This option is used to specify a list of files that will override
929 .Pa /etc/defaults/rc.conf .
930 The files will be read in the order in which they are specified and should
931 include the full path to the file.
932 By default, the files specified are
935 .Pa /etc/rc.conf.local
943 flag if the initial preen of the file systems fails.
946 List of file system types that are network-based.
947 This list should generally not be modified by end users.
949 .Va extra_netfs_types
951 .It Va extra_netfs_types
953 If set to something other than
955 (the default), this variable extends the list of file system types
956 for which automatic mounting at startup by
958 should be delayed until the network is initialized.
960 a whitespace-separated list of network file system descriptor pairs,
961 each consisting of a file system type as passed to
963 and a human-readable, one-word description, joined with a colon
965 Extending the default list in this way is only necessary
966 when third party file system types are used.
967 .It Va devfs_config_files
969 This option is used to specify a list of configuration files containing
971 rules that will be applied by
973 in the order in which they are specified and must include the full path
975 .It Va syslogd_enable
982 .It Va syslogd_program
987 .Pa /usr/sbin/syslogd ) .
994 these are the flags to pass to
1003 .It Va inetd_program
1008 .Pa /usr/sbin/inetd ) .
1015 these are the flags to pass to
1023 daemon at boot time.
1030 these are the flags to pass to it.
1037 daemon at boot time.
1044 these are the flags to pass to it.
1047 manpage for more information.
1048 .It Va amd_map_program
1050 If set, the specified program is run to get the list of
1055 maps are stored in NIS, one can set this to run
1067 will be updated at boot time to reflect the kernel release being run.
1071 will not be updated.
1072 .It Va nfs_client_enable
1076 setup NFS client parameters at boot time.
1077 .It Va nfs_access_cache
1080 .Va nfs_client_enable
1085 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1086 NFS ACCESS results should be cached.
1087 A value of 2-10 seconds will substantially reduce network traffic for
1088 many NFS operations.
1089 The default is 5 seconds.
1090 Note that the attribute cache holds stat information only.
1091 The NFS data cache is independent of the attribute cache and is only
1092 invalidated when the client detects that the server has modified the
1094 This value specifies a maximum timeout.
1095 The NFS client will automatically use a shorter timeout for files which
1096 have been recently modified.
1097 .It Va nfs_neg_cache
1100 .Va nfs_client_enable
1105 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existent
1106 filenames), or to the number of seconds for which negative lookups should
1108 A value of 2-10 seconds will substantially reduce network
1109 traffic for many NFS operations, especially source code builds.
1110 The default is 3 seconds.
1111 .It Va nfs_server_enable
1115 run the NFS server daemons at boot time.
1116 .It Va nfs_server_flags
1119 .Va nfs_server_enable
1122 these are the flags to pass to the
1125 .It Va mountd_enable
1130 .Va nfs_server_enable
1136 It is commonly needed to run CFS without real NFS used.
1143 these are the flags to pass to the
1146 .It Va weak_mountd_authentication
1150 allow services like PCNFSD to make non-privileged mount requests.
1151 .It Va nfs_reserved_port_only
1155 provide NFS services only on a secure port.
1156 .It Va nfs_bufpackets
1158 If set to a number, indicates the number of packets worth of
1159 socket buffer space to reserve on an NFS client.
1160 The kernel default is typically 4.
1161 Using a higher number may be useful on gigabit networks to improve performance.
1162 The minimum value is 2 and the maximum is 64.
1163 .It Va rpc_umntall_enable
1167 (default) and we are also an NFS client, run
1169 at boot time to clear out old mounts on remote servers.
1174 will not be run at boot time.
1175 .It Va rpc_lockd_enable
1179 and also an NFS server, run
1182 .It Va rpc_lockd_flags
1185 .Va rpc_lockd_enable
1188 these are the flags to pass to
1190 .It Va rpc_statd_enable
1194 and also an NFS server, run
1197 .It Va rpc_statd_flags
1200 .Va rpc_statd_enable
1203 these are the flags to pass to
1205 .It Va rpcbind_program
1207 Path to program for rpcbind daemon
1209 .Pa /usr/sbin/rpcbind ) .
1210 .It Va rpcbind_enable
1217 .It Va rpcbind_flags
1223 these are the flags to pass to
1224 .Va rpcbind_program .
1225 .It Va keyserv_enable
1231 daemon on boot for running Secure RPC.
1232 .It Va keyserv_flags
1238 these are the flags to pass to
1241 .It Va pppoed_enable
1247 daemon at boot time to provide PPP over Ethernet services.
1248 .It Va pppoed_provider
1251 listens to requests to this provider and ultimately runs
1255 argument of the same name.
1258 Additional flags to pass to
1260 .It Va pppoed_interface
1262 The network interface to run
1265 This is mandatory when
1275 service at boot time.
1276 This command is intended for networks of machines where a consistent
1278 for all hosts must be established.
1279 This is often useful in large NFS environments where time stamps on
1280 files are expected to be consistent network-wide.
1287 these are the flags to pass to the
1296 at system boot time.
1297 .It Va dntpd_program
1302 .Pa /usr/sbin/dntpd ) .
1309 these are the flags to pass to the
1312 .It Va btconfig_enable
1316 configure Bluetooth devices via
1318 at system boot time.
1319 .It Va btconfig_devices
1325 this is the list of Bluetooth devices to configure.
1327 .Va btconfig_devices
1328 is not specified, all devices known to the system will be configured.
1330 .Va btconfig_ Ns Aq Ar device
1331 variable can be set to specify parameters to be passed to
1333 .It Va btconfig_args
1339 this is the list of configuration parameters to pass to all Bluetooth
1345 run the Service Discovery Profile daemon
1347 at system boot time.
1354 these are the flags to pass to the
1357 .It Va bthcid_enable
1361 run the Bluetooth Link Key/PIN Code Manager daemon
1363 at system boot time.
1370 these are the flags to pass to the
1373 .It Va nis_client_enable
1379 service at system boot time.
1380 .It Va nis_client_flags
1383 .Va nis_client_enable
1386 these are the flags to pass to the
1389 .It Va nis_ypset_enable
1395 daemon at system boot time.
1396 .It Va nis_ypset_flags
1399 .Va nis_ypset_enable
1402 these are the flags to pass to the
1405 .It Va nis_server_enable
1411 daemon at system boot time.
1412 .It Va nis_server_flags
1415 .Va nis_server_enable
1418 these are the flags to pass to the
1421 .It Va nis_ypxfrd_enable
1427 daemon at system boot time.
1428 .It Va nis_ypxfrd_flags
1431 .Va nis_ypxfrd_enable
1434 these are the flags to pass to the
1437 .It Va nis_yppasswdd_enable
1443 daemon at system boot time.
1444 .It Va nis_yppasswdd_flags
1447 .Va nis_yppasswdd_enable
1450 these are the flags to pass to the
1453 .It Va rpc_ypupdated_enable
1459 daemon at system boot time.
1460 .It Va defaultrouter
1464 create a default route to this host name or IP address
1465 (use an IP address if this router is also required to get to the
1467 .It Va ipv6_defaultrouter
1469 The IPv6 equivalent of
1471 .It Va static_routes
1473 Set to the list of static routes that are to be added at system boot time.
1476 then for each whitespace separated
1479 .Va route_ Ns Aq Ar element
1480 variable is assumed to exist whose contents will later be passed to a
1483 .It Va change_routes
1485 Set to the list of static routes that are to be changed at system boot time
1486 (such as those added by the kernel).
1489 then for each whitespace separated
1492 .Va change_route_ Ns Aq Ar element
1493 variable is assumed to exist whose contents will later be passed to a
1494 .Dq Nm route Cm change
1496 .It Va ipv6_static_routes
1498 The IPv6 equivalent of
1502 then for each whitespace separated
1505 .Va ipv6_route_ Ns Aq Ar element
1506 variable is assumed to exist whose contents will later be passed to a
1507 .Dq Nm route Cm add Fl inet6
1509 .It Va gateway_enable
1513 configure host to act as an IP router, e.g. to forward packets
1515 .It Va ipv6_gateway_enable
1517 The IPv6 equivalent of
1518 .Va gateway_enable .
1519 .It Va router_enable
1523 run a routing daemon of some sort, based on the settings of
1527 .It Va ipv6_router_enable
1529 The IPv6 equivalent of
1533 run a routing daemon of some sort, based on the settings of
1534 .Va ipv6_router_program
1536 .Va ipv6_router_flags .
1537 .It Va router_program
1543 this is the name of the routing daemon to use
1545 .Pa /sbin/routed ) .
1546 .It Va ipv6_router_program
1548 The IPv6 equivalent of
1551 .Pa /sbin/route6d ) .
1558 these are the flags to pass to the routing daemon.
1559 .It Va ipv6_router_flags
1561 The IPv6 equivalent of
1563 .It Va mrouted_enable
1567 run the multicast routing daemon,
1569 .It Va mroute6d_enable
1571 The IPv6 equivalent of
1572 .Va mrouted_enable .
1575 run the IPv6 multicast routing daemon.
1576 Note that no IPv6 multicast routing daemon is included in the
1580 can be installed from the
1583 .It Va mrouted_flags
1589 these are the flags to pass to the
1592 .It Va mroute6d_flags
1594 The IPv6 equivalent of
1600 these are the flags passed to the IPv6 multicast routing daemon.
1601 .It Va mroute6d_program
1607 this is the path to the IPv6 multicast routing daemon.
1608 .It Va rtadvd_enable
1614 daemon at boot time.
1617 .Va ipv6_gateway_enable
1622 utility sends router advertisement packets to the interfaces specified in
1623 .Va rtadvd_interfaces .
1625 and should only be enabled with great care.
1626 You may want to fine-tune
1628 .It Va rtadvd_interfaces
1634 this is the list of interfaces to use.
1635 .It Va rtsold_enable
1641 daemon at boot time.
1644 daemon is used for automatic discovery of non-link local addresses.
1651 these are the flags to pass to the
1658 enable global proxy ARP.
1659 .It Va forward_sourceroute
1667 source-routed packets are forwarded.
1668 .It Va accept_sourceroute
1672 the system will accept source-routed packets directed at it.
1679 daemon at system boot time.
1686 these are the flags to pass to the
1689 .It Va bootparamd_enable
1695 daemon at system boot time.
1696 .It Va bootparamd_flags
1699 .Va bootparamd_enable
1702 these are the flags to pass to the
1705 .It Va stf_interface_ipv4addr
1709 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling interface).
1710 Specify this entry to enable the 6to4 interface.
1711 .It Va stf_interface_ipv4plen
1713 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1714 An effective value is 0-31.
1715 .It Va stf_interface_ipv6_ifid
1717 IPv6 interface ID for
1721 .It Va stf_interface_ipv6_slaid
1723 IPv6 Site Level Aggregator for
1725 .It Va ipv6_faith_prefix
1729 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP translator.
1733 .It Va ipv6_ipv4mapping
1737 this enables IPv4 mapped IPv6 address communication (like
1738 .Li ::ffff:a.b.c.d ) .
1741 The keyboard bell sound.
1748 if the default behavior is desired.
1749 For details, refer to the
1756 no keymap is installed, otherwise the value is used to install
1758 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1761 The keyboard repeat speed.
1768 if the default behavior is desired.
1773 attempt to program the function keys with the value.
1774 The value should be a single string of the form:
1775 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
1778 Can be set to the value of
1781 .Dq Li destructive ,
1784 to set the cursor behavior explicitly or choose the default behavior.
1789 no screen map is installed, otherwise the value is used to install
1790 the screen map file in
1791 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
1796 the default 8x16 font value is used for screen size requests, otherwise
1798 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1804 the default 8x14 font value is used for screen size requests, otherwise
1806 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1812 the default 8x8 font value is used for screen size requests, otherwise
1814 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1820 the default screen blanking interval is used, otherwise it is set to
1827 this is the actual screen saver to use
1828 .Li ( blank , snake , daemon ,
1830 .It Va moused_enable
1836 daemon is started for doing cut/paste selection on the console.
1839 This is the protocol type of the mouse connected to this host.
1840 This variable must be set if
1847 is able to detect the appropriate mouse type automatically in many cases.
1848 Set this variable to
1850 to let the daemon detect it, or
1851 select one from the following list if the automatic detection fails.
1853 If the mouse is attached to the PS/2 mouse port, choose
1857 regardless of the brand and model of the mouse.
1858 Likewise, if the mouse is attached to the bus mouse port, choose
1862 All other protocols are for serial mice and will not work with
1863 the PS/2 and bus mice.
1864 If this is a USB mouse,
1866 is the only protocol type which will work.
1868 .Bl -tag -width ".Li x10mouseremote" -compact
1870 Microsoft mouse (serial)
1872 Microsoft IntelliMouse (serial)
1874 Mouse systems Corp. mouse (serial)
1876 MM Series mouse (serial)
1878 Logitech mouse (serial)
1882 Logitech MouseMan and TrackMan (serial)
1884 ALPS GlidePoint (serial)
1885 .It Li thinkingmouse
1886 Kensington ThinkingMouse (serial)
1890 MM HitTablet (serial)
1891 .It Li x10mouseremote
1892 X10 MouseRemote (serial)
1894 Interlink VersaPad (serial)
1897 Even if the mouse is not in the above list, it may be compatible
1898 with one in the list.
1899 Refer to the man page for
1901 for compatibility information.
1903 It should also be noted that while this is enabled, any
1904 other client of the mouse (such as an X server) should access
1905 the mouse through the virtual mouse device,
1907 and configure it as a
1909 type mouse, since all
1910 mouse data is converted to this single canonical format when using
1912 If the client program does not support the
1917 It is the second preferred type.
1924 this is the actual port the mouse is on.
1927 for a COM1 serial mouse or
1929 for a PS/2 mouse, for example.
1934 is set, these are the additional flags to pass to the
1937 .It Va mousechar_start
1941 the default mouse cursor character range
1942 .Li 0xd0 Ns - Ns Li 0xd3
1943 is used, otherwise the range start is set to
1947 Use if the default range is occupied in the language code table.
1950 Set the size of the history (scrollback) buffer in lines.
1951 .It Va allscreens_flags
1955 is run with these options for each of the virtual terminals
1959 will enable the mouse pointer on all virtual terminals if
1963 .It Va allscreens_kbdflags
1967 is run with these options for each of the virtual terminals
1973 scrollback (history) buffer to 200 lines.
1980 daemon at system boot time.
1986 .Pa /usr/sbin/cron ) .
1993 these are the flags to pass to
2000 .Pa /usr/sbin/lpd ) .
2007 daemon at system boot time.
2014 these are the flags to pass to the
2023 daemon at system boot time.
2030 settings across reboots.
2031 .It Va mta_start_script
2033 The full path to the script to run to start
2034 a mail transfer agent.
2036 .Pa /etc/rc.sendmail .
2040 .Pa /etc/rc.sendmail
2041 uses are documented in the
2047 .Sq HAMMER ROOT with UFS /boot
2048 setup, the boot loader will not set up the
2051 The system will attempt to fix this on its own.
2052 Set this variable to
2054 to turn this behavior off.
2057 Indicates the device (usually a swap partition) to which a crash dump
2058 should be written in the event of a system crash.
2059 The value of this variable is passed as the argument to
2063 To disable crash dumps, set this variable to
2067 When the system reboots after a crash and a crash dump is found on the
2068 device specified by the
2072 will save that crash dump and a copy of the kernel to the directory
2076 The default value is
2085 .It Va savecore_flags
2087 If crash dumps are enabled, these are the flags to pass to the
2090 .It Va crashinfo_enable
2094 to turn on automatic crash dump summary generation using the utility
2096 .Va crashinfo_program
2098 .It Va crashinfo_program
2100 Program to run to generate a crash dump summary if the variable
2101 .Va crashinfo_enable
2104 The default value is
2105 .Pa /usr/sbin/crashinfo .
2106 .It Va enable_quotas
2110 to turn on user disk quotas on system startup via the
2117 to enable user disk quota checking via the
2120 .It Va accounting_enable
2124 to enable system accounting through the
2131 to enable Linux/ELF binary emulation at system initial boot time.
2132 .\" ----- cleanvar_enable setting--------------------------------
2133 .It Va cleanvar_enable
2141 .Pa /var/spool/uucp/.Temp/*
2143 .\" ----- clear_tmp_enable setting-------------------------------
2144 .It Va clear_tmp_enable
2151 .\" ----- ldconfig_paths setting --------------------------------
2152 .It Va ldconfig_paths
2154 Set to the list of shared library paths to use with
2158 will always be added first, so it need not appear in this list.
2159 .It Va ldconfig_insecure
2163 utility normally refuses to use directories
2164 which are writable by anyone except root.
2165 Set this variable to
2167 to disable that security check during system startup.
2168 .It Va ldconfig_local_dirs
2170 Set to the list of local
2173 The names of all files in the directories listed will be
2174 passed as arguments to
2176 .It Va kern_securelevel
2178 The kernel security level to set at startup.
2179 The allowed range of
2181 ranges from \-1 (the compile time default) to 3 (the most secure).
2184 for the list of possible security levels and their effect on system operation.
2191 at system boot time.
2198 at system boot time.
2201 Path to the SSH server program
2203 .Pa /usr/sbin/sshd ) .
2210 these are the flags to pass to the
2219 at system boot time.
2226 these are the flags to pass to the
2235 daemon at boot time.
2242 these are the flags passed to
2245 .It Va watchdogd_enable
2251 daemon at boot time.
2252 This requires that the kernel have been compiled with
2253 .Cd "options WATCHDOG" .
2258 any configured jails will not be started.
2261 A space separated list of names for jails.
2262 This is purely a configuration aid to help identify and
2263 configure multiple jails.
2264 The names specified in this list will be used to
2265 identify settings common to an instance of a jail.
2266 Assuming that the jail in question was named
2268 you would have the following dependent variables:
2270 jail_vjail_hostname="jail.example.com"
2271 jail_vjail_ip="192.168.1.100"
2272 jail_vjail_rootdir="/var/jails/vjail/root"
2277 When set, use as default value for
2278 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2281 .It Va jail_interface
2284 When set, use as default value for
2285 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2291 When set, use as default value for
2292 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2295 .It Va jail_mount_enable
2303 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2306 by default for every jail in
2308 .It Va jail_fdesc_enable
2316 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2319 by default for every jail in
2321 .It Va jail_procfs_enable
2329 .Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2332 by default for every jail in
2334 .It Va jail_devfs_enable
2342 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2345 by default for every jail in
2347 .It Va jail_exec_start
2350 When set, use as default value for
2351 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2354 .It Va jail_exec_stop
2356 When set, use as default value for
2357 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2360 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
2363 Set to the root directory used by jail
2365 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
2368 Set to the fully qualified domain name (FQDN) assigned to jail
2370 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
2373 Set to the IP address assigned to jail
2375 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2380 These are flags to pass to
2382 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2385 When set, sets the interface to use when setting IP address alias.
2386 Note that the alias is created at jail startup and removed at jail shutdown.
2387 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2390 .Pa /etc/fstab. Ns Aq Ar jname
2392 This is the file system information file to use for jail
2394 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2401 mount all file systems from
2402 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2404 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2411 mount the file-descriptor file system inside jail
2414 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2421 mount the process file system inside jail
2424 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2431 mount the device file system inside jail
2434 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2437 .Dq Li /bin/sh /etc/rc
2439 This is the command executed at jail startup.
2440 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2443 .Dq Li /bin/sh /etc/rc.shutdown
2445 This is the command executed at jail shutdown.
2446 .It Va jail_set_hostname_allow
2450 do not allow the root user in a jail to set its hostname.
2451 .It Va jail_socket_unixiproute_only
2455 do not allow any sockets,
2456 besides UNIX/IP/route sockets,
2457 to be used within a jail.
2458 .It Va jail_sysvipc_allow
2462 allow applications within a jail to use System V IPC.
2467 LVM volumes will be discovered and configured on boot.
2468 .It Va newsyslog_enable
2474 before syslogd starts.
2475 .It Va newsyslog_flags
2478 .Va newsyslog_enable
2481 these are the flags passed to
2483 .It Va resident_enable
2487 make the dynamic binaries listed in
2488 .Pa /etc/resident.conf
2490 .It Va varsym_enable
2495 .Pa /etc/varsym.conf
2496 to set system-wide variables for variant symlinks.
2501 or a whitespace separated list of IRQ numbers which will be used as a source of
2503 .\" -----------------------------------------------------
2508 to disable caching entropy via
2510 Otherwise set to the directory used to store entropy files in.
2515 to disable caching entropy through reboots.
2516 Otherwise set to the filename used to store cached entropy through reboots.
2517 This file should be located on the root file system to seed the
2519 device as early as possible in the boot process.
2520 .It Va entropy_save_sz
2522 Determines the size of the entropy cache files used for entropy cached
2523 through reboots and also entropy cached via
2525 The entropy is fed to the system in blocks of 512 bytes, so this number
2526 should be large enough to fill as many of the entropy pools in the kernel
2528 By default, it is set to 16384, which should be able to seed all 32 entropy
2529 pools in the Fortuna CSPRNG.
2541 Configuration file for
2550 .Pa /var/run/dmesg.boot
2552 .It Va rcshutdown_timeout
2554 If set, start a watchdog timer in the background which will terminate
2558 has not completed within the specified time (in seconds).
2559 Notice that in addition to this soft timeout,
2561 also applies a hard timeout for the execution of
2563 This is configured via
2566 .Va kern.init_shutdown_timeout
2567 and defaults to 120 seconds. Setting the value of
2568 .Va rcshutdown_timeout
2569 to more than 120 seconds will have no effect until the
2572 .Va kern.init_shutdown_timeout
2578 the udevd daemon will be started on boot.
2579 .It Va vfs_quota_enable
2583 vfs quota rc.d scripts will be run on boot.
2584 .It Va vfs_quota_sync
2586 List of mount points whose counters are to be synchronized with on-disk
2587 usage during system startup. See also
2589 .It Va vknetd_enable
2594 will be started on boot.
2597 Additional flags passed to
2599 Usually address/cidrbits is specified here.
2600 When no flags are passed, default option
2603 .It Va vkernel_enable
2607 any configured vkernels will not be started.
2608 .It Va vkernel_kill_timeout
2610 This defines the default number of seconds that we will wait for the
2611 vkernel to shut down on it's own. If after this time it's still alive,
2612 it will be killed with SIGKILL.
2615 Defines the default path to the vkernel binary.
2618 A space separated list of names for vkernels.
2619 This is purely a configuration aid to help identify and
2620 configure multiple vkernels.
2621 The names specified in this list will be used to
2622 identify settings common to a vkernel instance.
2623 Assuming that the vkernel in question was named
2625 you would have the following dependent variables
2626 (filled with reference values in this text):
2628 vkernel_example_bin="/usr/obj/usr/src/sys/VKERNEL/kernel.debug"
2629 vkernel_example_memsize="64m"
2630 vkernel_example_rootimg_list="/var/vkernel/rootimg.01"
2631 vkernel_example_iface_list="auto:bridge0"
2632 vkernel_example_logfile="/dev/null"
2633 vkernel_example_flags="-U"
2634 vkernel_example_kill_timeout="45"
2637 The last five are optional.
2638 They default to an empty string if not set, except for logfile which defaults to
2643 .Bl -tag -width ".Pa /etc/start_if. Ns Aq Ar interface" -compact
2644 .It Pa /etc/defaults/rc.conf
2646 .It Pa /etc/rc.conf.local
2647 .It Pa /etc/start_if. Ns Aq Ar interface
2665 .Xr resident.conf 5 ,
2726 .An Jordan K. Hubbard .