4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions directly.
46 Instead, it is included by the various generic startup scripts in
48 which conditionalize their
49 internal actions according to the settings found there.
52 .Pa /etc/defaults/rc.conf
53 file specifies the default settings for all the available options,
56 file specifies override settings.
57 Options need only be specified in
59 when the system administrator wishes to override the defaults.
61 .Pa /etc/rc.conf.local
62 is used to override settings in
64 for historical reasons.
66 .Pa /etc/rc.conf.local
67 you can also place smaller configuration files for each
71 directory, which will be included by the
74 For jail configurations you could use the file
75 .Pa /etc/rc.conf.d/jail
76 to store jail specific configuration options.
81 The following list provides a name and short description for each
82 variable that can be set in the
99 These values are case insensitive.
102 postfix in the name of a variable for starting a service can be
105 .Bl -tag -width indent-two
110 enable output of debug messages from rc scripts.
111 This variable can be helpful in diagnosing mistakes when
112 editing or integrating new scripts.
113 Beware that this produces copious output to the terminal and
119 disable informational messages from the rc scripts.
120 Informational messages are displayed when
121 a condition that is not serious enough to warrant a warning or an error occurs.
128 when faststart is used (e.g., at boot time).
133 no swapfile is installed, otherwise the value is used as the full
134 pathname to a file to use for additional swap space.
137 driver is needed for a swapfile and will be loaded if it is not
138 already compiled into the kernel or loaded via
140 .It Ao Ar module Ac Ns Ar _load
144 that kernel module will be loaded.
146 .Ao Ar module Ac Ns Ar _name
147 is defined (see below), the
148 module's name is taken to be
150 .It Ao Ar module Ac Ns Ar _name
152 Defines the name of the module.
157 to handle device added, removed or unknown events from the kernel.
164 these are the flags to pass to the
176 a CPU speed control daemon.
180 Additional flags passed to the
183 .It Va sensorsd_enable
192 a sensors monitoring and logging daemon.
193 .It Va sensorsd_flags
196 Additional flags passed to the
199 .It Va sysvipcd_enable
208 a daemon needed for the userspace implementation of the XSI Interprocess
209 Communication functions.
210 .It Va sysvipcd_flags
213 Additional flags passed to the
216 .It Va hotplugd_enable
225 a devices hot plugging monitoring daemon.
226 .It Va hotplugd_flags
229 Additional flags passed to the
232 .It Va pccard_ifconfig
234 List of arguments to be passed to
236 at boot time or on insertion of the card (e.g.\&
237 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
238 for a fixed address or
241 .It Va pccard_ether_delay
243 Set the delay before starting the DHCP client (configured with
246 .Pa /etc/pccard_ether
250 seconds to work around a bug in the
252 driver which can lead to system hangs when using some newer
255 .It Va removable_interfaces
257 List of removable network interfaces to be supported by
258 .Pa /etc/pccard_ether .
261 List of directories to search for startup script files.
262 .It Va script_name_sep
264 The field separator to use for breaking down the list of startup script files
265 into individual filenames.
266 The default is a space.
267 It is not necessary to change this unless there are startup scripts with names
271 The fully qualified domain name (FQDN) of this host on the network.
272 This should almost certainly be set to something meaningful, even if
273 there is no network connection.
274 If DHCP is used to set the hostname,
275 this variable should be set to an empty string.
278 Enable support for IPv6 networking.
279 Note that this requires that the kernel have been compiled with
280 .Cd "options INET6" .
283 The NIS domain name of this host, or
288 Set the rc script that is called to start the DHCP client.
293 .It Va dhclient_program
298 .Pa /sbin/dhclient ) .
299 .It Va dhclient_flags
301 Additional flags to pass to the
310 in master mode (i.e., configure all available Ethernet interfaces) at startup.
311 .It Va dhcpcd_program
319 Additional flags to pass to the
326 to go to background immediately.
334 If the kernel was not built with
338 kernel module will be loaded.
340 .Va firewall_enable .
345 ruleset definition file.
356 these are the flags to pass to
358 when loading the ruleset.
365 which logs packets from
373 this specifies the path of the log file.
384 these are the flags to pass to
386 .It Va firewall_enable
390 to load firewall rules at startup.
391 If the kernel was not built with
392 .Cd "options IPFIREWALL" ,
395 kernel module will be loaded.
398 .It Va ipv6_firewall_enable
400 The IPv6 equivalent of
401 .Va firewall_enable .
404 to load IPv6 firewall rules at startup.
405 If the kernel was not built with
406 .Cd "options IPV6FIREWALL" ,
409 kernel module will be loaded.
410 .It Va firewall_script
412 The full path to the firewall script to run
414 .Pa /etc/rc.firewall ) .
415 .It Va ipv6_firewall_script
417 The IPv6 equivalent of
418 .Va firewall_script .
421 Names the firewall type from the selection in
422 .Pa /etc/rc.firewall ,
423 or the file which contains the local firewall ruleset.
424 Valid selections from
428 .Bl -tag -width ".Li simple" -compact
430 unrestricted IP access
432 all IP services disabled, except via
435 basic protection for a workstation on a LAN
441 If a filename is specified, the full path must be given.
442 .It Va firewall_trusted_nets
444 List of trusted networks (if
448 .It Va firewall_trusted_interfaces
450 List of trusted network interfaces (if
454 .It Va firewall_allowed_icmp_types
456 List of allowed ICMP types (if
460 .It Va firewall_open_tcp_ports
462 List of TCP ports to open (if
466 .It Va firewall_open_udp_ports
468 List of UDP ports to open (if
472 .It Va ipv6_firewall_type
474 The IPv6 equivalent of
476 .It Va firewall_quiet
480 to disable the display of firewall rules on the console during boot.
481 .It Va ipv6_firewall_quiet
483 The IPv6 equivalent of
485 .It Va firewall_logging
489 to enable firewall event logging.
490 This is equivalent to the
491 .Dv IPFIREWALL_VERBOSE
493 .It Va ipv6_firewall_logging
495 The IPv6 equivalent of
496 .Va firewall_logging .
497 .It Va firewall_flags
503 specifies a filename.
504 .It Va ipv6_firewall_flags
506 The IPv6 equivalent of
520 The full path to the shell script to run to set up the ipfw3
521 firewall rules (default
522 .Pa /etc/ipfw3.rules ) .
525 List of ipfw3 modules to be loaded before executing the above
528 .Dq Li ipfw3 ipfw3_basic ) .
544 sockets must be enabled in the kernel.
545 .It Va natd_interface
547 This is the name of the public interface on which
550 The interface may be given as an interface name or as an IP address.
555 flags should be placed here.
560 flag is automatically added with the above
563 .It Va tcp_extensions
570 disables certain TCP options as described by
576 might help remedy such problems with connections as randomly hanging
577 or other weird behavior.
578 Some network devices are known to be broken with respect to these options.
585 .Va net.inet.tcp.log_in_vain
587 .Va net.inet.udp.log_in_vain ,
592 are set to the given value.
600 will disable probing idle TCP connections to verify that the
601 peer is still up and reachable.
602 .It Va tcp_drop_synfin
609 will cause the kernel to ignore TCP frames that have both
610 the SYN and FIN flags set.
611 This prevents OS fingerprinting, but may break some legitimate applications.
612 This option is only available if the kernel was built with the
615 .It Va icmp_drop_redirect
622 will cause the kernel to ignore ICMP REDIRECT packets.
625 for more information.
626 .It Va icmp_log_redirect
633 will cause the kernel to log ICMP REDIRECT packets.
635 the log messages are not rate-limited, so this option should only be used
636 for troubleshooting networks.
639 for more information.
640 .It Va icmp_bmcastecho
644 to respond to broadcast or multicast ICMP ping packets.
647 for more information.
648 .It Va ip_portrange_first
652 this is the first port in the default portrange.
655 for more information.
656 .It Va ip_portrange_last
660 this is the last port in the default portrange.
663 for more information.
665 .It Va ifconfig_ Ns Aq Ar interface
669 Typically includes IP address.
670 Assuming that the interface in question was
672 it might look something like this:
674 ifconfig_ed0="inet 10.0.0.1 netmask 0xffff0000"
678 .Pa /etc/start_if. Ns Aq Ar interface
679 file is present, it is read and executed by the
681 interpreter before configuring the interface as specified in the
682 .Va ifconfig_ Ns Aq Ar interface
684 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
687 It is possible to bring up an interface with DHCP by adding
690 .Va ifconfig_ Ns Aq Ar interface
692 For instance, to initialize the
694 device via DHCP, it is possible to use something like:
700 .Va vlans_ Ns Aq Ar interface
704 interface will be created for each item in the list with the
708 If a vlan interface's name is a number,
709 then that number is used as the vlan tag and the new vlan interface is
711 .Ar interface . Ns Ar tag .
713 the vlan tag must be specified via a
716 .Va create_args_ Ns Aq Ar interface
719 To create a vlan device named
723 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
726 ifconfig_em0_101="inet 192.0.2.1/24"
729 To create a vlan device named
733 with the vlan tag 102:
736 create_args_myvlan="vlan 102"
740 .Va wlans_ Ns Aq Ar interface
744 interface will be created for each item in the list with the
748 Further wlan cloning arguments may be passed to the
751 command by setting the
752 .Va create_args_ Ns Aq Ar interface
756 devices must be created for each wireless devices as of
762 may be specified with an
763 .Va wlandebug_ Ns Aq Ar interface
765 The contents of this variable will be passed directly to
768 Also, if your interface needs WPA authentication, it is possible to add
771 .Va ifconfig_ Ns Aq Ar interface
774 .Xr wpa_supplicant 8 .
776 .Xr wpa_supplicant.conf 5
777 for configuring authentication information.
781 options in this variable, in addition to the
782 .Pa /etc/start_if. Ns Aq Ar interface
784 For instance, to initialize the
786 device via DHCP, using WPA authentication and 802.11b mode, it is
787 possible to use something like:
790 ifconfig_wlan0="up DHCP WPA mode 11b"
792 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
794 Configuration to establish an additional network address for
796 Assuming that the interface in question was
798 it might look something like this:
800 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
801 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
806 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
807 entry that is found, its contents are passed to
809 Execution stops at the first unsuccessful access, so if
810 something like this is present:
812 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
813 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
814 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
815 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
818 Then note that alias4 would
820 be added since the search would stop with the missing alias3 entry.
821 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _name
825 It is possible to rename interface by doing:
827 ifconfig_ed0_name="net0"
828 ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
837 will disable the configuration of network interfaces.
838 .It Va network_interfaces
840 The list of network interfaces to configure on this host,
843 to configure all network interfaces
846 For example, if the only network devices to be configured are the loopback device
850 driver, this could be set to
853 .Va ifconfig_ Ns Aq Ar interface
854 variable is assumed to exist for each value of
856 .It Va ipv6_network_interfaces
858 This is the IPv6 equivalent of
859 .Va network_interfaces .
860 Instead of setting the ifconfig variables as
861 .Va ifconfig_ Ns Aq Ar interface
862 they should be set as
863 .Va ipv6_ifconfig_ Ns Aq Ar interface .
864 Aliases should be set as
865 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
866 Interfaces that do not have a
867 .Va ipv6_ifconfig_ Ns Aq Ar interface
868 setting will be auto configured by
871 .Va ipv6_gateway_enable
874 Note that the IPv6 networking code does not support the
875 .Pa /etc/start_if. Ns Aq Ar interface
877 .It Va ipv6_prefix_ Ns Aq Ar interface
881 prefixlen 64 is used.
882 .It Va ipv6_default_interface
886 this is the default output interface for scoped addresses.
887 Now this works only for IPv6 link local multicast addresses.
888 .It Va ip6addrctl_enable
890 This variable is to enable configuring the default address selection policy table
894 and the policy table to be installed is specified by the
895 .Va ip6addrctl_policy
897 .It Va ip6addrctl_policy
899 This variable specifies the policy table to be installed,
900 and can be one of the following keywords:
913 installs a pre-defined policy table described in Section 2.1
921 is specified, it attempts to read a file
922 .Pa /etc/ip6addrctl.conf
924 If this file is found,
926 reads and installs it.
927 If not found, a policy is automatically set
930 variable; if the variable is set to
932 the IPv6-preferred one is used.
933 Otherwise IPv4-preferred.
934 .It Va ip6addrctl_verbose
938 print the installed policy table after configuring.
941 .It Va cloned_interfaces
943 Set to the list of clonable network interfaces to create on this host.
945 .Va cloned_interfaces
946 are automatically appended to
947 .Va network_interfaces
949 .It Va gif_interfaces
953 tunnel interfaces to configure on this host.
955 .Va gifconfig_ Ns Aq Ar interface
956 variable is assumed to exist for each value of
958 The value of this variable is used to configure the link layer of the
959 tunnel according to the syntax of the
963 Additionally, this option ensures that each listed interface is created via the
967 before attempting to configure it.
968 .It Va sppp_interfaces
972 interfaces to configure on this host.
974 .Va spppconfig_ Ns Aq Ar interface
975 variable is assumed to exist for each value of
977 Each interface should also be configured by a general
978 .Va ifconfig_ Ns Aq Ar interface
982 for more information about available options.
992 Mode in which to run the
1001 See the manual for a full description.
1006 enables network address translation.
1007 Used in conjunction with
1009 allows hosts on private network addresses access to the Internet using
1010 this host as a network address translating router.
1013 The name of the profile to use from
1014 .Pa /etc/ppp/ppp.conf .
1015 Also used for per-profile overrides of
1016 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1017 Where the profile contains any of the characters
1019 they are translated to
1021 for the purposes of the override variable names.
1022 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1024 Set the unit number to be used for this profile.
1025 See the manual description of
1032 The name of the user under which
1039 .It Va rc_conf_files
1041 This option is used to specify a list of files that will override
1043 .Pa /etc/defaults/rc.conf .
1044 The files will be read in the order in which they are specified and should
1045 include the full path to the file.
1046 By default, the files specified are
1049 .Pa /etc/rc.conf.local
1050 .It Va fsck_y_enable
1055 will be run with the
1057 flag if the initial preen of the file systems fails.
1060 List of file system types that are network-based.
1061 This list should generally not be modified by end users.
1063 .Va extra_netfs_types
1065 .It Va extra_netfs_types
1067 If set to something other than
1069 (the default), this variable extends the list of file system types
1070 for which automatic mounting at startup by
1072 should be delayed until the network is initialized.
1074 a whitespace-separated list of network file system descriptor pairs,
1075 each consisting of a file system type as passed to
1077 and a human-readable, one-word description, joined with a colon
1079 Extending the default list in this way is only necessary
1080 when third party file system types are used.
1081 .It Va devfs_config_files
1083 This option is used to specify a list of configuration files containing
1085 rules that will be applied by
1087 in the order in which they are specified and must include the full path
1089 .It Va syslogd_enable
1096 .It Va syslogd_program
1101 .Pa /usr/sbin/syslogd ) .
1102 .It Va syslogd_flags
1108 these are the flags to pass to
1117 .It Va inetd_program
1122 .Pa /usr/sbin/inetd ) .
1129 these are the flags to pass to
1137 daemon at boot time.
1144 these are the flags to pass to it.
1150 will be updated at boot time to reflect the kernel release being run.
1154 will not be updated.
1155 .It Va nfs_client_enable
1159 setup NFS client parameters at boot time.
1160 .It Va nfs_access_cache
1163 .Va nfs_client_enable
1168 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1169 NFS ACCESS results should be cached.
1170 A value of 2-10 seconds will substantially reduce network traffic for
1171 many NFS operations.
1172 The default is 5 seconds.
1173 Note that the attribute cache holds stat information only.
1174 The NFS data cache is independent of the attribute cache and is only
1175 invalidated when the client detects that the server has modified the
1177 This value specifies a maximum timeout.
1178 The NFS client will automatically use a shorter timeout for files which
1179 have been recently modified.
1180 .It Va nfs_neg_cache
1183 .Va nfs_client_enable
1188 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existent
1189 filenames), or to the number of seconds for which negative lookups should
1191 A value of 2-10 seconds will substantially reduce network
1192 traffic for many NFS operations, especially source code builds.
1193 The default is 3 seconds.
1194 .It Va nfs_server_enable
1198 run the NFS server daemons at boot time.
1199 .It Va nfs_server_flags
1202 .Va nfs_server_enable
1205 these are the flags to pass to the
1208 .It Va mountd_enable
1213 .Va nfs_server_enable
1219 It is commonly needed to run CFS without real NFS used.
1226 these are the flags to pass to the
1229 .It Va weak_mountd_authentication
1233 allow services like PCNFSD to make non-privileged mount requests.
1234 .It Va nfs_reserved_port_only
1238 provide NFS services only on a secure port.
1239 .It Va nfs_bufpackets
1241 If set to a number, indicates the number of packets worth of
1242 socket buffer space to reserve on an NFS client.
1243 The kernel default is typically 4.
1244 Using a higher number may be useful on gigabit networks to improve performance.
1245 The minimum value is 2 and the maximum is 64.
1246 .It Va rpc_umntall_enable
1250 (default) and we are also an NFS client, run
1252 at boot time to clear out old mounts on remote servers.
1257 will not be run at boot time.
1258 .It Va rpc_lockd_enable
1262 and also an NFS server, run
1265 .It Va rpc_lockd_flags
1268 .Va rpc_lockd_enable
1271 these are the flags to pass to
1273 .It Va rpc_statd_enable
1277 and also an NFS server, run
1280 .It Va rpc_statd_flags
1283 .Va rpc_statd_enable
1286 these are the flags to pass to
1288 .It Va rpcbind_program
1290 Path to program for rpcbind daemon
1292 .Pa /usr/sbin/rpcbind ) .
1293 .It Va rpcbind_enable
1300 .It Va rpcbind_flags
1306 these are the flags to pass to
1307 .Va rpcbind_program .
1308 .It Va keyserv_enable
1314 daemon on boot for running Secure RPC.
1315 .It Va keyserv_flags
1321 these are the flags to pass to
1324 .It Va pppoed_enable
1330 daemon at boot time to provide PPP over Ethernet services.
1331 .It Va pppoed_provider
1334 listens to requests to this provider and ultimately runs
1338 argument of the same name.
1341 Additional flags to pass to
1343 .It Va pppoed_interface
1345 The network interface to run
1348 This is mandatory when
1358 service at boot time.
1359 This command is intended for networks of machines where a consistent
1361 for all hosts must be established.
1362 This is often useful in large NFS environments where time stamps on
1363 files are expected to be consistent network-wide.
1370 these are the flags to pass to the
1379 at system boot time.
1380 .It Va dntpd_program
1385 .Pa /usr/sbin/dntpd ) .
1392 these are the flags to pass to the
1395 .It Va btconfig_enable
1399 configure Bluetooth devices via
1401 at system boot time.
1402 .It Va btconfig_devices
1408 this is the list of Bluetooth devices to configure.
1410 .Va btconfig_devices
1411 is not specified, all devices known to the system will be configured.
1413 .Va btconfig_ Ns Aq Ar device
1414 variable can be set to specify parameters to be passed to
1416 .It Va btconfig_args
1422 this is the list of configuration parameters to pass to all Bluetooth
1428 run the Service Discovery Profile daemon
1430 at system boot time.
1437 these are the flags to pass to the
1440 .It Va bthcid_enable
1444 run the Bluetooth Link Key/PIN Code Manager daemon
1446 at system boot time.
1453 these are the flags to pass to the
1456 .It Va nis_client_enable
1462 service at system boot time.
1463 .It Va nis_client_flags
1466 .Va nis_client_enable
1469 these are the flags to pass to the
1472 .It Va nis_ypset_enable
1478 daemon at system boot time.
1479 .It Va nis_ypset_flags
1482 .Va nis_ypset_enable
1485 these are the flags to pass to the
1488 .It Va nis_server_enable
1494 daemon at system boot time.
1495 .It Va nis_server_flags
1498 .Va nis_server_enable
1501 these are the flags to pass to the
1504 .It Va nis_ypxfrd_enable
1510 daemon at system boot time.
1511 .It Va nis_ypxfrd_flags
1514 .Va nis_ypxfrd_enable
1517 these are the flags to pass to the
1520 .It Va nis_yppasswdd_enable
1526 daemon at system boot time.
1527 .It Va nis_yppasswdd_flags
1530 .Va nis_yppasswdd_enable
1533 these are the flags to pass to the
1536 .It Va rpc_ypupdated_enable
1542 daemon at system boot time.
1543 .It Va defaultrouter
1547 create a default route to this host name or IP address
1548 (use an IP address if this router is also required to get to the
1550 .It Va ipv6_defaultrouter
1552 The IPv6 equivalent of
1554 .It Va static_routes
1556 Set to the list of static routes that are to be added at system boot time.
1559 then for each whitespace separated
1562 .Va route_ Ns Aq Ar element
1563 variable is assumed to exist whose contents will later be passed to a
1566 .It Va change_routes
1568 Set to the list of static routes that are to be changed at system boot time
1569 (such as those added by the kernel).
1572 then for each whitespace separated
1575 .Va change_route_ Ns Aq Ar element
1576 variable is assumed to exist whose contents will later be passed to a
1577 .Dq Nm route Cm change
1579 .It Va ipv6_static_routes
1581 The IPv6 equivalent of
1585 then for each whitespace separated
1588 .Va ipv6_route_ Ns Aq Ar element
1589 variable is assumed to exist whose contents will later be passed to a
1590 .Dq Nm route Cm add Fl inet6
1592 .It Va gateway_enable
1596 configure host to act as an IP router, e.g. to forward packets
1598 .It Va ipv6_gateway_enable
1600 The IPv6 equivalent of
1601 .Va gateway_enable .
1602 .It Va router_enable
1606 run a routing daemon of some sort, based on the settings of
1610 .It Va ipv6_router_enable
1612 The IPv6 equivalent of
1616 run a routing daemon of some sort, based on the settings of
1617 .Va ipv6_router_program
1619 .Va ipv6_router_flags .
1620 .It Va router_program
1626 this is the name of the routing daemon to use
1628 .Pa /sbin/routed ) .
1629 .It Va ipv6_router_program
1631 The IPv6 equivalent of
1634 .Pa /sbin/route6d ) .
1641 these are the flags to pass to the routing daemon.
1642 .It Va ipv6_router_flags
1644 The IPv6 equivalent of
1646 .It Va mrouted_enable
1650 run the multicast routing daemon,
1652 .It Va mroute6d_enable
1654 The IPv6 equivalent of
1655 .Va mrouted_enable .
1658 run the IPv6 multicast routing daemon.
1659 Note that no IPv6 multicast routing daemon is included in the
1663 can be installed from the
1666 .Pa ( net/mcast-tools ) .
1667 .It Va mrouted_flags
1673 these are the flags to pass to the
1676 .It Va mroute6d_flags
1678 The IPv6 equivalent of
1684 these are the flags passed to the IPv6 multicast routing daemon.
1685 .It Va mroute6d_program
1691 this is the path to the IPv6 multicast routing daemon.
1692 .It Va rtadvd_enable
1698 daemon at boot time.
1701 .Va ipv6_gateway_enable
1706 utility sends router advertisement packets to the interfaces specified in
1707 .Va rtadvd_interfaces .
1709 and should only be enabled with great care.
1710 You may want to fine-tune
1712 .It Va rtadvd_interfaces
1718 this is the list of interfaces to use.
1719 .It Va rtsold_enable
1725 daemon at boot time.
1728 daemon is used for automatic discovery of non-link local addresses.
1735 these are the flags to pass to the
1742 enable global proxy ARP.
1743 .It Va forward_sourceroute
1751 source-routed packets are forwarded.
1752 .It Va accept_sourceroute
1756 the system will accept source-routed packets directed at it.
1763 daemon at system boot time.
1770 these are the flags to pass to the
1773 .It Va bootparamd_enable
1779 daemon at system boot time.
1780 .It Va bootparamd_flags
1783 .Va bootparamd_enable
1786 these are the flags to pass to the
1789 .It Va stf_interface_ipv4addr
1793 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling interface).
1794 Specify this entry to enable the 6to4 interface.
1795 .It Va stf_interface_ipv4plen
1797 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1798 An effective value is 0-31.
1799 .It Va stf_interface_ipv6_ifid
1801 IPv6 interface ID for
1805 .It Va stf_interface_ipv6_slaid
1807 IPv6 Site Level Aggregator for
1811 The keyboard bell sound.
1818 if the default behavior is desired.
1819 For details, refer to the
1826 no keymap is installed, otherwise the value is used to install
1828 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1831 The keyboard repeat speed.
1838 if the default behavior is desired.
1843 attempt to program the function keys with the value.
1844 The value should be a single string of the form:
1845 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
1848 Can be set to the value of
1851 .Dq Li destructive ,
1854 to set the cursor behavior explicitly or choose the default behavior.
1859 no screen map is installed, otherwise the value is used to install
1860 the screen map file in
1861 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
1866 the default 8x16 font value is used for screen size requests, otherwise
1868 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1874 the default 8x14 font value is used for screen size requests, otherwise
1876 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1882 the default 8x8 font value is used for screen size requests, otherwise
1884 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1890 the default screen blanking interval is used, otherwise it is set to
1897 this is the actual screen saver to use
1898 .Li ( blank , snake , daemon ,
1900 .It Va moused_nondefault_enable
1904 the mouse device specified on
1905 the command line is not automatically treated as enabled by the
1906 .Pa /etc/rc.d/moused
1908 Having this variable set to
1914 to be enabled as soon as it is plugged in.
1915 .It Va moused_enable
1921 daemon is started for doing cut/paste selection on the console.
1928 this is the protocol type of the mouse connected to this host.
1934 is able to detect the appropriate mouse type automatically in many cases.
1935 Leave this variable at the default
1937 to let the daemon detect it, or
1938 select one from the following list if the automatic detection fails.
1940 If the mouse is attached to the PS/2 mouse port, leave the variable at the
1945 regardless of the brand and model of the mouse.
1946 Likewise, if the mouse is attached to the bus mouse port, leave it at
1950 All other protocols are for serial mice and will not work with
1951 the PS/2 and bus mice.
1952 If this is a USB mouse,
1954 is the only protocol type which will work.
1956 .Bl -tag -width ".Li x10mouseremote" -compact
1958 Microsoft mouse (serial)
1960 Microsoft IntelliMouse (serial)
1962 Mouse systems Corp. mouse (serial)
1964 MM Series mouse (serial)
1966 Logitech mouse (serial)
1970 Logitech MouseMan and TrackMan (serial)
1972 ALPS GlidePoint (serial)
1973 .It Li thinkingmouse
1974 Kensington ThinkingMouse (serial)
1978 MM HitTablet (serial)
1979 .It Li x10mouseremote
1980 X10 MouseRemote (serial)
1982 Interlink VersaPad (serial)
1985 Even if the mouse is not in the above list, it may be compatible
1986 with one in the list.
1987 Refer to the man page for
1989 for compatibility information.
1991 It should also be noted that while this is enabled, any
1992 other client of the mouse (such as an X server) should access
1993 the mouse through the virtual mouse device,
1995 and configure it as a
1997 type mouse, since all
1998 mouse data is converted to this single canonical format when using
2000 If the client program does not support the
2005 It is the second preferred type.
2012 this is the actual port the mouse is on.
2015 for a COM1 serial mouse or
2017 for a PS/2 mouse, for example.
2022 is set, these are the additional flags to pass to the
2025 .It Va mousechar_start
2029 the default mouse cursor character range
2030 .Li 0xd0 Ns - Ns Li 0xd3
2031 is used, otherwise the range start is set to
2035 Use if the default range is occupied in the language code table.
2038 Set the size of the history (scrollback) buffer in lines.
2039 .It Va allscreens_flags
2043 is run with these options for each of the virtual terminals
2047 will enable the mouse pointer on all virtual terminals if
2051 .It Va allscreens_kbdflags
2055 is run with these options for each of the virtual terminals
2061 scrollback (history) buffer to 200 lines.
2068 daemon at system boot time.
2074 .Pa /usr/sbin/cron ) .
2081 these are the flags to pass to
2088 .Pa /usr/sbin/lpd ) .
2095 daemon at system boot time.
2102 these are the flags to pass to the
2111 daemon at system boot time.
2118 settings across reboots.
2119 .It Va mta_start_script
2121 The full path to the script to run to start
2122 a mail transfer agent.
2124 .Pa /etc/rc.sendmail .
2128 .Pa /etc/rc.sendmail
2129 uses are documented in the
2135 .Sq HAMMER ROOT with UFS /boot
2136 setup, the boot loader will not set up the
2139 The system will attempt to fix this on its own.
2140 Set this variable to
2142 to turn this behavior off.
2145 Indicates the device (usually a swap partition) to which a crash dump
2146 should be written in the event of a system crash.
2147 The value of this variable is passed as the argument to
2151 To disable crash dumps, set this variable to
2155 When the system reboots after a crash and a crash dump is found on the
2156 device specified by the
2160 will save that crash dump and a copy of the kernel to the directory
2164 The default value is
2173 .It Va savecore_flags
2175 If crash dumps are enabled, these are the flags to pass to the
2178 .It Va crashinfo_enable
2182 to turn on automatic crash dump summary generation using the utility
2184 .Va crashinfo_program
2186 .It Va crashinfo_program
2188 Program to run to generate a crash dump summary if the variable
2189 .Va crashinfo_enable
2192 The default value is
2193 .Pa /usr/sbin/crashinfo .
2194 .It Va enable_quotas
2198 to turn on user disk quotas on system startup via the
2205 to enable user disk quota checking via the
2208 .It Va accounting_enable
2212 to enable system accounting through the
2215 .\" ----- cleanvar_enable setting--------------------------------
2216 .It Va cleanvar_enable
2224 .Pa /var/spool/uucp/.Temp/*
2226 .\" ----- clear_tmp_enable setting-------------------------------
2227 .It Va clear_tmp_enable
2234 .\" ----- ldconfig_paths setting --------------------------------
2235 .It Va ldconfig_paths
2237 Set to the list of shared library paths to use with
2241 will always be added first, so it need not appear in this list.
2242 .It Va ldconfig_insecure
2246 utility normally refuses to use directories
2247 which are writable by anyone except root.
2248 Set this variable to
2250 to disable that security check during system startup.
2251 .It Va ldconfig_local_dirs
2253 Set to the list of local
2256 The names of all files in the directories listed will be
2257 passed as arguments to
2259 .It Va kern_securelevel
2261 The kernel security level to set at startup.
2262 The allowed range of
2264 ranges from \-1 (the compile time default) to 3 (the most secure).
2267 for the list of possible security levels and their effect on system operation.
2274 at system boot time.
2281 at system boot time.
2284 Path to the SSH server program
2286 .Pa /usr/sbin/sshd ) .
2293 these are the flags to pass to the
2302 at system boot time.
2309 these are the flags to pass to the
2312 .It Va watchdogd_enable
2318 daemon at boot time.
2323 any configured jails will not be started.
2326 A space separated list of names for jails.
2327 This is purely a configuration aid to help identify and
2328 configure multiple jails.
2329 The names specified in this list will be used to
2330 identify settings common to an instance of a jail.
2331 Assuming that the jail in question was named
2333 you would have the following dependent variables:
2335 jail_vjail_hostname="jail.example.com"
2336 jail_vjail_ip="192.168.1.100"
2337 jail_vjail_rootdir="/var/jails/vjail/root"
2342 When set, use as default value for
2343 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2346 .It Va jail_interface
2349 When set, use as default value for
2350 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2356 When set, use as default value for
2357 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2360 .It Va jail_mount_enable
2368 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2371 by default for every jail in
2373 .It Va jail_procfs_enable
2381 .Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2384 by default for every jail in
2386 .It Va jail_devfs_enable
2394 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2397 by default for every jail in
2399 .It Va jail_exec_start
2402 When set, use as default value for
2403 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2406 .It Va jail_exec_stop
2408 When set, use as default value for
2409 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2412 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
2415 Set to the root directory used by jail
2417 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
2420 Set to the fully qualified domain name (FQDN) assigned to jail
2422 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
2425 Set to the IP address assigned to jail
2427 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2432 These are flags to pass to
2434 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2437 When set, sets the interface to use when setting IP address alias.
2438 Note that the alias is created at jail startup and removed at jail shutdown.
2439 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2442 .Pa /etc/fstab. Ns Aq Ar jname
2444 This is the file system information file to use for jail
2446 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2453 mount all file systems from
2454 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2456 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2463 mount the process file system inside jail
2466 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2473 mount the device file system inside jail
2476 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2479 .Dq Li /bin/sh /etc/rc
2481 This is the command executed at jail startup.
2482 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2485 .Dq Li /bin/sh /etc/rc.shutdown
2487 This is the command executed at jail shutdown.
2488 .It Va jail_set_hostname_allow
2492 do not allow the root user in a jail to set its hostname.
2493 .It Va jail_socket_unixiproute_only
2497 do not allow any sockets,
2498 besides UNIX/IP/route sockets,
2499 to be used within a jail.
2500 .It Va jail_sysvipc_allow
2504 allow applications within a jail to use System V IPC.
2509 LVM volumes will be discovered and configured on boot.
2510 .It Va newsyslog_enable
2516 before syslogd starts.
2517 .It Va newsyslog_flags
2520 .Va newsyslog_enable
2523 these are the flags passed to
2525 .It Va resident_enable
2529 make the dynamic binaries listed in
2530 .Pa /etc/resident.conf
2532 .It Va varsym_enable
2537 .Pa /etc/varsym.conf
2538 to set system-wide variables for variant symlinks.
2543 or a whitespace separated list of IRQ numbers which will be used as a source of
2545 .\" -----------------------------------------------------
2550 to disable caching entropy via
2552 Otherwise set to the directory used to store entropy files in.
2557 to disable caching entropy through reboots.
2558 Otherwise set to the filename used to store cached entropy through reboots.
2559 This file should be located on the root file system to seed the
2561 device as early as possible in the boot process.
2562 .It Va entropy_save_sz
2564 Determines the size of the entropy cache files used for entropy cached
2565 through reboots and also entropy cached via
2567 The entropy is fed to the system in blocks of 512 bytes, so this number
2568 should be large enough to fill as many of the entropy pools in the kernel
2570 By default, it is set to 16384, which should be able to seed all 32 entropy
2571 pools in the Fortuna CSPRNG.
2579 .Pa /var/run/dmesg.boot
2581 .It Va rcshutdown_timeout
2583 If set, start a watchdog timer in the background which will terminate
2587 has not completed within the specified time (in seconds).
2588 Notice that in addition to this soft timeout,
2590 also applies a hard timeout for the execution of
2592 This is configured via
2595 .Va kern.init_shutdown_timeout
2596 and defaults to 120 seconds. Setting the value of
2597 .Va rcshutdown_timeout
2598 to more than 120 seconds will have no effect until the
2601 .Va kern.init_shutdown_timeout
2607 the udevd daemon will be started on boot.
2608 .It Va vfs_quota_enable
2612 vfs quota rc.d scripts will be run on boot.
2613 .It Va vfs_quota_sync
2615 List of mount points whose counters are to be synchronized with on-disk
2616 usage during system startup.
2619 .It Va vknetd_enable
2624 will be started on boot.
2627 Additional flags passed to
2629 Usually address/cidrbits is specified here.
2630 When no flags are passed, default option
2633 .It Va vkernel_enable
2637 any configured vkernels will not be started.
2638 .It Va vkernel_kill_timeout
2640 This defines the default number of seconds that we will wait for the
2641 vkernel to shut down on its own.
2642 If after this time it's still alive,
2643 it will be killed with SIGKILL.
2646 Defines the default path to the vkernel binary.
2649 A space separated list of names for vkernels.
2650 This is purely a configuration aid to help identify and
2651 configure multiple vkernels.
2652 The names specified in this list will be used to
2653 identify settings common to a vkernel instance.
2654 Assuming that the vkernel in question was named
2656 you would have the following dependent variables
2657 (filled with reference values in this text):
2659 vkernel_example_bin="/usr/obj/usr/src/sys/VKERNEL64/kernel.debug"
2660 vkernel_example_memsize="64m"
2661 vkernel_example_rootimg_list="/var/vkernel/rootimg.01"
2662 vkernel_example_memimg="/var/vkernel/memimg.000001"
2663 vkernel_example_user="myuser"
2664 vkernel_example_iface_list="auto:bridge0"
2665 vkernel_example_logfile="/dev/null"
2666 vkernel_example_flags="-U"
2667 vkernel_example_kill_timeout="45"
2670 The last six are optional.
2671 They default to an empty string if not set, except for logfile which defaults to
2681 which is the vkernel's default directory for memory images,
2682 with permissions of 1777, i.e. world writable with the sticky bit set
2685 .It Va autofs_enable
2695 daemons at boot time.
2696 .It Va automount_flags
2702 these are the flags to pass to the
2705 By default no flags are passed.
2706 .It Va automountd_flags
2712 these are the flags to pass to the
2715 By default no flags are passed.
2716 .It Va autounmountd_flags
2722 these are the flags to pass to the
2725 By default no flags are passed.
2728 .Bl -tag -width ".Pa /etc/start_if. Ns Aq Ar interface" -compact
2729 .It Pa /etc/defaults/rc.conf
2731 .It Pa /etc/rc.conf.local
2732 .It Pa /etc/start_if. Ns Aq Ar interface
2752 .Xr resident.conf 5 ,
2757 .Xr autounmountd 8 ,
2814 .An Jordan K. Hubbard .