4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.64.2.52 2003/05/03 22:15:27 keramida Exp $
26 .\" $DragonFly: src/share/man/man5/rc.conf.5,v 1.2 2003/06/17 04:37:00 dillon Exp $
33 .Nd system configuration information
37 contains descriptive information about the local host name, configuration
38 details for any potential network interfaces and which services should be
39 started up at system initial boot time. In new installations, the
41 file is generally initialized by the system installation utility:
42 .Pa /stand/sysinstall .
46 is not to run commands or perform system startup actions
47 directly. Instead, it is included by the
48 various generic startup scripts in
50 which conditionalize their
51 internal actions according to the settings found there.
55 file is included from the file
56 .Pa /etc/defaults/rc.conf ,
57 which specifies the default settings for all the available options.
59 need only be specified in
61 when the system administrator wishes to override these defaults.
63 .Pa /etc/rc.conf.local
64 is used to override settings in
66 for historical reasons.
71 The following list provides a name and short description for each
72 variable that can be set in the
80 then no swapfile is installed, otherwise the value is used as the full
81 pathname to a file to use for additional swap space.
86 enable support for Automatic Power Management with
94 to handle APM event from userland.
95 This also enable support for APM.
102 these are the flags to pass to the
109 enable PCCARD support at boot time.
112 Set to PCCARD controller memory address or
114 for the default value.
115 .It Va pccard_ifconfig
117 List of arguments to be passed to
120 insertion of the card (e.g. "inet 192.168.1.1 netmask 255.255.255.0"
121 for a fixed address or "DHCP" for a DHCP client).
125 set the PCCARD controller to silent mode.
129 set it to melody mode.
132 Path to the configuration file for the
141 these are the flags to pass to the
144 .It Va pccard_ether_delay
146 Set the delay before starting
151 This defaults to 5 seconds to work around a bug in the
153 driver which can lead to system hangs when using some newer
158 List of directories to search for startup script files.
159 .It Va script_name_sep
161 The field separator to use for breaking down the list of startup script files
162 into individual filenames.
163 The default is a space.
164 It is not necessary to change this unless there are startup scripts with names
168 The Fully Qualified Domain Name of this host on the network.
169 This should almost certainly be set to something meaningful, even if
170 there is no network connection.
173 is used to set the hostname via DHCP,
174 this variable should be set to an empty string.
177 The NIS domain name of this host, or
182 Path to the DHCP client program
183 .Pa ( /sbin/dhclient ,
188 Additional flags to pass to the DHCP client program.
189 For the ISC DHCP client, see the
191 page for a description of the command line options available.
192 .It Va firewall_enable
196 to load firewall rules at startup.
197 If the kernel was not built with
200 kernel module will be loaded.
202 .Va ipfilter_enable .
203 .It Va firewall_script
205 This variable specifies the full path to the firewall script to run.
207 .Pa /etc/rc.firewall .
210 Names the firewall type from the selection in
211 .Pa /etc/rc.firewall ,
212 or the file which contains the local firewall ruleset. Valid selections
214 .Pa /etc/rc.firewall ,
217 - unrestricted IP access;
219 - all IP services disabled, except via lo0;
221 - basic protection for a workstation;
223 - basic protection for a LAN. If a filename is specified, the full path
225 .It Va firewall_quiet
229 to disable the display of ipfw rules on the console during boot.
230 .It Va firewall_logging
234 to enable ipfw event logging.
235 This is equivalent to the
236 .Dv IPFIREWALL_VERBOSE
238 .It Va firewall_flags
244 specifies a filename.
259 sockets must be enabled in the kernel.
260 .It Va natd_interface
262 This is the name of the public interface on which natd should run.
263 The interface may be given as an interface name or as an IP address.
266 Additional natd flags should be placed here. The
270 flag is automatically added with the above
273 .\" ----- ipfilter_enable setting --------------------------------
274 .It Va ipfilter_enable
285 Typical usage will require putting
287 ipfilter_enable="YES"
305 can be enabled independently.
309 both require at least one of
319 options IPFILTER_DEFAULT_BLOCK
322 in the kernel configuration file is a good idea, too.
323 .\" ----- ipfilter_program setting ------------------------------
324 .It Va ipfilter_program
330 .\" ----- ipfilter_rules setting --------------------------------
331 .It Va ipfilter_rules
336 This variable contains the name of the filter rule definition file.
337 The file is expected to be readable for the
340 .\" ----- ipfilter_flags setting --------------------------------
341 .It Va ipfilter_flags
344 This variable contains flags passed to the
347 .\" ----- ipnat_enable setting ----------------------------------
357 network address translation.
360 for a detailed discussion.
361 .\" ----- ipnat_program setting ---------------------------------
368 .\" ----- ipnat_rules setting -----------------------------------
374 This variable contains the name of the file
375 holding the network address translation definition.
376 This file is expected to be readable for the
379 .\" ----- ipnat_flags setting -----------------------------------
383 This variable contains flags passed to the
386 .\" ----- ipmon_enable setting ----------------------------------
401 Setting this variable needs setting
408 for a detailed discussion.
409 .\" ----- ipmon_program setting ---------------------------------
416 .\" ----- ipmon_flags setting -----------------------------------
422 This variable contains flags passed to the
425 Another typical example would be
426 .Dq -D /var/log/ipflog
429 log directly to a file bypassing
432 .Pa /etc/newsyslog.conf
433 in such case like this:
435 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
437 .\" ----- ipfs_enable setting -----------------------------------
447 saving the filter and NAT state tables during shutdown
448 and reloading them during startup again.
449 Setting this variable needs setting
458 for a detailed discussion.
464 because the raised securelevel will prevent
466 from saving the state tables at shutdown time.
467 .\" ----- ipfs_program setting ----------------------------------
474 .\" ----- ipfs_flags setting ------------------------------------
478 This variable contains flags passed to the
481 .\" ----- end of added ipf hook ---------------------------------
482 .It Va tcp_extensions
487 Setting this to NO disables certain TCP options as described by
493 might help remedy such problems with connections as randomly hanging
494 or other weird behavior.
495 Some network devices are known
496 to be broken with respect to these options.
503 .Sy net.inet.tcp.log_in_vain
505 .Sy net.inet.udp.log_in_vain
510 are set to the given value.
516 Setting to NO will disable probing idle TCP connections to verify that the
517 peer is still up and reachable.
518 .It Va tcp_drop_synfin
523 Setting to YES will cause the kernel to ignore TCP frames that have both
524 the SYN and FIN flags set.
525 This prevents OS fingerprinting, but may
526 break some legitimate applications.
527 This option is only available if the
528 kernel was built with the
531 .It Va icmp_drop_redirect
536 Setting to YES will cause the kernel to ignore ICMP REDIRECT packets.
537 .It Va icmp_log_redirect
542 Setting to YES will cause the kernel to log ICMP REDIRECT packets.
544 the log messages are not rate-limited, so this option should only be used
545 for troubleshooting networks.
546 .It Va network_interfaces
548 Set to the list of network interfaces to configure on this host.
549 For example, if the only network devices in the system are the loopback
552 and a NIC using the ed0 driver,
556 .Va ifconfig_ Ns Aq Ar interface
557 variable is also assumed to exist for each value of
559 It is also possible to add IP alias entires here in cases where
560 multiple IP addresses registered against a single interface
562 Assuming that the interface in question was ed0, it might look
565 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
566 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
571 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
573 its contents are passed to
575 Execution stops at the first unsuccessful access, so if
576 something like this is present:
578 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
579 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
580 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
581 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
584 Then note that alias4 would
586 be added since the search would
587 stop with the missing alias3 entry.
589 It is possible to bring up an interface with DHCP by setting the
590 .Va ifconfig_ Ns Aq Ar interface
593 For instance, to initialize the ed0 device via DHCP,
594 it is possible to use something like:
598 .It Va cloned_interfaces
600 Set to the list of clonable network interfaces to create on this host.
602 .Va cloned_interfaces
603 are automatically appended to
604 .Va network_interfaces
606 .It Va gif_interfaces
610 tunnel interfaces to configure on this host.
612 .Va gifconfig_ Ns Aq Ar interface
613 variable is assumed to exist for each value of
615 The value of this variable is used to configure the link layer of the
616 tunnel according to the syntax of the
620 Additionaly, this option ensures that each listed interface is created
625 before attempting to configure it.
635 Mode in which to run the
637 daemon. Accepted modes are
643 See the manual for a full description.
648 enables packet aliasing.
649 Used in conjunction with
651 allows hosts on private network addresses access to the Internet using
652 this host as a network address translating router.
655 The name of the profile to use from
656 .Pa /etc/ppp/ppp.conf .
659 The name of the user under which ppp should be started.
661 default, ppp is started as
665 This option is used to specify a list of files that will override
667 .Pa /etc/defaults/rc.conf .
668 The files will be read in the order in which they are specified and should
669 include the full path to the file.
670 By default, the files specified are
673 .Pa /etc/rc.conf.local
679 will be run with the -y flag if the initial preen
680 of the filesystems fails.
681 .It Va syslogd_enable
688 .It Va syslogd_program
693 .Pa /usr/sbin/syslogd ) .
700 these are the flags to pass to
714 .Pa /usr/sbin/inetd ) .
721 these are the flags to pass to
735 .Pa /usr/sbin/named ) .
742 these are the flags to pass to
744 .It Va kerberos_server_enable
748 to start a Kerberos IV authentication server
750 .It Va kadmind_server_enable
756 the Kerberos IV Administration Daemon; set to
759 .It Va kerberos_stash
763 instruct the Kerberos servers to use the stashed master key instead of
764 prompting for it (only if
765 .Va kerberos_server_enable
772 .It Va kerberos5_server_enable
776 to start a Kerberos 5 authentication server
778 .It Va kadmind5_server_enable
784 the Kerberos 5 Administration Daemon; set to
800 these are the flags to pass to it.
814 these are the flags to pass to it.
818 page for more information.
819 .It Va amd_map_program
822 the specified program is run to get the list of
827 maps are stored in NIS, one can set this to
840 will be updated at boot time to reflect the kernel release
845 .It Va nfs_client_enable
849 run the NFS client daemons at boot time.
850 .It Va nfs_client_flags
853 .Va nfs_client_enable
856 these are the flags to pass to the
859 .It Va nfs_access_cache
862 .Va nfs_client_enable
867 to disable NFS ACCESS RPC caching, or to the number of seconds for which
869 results should be cached.
870 A value of 2-10 seconds will substantially reduce network
871 traffic for many NFS operations.
872 .It Va nfs_server_enable
876 run the NFS server daemons at boot time.
877 .It Va nfs_server_flags
880 .Va nfs_server_enable
883 these are the flags to pass to the
886 .It Va single_mountd_enable
891 .Va nfs_server_enable
897 It is commonly needed to run CFS without real NFS used.
904 these are the flags to pass to the
907 .It Va weak_mountd_authentication
911 allow services like PCNFSD to make non-privileged mount
913 .It Va nfs_reserved_port_only
917 provide NFS services only on a secure port.
918 .It Va nfs_bufpackets
920 If set to a number, indicates the number of packets worth of
921 socket buffer space to reserve on an NFS client.
922 The kernel default is typically 4.
923 Using a higher number may be
924 useful on gigabit networks to improve performance.
926 2 and the maximum is 64.
927 .It Va rpc_lockd_enable
931 and also an NFS server, run
934 .It Va rpc_statd_enable
938 and also an NFS server, run
941 .It Va portmap_program
946 .Pa /usr/sbin/portmap ) .
947 .It Va portmap_enable
953 service at boot time.
960 these are the flags to pass to the
976 these are the flags to pass to the
985 daemon at boot time to provide PPP over Ethernet services.
986 .It Va pppoed_ Ns Ar provider
989 listens to requests to this
995 argument of the same name.
998 Additional flags to pass to
1000 .It Va pppoed_interface
1002 The network interface to run pppoed on. This is mandatory when
1012 service at boot time. This command is intended for networks of
1013 machines where a consistent
1015 for all hosts must be established. This is often useful in large NFS
1016 environments where time stamps on files are expected to be consistent
1024 these are the flags to pass to the
1027 .It Va ntpdate_enable
1031 run ntpdate at system startup. This command is intended to
1032 synchronize the system clock only
1034 from some standard reference. An option to set this up initially
1035 (from a list of known servers) is also provided by the
1036 .Pa /stand/sysinstall
1037 program when the system is first installed.
1038 .It Va ntpdate_program
1043 .Pa /usr/sbin/ntpdate ) .
1044 .It Va ntpdate_flags
1050 these are the flags to pass to the
1052 command (typically a hostname).
1059 command at boot time.
1060 .It Va xntpd_program
1065 .Pa /usr/sbin/ntpd ) .
1072 these are the flags to pass to the
1075 .It Va nis_client_enable
1081 service at system boot time.
1082 .It Va nis_client_flags
1085 .Va nis_client_enable
1088 these are the flags to pass to the
1091 .It Va nis_ypset_enable
1097 daemon at system boot time.
1098 .It Va nis_ypset_flags
1101 .Va nis_ypset_enable
1104 these are the flags to pass to the
1107 .It Va nis_server_enable
1113 daemon at system boot time.
1114 .It Va nis_server_flags
1117 .Va nis_server_enable
1120 these are the flags to pass to the
1123 .It Va nis_ypxfrd_enable
1129 daemon at system boot time.
1130 .It Va nis_ypxfrd_flags
1133 .Va nis_ypxfrd_enable
1136 these are the flags to pass to the
1139 .It Va nis_yppasswdd_enable
1145 daemon at system boot time.
1146 .It Va nis_yppasswdd_flags
1149 .Va nis_yppasswdd_enable
1152 these are the flags to pass to the
1155 .It Va defaultrouter
1159 then create a default route to this host name or IP address
1160 (use an IP address if this router is also required to get to the
1162 .It Va static_routes
1164 Set to the list of static routes that are to be added at system
1165 boot time. If not set to
1167 then for each whitespace separated
1170 .Va route_ Ns Aq Ar element
1171 variable is assumed to exist
1172 whose contents will later be passed to a
1175 .It Va gateway_enable
1179 then configure host to at as an IP router, e.g. to forward packets
1181 .It Va router_enable
1185 then run a routing daemon of some sort, based on the
1196 this is the name of the routing daemon to use.
1203 these are the flags to pass to the routing daemon.
1204 .It Va mrouted_enable
1208 then run the multicast routing daemon,
1210 .It Va mrouted_flags
1216 these are the flags to pass to the multicast routing daemon.
1217 .It Va ipxgateway_enable
1221 then enable the routing of IPX traffic.
1222 .It Va ipxrouted_enable
1228 daemon at system boot time.
1229 .It Va ipxrouted_flags
1232 .Va ipxrouted_enable
1235 these are the flags to pass to the
1242 then enable global proxy ARP.
1243 .It Va forward_sourceroute
1251 source routed packets are forwarded.
1252 .It Va accept_sourceroute
1256 then the system will accept source routed packets directed at it.
1263 daemon at system boot time.
1270 these are the flags to pass to the
1277 to enable the configuration of ATM interfaces at system boot time.
1278 For all of the ATM variables described below, please refer to the
1280 man page for further details on the available command parameters.
1281 Also refer to the files in
1282 .Pa /usr/share/examples/atm
1283 for more detailed configuration information.
1284 .It Va atm_netif_<intf>
1286 For the ATM physical interface
1288 this variable defines the name prefix and count for the ATM network interfaces to be created.
1289 The value will be passed as the parameters of an
1290 .Dq atm set netif Va <intf>
1292 .It Va atm_sigmgr_<intf>
1294 For the ATM physical interface
1296 this variable defines the ATM signalling manager to be used.
1297 The value will be passed as the parameters of an
1298 .Dq atm attach Va <intf>
1300 .It Va atm_prefix_<intf>
1302 For the ATM physical interface
1304 this variable defines the NSAP prefix for interfaces using a UNI signalling
1307 then the prefix will automatically be set via the
1309 daemon. Otherwise, the value will be passed as the parameters of an
1310 .Dq atm set prefix Va <intf>
1312 .It Va atm_macaddr_<intf>
1314 For the ATM physical interface
1316 this variable defines the MAC address for interfaces using a UNI signalling
1319 then the hardware MAC address contained in the ATM interface card will be used.
1320 Otherwise, the value will be passed as the parameters of an
1321 .Dq atm set mac Va <intf>
1323 .It Va atm_arpserver_<netif>
1325 For the ATM network interface
1327 this variable defines the ATM address for a host which is to provide ATMARP
1328 service. This variable is only applicable to interfaces using a UNI signalling
1331 then this host will become an ATMARP server.
1332 The value will be passed as the parameters of an
1333 .Dq atm set arpserver Va <netif>
1335 .It Va atm_scsparp_<netif>
1339 then SCSP/ATMARP service for the network interface
1341 will be initiated using the
1345 daemons. This variable is only applicable if
1347 .Va atm_arpserver_ Ns Aq Ar netif
1353 Set to the list of ATM PVCs to be added at system
1354 boot time. For each whitespace separated
1357 .Va atm_pvc_ Ns Aq Ar element
1358 variable is assumed to exist. The value of each of these variables
1359 will be passed as the parameters of an
1364 Set to the list of permanent ATM ARP entries to be added
1365 at system boot time. For each whitespace separated
1368 .Va atm_arp_ Ns Aq Ar element
1369 variable is assumed to exist. The value of each of these variables
1370 will be passed as the parameters of an
1377 then no keymap is installed, otherwise the value is used to install
1379 .Pa /usr/share/syscons/keymaps/<value>.kbd
1382 The keyboard repeat speed. Set to
1388 if the default behavior is desired.
1393 attempt to program the function keys with the value. The value should
1394 be a single string of the form:
1395 .Qq Ar "<funkey_number> <new_value> [<funkey_number> <new_value>]..."
1398 Can be set to the value of
1404 to set the cursor behavior explicitly or choose the default behavior.
1409 then no screen map is installed, otherwise the value is used to install
1410 the screen map file in
1411 .Pa /usr/share/syscons/scrnmaps/<value> .
1416 then the default 8x16 font value is used for screen size requests, otherwise
1418 .Pa /usr/share/syscons/fonts/<value>
1424 then the default 8x14 font value is used for screen size requests, otherwise
1426 .Pa /usr/share/syscons/fonts/<value>
1432 then the default 8x8 font value is used for screen size requests, otherwise
1434 .Pa /usr/share/syscons/fonts/<value>
1440 then the default screen blanking interval is used, otherwise it is set
1448 this is the actual screen saver to use (blank, snake, daemon, etc).
1449 .It Va moused_enable
1455 daemon is started for doing cut/paste selection on the console.
1458 This is the protocol type of the mouse connected to this host.
1459 This variable must be set if
1466 is able to detect the appropriate mouse type automatically in many cases.
1467 Set this variable to
1469 to let the daemon detect it, or
1470 select one from the following list if the automatic detection fails.
1472 If the mouse is attached to the PS/2 mouse port, choose
1476 regardless of the brand and model of the mouse. Likewise, if the
1477 mouse is attached to the bus mouse port, choose
1481 All other protocols are for serial mice and will not work with
1482 the PS/2 and bus mice.
1483 If this is a USB mouse,
1485 is the only protocol type which will work.
1487 microsoft Microsoft mouse (serial)
1488 intellimouse Microsoft IntelliMouse (serial)
1489 mousesystems Mouse systems Corp mouse (serial)
1490 mmseries MM Series mouse (serial)
1491 logitech Logitech mouse (serial)
1492 busmouse A bus mouse
1493 mouseman Logitech MouseMan and TrackMan (serial)
1494 glidepoint ALPS GlidePoint (serial)
1495 thinkingmouse Kensington ThinkingMouse (serial)
1497 mmhittab MM HitTablet (serial)
1498 x10mouseremote X10 MouseRemote (serial)
1499 versapad Interlink VersaPad (serial)
1502 Even if the mouse is not in the above list, it may be compatible
1503 with one in the list.
1504 Refer to the man page for
1506 for compatibility information.
1508 It should also be noted that while this is enabled, any
1509 other client of the mouse (such as an X server) should access
1510 the mouse through the virtual mouse device:
1512 and configure it as a sysmouse type mouse, since all
1513 mouse data is converted to this single canonical format when
1516 If the client program does not support the sysmouse type,
1517 specify the mousesystems type.
1518 It is the second preferred type.
1525 this is the actual port the mouse is on.
1528 for a COM1 serial mouse,
1532 for a bus mouse, for example.
1537 is set, these are the additional flags to pass to the
1540 .It Va allscreens_flags
1544 is run with these options for each of the virtual terminals
1548 will enable the mouse pointer on all virtual terminals
1559 daemon at system boot time.
1565 .Pa /usr/sbin/cron ) .
1572 these are the flags to pass to
1579 .Pa /usr/sbin/lpd ) .
1586 daemon at system boot time.
1593 these are the flags to pass to the
1596 .It Va mta_start_script
1598 This variable specifies the full path to the script to run to start
1599 a mail transfer agent.
1601 .Pa /etc/rc.sendmail .
1605 .Pa /etc/rc.sendmail
1606 uses are documented in the
1611 Indicates the device (usually a swap partition) to which a crash dump
1612 should be written in the event of a system crash.
1613 The value of this variable is passed as the argument to
1615 To disable crash dumps, set this variable to
1619 When the system reboots after a crash and a crash dump is found on the
1620 device specified by the
1624 will save that crash dump and a copy of the kernel to the directory
1628 The default value is
1637 .It Va savecore_flags
1639 If crash dumps are enabled, these are the flags to pass to the
1642 .It Va enable_quotas
1646 to turn on user disk quotas on system startup via the
1653 to enable user disk quota checking via the
1656 .It Va accounting_enable
1660 to enable system accounting through the
1667 to enable iBCS2 (SCO) binary emulation at system initial boot
1669 .It Va ibcs2_loaders
1677 this specifies a list of additional iBCS2 loaders to enable.
1682 to enable Linux/ELF binary emulation at system initial
1688 to enable OSF/1 (Digital UNIX) binary emulation at system
1693 Set to the list of IRQs to monitor for random number creation
1694 (see the man page for
1695 .Xr rndcontrol 8 ) .
1696 .It Va clear_tmp_enable
1703 .It Va ldconfig_paths
1705 Set to the list of shared library paths to use with
1709 will always be added first, so it need not appear in this list.
1710 .It Va ldconfig_insecure
1714 utility normally refuses to use directories
1715 which are writable by anyone except root.
1716 Set this variable to
1718 to disable that security check during system startup.
1719 .It Va kern_securelevel_enable
1723 to set the kernel security level at system startup.
1724 .It Va kern_securelevel
1726 The kernel security level to set at startup.
1727 The allowed range of
1729 ranges from -1 (the compile time default) to 3 (the
1732 for the list of possible security levels and their effect
1733 on system operation.
1740 at system boot time.
1743 Path to the SSH server program
1744 .Pa ( /usr/sbin/sshd
1752 at system boot time.
1759 these are the flags to pass to the
1762 .It Va unaligned_print
1766 then unaligned access warnings will not be printed.
1768 .\" ----- isdn settings ---------------------------------
1776 starts the isdn daemon
1778 at system boot time.
1784 Additional flags to pass to
1790 for certain tunable parameters).
1796 The terminal type of the output device when
1798 operates in fullscreen mode.
1799 .It Va isdn_screenflags
1804 The video mode for fullscreen mode (only for
1814 The output device for
1816 in fullscreen mode (or
1826 enables the ISDN protocol trace utility
1827 .Pa /usr/sbin/isdntrace
1828 at system boot time.
1829 .It Va isdn_traceflags
1832 .Dq -f /var/tmp/isdntrace0
1835 .Pa /usr/sbin/isdntrace .
1836 .\" -----------------------------------------------------
1839 .Bl -tag -width /etc/defaults/rc.conf -compact
1840 .It Pa /etc/defaults/rc.conf
1842 .It Pa /etc/rc.conf.local
1906 .An Jordan K. Hubbard .