4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions directly.
46 Instead, it is included by the various generic startup scripts in
48 which conditionalize their
49 internal actions according to the settings found there.
52 .Pa /etc/defaults/rc.conf
53 file specifies the default settings for all the available options,
56 file specifies override settings.
57 Options need only be specified in
59 when the system administrator wishes to override the defaults.
61 .Pa /etc/rc.conf.local
62 is used to override settings in
64 for historical reasons.
66 .Pa /etc/rc.conf.local
67 you can also place smaller configuration files for each
71 directory, which will be included by the
74 For jail configurations you could use the file
75 .Pa /etc/rc.conf.d/jail
76 to store jail specific configuration options.
81 The following list provides a name and short description for each
82 variable that can be set in the
99 These values are case insensitive.
102 postfix in the name of a variable for starting a service can be
105 .Bl -tag -width indent-two
110 enable output of debug messages from rc scripts.
111 This variable can be helpful in diagnosing mistakes when
112 editing or integrating new scripts.
113 Beware that this produces copious output to the terminal and
119 disable informational messages from the rc scripts.
120 Informational messages are displayed when
121 a condition that is not serious enough to warrant a warning or an error occurs.
128 when faststart is used (e.g., at boot time).
133 no swapfile is installed, otherwise the value is used as the full
134 pathname to a file to use for additional swap space.
137 driver is needed for a swapfile and will be loaded if it is not
138 already compiled into the kernel or loaded via
144 to handle device added, removed or unknown events from the kernel.
151 these are the flags to pass to the
163 a CPU speed control daemon.
167 Additional flags passed to the
170 .It Va sensorsd_enable
179 a sensors monitoring and logging daemon.
180 .It Va sensorsd_flags
183 Additional flags passed to the
186 .It Va sysvipcd_enable
195 a daemon needed for the userspace implementation of the XSI Interprocess
196 Communication functions.
197 .It Va sysvipcd_flags
200 Additional flags passed to the
203 .It Va hotplugd_enable
212 a devices hot plugging monitoring daemon.
213 .It Va hotplugd_flags
216 Additional flags passed to the
219 .It Va pccard_ifconfig
221 List of arguments to be passed to
223 at boot time or on insertion of the card (e.g.\&
224 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
225 for a fixed address or
228 .It Va pccard_ether_delay
230 Set the delay before starting
233 .Pa /etc/pccard_ether
235 This defaults to 5 seconds to work around a bug in the
237 driver which can lead to system hangs when using some newer
240 .It Va removable_interfaces
242 List of removable network interfaces to be supported by
243 .Pa /etc/pccard_ether .
246 List of directories to search for startup script files.
247 .It Va script_name_sep
249 The field separator to use for breaking down the list of startup script files
250 into individual filenames.
251 The default is a space.
252 It is not necessary to change this unless there are startup scripts with names
256 The fully qualified domain name (FQDN) of this host on the network.
257 This should almost certainly be set to something meaningful, even if
258 there is no network connection.
261 is used to set the hostname via DHCP,
262 this variable should be set to an empty string.
265 Enable support for IPv6 networking.
266 Note that this requires that the kernel have been compiled with
267 .Cd "options INET6" .
270 The NIS domain name of this host, or
273 .It Va dhclient_program
275 Path to the DHCP client program
277 .Pa /sbin/dhclient ) .
278 .It Va dhclient_flags
280 Additional flags to pass to the DHCP client program.
288 If the kernel was not built with
292 kernel module will be loaded.
294 .Va firewall_enable .
299 ruleset definition file.
310 these are the flags to pass to
312 when loading the ruleset.
319 which logs packets from
327 this specifies the path of the log file.
338 these are the flags to pass to
340 .It Va firewall_enable
344 to load firewall rules at startup.
345 If the kernel was not built with
346 .Cd "options IPFIREWALL" ,
349 kernel module will be loaded.
352 .It Va ipv6_firewall_enable
354 The IPv6 equivalent of
355 .Va firewall_enable .
358 to load IPv6 firewall rules at startup.
359 If the kernel was not built with
360 .Cd "options IPV6FIREWALL" ,
363 kernel module will be loaded.
364 .It Va firewall_script
366 The full path to the firewall script to run
368 .Pa /etc/rc.firewall ) .
369 .It Va ipv6_firewall_script
371 The IPv6 equivalent of
372 .Va firewall_script .
375 Names the firewall type from the selection in
376 .Pa /etc/rc.firewall ,
377 or the file which contains the local firewall ruleset.
378 Valid selections from
382 .Bl -tag -width ".Li simple" -compact
384 unrestricted IP access
386 all IP services disabled, except via
389 basic protection for a workstation on a LAN
395 If a filename is specified, the full path must be given.
396 .It Va firewall_trusted_nets
398 List of trusted networks (if
402 .It Va firewall_trusted_interfaces
404 List of trusted network interfaces (if
408 .It Va firewall_allowed_icmp_types
410 List of allowed ICMP types (if
414 .It Va firewall_open_tcp_ports
416 List of TCP ports to open (if
420 .It Va firewall_open_udp_ports
422 List of UDP ports to open (if
426 .It Va ipv6_firewall_type
428 The IPv6 equivalent of
430 .It Va firewall_quiet
434 to disable the display of firewall rules on the console during boot.
435 .It Va ipv6_firewall_quiet
437 The IPv6 equivalent of
439 .It Va firewall_logging
443 to enable firewall event logging.
444 This is equivalent to the
445 .Dv IPFIREWALL_VERBOSE
447 .It Va ipv6_firewall_logging
449 The IPv6 equivalent of
450 .Va firewall_logging .
451 .It Va firewall_flags
457 specifies a filename.
458 .It Va ipv6_firewall_flags
460 The IPv6 equivalent of
477 sockets must be enabled in the kernel.
478 .It Va natd_interface
480 This is the name of the public interface on which
483 The interface may be given as an interface name or as an IP address.
488 flags should be placed here.
493 flag is automatically added with the above
496 .It Va tcp_extensions
503 disables certain TCP options as described by
509 might help remedy such problems with connections as randomly hanging
510 or other weird behavior.
511 Some network devices are known to be broken with respect to these options.
518 .Va net.inet.tcp.log_in_vain
520 .Va net.inet.udp.log_in_vain ,
525 are set to the given value.
533 will disable probing idle TCP connections to verify that the
534 peer is still up and reachable.
535 .It Va tcp_drop_synfin
542 will cause the kernel to ignore TCP frames that have both
543 the SYN and FIN flags set.
544 This prevents OS fingerprinting, but may break some legitimate applications.
545 This option is only available if the kernel was built with the
548 .It Va icmp_drop_redirect
555 will cause the kernel to ignore ICMP REDIRECT packets.
558 for more information.
559 .It Va icmp_log_redirect
566 will cause the kernel to log ICMP REDIRECT packets.
568 the log messages are not rate-limited, so this option should only be used
569 for troubleshooting networks.
572 for more information.
573 .It Va icmp_bmcastecho
577 to respond to broadcast or multicast ICMP ping packets.
580 for more information.
581 .It Va ip_portrange_first
585 this is the first port in the default portrange.
588 for more information.
589 .It Va ip_portrange_last
593 this is the last port in the default portrange.
596 for more information.
598 .It Va ifconfig_ Ns Aq Ar interface
602 Typically includes IP address.
603 Assuming that the interface in question was
605 it might look something like this:
607 ifconfig_ed0="inet 10.0.0.1 netmask 0xffff0000"
611 .Pa /etc/start_if. Ns Aq Ar interface
612 file is present, it is read and executed by the
614 interpreter before configuring the interface as specified in the
615 .Va ifconfig_ Ns Aq Ar interface
617 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
620 It is possible to bring up an interface with DHCP by adding
623 .Va ifconfig_ Ns Aq Ar interface
625 For instance, to initialize the
627 device via DHCP, it is possible to use something like:
633 .Va vlans_ Ns Aq Ar interface
637 interface will be created for each item in the list with the
641 If a vlan interface's name is a number,
642 then that number is used as the vlan tag and the new vlan interface is
644 .Ar interface . Ns Ar tag .
646 the vlan tag must be specified via a
649 .Va create_args_ Ns Aq Ar interface
652 To create a vlan device named
656 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
659 ifconfig_em0_101="inet 192.0.2.1/24"
662 To create a vlan device named
666 with the vlan tag 102:
669 create_args_myvlan="vlan 102"
673 .Va wlans_ Ns Aq Ar interface
677 interface will be created for each item in the list with the
681 Further wlan cloning arguments may be passed to the
684 command by setting the
685 .Va create_args_ Ns Aq Ar interface
689 devices must be created for each wireless devices as of
695 may be specified with an
696 .Va wlandebug_ Ns Aq Ar interface
698 The contents of this variable will be passed directly to
701 Also, if your interface needs WPA authentication, it is possible to add
704 .Va ifconfig_ Ns Aq Ar interface
707 .Xr wpa_supplicant 8 .
709 .Xr wpa_supplicant.conf 5
710 for configuring authentication information.
714 options in this variable, in addition to the
715 .Pa /etc/start_if. Ns Aq Ar interface
717 For instance, to initialize the
719 device via DHCP, using WPA authentication and 802.11b mode, it is
720 possible to use something like:
723 ifconfig_wlan0="up DHCP WPA mode 11b"
725 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
727 Configuration to establish an additional network address for
729 Assuming that the interface in question was
731 it might look something like this:
733 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
734 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
739 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
740 entry that is found, its contents are passed to
742 Execution stops at the first unsuccessful access, so if
743 something like this is present:
745 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
746 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
747 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
748 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
751 Then note that alias4 would
753 be added since the search would stop with the missing alias3 entry.
754 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _name
758 It is possible to rename interface by doing:
760 ifconfig_ed0_name="net0"
761 ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
763 .It Va network_interfaces
765 The list of network interfaces to configure on this host,
768 to configure all network interfaces
771 For example, if the only network devices to be configured are the loopback device
775 driver, this could be set to
778 .Va ifconfig_ Ns Aq Ar interface
779 variable is assumed to exist for each value of
781 .It Va ipv6_network_interfaces
783 This is the IPv6 equivalent of
784 .Va network_interfaces .
785 Instead of setting the ifconfig variables as
786 .Va ifconfig_ Ns Aq Ar interface
787 they should be set as
788 .Va ipv6_ifconfig_ Ns Aq Ar interface .
789 Aliases should be set as
790 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
791 Interfaces that do not have a
792 .Va ipv6_ifconfig_ Ns Aq Ar interface
793 setting will be auto configured by
796 .Va ipv6_gateway_enable
799 Note that the IPv6 networking code does not support the
800 .Pa /etc/start_if. Ns Aq Ar interface
802 .It Va ipv6_prefix_ Ns Aq Ar interface
806 prefixlen 64 is used.
807 .It Va ipv6_default_interface
811 this is the default output interface for scoped addresses.
812 Now this works only for IPv6 link local multicast addresses.
813 .It Va cloned_interfaces
815 Set to the list of clonable network interfaces to create on this host.
817 .Va cloned_interfaces
818 are automatically appended to
819 .Va network_interfaces
821 .It Va gif_interfaces
825 tunnel interfaces to configure on this host.
827 .Va gifconfig_ Ns Aq Ar interface
828 variable is assumed to exist for each value of
830 The value of this variable is used to configure the link layer of the
831 tunnel according to the syntax of the
835 Additionally, this option ensures that each listed interface is created via the
839 before attempting to configure it.
840 .It Va sppp_interfaces
844 interfaces to configure on this host.
846 .Va spppconfig_ Ns Aq Ar interface
847 variable is assumed to exist for each value of
849 Each interface should also be configured by a general
850 .Va ifconfig_ Ns Aq Ar interface
854 for more information about available options.
864 Mode in which to run the
873 See the manual for a full description.
878 enables network address translation.
879 Used in conjunction with
881 allows hosts on private network addresses access to the Internet using
882 this host as a network address translating router.
885 The name of the profile to use from
886 .Pa /etc/ppp/ppp.conf .
887 Also used for per-profile overrides of
888 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
889 Where the profile contains any of the characters
891 they are translated to
893 for the purposes of the override variable names.
894 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
896 Set the unit number to be used for this profile.
897 See the manual description of
904 The name of the user under which
913 This option is used to specify a list of files that will override
915 .Pa /etc/defaults/rc.conf .
916 The files will be read in the order in which they are specified and should
917 include the full path to the file.
918 By default, the files specified are
921 .Pa /etc/rc.conf.local
929 flag if the initial preen of the file systems fails.
932 List of file system types that are network-based.
933 This list should generally not be modified by end users.
935 .Va extra_netfs_types
937 .It Va extra_netfs_types
939 If set to something other than
941 (the default), this variable extends the list of file system types
942 for which automatic mounting at startup by
944 should be delayed until the network is initialized.
946 a whitespace-separated list of network file system descriptor pairs,
947 each consisting of a file system type as passed to
949 and a human-readable, one-word description, joined with a colon
951 Extending the default list in this way is only necessary
952 when third party file system types are used.
953 .It Va devfs_config_files
955 This option is used to specify a list of configuration files containing
957 rules that will be applied by
959 in the order in which they are specified and must include the full path
961 .It Va syslogd_enable
968 .It Va syslogd_program
973 .Pa /usr/sbin/syslogd ) .
980 these are the flags to pass to
994 .Pa /usr/sbin/inetd ) .
1001 these are the flags to pass to
1009 daemon at boot time.
1016 these are the flags to pass to it.
1023 daemon at boot time.
1030 these are the flags to pass to it.
1033 manpage for more information.
1034 .It Va amd_map_program
1036 If set, the specified program is run to get the list of
1041 maps are stored in NIS, one can set this to run
1053 will be updated at boot time to reflect the kernel release being run.
1057 will not be updated.
1058 .It Va nfs_client_enable
1062 setup NFS client parameters at boot time.
1063 .It Va nfs_access_cache
1066 .Va nfs_client_enable
1071 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1072 NFS ACCESS results should be cached.
1073 A value of 2-10 seconds will substantially reduce network traffic for
1074 many NFS operations.
1075 The default is 5 seconds.
1076 Note that the attribute cache holds stat information only.
1077 The NFS data cache is independent of the attribute cache and is only
1078 invalidated when the client detects that the server has modified the
1080 This value specifies a maximum timeout.
1081 The NFS client will automatically use a shorter timeout for files which
1082 have been recently modified.
1083 .It Va nfs_neg_cache
1086 .Va nfs_client_enable
1091 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existent
1092 filenames), or to the number of seconds for which negative lookups should
1094 A value of 2-10 seconds will substantially reduce network
1095 traffic for many NFS operations, especially source code builds.
1096 The default is 3 seconds.
1097 .It Va nfs_server_enable
1101 run the NFS server daemons at boot time.
1102 .It Va nfs_server_flags
1105 .Va nfs_server_enable
1108 these are the flags to pass to the
1111 .It Va mountd_enable
1116 .Va nfs_server_enable
1122 It is commonly needed to run CFS without real NFS used.
1129 these are the flags to pass to the
1132 .It Va weak_mountd_authentication
1136 allow services like PCNFSD to make non-privileged mount requests.
1137 .It Va nfs_reserved_port_only
1141 provide NFS services only on a secure port.
1142 .It Va nfs_bufpackets
1144 If set to a number, indicates the number of packets worth of
1145 socket buffer space to reserve on an NFS client.
1146 The kernel default is typically 4.
1147 Using a higher number may be useful on gigabit networks to improve performance.
1148 The minimum value is 2 and the maximum is 64.
1149 .It Va rpc_umntall_enable
1153 (default) and we are also an NFS client, run
1155 at boot time to clear out old mounts on remote servers.
1160 will not be run at boot time.
1161 .It Va rpc_lockd_enable
1165 and also an NFS server, run
1168 .It Va rpc_lockd_flags
1171 .Va rpc_lockd_enable
1174 these are the flags to pass to
1176 .It Va rpc_statd_enable
1180 and also an NFS server, run
1183 .It Va rpc_statd_flags
1186 .Va rpc_statd_enable
1189 these are the flags to pass to
1191 .It Va rpcbind_program
1193 Path to program for rpcbind daemon
1195 .Pa /usr/sbin/rpcbind ) .
1196 .It Va rpcbind_enable
1203 .It Va rpcbind_flags
1209 these are the flags to pass to
1210 .Va rpcbind_program .
1211 .It Va keyserv_enable
1217 daemon on boot for running Secure RPC.
1218 .It Va keyserv_flags
1224 these are the flags to pass to
1227 .It Va pppoed_enable
1233 daemon at boot time to provide PPP over Ethernet services.
1234 .It Va pppoed_provider
1237 listens to requests to this provider and ultimately runs
1241 argument of the same name.
1244 Additional flags to pass to
1246 .It Va pppoed_interface
1248 The network interface to run
1251 This is mandatory when
1261 service at boot time.
1262 This command is intended for networks of machines where a consistent
1264 for all hosts must be established.
1265 This is often useful in large NFS environments where time stamps on
1266 files are expected to be consistent network-wide.
1273 these are the flags to pass to the
1282 at system boot time.
1283 .It Va dntpd_program
1288 .Pa /usr/sbin/dntpd ) .
1295 these are the flags to pass to the
1298 .It Va btconfig_enable
1302 configure Bluetooth devices via
1304 at system boot time.
1305 .It Va btconfig_devices
1311 this is the list of Bluetooth devices to configure.
1313 .Va btconfig_devices
1314 is not specified, all devices known to the system will be configured.
1316 .Va btconfig_ Ns Aq Ar device
1317 variable can be set to specify parameters to be passed to
1319 .It Va btconfig_args
1325 this is the list of configuration parameters to pass to all Bluetooth
1331 run the Service Discovery Profile daemon
1333 at system boot time.
1340 these are the flags to pass to the
1343 .It Va bthcid_enable
1347 run the Bluetooth Link Key/PIN Code Manager daemon
1349 at system boot time.
1356 these are the flags to pass to the
1359 .It Va nis_client_enable
1365 service at system boot time.
1366 .It Va nis_client_flags
1369 .Va nis_client_enable
1372 these are the flags to pass to the
1375 .It Va nis_ypset_enable
1381 daemon at system boot time.
1382 .It Va nis_ypset_flags
1385 .Va nis_ypset_enable
1388 these are the flags to pass to the
1391 .It Va nis_server_enable
1397 daemon at system boot time.
1398 .It Va nis_server_flags
1401 .Va nis_server_enable
1404 these are the flags to pass to the
1407 .It Va nis_ypxfrd_enable
1413 daemon at system boot time.
1414 .It Va nis_ypxfrd_flags
1417 .Va nis_ypxfrd_enable
1420 these are the flags to pass to the
1423 .It Va nis_yppasswdd_enable
1429 daemon at system boot time.
1430 .It Va nis_yppasswdd_flags
1433 .Va nis_yppasswdd_enable
1436 these are the flags to pass to the
1439 .It Va rpc_ypupdated_enable
1445 daemon at system boot time.
1446 .It Va defaultrouter
1450 create a default route to this host name or IP address
1451 (use an IP address if this router is also required to get to the
1453 .It Va ipv6_defaultrouter
1455 The IPv6 equivalent of
1457 .It Va static_routes
1459 Set to the list of static routes that are to be added at system boot time.
1462 then for each whitespace separated
1465 .Va route_ Ns Aq Ar element
1466 variable is assumed to exist whose contents will later be passed to a
1469 .It Va change_routes
1471 Set to the list of static routes that are to be changed at system boot time
1472 (such as those added by the kernel).
1475 then for each whitespace separated
1478 .Va change_route_ Ns Aq Ar element
1479 variable is assumed to exist whose contents will later be passed to a
1480 .Dq Nm route Cm change
1482 .It Va ipv6_static_routes
1484 The IPv6 equivalent of
1488 then for each whitespace separated
1491 .Va ipv6_route_ Ns Aq Ar element
1492 variable is assumed to exist whose contents will later be passed to a
1493 .Dq Nm route Cm add Fl inet6
1495 .It Va gateway_enable
1499 configure host to act as an IP router, e.g. to forward packets
1501 .It Va ipv6_gateway_enable
1503 The IPv6 equivalent of
1504 .Va gateway_enable .
1505 .It Va router_enable
1509 run a routing daemon of some sort, based on the settings of
1513 .It Va ipv6_router_enable
1515 The IPv6 equivalent of
1519 run a routing daemon of some sort, based on the settings of
1520 .Va ipv6_router_program
1522 .Va ipv6_router_flags .
1523 .It Va router_program
1529 this is the name of the routing daemon to use
1531 .Pa /sbin/routed ) .
1532 .It Va ipv6_router_program
1534 The IPv6 equivalent of
1537 .Pa /sbin/route6d ) .
1544 these are the flags to pass to the routing daemon.
1545 .It Va ipv6_router_flags
1547 The IPv6 equivalent of
1549 .It Va mrouted_enable
1553 run the multicast routing daemon,
1555 .It Va mroute6d_enable
1557 The IPv6 equivalent of
1558 .Va mrouted_enable .
1561 run the IPv6 multicast routing daemon.
1562 Note that no IPv6 multicast routing daemon is included in the
1566 can be installed from the
1569 .Pa ( net/mcast-tools ) .
1570 .It Va mrouted_flags
1576 these are the flags to pass to the
1579 .It Va mroute6d_flags
1581 The IPv6 equivalent of
1587 these are the flags passed to the IPv6 multicast routing daemon.
1588 .It Va mroute6d_program
1594 this is the path to the IPv6 multicast routing daemon.
1595 .It Va rtadvd_enable
1601 daemon at boot time.
1604 .Va ipv6_gateway_enable
1609 utility sends router advertisement packets to the interfaces specified in
1610 .Va rtadvd_interfaces .
1612 and should only be enabled with great care.
1613 You may want to fine-tune
1615 .It Va rtadvd_interfaces
1621 this is the list of interfaces to use.
1622 .It Va rtsold_enable
1628 daemon at boot time.
1631 daemon is used for automatic discovery of non-link local addresses.
1638 these are the flags to pass to the
1645 enable global proxy ARP.
1646 .It Va forward_sourceroute
1654 source-routed packets are forwarded.
1655 .It Va accept_sourceroute
1659 the system will accept source-routed packets directed at it.
1666 daemon at system boot time.
1673 these are the flags to pass to the
1676 .It Va bootparamd_enable
1682 daemon at system boot time.
1683 .It Va bootparamd_flags
1686 .Va bootparamd_enable
1689 these are the flags to pass to the
1692 .It Va stf_interface_ipv4addr
1696 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling interface).
1697 Specify this entry to enable the 6to4 interface.
1698 .It Va stf_interface_ipv4plen
1700 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1701 An effective value is 0-31.
1702 .It Va stf_interface_ipv6_ifid
1704 IPv6 interface ID for
1708 .It Va stf_interface_ipv6_slaid
1710 IPv6 Site Level Aggregator for
1712 .It Va ipv6_faith_prefix
1716 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP translator.
1722 The keyboard bell sound.
1729 if the default behavior is desired.
1730 For details, refer to the
1737 no keymap is installed, otherwise the value is used to install
1739 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1742 The keyboard repeat speed.
1749 if the default behavior is desired.
1754 attempt to program the function keys with the value.
1755 The value should be a single string of the form:
1756 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
1759 Can be set to the value of
1762 .Dq Li destructive ,
1765 to set the cursor behavior explicitly or choose the default behavior.
1770 no screen map is installed, otherwise the value is used to install
1771 the screen map file in
1772 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
1777 the default 8x16 font value is used for screen size requests, otherwise
1779 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1785 the default 8x14 font value is used for screen size requests, otherwise
1787 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1793 the default 8x8 font value is used for screen size requests, otherwise
1795 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1801 the default screen blanking interval is used, otherwise it is set to
1808 this is the actual screen saver to use
1809 .Li ( blank , snake , daemon ,
1811 .It Va moused_nondefault_enable
1815 the mouse device specified on
1816 the command line is not automatically treated as enabled by the
1817 .Pa /etc/rc.d/moused
1819 Having this variable set to
1825 to be enabled as soon as it is plugged in.
1826 .It Va moused_enable
1832 daemon is started for doing cut/paste selection on the console.
1835 This is the protocol type of the mouse connected to this host.
1836 This variable must be set if
1843 is able to detect the appropriate mouse type automatically in many cases.
1844 Set this variable to
1846 to let the daemon detect it, or
1847 select one from the following list if the automatic detection fails.
1849 If the mouse is attached to the PS/2 mouse port, choose
1853 regardless of the brand and model of the mouse.
1854 Likewise, if the mouse is attached to the bus mouse port, choose
1858 All other protocols are for serial mice and will not work with
1859 the PS/2 and bus mice.
1860 If this is a USB mouse,
1862 is the only protocol type which will work.
1864 .Bl -tag -width ".Li x10mouseremote" -compact
1866 Microsoft mouse (serial)
1868 Microsoft IntelliMouse (serial)
1870 Mouse systems Corp. mouse (serial)
1872 MM Series mouse (serial)
1874 Logitech mouse (serial)
1878 Logitech MouseMan and TrackMan (serial)
1880 ALPS GlidePoint (serial)
1881 .It Li thinkingmouse
1882 Kensington ThinkingMouse (serial)
1886 MM HitTablet (serial)
1887 .It Li x10mouseremote
1888 X10 MouseRemote (serial)
1890 Interlink VersaPad (serial)
1893 Even if the mouse is not in the above list, it may be compatible
1894 with one in the list.
1895 Refer to the man page for
1897 for compatibility information.
1899 It should also be noted that while this is enabled, any
1900 other client of the mouse (such as an X server) should access
1901 the mouse through the virtual mouse device,
1903 and configure it as a
1905 type mouse, since all
1906 mouse data is converted to this single canonical format when using
1908 If the client program does not support the
1913 It is the second preferred type.
1920 this is the actual port the mouse is on.
1923 for a COM1 serial mouse or
1925 for a PS/2 mouse, for example.
1930 is set, these are the additional flags to pass to the
1933 .It Va mousechar_start
1937 the default mouse cursor character range
1938 .Li 0xd0 Ns - Ns Li 0xd3
1939 is used, otherwise the range start is set to
1943 Use if the default range is occupied in the language code table.
1946 Set the size of the history (scrollback) buffer in lines.
1947 .It Va allscreens_flags
1951 is run with these options for each of the virtual terminals
1955 will enable the mouse pointer on all virtual terminals if
1959 .It Va allscreens_kbdflags
1963 is run with these options for each of the virtual terminals
1969 scrollback (history) buffer to 200 lines.
1976 daemon at system boot time.
1982 .Pa /usr/sbin/cron ) .
1989 these are the flags to pass to
1996 .Pa /usr/sbin/lpd ) .
2003 daemon at system boot time.
2010 these are the flags to pass to the
2019 daemon at system boot time.
2026 settings across reboots.
2027 .It Va mta_start_script
2029 The full path to the script to run to start
2030 a mail transfer agent.
2032 .Pa /etc/rc.sendmail .
2036 .Pa /etc/rc.sendmail
2037 uses are documented in the
2043 .Sq HAMMER ROOT with UFS /boot
2044 setup, the boot loader will not set up the
2047 The system will attempt to fix this on its own.
2048 Set this variable to
2050 to turn this behavior off.
2053 Indicates the device (usually a swap partition) to which a crash dump
2054 should be written in the event of a system crash.
2055 The value of this variable is passed as the argument to
2059 To disable crash dumps, set this variable to
2063 When the system reboots after a crash and a crash dump is found on the
2064 device specified by the
2068 will save that crash dump and a copy of the kernel to the directory
2072 The default value is
2081 .It Va savecore_flags
2083 If crash dumps are enabled, these are the flags to pass to the
2086 .It Va crashinfo_enable
2090 to turn on automatic crash dump summary generation using the utility
2092 .Va crashinfo_program
2094 .It Va crashinfo_program
2096 Program to run to generate a crash dump summary if the variable
2097 .Va crashinfo_enable
2100 The default value is
2101 .Pa /usr/sbin/crashinfo .
2102 .It Va enable_quotas
2106 to turn on user disk quotas on system startup via the
2113 to enable user disk quota checking via the
2116 .It Va accounting_enable
2120 to enable system accounting through the
2127 to enable Linux/ELF binary emulation at system initial boot time.
2128 .\" ----- cleanvar_enable setting--------------------------------
2129 .It Va cleanvar_enable
2137 .Pa /var/spool/uucp/.Temp/*
2139 .\" ----- clear_tmp_enable setting-------------------------------
2140 .It Va clear_tmp_enable
2147 .\" ----- ldconfig_paths setting --------------------------------
2148 .It Va ldconfig_paths
2150 Set to the list of shared library paths to use with
2154 will always be added first, so it need not appear in this list.
2155 .It Va ldconfig_insecure
2159 utility normally refuses to use directories
2160 which are writable by anyone except root.
2161 Set this variable to
2163 to disable that security check during system startup.
2164 .It Va ldconfig_local_dirs
2166 Set to the list of local
2169 The names of all files in the directories listed will be
2170 passed as arguments to
2172 .It Va kern_securelevel
2174 The kernel security level to set at startup.
2175 The allowed range of
2177 ranges from \-1 (the compile time default) to 3 (the most secure).
2180 for the list of possible security levels and their effect on system operation.
2187 at system boot time.
2194 at system boot time.
2197 Path to the SSH server program
2199 .Pa /usr/sbin/sshd ) .
2206 these are the flags to pass to the
2215 at system boot time.
2222 these are the flags to pass to the
2225 .It Va watchdogd_enable
2231 daemon at boot time.
2232 This requires that the kernel have been compiled with
2233 .Cd "options WATCHDOG" .
2238 any configured jails will not be started.
2241 A space separated list of names for jails.
2242 This is purely a configuration aid to help identify and
2243 configure multiple jails.
2244 The names specified in this list will be used to
2245 identify settings common to an instance of a jail.
2246 Assuming that the jail in question was named
2248 you would have the following dependent variables:
2250 jail_vjail_hostname="jail.example.com"
2251 jail_vjail_ip="192.168.1.100"
2252 jail_vjail_rootdir="/var/jails/vjail/root"
2257 When set, use as default value for
2258 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2261 .It Va jail_interface
2264 When set, use as default value for
2265 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2271 When set, use as default value for
2272 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2275 .It Va jail_mount_enable
2283 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2286 by default for every jail in
2288 .It Va jail_procfs_enable
2296 .Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2299 by default for every jail in
2301 .It Va jail_devfs_enable
2309 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2312 by default for every jail in
2314 .It Va jail_exec_start
2317 When set, use as default value for
2318 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2321 .It Va jail_exec_stop
2323 When set, use as default value for
2324 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2327 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
2330 Set to the root directory used by jail
2332 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
2335 Set to the fully qualified domain name (FQDN) assigned to jail
2337 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
2340 Set to the IP address assigned to jail
2342 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2347 These are flags to pass to
2349 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2352 When set, sets the interface to use when setting IP address alias.
2353 Note that the alias is created at jail startup and removed at jail shutdown.
2354 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2357 .Pa /etc/fstab. Ns Aq Ar jname
2359 This is the file system information file to use for jail
2361 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2368 mount all file systems from
2369 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2371 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2378 mount the process file system inside jail
2381 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2388 mount the device file system inside jail
2391 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2394 .Dq Li /bin/sh /etc/rc
2396 This is the command executed at jail startup.
2397 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2400 .Dq Li /bin/sh /etc/rc.shutdown
2402 This is the command executed at jail shutdown.
2403 .It Va jail_set_hostname_allow
2407 do not allow the root user in a jail to set its hostname.
2408 .It Va jail_socket_unixiproute_only
2412 do not allow any sockets,
2413 besides UNIX/IP/route sockets,
2414 to be used within a jail.
2415 .It Va jail_sysvipc_allow
2419 allow applications within a jail to use System V IPC.
2424 LVM volumes will be discovered and configured on boot.
2425 .It Va newsyslog_enable
2431 before syslogd starts.
2432 .It Va newsyslog_flags
2435 .Va newsyslog_enable
2438 these are the flags passed to
2440 .It Va resident_enable
2444 make the dynamic binaries listed in
2445 .Pa /etc/resident.conf
2447 .It Va varsym_enable
2452 .Pa /etc/varsym.conf
2453 to set system-wide variables for variant symlinks.
2458 or a whitespace separated list of IRQ numbers which will be used as a source of
2460 .\" -----------------------------------------------------
2465 to disable caching entropy via
2467 Otherwise set to the directory used to store entropy files in.
2472 to disable caching entropy through reboots.
2473 Otherwise set to the filename used to store cached entropy through reboots.
2474 This file should be located on the root file system to seed the
2476 device as early as possible in the boot process.
2477 .It Va entropy_save_sz
2479 Determines the size of the entropy cache files used for entropy cached
2480 through reboots and also entropy cached via
2482 The entropy is fed to the system in blocks of 512 bytes, so this number
2483 should be large enough to fill as many of the entropy pools in the kernel
2485 By default, it is set to 16384, which should be able to seed all 32 entropy
2486 pools in the Fortuna CSPRNG.
2498 Configuration file for
2507 .Pa /var/run/dmesg.boot
2509 .It Va rcshutdown_timeout
2511 If set, start a watchdog timer in the background which will terminate
2515 has not completed within the specified time (in seconds).
2516 Notice that in addition to this soft timeout,
2518 also applies a hard timeout for the execution of
2520 This is configured via
2523 .Va kern.init_shutdown_timeout
2524 and defaults to 120 seconds. Setting the value of
2525 .Va rcshutdown_timeout
2526 to more than 120 seconds will have no effect until the
2529 .Va kern.init_shutdown_timeout
2535 the udevd daemon will be started on boot.
2536 .It Va vfs_quota_enable
2540 vfs quota rc.d scripts will be run on boot.
2541 .It Va vfs_quota_sync
2543 List of mount points whose counters are to be synchronized with on-disk
2544 usage during system startup. See also
2546 .It Va vknetd_enable
2551 will be started on boot.
2554 Additional flags passed to
2556 Usually address/cidrbits is specified here.
2557 When no flags are passed, default option
2560 .It Va vkernel_enable
2564 any configured vkernels will not be started.
2565 .It Va vkernel_kill_timeout
2567 This defines the default number of seconds that we will wait for the
2568 vkernel to shut down on it's own. If after this time it's still alive,
2569 it will be killed with SIGKILL.
2572 Defines the default path to the vkernel binary.
2575 A space separated list of names for vkernels.
2576 This is purely a configuration aid to help identify and
2577 configure multiple vkernels.
2578 The names specified in this list will be used to
2579 identify settings common to a vkernel instance.
2580 Assuming that the vkernel in question was named
2582 you would have the following dependent variables
2583 (filled with reference values in this text):
2585 vkernel_example_bin="/usr/obj/usr/src/sys/VKERNEL64/kernel.debug"
2586 vkernel_example_memsize="64m"
2587 vkernel_example_rootimg_list="/var/vkernel/rootimg.01"
2588 vkernel_example_iface_list="auto:bridge0"
2589 vkernel_example_logfile="/dev/null"
2590 vkernel_example_flags="-U"
2591 vkernel_example_kill_timeout="45"
2594 The last five are optional.
2595 They default to an empty string if not set, except for logfile which defaults to
2598 .It Va autofs_enable
2608 daemons at boot time.
2609 .It Va automount_flags
2615 these are the flags to pass to the
2618 By default no flags are passed.
2619 .It Va automountd_flags
2625 these are the flags to pass to the
2628 By default no flags are passed.
2629 .It Va autounmountd_flags
2635 these are the flags to pass to the
2638 By default no flags are passed.
2641 .Bl -tag -width ".Pa /etc/start_if. Ns Aq Ar interface" -compact
2642 .It Pa /etc/defaults/rc.conf
2644 .It Pa /etc/rc.conf.local
2645 .It Pa /etc/start_if. Ns Aq Ar interface
2663 .Xr resident.conf 5 ,
2727 .An Jordan K. Hubbard .