4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions directly.
46 Instead, it is included by the various generic startup scripts in
48 which conditionalize their
49 internal actions according to the settings found there.
52 .Pa /etc/defaults/rc.conf
53 file specifies the default settings for all the available options,
56 file specifies override settings.
57 Options need only be specified in
59 when the system administrator wishes to override the defaults.
61 .Pa /etc/rc.conf.local
62 is used to override settings in
64 for historical reasons.
66 .Pa /etc/rc.conf.local
67 you can also place smaller configuration files for each
71 directory, which will be included by the
74 For jail configurations you could use the file
75 .Pa /etc/rc.conf.d/jail
76 to store jail specific configuration options.
81 The following list provides a name and short description for each
82 variable that can be set in the
99 These values are case insensitive.
102 postfix in the name of a variable for starting a service can be
105 .Bl -tag -width indent-two
110 enable output of debug messages from rc scripts.
111 This variable can be helpful in diagnosing mistakes when
112 editing or integrating new scripts.
113 Beware that this produces copious output to the terminal and
119 disable informational messages from the rc scripts.
120 Informational messages are displayed when
121 a condition that is not serious enough to warrant a warning or an error occurs.
128 when faststart is used (e.g., at boot time).
133 no swapfile is installed, otherwise the value is used as the full
134 pathname to a file to use for additional swap space.
137 driver is needed for a swapfile and will be loaded if it is not
138 already compiled into the kernel or loaded via
140 .It Ao Ar module Ac Ns Ar _load
144 that kernel module will be loaded.
146 .Ao Ar module Ac Ns Ar _name
147 is defined (see below), the
148 module's name is taken to be
150 .It Ao Ar module Ac Ns Ar _name
152 Defines the name of the module.
157 to handle device added, removed or unknown events from the kernel.
164 these are the flags to pass to the
176 a CPU speed control daemon.
180 Additional flags passed to the
183 .It Va sensorsd_enable
192 a sensors monitoring and logging daemon.
193 .It Va sensorsd_flags
196 Additional flags passed to the
199 .It Va sysvipcd_enable
208 a daemon needed for the userspace implementation of the XSI Interprocess
209 Communication functions.
210 .It Va sysvipcd_flags
213 Additional flags passed to the
216 .It Va hotplugd_enable
225 a devices hot plugging monitoring daemon.
226 .It Va hotplugd_flags
229 Additional flags passed to the
232 .It Va pccard_ifconfig
234 List of arguments to be passed to
236 at boot time or on insertion of the card (e.g.\&
237 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
238 for a fixed address or
241 .It Va pccard_ether_delay
243 Set the delay before starting the DHCP client (configured with
246 .Pa /etc/pccard_ether
250 seconds to work around a bug in the
252 driver which can lead to system hangs when using some newer
255 .It Va removable_interfaces
257 List of removable network interfaces to be supported by
258 .Pa /etc/pccard_ether .
261 List of directories to search for startup script files.
262 .It Va script_name_sep
264 The field separator to use for breaking down the list of startup script files
265 into individual filenames.
266 The default is a space.
267 It is not necessary to change this unless there are startup scripts with names
271 The fully qualified domain name (FQDN) of this host on the network.
272 This should almost certainly be set to something meaningful, even if
273 there is no network connection.
274 If DHCP is used to set the hostname,
275 this variable should be set to an empty string.
278 Enable support for IPv6 networking.
279 Note that this requires that the kernel have been compiled with
280 .Cd "options INET6" .
283 The NIS domain name of this host, or
288 Set the rc script that is called to start the DHCP client.
293 .It Va dhclient_program
298 .Pa /sbin/dhclient ) .
299 .It Va dhclient_flags
301 Additional flags to pass to the
310 in master mode (i.e., configure all available Ethernet interfaces) at startup.
311 .It Va dhcpcd_program
319 Additional flags to pass to the
329 If the kernel was not built with
333 kernel module will be loaded.
335 .Va firewall_enable .
340 ruleset definition file.
351 these are the flags to pass to
353 when loading the ruleset.
360 which logs packets from
368 this specifies the path of the log file.
379 these are the flags to pass to
381 .It Va firewall_enable
385 to load firewall rules at startup.
386 If the kernel was not built with
387 .Cd "options IPFIREWALL" ,
390 kernel module will be loaded.
393 .It Va ipv6_firewall_enable
395 The IPv6 equivalent of
396 .Va firewall_enable .
399 to load IPv6 firewall rules at startup.
400 If the kernel was not built with
401 .Cd "options IPV6FIREWALL" ,
404 kernel module will be loaded.
405 .It Va firewall_script
407 The full path to the firewall script to run
409 .Pa /etc/rc.firewall ) .
410 .It Va ipv6_firewall_script
412 The IPv6 equivalent of
413 .Va firewall_script .
416 Names the firewall type from the selection in
417 .Pa /etc/rc.firewall ,
418 or the file which contains the local firewall ruleset.
419 Valid selections from
423 .Bl -tag -width ".Li simple" -compact
425 unrestricted IP access
427 all IP services disabled, except via
430 basic protection for a workstation on a LAN
436 If a filename is specified, the full path must be given.
437 .It Va firewall_trusted_nets
439 List of trusted networks (if
443 .It Va firewall_trusted_interfaces
445 List of trusted network interfaces (if
449 .It Va firewall_allowed_icmp_types
451 List of allowed ICMP types (if
455 .It Va firewall_open_tcp_ports
457 List of TCP ports to open (if
461 .It Va firewall_open_udp_ports
463 List of UDP ports to open (if
467 .It Va ipv6_firewall_type
469 The IPv6 equivalent of
471 .It Va firewall_quiet
475 to disable the display of firewall rules on the console during boot.
476 .It Va ipv6_firewall_quiet
478 The IPv6 equivalent of
480 .It Va firewall_logging
484 to enable firewall event logging.
485 This is equivalent to the
486 .Dv IPFIREWALL_VERBOSE
488 .It Va ipv6_firewall_logging
490 The IPv6 equivalent of
491 .Va firewall_logging .
492 .It Va firewall_flags
498 specifies a filename.
499 .It Va ipv6_firewall_flags
501 The IPv6 equivalent of
515 The full path to the shell script to run to set up the ipfw3
516 firewall rules (default
517 .Pa /etc/ipfw3.rules ) .
520 List of ipfw3 modules to be loaded before executing the above
523 .Dq Li ipfw3 ipfw3_basic ) .
539 sockets must be enabled in the kernel.
540 .It Va natd_interface
542 This is the name of the public interface on which
545 The interface may be given as an interface name or as an IP address.
550 flags should be placed here.
555 flag is automatically added with the above
558 .It Va tcp_extensions
565 disables certain TCP options as described by
571 might help remedy such problems with connections as randomly hanging
572 or other weird behavior.
573 Some network devices are known to be broken with respect to these options.
580 .Va net.inet.tcp.log_in_vain
582 .Va net.inet.udp.log_in_vain ,
587 are set to the given value.
595 will disable probing idle TCP connections to verify that the
596 peer is still up and reachable.
597 .It Va tcp_drop_synfin
604 will cause the kernel to ignore TCP frames that have both
605 the SYN and FIN flags set.
606 This prevents OS fingerprinting, but may break some legitimate applications.
607 This option is only available if the kernel was built with the
610 .It Va icmp_drop_redirect
617 will cause the kernel to ignore ICMP REDIRECT packets.
620 for more information.
621 .It Va icmp_log_redirect
628 will cause the kernel to log ICMP REDIRECT packets.
630 the log messages are not rate-limited, so this option should only be used
631 for troubleshooting networks.
634 for more information.
635 .It Va icmp_bmcastecho
639 to respond to broadcast or multicast ICMP ping packets.
642 for more information.
643 .It Va ip_portrange_first
647 this is the first port in the default portrange.
650 for more information.
651 .It Va ip_portrange_last
655 this is the last port in the default portrange.
658 for more information.
660 .It Va ifconfig_ Ns Aq Ar interface
664 Typically includes IP address.
665 Assuming that the interface in question was
667 it might look something like this:
669 ifconfig_ed0="inet 10.0.0.1 netmask 0xffff0000"
673 .Pa /etc/start_if. Ns Aq Ar interface
674 file is present, it is read and executed by the
676 interpreter before configuring the interface as specified in the
677 .Va ifconfig_ Ns Aq Ar interface
679 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
682 It is possible to bring up an interface with DHCP by adding
685 .Va ifconfig_ Ns Aq Ar interface
687 For instance, to initialize the
689 device via DHCP, it is possible to use something like:
695 .Va vlans_ Ns Aq Ar interface
699 interface will be created for each item in the list with the
703 If a vlan interface's name is a number,
704 then that number is used as the vlan tag and the new vlan interface is
706 .Ar interface . Ns Ar tag .
708 the vlan tag must be specified via a
711 .Va create_args_ Ns Aq Ar interface
714 To create a vlan device named
718 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
721 ifconfig_em0_101="inet 192.0.2.1/24"
724 To create a vlan device named
728 with the vlan tag 102:
731 create_args_myvlan="vlan 102"
735 .Va wlans_ Ns Aq Ar interface
739 interface will be created for each item in the list with the
743 Further wlan cloning arguments may be passed to the
746 command by setting the
747 .Va create_args_ Ns Aq Ar interface
751 devices must be created for each wireless devices as of
757 may be specified with an
758 .Va wlandebug_ Ns Aq Ar interface
760 The contents of this variable will be passed directly to
763 Also, if your interface needs WPA authentication, it is possible to add
766 .Va ifconfig_ Ns Aq Ar interface
769 .Xr wpa_supplicant 8 .
771 .Xr wpa_supplicant.conf 5
772 for configuring authentication information.
776 options in this variable, in addition to the
777 .Pa /etc/start_if. Ns Aq Ar interface
779 For instance, to initialize the
781 device via DHCP, using WPA authentication and 802.11b mode, it is
782 possible to use something like:
785 ifconfig_wlan0="up DHCP WPA mode 11b"
787 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
789 Configuration to establish an additional network address for
791 Assuming that the interface in question was
793 it might look something like this:
795 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
796 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
801 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
802 entry that is found, its contents are passed to
804 Execution stops at the first unsuccessful access, so if
805 something like this is present:
807 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
808 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
809 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
810 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
813 Then note that alias4 would
815 be added since the search would stop with the missing alias3 entry.
816 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _name
820 It is possible to rename interface by doing:
822 ifconfig_ed0_name="net0"
823 ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
832 will disable the configuration of network interfaces.
833 .It Va network_interfaces
835 The list of network interfaces to configure on this host,
838 to configure all network interfaces
841 For example, if the only network devices to be configured are the loopback device
845 driver, this could be set to
848 .Va ifconfig_ Ns Aq Ar interface
849 variable is assumed to exist for each value of
851 .It Va ipv6_network_interfaces
853 This is the IPv6 equivalent of
854 .Va network_interfaces .
855 Instead of setting the ifconfig variables as
856 .Va ifconfig_ Ns Aq Ar interface
857 they should be set as
858 .Va ipv6_ifconfig_ Ns Aq Ar interface .
859 Aliases should be set as
860 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
861 Interfaces that do not have a
862 .Va ipv6_ifconfig_ Ns Aq Ar interface
863 setting will be auto configured by
866 .Va ipv6_gateway_enable
869 Note that the IPv6 networking code does not support the
870 .Pa /etc/start_if. Ns Aq Ar interface
872 .It Va ipv6_prefix_ Ns Aq Ar interface
876 prefixlen 64 is used.
877 .It Va ipv6_default_interface
881 this is the default output interface for scoped addresses.
882 Now this works only for IPv6 link local multicast addresses.
883 .It Va ip6addrctl_enable
885 This variable is to enable configuring the default address selection policy table
889 and the policy table to be installed is specified by the
890 .Va ip6addrctl_policy
892 .It Va ip6addrctl_policy
894 This variable specifies the policy table to be installed,
895 and can be one of the following keywords:
908 installs a pre-defined policy table described in Section 2.1
916 is specified, it attempts to read a file
917 .Pa /etc/ip6addrctl.conf
919 If this file is found,
921 reads and installs it.
922 If not found, a policy is automatically set
925 variable; if the variable is set to
927 the IPv6-preferred one is used.
928 Otherwise IPv4-preferred.
929 .It Va ip6addrctl_verbose
933 print the installed policy table after configuring.
936 .It Va cloned_interfaces
938 Set to the list of clonable network interfaces to create on this host.
940 .Va cloned_interfaces
941 are automatically appended to
942 .Va network_interfaces
944 .It Va gif_interfaces
948 tunnel interfaces to configure on this host.
950 .Va gifconfig_ Ns Aq Ar interface
951 variable is assumed to exist for each value of
953 The value of this variable is used to configure the link layer of the
954 tunnel according to the syntax of the
958 Additionally, this option ensures that each listed interface is created via the
962 before attempting to configure it.
963 .It Va sppp_interfaces
967 interfaces to configure on this host.
969 .Va spppconfig_ Ns Aq Ar interface
970 variable is assumed to exist for each value of
972 Each interface should also be configured by a general
973 .Va ifconfig_ Ns Aq Ar interface
977 for more information about available options.
987 Mode in which to run the
996 See the manual for a full description.
1001 enables network address translation.
1002 Used in conjunction with
1004 allows hosts on private network addresses access to the Internet using
1005 this host as a network address translating router.
1008 The name of the profile to use from
1009 .Pa /etc/ppp/ppp.conf .
1010 Also used for per-profile overrides of
1011 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1012 Where the profile contains any of the characters
1014 they are translated to
1016 for the purposes of the override variable names.
1017 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1019 Set the unit number to be used for this profile.
1020 See the manual description of
1027 The name of the user under which
1034 .It Va rc_conf_files
1036 This option is used to specify a list of files that will override
1038 .Pa /etc/defaults/rc.conf .
1039 The files will be read in the order in which they are specified and should
1040 include the full path to the file.
1041 By default, the files specified are
1044 .Pa /etc/rc.conf.local
1045 .It Va fsck_y_enable
1050 will be run with the
1052 flag if the initial preen of the file systems fails.
1055 List of file system types that are network-based.
1056 This list should generally not be modified by end users.
1058 .Va extra_netfs_types
1060 .It Va extra_netfs_types
1062 If set to something other than
1064 (the default), this variable extends the list of file system types
1065 for which automatic mounting at startup by
1067 should be delayed until the network is initialized.
1069 a whitespace-separated list of network file system descriptor pairs,
1070 each consisting of a file system type as passed to
1072 and a human-readable, one-word description, joined with a colon
1074 Extending the default list in this way is only necessary
1075 when third party file system types are used.
1076 .It Va devfs_config_files
1078 This option is used to specify a list of configuration files containing
1080 rules that will be applied by
1082 in the order in which they are specified and must include the full path
1084 .It Va syslogd_enable
1091 .It Va syslogd_program
1096 .Pa /usr/sbin/syslogd ) .
1097 .It Va syslogd_flags
1103 these are the flags to pass to
1112 .It Va inetd_program
1117 .Pa /usr/sbin/inetd ) .
1124 these are the flags to pass to
1132 daemon at boot time.
1139 these are the flags to pass to it.
1145 will be updated at boot time to reflect the kernel release being run.
1149 will not be updated.
1150 .It Va nfs_client_enable
1154 setup NFS client parameters at boot time.
1155 .It Va nfs_access_cache
1158 .Va nfs_client_enable
1163 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1164 NFS ACCESS results should be cached.
1165 A value of 2-10 seconds will substantially reduce network traffic for
1166 many NFS operations.
1167 The default is 5 seconds.
1168 Note that the attribute cache holds stat information only.
1169 The NFS data cache is independent of the attribute cache and is only
1170 invalidated when the client detects that the server has modified the
1172 This value specifies a maximum timeout.
1173 The NFS client will automatically use a shorter timeout for files which
1174 have been recently modified.
1175 .It Va nfs_neg_cache
1178 .Va nfs_client_enable
1183 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existent
1184 filenames), or to the number of seconds for which negative lookups should
1186 A value of 2-10 seconds will substantially reduce network
1187 traffic for many NFS operations, especially source code builds.
1188 The default is 3 seconds.
1189 .It Va nfs_server_enable
1193 run the NFS server daemons at boot time.
1194 .It Va nfs_server_flags
1197 .Va nfs_server_enable
1200 these are the flags to pass to the
1203 .It Va mountd_enable
1208 .Va nfs_server_enable
1214 It is commonly needed to run CFS without real NFS used.
1221 these are the flags to pass to the
1224 .It Va weak_mountd_authentication
1228 allow services like PCNFSD to make non-privileged mount requests.
1229 .It Va nfs_reserved_port_only
1233 provide NFS services only on a secure port.
1234 .It Va nfs_bufpackets
1236 If set to a number, indicates the number of packets worth of
1237 socket buffer space to reserve on an NFS client.
1238 The kernel default is typically 4.
1239 Using a higher number may be useful on gigabit networks to improve performance.
1240 The minimum value is 2 and the maximum is 64.
1241 .It Va rpc_umntall_enable
1245 (default) and we are also an NFS client, run
1247 at boot time to clear out old mounts on remote servers.
1252 will not be run at boot time.
1253 .It Va rpc_lockd_enable
1257 and also an NFS server, run
1260 .It Va rpc_lockd_flags
1263 .Va rpc_lockd_enable
1266 these are the flags to pass to
1268 .It Va rpc_statd_enable
1272 and also an NFS server, run
1275 .It Va rpc_statd_flags
1278 .Va rpc_statd_enable
1281 these are the flags to pass to
1283 .It Va rpcbind_program
1285 Path to program for rpcbind daemon
1287 .Pa /usr/sbin/rpcbind ) .
1288 .It Va rpcbind_enable
1295 .It Va rpcbind_flags
1301 these are the flags to pass to
1302 .Va rpcbind_program .
1303 .It Va keyserv_enable
1309 daemon on boot for running Secure RPC.
1310 .It Va keyserv_flags
1316 these are the flags to pass to
1319 .It Va pppoed_enable
1325 daemon at boot time to provide PPP over Ethernet services.
1326 .It Va pppoed_provider
1329 listens to requests to this provider and ultimately runs
1333 argument of the same name.
1336 Additional flags to pass to
1338 .It Va pppoed_interface
1340 The network interface to run
1343 This is mandatory when
1353 service at boot time.
1354 This command is intended for networks of machines where a consistent
1356 for all hosts must be established.
1357 This is often useful in large NFS environments where time stamps on
1358 files are expected to be consistent network-wide.
1365 these are the flags to pass to the
1374 at system boot time.
1375 .It Va dntpd_program
1380 .Pa /usr/sbin/dntpd ) .
1387 these are the flags to pass to the
1390 .It Va btconfig_enable
1394 configure Bluetooth devices via
1396 at system boot time.
1397 .It Va btconfig_devices
1403 this is the list of Bluetooth devices to configure.
1405 .Va btconfig_devices
1406 is not specified, all devices known to the system will be configured.
1408 .Va btconfig_ Ns Aq Ar device
1409 variable can be set to specify parameters to be passed to
1411 .It Va btconfig_args
1417 this is the list of configuration parameters to pass to all Bluetooth
1423 run the Service Discovery Profile daemon
1425 at system boot time.
1432 these are the flags to pass to the
1435 .It Va bthcid_enable
1439 run the Bluetooth Link Key/PIN Code Manager daemon
1441 at system boot time.
1448 these are the flags to pass to the
1451 .It Va nis_client_enable
1457 service at system boot time.
1458 .It Va nis_client_flags
1461 .Va nis_client_enable
1464 these are the flags to pass to the
1467 .It Va nis_ypset_enable
1473 daemon at system boot time.
1474 .It Va nis_ypset_flags
1477 .Va nis_ypset_enable
1480 these are the flags to pass to the
1483 .It Va nis_server_enable
1489 daemon at system boot time.
1490 .It Va nis_server_flags
1493 .Va nis_server_enable
1496 these are the flags to pass to the
1499 .It Va nis_ypxfrd_enable
1505 daemon at system boot time.
1506 .It Va nis_ypxfrd_flags
1509 .Va nis_ypxfrd_enable
1512 these are the flags to pass to the
1515 .It Va nis_yppasswdd_enable
1521 daemon at system boot time.
1522 .It Va nis_yppasswdd_flags
1525 .Va nis_yppasswdd_enable
1528 these are the flags to pass to the
1531 .It Va rpc_ypupdated_enable
1537 daemon at system boot time.
1538 .It Va defaultrouter
1542 create a default route to this host name or IP address
1543 (use an IP address if this router is also required to get to the
1545 .It Va ipv6_defaultrouter
1547 The IPv6 equivalent of
1549 .It Va static_routes
1551 Set to the list of static routes that are to be added at system boot time.
1554 then for each whitespace separated
1557 .Va route_ Ns Aq Ar element
1558 variable is assumed to exist whose contents will later be passed to a
1561 .It Va change_routes
1563 Set to the list of static routes that are to be changed at system boot time
1564 (such as those added by the kernel).
1567 then for each whitespace separated
1570 .Va change_route_ Ns Aq Ar element
1571 variable is assumed to exist whose contents will later be passed to a
1572 .Dq Nm route Cm change
1574 .It Va ipv6_static_routes
1576 The IPv6 equivalent of
1580 then for each whitespace separated
1583 .Va ipv6_route_ Ns Aq Ar element
1584 variable is assumed to exist whose contents will later be passed to a
1585 .Dq Nm route Cm add Fl inet6
1587 .It Va gateway_enable
1591 configure host to act as an IP router, e.g. to forward packets
1593 .It Va ipv6_gateway_enable
1595 The IPv6 equivalent of
1596 .Va gateway_enable .
1597 .It Va router_enable
1601 run a routing daemon of some sort, based on the settings of
1605 .It Va ipv6_router_enable
1607 The IPv6 equivalent of
1611 run a routing daemon of some sort, based on the settings of
1612 .Va ipv6_router_program
1614 .Va ipv6_router_flags .
1615 .It Va router_program
1621 this is the name of the routing daemon to use
1623 .Pa /sbin/routed ) .
1624 .It Va ipv6_router_program
1626 The IPv6 equivalent of
1629 .Pa /sbin/route6d ) .
1636 these are the flags to pass to the routing daemon.
1637 .It Va ipv6_router_flags
1639 The IPv6 equivalent of
1641 .It Va mrouted_enable
1645 run the multicast routing daemon,
1647 .It Va mroute6d_enable
1649 The IPv6 equivalent of
1650 .Va mrouted_enable .
1653 run the IPv6 multicast routing daemon.
1654 Note that no IPv6 multicast routing daemon is included in the
1658 can be installed from the
1661 .Pa ( net/mcast-tools ) .
1662 .It Va mrouted_flags
1668 these are the flags to pass to the
1671 .It Va mroute6d_flags
1673 The IPv6 equivalent of
1679 these are the flags passed to the IPv6 multicast routing daemon.
1680 .It Va mroute6d_program
1686 this is the path to the IPv6 multicast routing daemon.
1687 .It Va rtadvd_enable
1693 daemon at boot time.
1696 .Va ipv6_gateway_enable
1701 utility sends router advertisement packets to the interfaces specified in
1702 .Va rtadvd_interfaces .
1704 and should only be enabled with great care.
1705 You may want to fine-tune
1707 .It Va rtadvd_interfaces
1713 this is the list of interfaces to use.
1714 .It Va rtsold_enable
1720 daemon at boot time.
1723 daemon is used for automatic discovery of non-link local addresses.
1730 these are the flags to pass to the
1737 enable global proxy ARP.
1738 .It Va forward_sourceroute
1746 source-routed packets are forwarded.
1747 .It Va accept_sourceroute
1751 the system will accept source-routed packets directed at it.
1758 daemon at system boot time.
1765 these are the flags to pass to the
1768 .It Va bootparamd_enable
1774 daemon at system boot time.
1775 .It Va bootparamd_flags
1778 .Va bootparamd_enable
1781 these are the flags to pass to the
1784 .It Va stf_interface_ipv4addr
1788 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling interface).
1789 Specify this entry to enable the 6to4 interface.
1790 .It Va stf_interface_ipv4plen
1792 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1793 An effective value is 0-31.
1794 .It Va stf_interface_ipv6_ifid
1796 IPv6 interface ID for
1800 .It Va stf_interface_ipv6_slaid
1802 IPv6 Site Level Aggregator for
1806 The keyboard bell sound.
1813 if the default behavior is desired.
1814 For details, refer to the
1821 no keymap is installed, otherwise the value is used to install
1823 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1826 The keyboard repeat speed.
1833 if the default behavior is desired.
1838 attempt to program the function keys with the value.
1839 The value should be a single string of the form:
1840 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
1843 Can be set to the value of
1846 .Dq Li destructive ,
1849 to set the cursor behavior explicitly or choose the default behavior.
1854 no screen map is installed, otherwise the value is used to install
1855 the screen map file in
1856 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
1861 the default 8x16 font value is used for screen size requests, otherwise
1863 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1869 the default 8x14 font value is used for screen size requests, otherwise
1871 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1877 the default 8x8 font value is used for screen size requests, otherwise
1879 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1885 the default screen blanking interval is used, otherwise it is set to
1892 this is the actual screen saver to use
1893 .Li ( blank , snake , daemon ,
1895 .It Va moused_nondefault_enable
1899 the mouse device specified on
1900 the command line is not automatically treated as enabled by the
1901 .Pa /etc/rc.d/moused
1903 Having this variable set to
1909 to be enabled as soon as it is plugged in.
1910 .It Va moused_enable
1916 daemon is started for doing cut/paste selection on the console.
1923 this is the protocol type of the mouse connected to this host.
1929 is able to detect the appropriate mouse type automatically in many cases.
1930 Leave this variable at the default
1932 to let the daemon detect it, or
1933 select one from the following list if the automatic detection fails.
1935 If the mouse is attached to the PS/2 mouse port, leave the variable at the
1940 regardless of the brand and model of the mouse.
1941 Likewise, if the mouse is attached to the bus mouse port, leave it at
1945 All other protocols are for serial mice and will not work with
1946 the PS/2 and bus mice.
1947 If this is a USB mouse,
1949 is the only protocol type which will work.
1951 .Bl -tag -width ".Li x10mouseremote" -compact
1953 Microsoft mouse (serial)
1955 Microsoft IntelliMouse (serial)
1957 Mouse systems Corp. mouse (serial)
1959 MM Series mouse (serial)
1961 Logitech mouse (serial)
1965 Logitech MouseMan and TrackMan (serial)
1967 ALPS GlidePoint (serial)
1968 .It Li thinkingmouse
1969 Kensington ThinkingMouse (serial)
1973 MM HitTablet (serial)
1974 .It Li x10mouseremote
1975 X10 MouseRemote (serial)
1977 Interlink VersaPad (serial)
1980 Even if the mouse is not in the above list, it may be compatible
1981 with one in the list.
1982 Refer to the man page for
1984 for compatibility information.
1986 It should also be noted that while this is enabled, any
1987 other client of the mouse (such as an X server) should access
1988 the mouse through the virtual mouse device,
1990 and configure it as a
1992 type mouse, since all
1993 mouse data is converted to this single canonical format when using
1995 If the client program does not support the
2000 It is the second preferred type.
2007 this is the actual port the mouse is on.
2010 for a COM1 serial mouse or
2012 for a PS/2 mouse, for example.
2017 is set, these are the additional flags to pass to the
2020 .It Va mousechar_start
2024 the default mouse cursor character range
2025 .Li 0xd0 Ns - Ns Li 0xd3
2026 is used, otherwise the range start is set to
2030 Use if the default range is occupied in the language code table.
2033 Set the size of the history (scrollback) buffer in lines.
2034 .It Va allscreens_flags
2038 is run with these options for each of the virtual terminals
2042 will enable the mouse pointer on all virtual terminals if
2046 .It Va allscreens_kbdflags
2050 is run with these options for each of the virtual terminals
2056 scrollback (history) buffer to 200 lines.
2063 daemon at system boot time.
2069 .Pa /usr/sbin/cron ) .
2076 these are the flags to pass to
2083 .Pa /usr/sbin/lpd ) .
2090 daemon at system boot time.
2097 these are the flags to pass to the
2106 daemon at system boot time.
2113 settings across reboots.
2114 .It Va mta_start_script
2116 The full path to the script to run to start
2117 a mail transfer agent.
2119 .Pa /etc/rc.sendmail .
2123 .Pa /etc/rc.sendmail
2124 uses are documented in the
2130 .Sq HAMMER ROOT with UFS /boot
2131 setup, the boot loader will not set up the
2134 The system will attempt to fix this on its own.
2135 Set this variable to
2137 to turn this behavior off.
2140 Indicates the device (usually a swap partition) to which a crash dump
2141 should be written in the event of a system crash.
2142 The value of this variable is passed as the argument to
2146 To disable crash dumps, set this variable to
2150 When the system reboots after a crash and a crash dump is found on the
2151 device specified by the
2155 will save that crash dump and a copy of the kernel to the directory
2159 The default value is
2168 .It Va savecore_flags
2170 If crash dumps are enabled, these are the flags to pass to the
2173 .It Va crashinfo_enable
2177 to turn on automatic crash dump summary generation using the utility
2179 .Va crashinfo_program
2181 .It Va crashinfo_program
2183 Program to run to generate a crash dump summary if the variable
2184 .Va crashinfo_enable
2187 The default value is
2188 .Pa /usr/sbin/crashinfo .
2189 .It Va enable_quotas
2193 to turn on user disk quotas on system startup via the
2200 to enable user disk quota checking via the
2203 .It Va accounting_enable
2207 to enable system accounting through the
2210 .\" ----- cleanvar_enable setting--------------------------------
2211 .It Va cleanvar_enable
2219 .Pa /var/spool/uucp/.Temp/*
2221 .\" ----- clear_tmp_enable setting-------------------------------
2222 .It Va clear_tmp_enable
2229 .\" ----- ldconfig_paths setting --------------------------------
2230 .It Va ldconfig_paths
2232 Set to the list of shared library paths to use with
2236 will always be added first, so it need not appear in this list.
2237 .It Va ldconfig_insecure
2241 utility normally refuses to use directories
2242 which are writable by anyone except root.
2243 Set this variable to
2245 to disable that security check during system startup.
2246 .It Va ldconfig_local_dirs
2248 Set to the list of local
2251 The names of all files in the directories listed will be
2252 passed as arguments to
2254 .It Va kern_securelevel
2256 The kernel security level to set at startup.
2257 The allowed range of
2259 ranges from \-1 (the compile time default) to 3 (the most secure).
2262 for the list of possible security levels and their effect on system operation.
2269 at system boot time.
2276 at system boot time.
2279 Path to the SSH server program
2281 .Pa /usr/sbin/sshd ) .
2288 these are the flags to pass to the
2297 at system boot time.
2304 these are the flags to pass to the
2307 .It Va watchdogd_enable
2313 daemon at boot time.
2318 any configured jails will not be started.
2321 A space separated list of names for jails.
2322 This is purely a configuration aid to help identify and
2323 configure multiple jails.
2324 The names specified in this list will be used to
2325 identify settings common to an instance of a jail.
2326 Assuming that the jail in question was named
2328 you would have the following dependent variables:
2330 jail_vjail_hostname="jail.example.com"
2331 jail_vjail_ip="192.168.1.100"
2332 jail_vjail_rootdir="/var/jails/vjail/root"
2337 When set, use as default value for
2338 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2341 .It Va jail_interface
2344 When set, use as default value for
2345 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2351 When set, use as default value for
2352 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2355 .It Va jail_mount_enable
2363 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2366 by default for every jail in
2368 .It Va jail_procfs_enable
2376 .Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2379 by default for every jail in
2381 .It Va jail_devfs_enable
2389 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2392 by default for every jail in
2394 .It Va jail_exec_start
2397 When set, use as default value for
2398 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2401 .It Va jail_exec_stop
2403 When set, use as default value for
2404 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2407 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
2410 Set to the root directory used by jail
2412 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
2415 Set to the fully qualified domain name (FQDN) assigned to jail
2417 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
2420 Set to the IP address assigned to jail
2422 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2427 These are flags to pass to
2429 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2432 When set, sets the interface to use when setting IP address alias.
2433 Note that the alias is created at jail startup and removed at jail shutdown.
2434 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2437 .Pa /etc/fstab. Ns Aq Ar jname
2439 This is the file system information file to use for jail
2441 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2448 mount all file systems from
2449 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2451 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2458 mount the process file system inside jail
2461 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2468 mount the device file system inside jail
2471 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2474 .Dq Li /bin/sh /etc/rc
2476 This is the command executed at jail startup.
2477 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2480 .Dq Li /bin/sh /etc/rc.shutdown
2482 This is the command executed at jail shutdown.
2483 .It Va jail_set_hostname_allow
2487 do not allow the root user in a jail to set its hostname.
2488 .It Va jail_socket_unixiproute_only
2492 do not allow any sockets,
2493 besides UNIX/IP/route sockets,
2494 to be used within a jail.
2495 .It Va jail_sysvipc_allow
2499 allow applications within a jail to use System V IPC.
2504 LVM volumes will be discovered and configured on boot.
2505 .It Va newsyslog_enable
2511 before syslogd starts.
2512 .It Va newsyslog_flags
2515 .Va newsyslog_enable
2518 these are the flags passed to
2520 .It Va resident_enable
2524 make the dynamic binaries listed in
2525 .Pa /etc/resident.conf
2527 .It Va varsym_enable
2532 .Pa /etc/varsym.conf
2533 to set system-wide variables for variant symlinks.
2538 or a whitespace separated list of IRQ numbers which will be used as a source of
2540 .\" -----------------------------------------------------
2545 to disable caching entropy via
2547 Otherwise set to the directory used to store entropy files in.
2552 to disable caching entropy through reboots.
2553 Otherwise set to the filename used to store cached entropy through reboots.
2554 This file should be located on the root file system to seed the
2556 device as early as possible in the boot process.
2557 .It Va entropy_save_sz
2559 Determines the size of the entropy cache files used for entropy cached
2560 through reboots and also entropy cached via
2562 The entropy is fed to the system in blocks of 512 bytes, so this number
2563 should be large enough to fill as many of the entropy pools in the kernel
2565 By default, it is set to 16384, which should be able to seed all 32 entropy
2566 pools in the Fortuna CSPRNG.
2574 .Pa /var/run/dmesg.boot
2576 .It Va rcshutdown_timeout
2578 If set, start a watchdog timer in the background which will terminate
2582 has not completed within the specified time (in seconds).
2583 Notice that in addition to this soft timeout,
2585 also applies a hard timeout for the execution of
2587 This is configured via
2590 .Va kern.init_shutdown_timeout
2591 and defaults to 120 seconds. Setting the value of
2592 .Va rcshutdown_timeout
2593 to more than 120 seconds will have no effect until the
2596 .Va kern.init_shutdown_timeout
2602 the udevd daemon will be started on boot.
2603 .It Va vfs_quota_enable
2607 vfs quota rc.d scripts will be run on boot.
2608 .It Va vfs_quota_sync
2610 List of mount points whose counters are to be synchronized with on-disk
2611 usage during system startup.
2614 .It Va vknetd_enable
2619 will be started on boot.
2622 Additional flags passed to
2624 Usually address/cidrbits is specified here.
2625 When no flags are passed, default option
2628 .It Va vkernel_enable
2632 any configured vkernels will not be started.
2633 .It Va vkernel_kill_timeout
2635 This defines the default number of seconds that we will wait for the
2636 vkernel to shut down on its own.
2637 If after this time it's still alive,
2638 it will be killed with SIGKILL.
2641 Defines the default path to the vkernel binary.
2644 A space separated list of names for vkernels.
2645 This is purely a configuration aid to help identify and
2646 configure multiple vkernels.
2647 The names specified in this list will be used to
2648 identify settings common to a vkernel instance.
2649 Assuming that the vkernel in question was named
2651 you would have the following dependent variables
2652 (filled with reference values in this text):
2654 vkernel_example_bin="/usr/obj/usr/src/sys/VKERNEL64/kernel.debug"
2655 vkernel_example_memsize="64m"
2656 vkernel_example_rootimg_list="/var/vkernel/rootimg.01"
2657 vkernel_example_memimg="/var/vkernel/memimg.000001"
2658 vkernel_example_user="myuser"
2659 vkernel_example_iface_list="auto:bridge0"
2660 vkernel_example_logfile="/dev/null"
2661 vkernel_example_flags="-U"
2662 vkernel_example_kill_timeout="45"
2665 The last six are optional.
2666 They default to an empty string if not set, except for logfile which defaults to
2676 which is the vkernel's default directory for memory images,
2677 with permissions of 1777, i.e. world writable with the sticky bit set
2680 .It Va autofs_enable
2690 daemons at boot time.
2691 .It Va automount_flags
2697 these are the flags to pass to the
2700 By default no flags are passed.
2701 .It Va automountd_flags
2707 these are the flags to pass to the
2710 By default no flags are passed.
2711 .It Va autounmountd_flags
2717 these are the flags to pass to the
2720 By default no flags are passed.
2723 .Bl -tag -width ".Pa /etc/start_if. Ns Aq Ar interface" -compact
2724 .It Pa /etc/defaults/rc.conf
2726 .It Pa /etc/rc.conf.local
2727 .It Pa /etc/start_if. Ns Aq Ar interface
2747 .Xr resident.conf 5 ,
2752 .Xr autounmountd 8 ,
2809 .An Jordan K. Hubbard .