4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
26 .\" $DragonFly: src/share/man/man5/rc.conf.5,v 1.22 2006/07/02 00:42:25 swildner Exp $
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions
47 Instead, it is included by the
48 various generic startup scripts in
50 which conditionalize their
51 internal actions according to the settings found there.
55 file is included from the file
56 .Pa /etc/defaults/rc.conf ,
57 which specifies the default settings for all the available options.
58 Options need only be specified in
60 when the system administrator wishes to override these defaults.
62 .Pa /etc/rc.conf.local
63 is used to override settings in
65 for historical reasons.
70 The following list provides a name and short description for each
71 variable that can be set in the
74 .Bl -tag -width indent-two
79 enable output of debug messages from rc scripts.
80 This variable can be helpful in diagnosing mistakes when
81 editing or integrating new scripts.
82 Beware that this produces copious output to the terminal and
88 disable informational messages from the rc scripts.
89 Informational messages are displayed when
90 a condition that is not serious enough to warrant a warning or
96 no swapfile is installed, otherwise the value is used as the full
97 pathname to a file to use for additional swap space.
102 enable support for Automatic Power Management with
110 to handle APM event from userland.
111 This also enables support for APM.
118 these are the flags to pass to the
124 to monitor the status of batteries present in the system.
125 This also enables support for APM.
132 these are the flags to pass to the
139 to handle device added, removed or unknown events from the kernel.
140 .It Va pccard_ifconfig
142 List of arguments to be passed to
145 insertion of the card (e.g.\&
146 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
147 for a fixed address or
150 .It Va pccard_ether_delay
152 Set the delay before starting
155 .Pa /etc/pccard_ether
157 This defaults to 5 seconds to work around a bug in the
159 driver which can lead to system hangs when using some newer
162 .It Va removable_interfaces
164 List of removable network interfaces to be supported by
165 .Pa /etc/pccard_ether .
168 List of directories to search for startup script files.
169 .It Va script_name_sep
171 The field separator to use for breaking down the list of startup script files
172 into individual filenames.
173 The default is a space.
174 It is not necessary to change this unless there are startup scripts with names
178 The fully qualified domain name (FQDN) of this host on the network.
179 This should almost certainly be set to something meaningful, even if
180 there is no network connection.
183 is used to set the hostname via DHCP,
184 this variable should be set to an empty string.
187 Enable support for IPv6 networking.
188 Note that this requires that the kernel have been compiled with
189 .Cd "options INET6" .
192 The NIS domain name of this host, or
195 .It Va dhclient_program
197 Path to the DHCP client program
198 .Pa ( /sbin/dhclient ,
201 .It Va dhclient_flags
203 Additional flags to pass to the DHCP client program.
204 For the ISC DHCP client, see the
206 manpage for a description of the command line options available.
207 .It Va background_dhclient
211 to start the dhcp client in background.
212 This can cause trouble with applications depending on
213 a working network, but it will provide a faster startup
215 .It Va firewall_enable
219 to load firewall rules at startup.
220 If the kernel was not built with
221 .Cd "options IPFIREWALL" ,
224 kernel module will be loaded.
226 .Va ipfilter_enable .
227 .It Va ipv6_firewall_enable
229 The IPv6 equivalent of
230 .Va firewall_enable .
233 to load IPv6 firewall rules at startup.
234 If the kernel was not built with
235 .Cd "options IPV6FIREWALL" ,
238 kernel module will be loaded.
239 .It Va firewall_script
241 This variable specifies the full path to the firewall script to run.
243 .Pa /etc/rc.firewall .
244 .It Va ipv6_firewall_script
246 The IPv6 equivalent of
247 .Va firewall_script .
250 Names the firewall type from the selection in
251 .Pa /etc/rc.firewall ,
252 or the file which contains the local firewall ruleset.
253 Valid selections from
257 .Bl -tag -width ".Li simple" -compact
259 unrestricted IP access
261 all IP services disabled, except via
264 basic protection for a workstation
266 basic protection for a LAN.
269 If a filename is specified, the full path
271 .It Va ipv6_firewall_type
273 The IPv6 equivalent of
275 .It Va firewall_quiet
279 to disable the display of firewall rules on the console during boot.
280 .It Va ipv6_firewall_quiet
282 The IPv6 equivalent of
284 .It Va firewall_logging
288 to enable firewall event logging.
289 This is equivalent to the
290 .Dv IPFIREWALL_VERBOSE
292 .It Va ipv6_firewall_logging
294 The IPv6 equivalent of
295 .Va firewall_logging .
296 .It Va firewall_flags
302 specifies a filename.
303 .It Va ipv6_firewall_flags
305 The IPv6 equivalent of
322 sockets must be enabled in the kernel.
323 .It Va natd_interface
325 This is the name of the public interface on which
328 The interface may be given as an interface name or as an IP address.
333 flags should be placed here.
338 flag is automatically added with the above
341 .\" ----- ipfilter_enable setting --------------------------------
342 .It Va ipfilter_enable
353 Typical usage will require putting
355 ipfilter_enable="YES"
373 can be enabled independently.
377 both require at least one of
387 options IPFILTER_DEFAULT_BLOCK
390 in the kernel configuration file is a good idea, too.
391 .\" ----- ipfilter_program setting ------------------------------
392 .It Va ipfilter_program
398 .\" ----- ipfilter_rules setting --------------------------------
399 .It Va ipfilter_rules
404 This variable contains the name of the filter rule definition file.
405 The file is expected to be readable for the
408 .\" ----- ipv6_ipfilter_rules setting ---------------------------
409 .It Va ipv6_ipfilter_rules
414 This variable contains the IPv6 filter rule definition file.
415 The file is expected to be readable for the
418 .\" ----- ipfilter_flags setting --------------------------------
419 .It Va ipfilter_flags
422 This variable contains flags passed to the
425 .\" ----- ipnat_enable setting ----------------------------------
435 network address translation.
438 for a detailed discussion.
439 .\" ----- ipnat_program setting ---------------------------------
446 .\" ----- ipnat_rules setting -----------------------------------
452 This variable contains the name of the file
453 holding the network address translation definition.
454 This file is expected to be readable for the
457 .\" ----- ipnat_flags setting -----------------------------------
461 This variable contains flags passed to the
464 .\" ----- ipmon_enable setting ----------------------------------
479 Setting this variable needs setting
486 for a detailed discussion.
487 .\" ----- ipmon_program setting ---------------------------------
494 .\" ----- ipmon_flags setting -----------------------------------
500 This variable contains flags passed to the
503 Another typical example would be
504 .Dq Fl D Pa /var/log/ipflog
507 log directly to a file bypassing
510 .Pa /etc/newsyslog.conf
511 in such case like this:
513 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
515 .\" ----- ipfs_enable setting -----------------------------------
525 saving the filter and NAT state tables during shutdown
526 and reloading them during startup again.
527 Setting this variable needs setting
536 for a detailed discussion.
542 because the raised securelevel will prevent
544 from saving the state tables at shutdown time.
545 .\" ----- ipfs_program setting ----------------------------------
552 .\" ----- ipfs_flags setting ------------------------------------
556 This variable contains flags passed to the
559 .\" ----- end of added ipf hook ---------------------------------
560 .It Va tcp_extensions
567 disables certain TCP options as described by
573 might help remedy such problems with connections as randomly hanging
574 or other weird behavior.
575 Some network devices are known
576 to be broken with respect to these options.
583 .Va net.inet.tcp.log_in_vain
585 .Va net.inet.udp.log_in_vain ,
590 are set to the given value.
598 will disable probing idle TCP connections to verify that the
599 peer is still up and reachable.
600 .It Va tcp_drop_synfin
607 will cause the kernel to ignore TCP frames that have both
608 the SYN and FIN flags set.
609 This prevents OS fingerprinting, but may
610 break some legitimate applications.
611 This option is only available if the
612 kernel was built with the
615 .It Va icmp_drop_redirect
622 will cause the kernel to ignore ICMP REDIRECT packets.
625 for more information.
626 .It Va icmp_log_redirect
633 will cause the kernel to log ICMP REDIRECT packets.
635 the log messages are not rate-limited, so this option should only be used
636 for troubleshooting networks.
639 for more information.
640 .It Va icmp_bmcastecho
644 to respond to broadcast or multicast ICMP ping packets.
647 for more information.
648 .It Va ip_portrange_first
652 this is the first port in the default portrange.
655 for more information.
656 .It Va ip_portrange_last
660 this is the last port in the default portrange.
663 for more information.
664 .It Va network_interfaces
666 Set to the list of network interfaces to configure on this host.
667 For example, if the only network devices in the system are the loopback
676 .Va ifconfig_ Ns Aq Ar interface
677 variable is also assumed to exist for each value of
679 It is also possible to add IP alias entries here in cases where
680 multiple IP addresses registered against a single interface
682 Assuming that the interface in question was
687 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
688 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
693 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
695 its contents are passed to
697 Execution stops at the first unsuccessful access, so if
698 something like this is present:
700 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
701 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
702 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
703 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
706 Then note that alias4 would
708 be added since the search would
709 stop with the missing alias3 entry.
712 .Pa /etc/start_if. Ns Aq Ar interface
713 file is present, it is read and executed by the
716 before configuring the interface as specified in the
717 .Va ifconfig_ Ns Aq Ar interface
719 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
722 It is possible to bring up an interface with DHCP by setting the
723 .Va ifconfig_ Ns Aq Ar interface
726 For instance, to initialize the
729 it is possible to use something like:
733 .It Va ipv6_network_interfaces
735 This is the IPv6 equivalent of
736 .Va network_interfaces .
737 Instead of setting the ifconfig variables as
738 .Va ifconfig_ Ns Aq Ar interface
739 they should be set as
740 .Va ipv6_ifconfig_ Ns Aq Ar interface .
741 Aliases should be set as
742 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
743 .Va ipv6_prefix_ Ns Aq Ar interface
745 Interfaces that do not have a
746 .Va ipv6_ifconfig_ Ns Aq Ar interface
747 setting will be auto configured by
750 .Va ipv6_gateway_enable
753 Note that the IPv6 networking code does not support the
754 .Pa /etc/start_if. Ns Aq Ar interface
756 .It Va ipv6_default_interface
760 this is the default output interface for scoped addresses.
761 Now this works only for IPv6 link local multicast addresses.
762 .It Va cloned_interfaces
764 Set to the list of clonable network interfaces to create on this host.
766 .Va cloned_interfaces
767 are automatically appended to
768 .Va network_interfaces
770 .It Va gif_interfaces
774 tunnel interfaces to configure on this host.
776 .Va gifconfig_ Ns Aq Ar interface
777 variable is assumed to exist for each value of
779 The value of this variable is used to configure the link layer of the
780 tunnel according to the syntax of the
784 Additionally, this option ensures that each listed interface is created
789 before attempting to configure it.
790 .It Va sppp_interfaces
794 interfaces to configure on this host.
796 .Va spppconfig_ Ns Aq Ar interface
797 variable is assumed to exist for each value of
799 Each interface should also be configured by a general
800 .Va ifconfig_ Ns Aq Ar interface
804 for more information about available options.
814 Mode in which to run the
823 See the manual for a full description.
828 enables network address translation.
829 Used in conjunction with
831 allows hosts on private network addresses access to the Internet using
832 this host as a network address translating router.
835 The name of the profile to use from
836 .Pa /etc/ppp/ppp.conf .
839 The name of the user under which
849 This option is used to specify a list of files that will override
851 .Pa /etc/defaults/rc.conf .
852 The files will be read in the order in which they are specified and should
853 include the full path to the file.
854 By default, the files specified are
857 .Pa /etc/rc.conf.local
865 flag if the initial preen
866 of the file systems fails.
869 List of file system types that are network-based.
870 This list should generally not be modified by end users.
872 .Va extra_netfs_types
874 .It Va extra_netfs_types
876 If set to something other than
879 this variable extends the list of file system types
880 for which automatic mounting at startup by
882 should be delayed until the network is initialized.
884 a whitespace-separated list of network file system descriptor pairs,
885 each consisting of a file system type as passed to
887 and a human-readable, one-word description,
890 Extending the default list in this way is only necessary
891 when third party file system types are used.
892 .It Va syslogd_enable
899 .It Va syslogd_program
904 .Pa /usr/sbin/syslogd ) .
911 these are the flags to pass to
925 .Pa /usr/sbin/inetd ) .
932 these are the flags to pass to
938 use new functionality provided in the
940 script to facilitate a
944 This variable is experimental.
945 It may be removed or changed in the near future.
958 .Pa /usr/sbin/named ) .
965 these are the flags to pass to
969 This is the default path to the
972 Change it if you change the location in
973 .Pa /etc/namedb/named.conf .
974 .It Va named_chrootdir
976 The root directory for a name server run in a
984 This variable has no effect if
987 This variable is experimental.
988 It may be removed or changed in the near future.
989 .It Va named_chroot_autoupdate
993 to disable automatic syncing of libraries and
994 other system files between the root file system and the
996 This variable has no effect if
999 This variable is experimental.
1000 It may be removed or changed in the near future.
1001 .It Va named_symlink_enable
1005 to disable symlinking of
1011 environment in which
1014 This variable has no effect if
1017 This variable is experimental.
1018 It may be removed or changed in the near future.
1019 .It Va kerberos5_server_enable
1023 to start a Kerberos 5 authentication server
1025 .It Va kerberos5_server
1028 .Va kerberos5_server_enable
1031 this is the path to Kerberos 5 Authentication Server.
1032 .It Va kadmind5_server_enable
1038 the Kerberos 5 Administration Daemon; set to
1041 .It Va kadmind5_server
1044 .Va kadmind5_server_enable
1047 this is the path to Kerberos 5 Administration Daemon.
1048 .It Va kpasswdd_server_enable
1054 the Kerberos 5 Password-Changing Daemon; set to
1057 .It Va kpasswdd_server
1060 .Va kpasswdd_server_enable
1063 this is the path to Kerberos 5 Password-Changing Daemon.
1070 daemon at boot time.
1077 these are the flags to pass to it.
1084 daemon at boot time.
1091 these are the flags to pass to it.
1094 manpage for more information.
1095 .It Va amd_map_program
1098 the specified program is run to get the list of
1103 maps are stored in NIS, one can set this to
1116 will be updated at boot time to reflect the kernel release
1121 will not be updated.
1122 .It Va nfs_client_enable
1126 run the NFS client daemons at boot time.
1127 .It Va nfs_access_cache
1130 .Va nfs_client_enable
1135 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1137 results should be cached.
1138 A value of 2-10 seconds will substantially reduce network traffic for
1139 many NFS operations. The default is 5 seconds. Note that the attribute
1140 cache holds stat information only. The NFS data cache is independant
1141 of the attribute cache and is only invalidated when the client detects that
1142 the server has modified the underlying file. This value specifies a
1143 maximum timeout. The NFS client will automatically use a shorter timeout
1144 for files which have been recently modified.
1145 .It Va nfs_neg_cache
1148 .Va nfs_client_enable
1153 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existant
1154 filenames), or to the number of seconds for which negative lookups should
1156 A value of 2-10 seconds will substantially reduce network
1157 traffic for many NFS operations, especially source code builds. The
1158 default is 3 seconds.
1159 .It Va nfs_server_enable
1163 run the NFS server daemons at boot time.
1164 .It Va nfs_server_flags
1167 .Va nfs_server_enable
1170 these are the flags to pass to the
1173 .It Va mountd_enable
1178 .Va nfs_server_enable
1184 It is commonly needed to run CFS without real NFS used.
1191 these are the flags to pass to the
1194 .It Va weak_mountd_authentication
1198 allow services like PCNFSD to make non-privileged mount
1200 .It Va nfs_reserved_port_only
1204 provide NFS services only on a secure port.
1205 .It Va nfs_bufpackets
1207 If set to a number, indicates the number of packets worth of
1208 socket buffer space to reserve on an NFS client.
1209 The kernel default is typically 4.
1210 Using a higher number may be
1211 useful on gigabit networks to improve performance.
1212 The minimum value is
1213 2 and the maximum is 64.
1214 .It Va rpc_umntall_enable
1218 (default) and we are also an NFS client, run
1220 at boot time to clear out old mounts on remote servers.
1225 will not be run at boot time.
1226 .It Va rpc_lockd_enable
1230 and also an NFS server, run
1233 .It Va rpc_statd_enable
1237 and also an NFS server, run
1240 .It Va rpcbind_program
1245 .Pa /usr/sbin/rpcbind ) .
1246 .It Va rpcbind_enable
1252 service at boot time.
1253 .It Va rpcbind_flags
1259 these are the flags to pass to the
1262 .It Va keyserv_enable
1268 daemon on boot for running Secure RPC.
1269 .It Va keyserv_flags
1275 these are the flags to pass to
1278 .It Va pppoed_enable
1284 daemon at boot time to provide PPP over Ethernet services.
1285 .It Va pppoed_ Ns Ar provider
1288 listens to requests to this
1294 argument of the same name.
1297 Additional flags to pass to
1299 .It Va pppoed_interface
1301 The network interface to run
1304 This is mandatory when
1314 service at boot time.
1315 This command is intended for networks of
1316 machines where a consistent
1318 for all hosts must be established.
1319 This is often useful in large NFS
1320 environments where time stamps on files are expected to be consistent
1328 these are the flags to pass to the
1337 command at boot time.
1343 .Pa /usr/sbin/ntpd ) .
1350 these are the flags to pass to the
1354 by default which sets the time immediately at startup if the
1355 local clock is off by more than 180 seconds. To prevent
1357 from doing this, set
1361 .It Va nis_client_enable
1367 service at system boot time.
1368 .It Va nis_client_flags
1371 .Va nis_client_enable
1374 these are the flags to pass to the
1377 .It Va nis_ypset_enable
1383 daemon at system boot time.
1384 .It Va nis_ypset_flags
1387 .Va nis_ypset_enable
1390 these are the flags to pass to the
1393 .It Va nis_server_enable
1399 daemon at system boot time.
1400 .It Va nis_server_flags
1403 .Va nis_server_enable
1406 these are the flags to pass to the
1409 .It Va nis_ypxfrd_enable
1415 daemon at system boot time.
1416 .It Va nis_ypxfrd_flags
1419 .Va nis_ypxfrd_enable
1422 these are the flags to pass to the
1425 .It Va nis_yppasswdd_enable
1431 daemon at system boot time.
1432 .It Va nis_yppasswdd_flags
1435 .Va nis_yppasswdd_enable
1438 these are the flags to pass to the
1441 .It Va rpc_ypupdated_enable
1447 daemon at system boot time.
1448 .It Va defaultrouter
1452 create a default route to this host name or IP address
1453 (use an IP address if this router is also required to get to the
1455 .It Va ipv6_defaultrouter
1457 The IPv6 equivalent of
1459 .It Va static_routes
1461 Set to the list of static routes that are to be added at system
1465 then for each whitespace separated
1468 .Va route_ Ns Aq Ar element
1469 variable is assumed to exist
1470 whose contents will later be passed to a
1473 .It Va ipv6_static_routes
1475 The IPv6 equivalent of
1479 then for each whitespace separated
1482 .Va ipv6_route_ Ns Aq Ar element
1483 variable is assumed to exist
1484 whose contents will later be passed to a
1485 .Dq Nm route Cm add Fl inet6
1487 .It Va gateway_enable
1491 configure host to act as an IP router, e.g. to forward packets
1493 .It Va ipv6_gateway_enable
1495 The IPv6 equivalent of
1496 .Va gateway_enable .
1497 .It Va router_enable
1501 run a routing daemon of some sort, based on the
1506 .It Va ipv6_router_enable
1508 The IPv6 equivalent of
1512 run a routing daemon of some sort, based on the
1516 .Va ipv6_router_flags .
1523 this is the name of the routing daemon to use.
1526 The IPv6 equivalent of
1534 these are the flags to pass to the routing daemon.
1535 .It Va ipv6_router_flags
1537 The IPv6 equivalent of
1539 .It Va mrouted_enable
1543 run the multicast routing daemon,
1545 .It Va mroute6d_enable
1547 The IPv6 equivalent of
1548 .Va mrouted_enable .
1551 run the IPv6 multicast routing daemon.
1552 Note that no IPv6 multicast routing daemon is included in the
1556 can be installed from the pkgsrc collection.
1557 .It Va mrouted_flags
1563 these are the flags to pass to the
1566 .It Va mroute6d_flags
1568 The IPv6 equivalent of
1574 these are the flags passed to the IPv6 multicast routing daemon.
1575 .It Va mroute6d_program
1581 this is the path to the IPv6 multicast routing daemon.
1582 .It Va rtadvd_enable
1588 daemon at boot time.
1591 .Va ipv6_gateway_enable
1596 utility sends router advertisement packets to the interfaces specified in
1597 .Va rtadvd_interfaces .
1599 and should only be enabled with great care.
1600 You may want to fine-tune
1602 .It Va rtadvd_interfaces
1608 this is the list of interfaces to use.
1609 .It Va ipxgateway_enable
1613 enable the routing of IPX traffic.
1614 .It Va ipxrouted_enable
1620 daemon at system boot time.
1621 .It Va ipxrouted_flags
1624 .Va ipxrouted_enable
1627 these are the flags to pass to the
1634 enable global proxy ARP.
1635 .It Va forward_sourceroute
1643 source-routed packets are forwarded.
1644 .It Va accept_sourceroute
1648 the system will accept source-routed packets directed at it.
1655 daemon at system boot time.
1662 these are the flags to pass to the
1665 .It Va bootparamd_enable
1671 daemon at system boot time.
1672 .It Va bootparamd_flags
1675 .Va bootparamd_enable
1678 these are the flags to pass to the
1681 .It Va stf_interface_ipv4addr
1685 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
1687 Specify this entry to enable the 6to4 interface.
1688 .It Va stf_interface_ipv4plen
1690 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1691 An effective value is 0-31.
1692 .It Va stf_interface_ipv6_ifid
1694 IPv6 interface ID for
1698 .It Va stf_interface_ipv6_slaid
1700 IPv6 Site Level Aggregator for
1702 .It Va ipv6_faith_prefix
1706 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
1711 .It Va ipv6_ipv4mapping
1715 this enables IPv4 mapped IPv6 address communication (like
1716 .Li ::ffff:a.b.c.d ) .
1721 to enable the configuration of ATM interfaces at system boot time.
1722 For all of the ATM variables described below, please refer to the
1724 man page for further details on the available command parameters.
1725 Also refer to the files in
1726 .Pa /usr/share/examples/atm
1727 for more detailed configuration information.
1730 This is a list of physical ATM interface drivers to load. Typical values are
1734 .It Va atm_netif_ Ns Aq Ar intf
1736 For the ATM physical interface
1738 this variable defines the name prefix and count for the ATM network
1739 interfaces to be created.
1740 The value will be passed as the parameters of an
1741 .Dq Nm atm Cm "set netif" Ar intf
1743 .It Va atm_sigmgr_ Ns Aq Ar intf
1745 For the ATM physical interface
1747 this variable defines the ATM signalling manager to be used.
1748 The value will be passed as the parameters of an
1749 .Dq Nm atm Cm attach Ar intf
1751 .It Va atm_prefix_ Ns Aq Ar intf
1753 For the ATM physical interface
1755 this variable defines the NSAP prefix for interfaces using a UNI signalling
1759 the prefix will automatically be set via the
1762 Otherwise, the value will be passed as the parameters of an
1763 .Dq Nm atm Cm "set prefix" Ar intf
1765 .It Va atm_macaddr_ Ns Aq Ar intf
1767 For the ATM physical interface
1769 this variable defines the MAC address for interfaces using a UNI signalling
1773 the hardware MAC address contained in the ATM interface card will be used.
1774 Otherwise, the value will be passed as the parameters of an
1775 .Dq Nm atm Cm "set mac" Ar intf
1777 .It Va atm_arpserver_ Ns Aq Ar netif
1779 For the ATM network interface
1781 this variable defines the ATM address for a host which is to provide ATMARP
1783 This variable is only applicable to interfaces using a UNI signalling
1787 this host will become an ATMARP server.
1788 The value will be passed as the parameters of an
1789 .Dq Nm atm Cm "set arpserver" Ar netif
1791 .It Va atm_scsparp_ Ns Aq Ar netif
1795 SCSP/ATMARP service for the network interface
1797 will be initiated using the
1802 This variable is only applicable if
1803 .Va atm_arpserver_ Ns Aq Ar netif
1808 Set to the list of ATM PVCs to be added at system
1810 For each whitespace separated
1813 .Va atm_pvc_ Ns Aq Ar element
1814 variable is assumed to exist.
1815 The value of each of these variables
1816 will be passed as the parameters of an
1817 .Dq Nm atm Cm "add pvc"
1821 Set to the list of permanent ATM ARP entries to be added
1822 at system boot time.
1823 For each whitespace separated
1826 .Va atm_arp_ Ns Aq Ar element
1827 variable is assumed to exist.
1828 The value of each of these variables
1829 will be passed as the parameters of an
1830 .Dq Nm atm Cm "add arp"
1832 .It Va natm_interfaces
1836 interfaces that will also be used for HARP through
1838 If this list is not empty all interfaces in the list will be brought up
1844 For this to work the interface drivers must be either compiled into the
1845 kernel or must reside on the root partition.
1848 The keyboard bell sound.
1855 if the default behavior is desired.
1856 For details, refer to the
1863 no keymap is installed, otherwise the value is used to install
1865 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1868 The keyboard repeat speed.
1875 if the default behavior is desired.
1880 attempt to program the function keys with the value.
1882 be a single string of the form:
1883 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
1886 Can be set to the value of
1889 .Dq Li destructive ,
1892 to set the cursor behavior explicitly or choose the default behavior.
1897 no screen map is installed, otherwise the value is used to install
1898 the screen map file in
1899 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
1904 the default 8x16 font value is used for screen size requests, otherwise
1906 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1912 the default 8x14 font value is used for screen size requests, otherwise
1914 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1920 the default 8x8 font value is used for screen size requests, otherwise
1922 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1928 the default screen blanking interval is used, otherwise it is set
1936 this is the actual screen saver to use
1937 .Li ( blank , snake , daemon ,
1939 .It Va moused_enable
1945 daemon is started for doing cut/paste selection on the console.
1948 This is the protocol type of the mouse connected to this host.
1949 This variable must be set if
1956 is able to detect the appropriate mouse type automatically in many cases.
1957 Set this variable to
1959 to let the daemon detect it, or
1960 select one from the following list if the automatic detection fails.
1962 If the mouse is attached to the PS/2 mouse port, choose
1966 regardless of the brand and model of the mouse.
1968 mouse is attached to the bus mouse port, choose
1972 All other protocols are for serial mice and will not work with
1973 the PS/2 and bus mice.
1974 If this is a USB mouse,
1976 is the only protocol type which will work.
1978 .Bl -tag -width ".Li x10mouseremote" -compact
1980 Microsoft mouse (serial)
1982 Microsoft IntelliMouse (serial)
1984 Mouse systems Corp. mouse (serial)
1986 MM Series mouse (serial)
1988 Logitech mouse (serial)
1992 Logitech MouseMan and TrackMan (serial)
1994 ALPS GlidePoint (serial)
1995 .It Li thinkingmouse
1996 Kensington ThinkingMouse (serial)
2000 MM HitTablet (serial)
2001 .It Li x10mouseremote
2002 X10 MouseRemote (serial)
2004 Interlink VersaPad (serial)
2007 Even if the mouse is not in the above list, it may be compatible
2008 with one in the list.
2009 Refer to the man page for
2011 for compatibility information.
2013 It should also be noted that while this is enabled, any
2014 other client of the mouse (such as an X server) should access
2015 the mouse through the virtual mouse device,
2017 and configure it as a
2019 type mouse, since all
2020 mouse data is converted to this single canonical format when
2023 If the client program does not support the
2029 It is the second preferred type.
2036 this is the actual port the mouse is on.
2039 for a COM1 serial mouse,
2043 for a bus mouse, for example.
2048 is set, these are the additional flags to pass to the
2051 .It Va mousechar_start
2055 the default mouse cursor character range
2056 .Li 0xd0 Ns - Ns Li 0xd3
2058 otherwise the range start is set
2063 Use if the default range is occupied in the language code table.
2064 .It Va allscreens_flags
2068 is run with these options for each of the virtual terminals
2072 will enable the mouse pointer on all virtual terminals
2077 .It Va allscreens_kbdflags
2081 is run with these options for each of the virtual terminals
2087 scrollback (history) buffer to 200 lines.
2094 daemon at system boot time.
2100 .Pa /usr/sbin/cron ) .
2107 these are the flags to pass to
2114 .Pa /usr/sbin/lpd ) .
2121 daemon at system boot time.
2128 these are the flags to pass to the
2131 .It Va mta_start_script
2133 This variable specifies the full path to the script to run to start
2134 a mail transfer agent.
2136 .Pa /etc/rc.sendmail .
2140 .Pa /etc/rc.sendmail
2141 uses are documented in the
2146 Indicates the device (usually a swap partition) to which a crash dump
2147 should be written in the event of a system crash.
2148 The value of this variable is passed as the argument to
2150 To disable crash dumps, set this variable to
2154 When the system reboots after a crash and a crash dump is found on the
2155 device specified by the
2159 will save that crash dump and a copy of the kernel to the directory
2163 The default value is
2172 .It Va savecore_flags
2174 If crash dumps are enabled, these are the flags to pass to the
2177 .It Va enable_quotas
2181 to turn on user disk quotas on system startup via the
2188 to enable user disk quota checking via the
2191 .It Va accounting_enable
2195 to enable system accounting through the
2202 to enable Linux/ELF binary emulation at system initial
2208 to enable OSF/1 (Digital UNIX) binary emulation at system
2211 .It Va sysvipc_enable
2215 load System V IPC primitives at boot time.
2216 .\" ----- cleanvar_enable setting--------------------------------
2217 .It Va cleanvar_enable
2225 .Pa /var/spool/uucp/.Temp/*
2227 .\" ----- clear_tmp_enable setting-------------------------------
2228 .It Va clear_tmp_enable
2235 .\" ----- ldconfig_paths setting --------------------------------
2236 .It Va ldconfig_paths
2238 Set to the list of shared library paths to use with
2242 will always be added first, so it need not appear in this list.
2243 .\" ----- ldconfig_paths_aout setting ---------------------------
2244 .It Va ldconfig_paths_aout
2246 Set to the list of shared library paths to use with
2251 .It Va ldconfig_insecure
2255 utility normally refuses to use directories
2256 which are writable by anyone except root.
2257 Set this variable to
2259 to disable that security check during system startup.
2260 .It Va kern_securelevel_enable
2264 to set the kernel security level at system startup.
2265 .It Va kern_securelevel
2267 The kernel security level to set at startup.
2268 The allowed range of
2270 ranges from \-1 (the compile time default) to 3 (the
2274 for the list of possible security levels and their effect
2275 on system operation.
2280 to enable Low Watermark Mandatory Access Control (LOMAC) at boot time.
2281 This security model enforces integrity constraints for system processes;
2284 for a complete description of the LOMAC model, as well as its impact
2285 on system operation.
2292 at system boot time.
2295 Path to the SSH server program
2296 .Pa ( /usr/sbin/sshd
2304 at system boot time.
2311 these are the flags to pass to the
2320 daemon at boot time.
2327 these are the flags passed to
2330 .It Va watchdogd_enable
2336 daemon at boot time.
2337 This requires that the kernel have been compiled with
2338 .Cd "options WATCHDOG" .
2343 any configured jails will not be started.
2346 A space separated list of names for jails.
2347 This is purely a configuration aid to help identify and
2348 configure multiple jails.
2349 The names specified in this list will be used to
2350 identify settings common to an instance of a jail.
2351 Assuming that the jail in question was named
2353 you would have the following dependant variables:
2355 jail_vjail_hostname="jail.example.com"
2356 jail_vjail_ip="192.168.1.100"
2357 jail_vjail_rootdir="/var/jails/vjail/root"
2358 jail_vjail_exec="/bin/sh /etc/rc"
2361 The last one is optional.
2365 .It Va jail_set_hostname_allow
2369 do not allow the root user in a jail to set its hostname.
2370 .It Va jail_socket_unixiproute_only
2374 do not allow any protocol,
2376 to be used within a jail.
2377 .It Va jail_sysvipc_allow
2381 allow applications within a jail to use System V IPC.
2382 .It Va unaligned_print
2386 unaligned access warnings will not be printed.
2388 .\" ----- isdn settings ---------------------------------
2399 at system boot time.
2403 .Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
2405 Additional flags to pass to
2411 for certain tunable parameters).
2417 The terminal type of the output device when
2419 operates in full-screen mode.
2420 .It Va isdn_screenflags
2425 The video mode for full-screen mode (only for
2435 The output device for
2437 in full-screen mode (or
2447 enables the ISDN protocol trace utility
2449 at system boot time.
2450 .It Va isdn_traceflags
2453 .Dq Fl f Pa /var/tmp/isdntrace0
2457 .\" -----------------------------------------------------
2458 .It Va harvest_interrupt
2462 to use hardware interrupts as an entropy source.
2465 for more information.
2466 .It Va harvest_ethernet
2470 to use LAN traffic as an entropy source.
2473 for more information.
2474 .It Va harvest_p_to_p
2478 to use serial line traffic as an entropy source.
2481 for more information.
2486 to disable caching entropy via
2488 Otherwise set to the directory used to store entropy files in.
2493 to disable caching entropy through reboots.
2494 Otherwise set to the filename used to store cached entropy through
2496 This file should be located on the root file system to seed the
2498 device as early as possible in the boot process.
2499 .It Va entropy_save_sz
2501 Size of the entropy cache files saved by
2504 .It Va entropy_save_num
2506 Number of entropy cache files to save by
2520 Configuration file for
2529 .Pa /var/run/dmesg.boot
2531 .It Va rcshutdown_timeout
2533 If set, start a watchdog timer in the background which will terminate
2537 has not completed within the specified time (in seconds).
2540 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
2541 .It Pa /etc/defaults/rc.conf
2543 .It Pa /etc/rc.conf.local
2606 .An Jordan K. Hubbard .
lentferj's projects / dragonfly.git / blob