4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
26 .\" $DragonFly: src/share/man/man5/rc.conf.5,v 1.26 2007/04/11 18:00:06 swildner Exp $
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions
47 Instead, it is included by the
48 various generic startup scripts in
50 which conditionalize their
51 internal actions according to the settings found there.
55 file is included from the file
56 .Pa /etc/defaults/rc.conf ,
57 which specifies the default settings for all the available options.
58 Options need only be specified in
60 when the system administrator wishes to override these defaults.
62 .Pa /etc/rc.conf.local
63 is used to override settings in
65 for historical reasons.
70 The following list provides a name and short description for each
71 variable that can be set in the
74 .Bl -tag -width indent-two
79 enable output of debug messages from rc scripts.
80 This variable can be helpful in diagnosing mistakes when
81 editing or integrating new scripts.
82 Beware that this produces copious output to the terminal and
88 disable informational messages from the rc scripts.
89 Informational messages are displayed when
90 a condition that is not serious enough to warrant a warning or
96 no swapfile is installed, otherwise the value is used as the full
97 pathname to a file to use for additional swap space.
102 enable support for Automatic Power Management with
110 to handle APM event from userland.
111 This also enables support for APM.
118 these are the flags to pass to the
124 to monitor the status of batteries present in the system.
125 This also enables support for APM.
132 these are the flags to pass to the
135 .It Va pccard_ifconfig
137 List of arguments to be passed to
140 insertion of the card (e.g.\&
141 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
142 for a fixed address or
145 .It Va pccard_ether_delay
147 Set the delay before starting
150 .Pa /etc/pccard_ether
152 This defaults to 5 seconds to work around a bug in the
154 driver which can lead to system hangs when using some newer
157 .It Va removable_interfaces
159 List of removable network interfaces to be supported by
160 .Pa /etc/pccard_ether .
163 List of directories to search for startup script files.
164 .It Va script_name_sep
166 The field separator to use for breaking down the list of startup script files
167 into individual filenames.
168 The default is a space.
169 It is not necessary to change this unless there are startup scripts with names
173 The fully qualified domain name (FQDN) of this host on the network.
174 This should almost certainly be set to something meaningful, even if
175 there is no network connection.
178 is used to set the hostname via DHCP,
179 this variable should be set to an empty string.
182 Enable support for IPv6 networking.
183 Note that this requires that the kernel have been compiled with
184 .Cd "options INET6" .
187 The NIS domain name of this host, or
190 .It Va dhclient_program
192 Path to the DHCP client program
193 .Pa ( /sbin/dhclient ,
196 .It Va dhclient_flags
198 Additional flags to pass to the DHCP client program.
199 For the ISC DHCP client, see the
201 manpage for a description of the command line options available.
202 .It Va background_dhclient
206 to start the dhcp client in background.
207 This can cause trouble with applications depending on
208 a working network, but it will provide a faster startup
210 .It Va firewall_enable
214 to load firewall rules at startup.
215 If the kernel was not built with
216 .Cd "options IPFIREWALL" ,
219 kernel module will be loaded.
221 .Va ipfilter_enable .
222 .It Va ipv6_firewall_enable
224 The IPv6 equivalent of
225 .Va firewall_enable .
228 to load IPv6 firewall rules at startup.
229 If the kernel was not built with
230 .Cd "options IPV6FIREWALL" ,
233 kernel module will be loaded.
234 .It Va firewall_script
236 This variable specifies the full path to the firewall script to run.
238 .Pa /etc/rc.firewall .
239 .It Va ipv6_firewall_script
241 The IPv6 equivalent of
242 .Va firewall_script .
245 Names the firewall type from the selection in
246 .Pa /etc/rc.firewall ,
247 or the file which contains the local firewall ruleset.
248 Valid selections from
252 .Bl -tag -width ".Li simple" -compact
254 unrestricted IP access
256 all IP services disabled, except via
259 basic protection for a workstation
261 basic protection for a LAN.
264 If a filename is specified, the full path
266 .It Va ipv6_firewall_type
268 The IPv6 equivalent of
270 .It Va firewall_quiet
274 to disable the display of firewall rules on the console during boot.
275 .It Va ipv6_firewall_quiet
277 The IPv6 equivalent of
279 .It Va firewall_logging
283 to enable firewall event logging.
284 This is equivalent to the
285 .Dv IPFIREWALL_VERBOSE
287 .It Va ipv6_firewall_logging
289 The IPv6 equivalent of
290 .Va firewall_logging .
291 .It Va firewall_flags
297 specifies a filename.
298 .It Va ipv6_firewall_flags
300 The IPv6 equivalent of
317 sockets must be enabled in the kernel.
318 .It Va natd_interface
320 This is the name of the public interface on which
323 The interface may be given as an interface name or as an IP address.
328 flags should be placed here.
333 flag is automatically added with the above
336 .\" ----- ipfilter_enable setting --------------------------------
337 .It Va ipfilter_enable
348 Typical usage will require putting
350 ipfilter_enable="YES"
368 can be enabled independently.
372 both require at least one of
382 options IPFILTER_DEFAULT_BLOCK
385 in the kernel configuration file is a good idea, too.
386 .\" ----- ipfilter_program setting ------------------------------
387 .It Va ipfilter_program
393 .\" ----- ipfilter_rules setting --------------------------------
394 .It Va ipfilter_rules
399 This variable contains the name of the filter rule definition file.
400 The file is expected to be readable for the
403 .\" ----- ipv6_ipfilter_rules setting ---------------------------
404 .It Va ipv6_ipfilter_rules
409 This variable contains the IPv6 filter rule definition file.
410 The file is expected to be readable for the
413 .\" ----- ipfilter_flags setting --------------------------------
414 .It Va ipfilter_flags
417 This variable contains flags passed to the
420 .\" ----- ipnat_enable setting ----------------------------------
430 network address translation.
433 for a detailed discussion.
434 .\" ----- ipnat_program setting ---------------------------------
441 .\" ----- ipnat_rules setting -----------------------------------
447 This variable contains the name of the file
448 holding the network address translation definition.
449 This file is expected to be readable for the
452 .\" ----- ipnat_flags setting -----------------------------------
456 This variable contains flags passed to the
459 .\" ----- ipmon_enable setting ----------------------------------
474 Setting this variable needs setting
481 for a detailed discussion.
482 .\" ----- ipmon_program setting ---------------------------------
489 .\" ----- ipmon_flags setting -----------------------------------
495 This variable contains flags passed to the
498 Another typical example would be
499 .Dq Fl D Pa /var/log/ipflog
502 log directly to a file bypassing
505 .Pa /etc/newsyslog.conf
506 in such case like this:
508 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
510 .\" ----- ipfs_enable setting -----------------------------------
520 saving the filter and NAT state tables during shutdown
521 and reloading them during startup again.
522 Setting this variable needs setting
531 for a detailed discussion.
537 because the raised securelevel will prevent
539 from saving the state tables at shutdown time.
540 .\" ----- ipfs_program setting ----------------------------------
547 .\" ----- ipfs_flags setting ------------------------------------
551 This variable contains flags passed to the
554 .\" ----- end of added ipf hook ---------------------------------
555 .It Va tcp_extensions
562 disables certain TCP options as described by
568 might help remedy such problems with connections as randomly hanging
569 or other weird behavior.
570 Some network devices are known
571 to be broken with respect to these options.
578 .Va net.inet.tcp.log_in_vain
580 .Va net.inet.udp.log_in_vain ,
585 are set to the given value.
593 will disable probing idle TCP connections to verify that the
594 peer is still up and reachable.
595 .It Va tcp_drop_synfin
602 will cause the kernel to ignore TCP frames that have both
603 the SYN and FIN flags set.
604 This prevents OS fingerprinting, but may
605 break some legitimate applications.
606 This option is only available if the
607 kernel was built with the
610 .It Va icmp_drop_redirect
617 will cause the kernel to ignore ICMP REDIRECT packets.
620 for more information.
621 .It Va icmp_log_redirect
628 will cause the kernel to log ICMP REDIRECT packets.
630 the log messages are not rate-limited, so this option should only be used
631 for troubleshooting networks.
634 for more information.
635 .It Va icmp_bmcastecho
639 to respond to broadcast or multicast ICMP ping packets.
642 for more information.
643 .It Va ip_portrange_first
647 this is the first port in the default portrange.
650 for more information.
651 .It Va ip_portrange_last
655 this is the last port in the default portrange.
658 for more information.
659 .It Va network_interfaces
661 Set to the list of network interfaces to configure on this host.
662 For example, if the only network devices in the system are the loopback
671 .Va ifconfig_ Ns Aq Ar interface
672 variable is also assumed to exist for each value of
674 It is also possible to add IP alias entries here in cases where
675 multiple IP addresses registered against a single interface
677 Assuming that the interface in question was
682 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
683 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
688 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
690 its contents are passed to
692 Execution stops at the first unsuccessful access, so if
693 something like this is present:
695 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
696 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
697 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
698 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
701 Then note that alias4 would
703 be added since the search would
704 stop with the missing alias3 entry.
707 .Pa /etc/start_if. Ns Aq Ar interface
708 file is present, it is read and executed by the
711 before configuring the interface as specified in the
712 .Va ifconfig_ Ns Aq Ar interface
714 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
717 It is possible to bring up an interface with DHCP by setting the
718 .Va ifconfig_ Ns Aq Ar interface
721 For instance, to initialize the
724 it is possible to use something like:
728 .It Va ipv6_network_interfaces
730 This is the IPv6 equivalent of
731 .Va network_interfaces .
732 Instead of setting the ifconfig variables as
733 .Va ifconfig_ Ns Aq Ar interface
734 they should be set as
735 .Va ipv6_ifconfig_ Ns Aq Ar interface .
736 Aliases should be set as
737 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
738 .Va ipv6_prefix_ Ns Aq Ar interface
740 Interfaces that do not have a
741 .Va ipv6_ifconfig_ Ns Aq Ar interface
742 setting will be auto configured by
745 .Va ipv6_gateway_enable
748 Note that the IPv6 networking code does not support the
749 .Pa /etc/start_if. Ns Aq Ar interface
751 .It Va ipv6_default_interface
755 this is the default output interface for scoped addresses.
756 Now this works only for IPv6 link local multicast addresses.
757 .It Va cloned_interfaces
759 Set to the list of clonable network interfaces to create on this host.
761 .Va cloned_interfaces
762 are automatically appended to
763 .Va network_interfaces
765 .It Va gif_interfaces
769 tunnel interfaces to configure on this host.
771 .Va gifconfig_ Ns Aq Ar interface
772 variable is assumed to exist for each value of
774 The value of this variable is used to configure the link layer of the
775 tunnel according to the syntax of the
779 Additionally, this option ensures that each listed interface is created
784 before attempting to configure it.
785 .It Va sppp_interfaces
789 interfaces to configure on this host.
791 .Va spppconfig_ Ns Aq Ar interface
792 variable is assumed to exist for each value of
794 Each interface should also be configured by a general
795 .Va ifconfig_ Ns Aq Ar interface
799 for more information about available options.
809 Mode in which to run the
818 See the manual for a full description.
823 enables network address translation.
824 Used in conjunction with
826 allows hosts on private network addresses access to the Internet using
827 this host as a network address translating router.
830 The name of the profile to use from
831 .Pa /etc/ppp/ppp.conf .
834 The name of the user under which
844 This option is used to specify a list of files that will override
846 .Pa /etc/defaults/rc.conf .
847 The files will be read in the order in which they are specified and should
848 include the full path to the file.
849 By default, the files specified are
852 .Pa /etc/rc.conf.local
860 flag if the initial preen
861 of the file systems fails.
864 List of file system types that are network-based.
865 This list should generally not be modified by end users.
867 .Va extra_netfs_types
869 .It Va extra_netfs_types
871 If set to something other than
874 this variable extends the list of file system types
875 for which automatic mounting at startup by
877 should be delayed until the network is initialized.
879 a whitespace-separated list of network file system descriptor pairs,
880 each consisting of a file system type as passed to
882 and a human-readable, one-word description,
885 Extending the default list in this way is only necessary
886 when third party file system types are used.
887 .It Va syslogd_enable
894 .It Va syslogd_program
899 .Pa /usr/sbin/syslogd ) .
906 these are the flags to pass to
920 .Pa /usr/sbin/inetd ) .
927 these are the flags to pass to
933 use new functionality provided in the
935 script to facilitate a
939 This variable is experimental.
940 It may be removed or changed in the near future.
953 .Pa /usr/sbin/named ) .
960 these are the flags to pass to
964 This is the default path to the
967 Change it if you change the location in
968 .Pa /etc/namedb/named.conf .
969 .It Va named_chrootdir
971 The root directory for a name server run in a
979 This variable has no effect if
982 This variable is experimental.
983 It may be removed or changed in the near future.
984 .It Va named_chroot_autoupdate
988 to disable automatic syncing of libraries and
989 other system files between the root file system and the
991 This variable has no effect if
994 This variable is experimental.
995 It may be removed or changed in the near future.
996 .It Va named_symlink_enable
1000 to disable symlinking of
1006 environment in which
1009 This variable has no effect if
1012 This variable is experimental.
1013 It may be removed or changed in the near future.
1014 .It Va kerberos5_server_enable
1018 to start a Kerberos 5 authentication server
1020 .It Va kerberos5_server_program
1023 .Va kerberos5_server_enable
1026 this is the path to Kerberos 5 Authentication Server.
1027 .It Va kadmind5_server_enable
1033 the Kerberos 5 Administration Daemon; set to
1036 .It Va kadmind5_server_program
1039 .Va kadmind5_server_enable
1042 this is the path to Kerberos 5 Administration Daemon.
1043 .It Va kpasswdd_server_enable
1049 the Kerberos 5 Password-Changing Daemon; set to
1052 .It Va kpasswdd_server_program
1055 .Va kpasswdd_server_enable
1058 this is the path to Kerberos 5 Password-Changing Daemon.
1065 daemon at boot time.
1072 these are the flags to pass to it.
1079 daemon at boot time.
1086 these are the flags to pass to it.
1089 manpage for more information.
1090 .It Va amd_map_program
1093 the specified program is run to get the list of
1098 maps are stored in NIS, one can set this to
1111 will be updated at boot time to reflect the kernel release
1116 will not be updated.
1117 .It Va nfs_client_enable
1121 run the NFS client daemons at boot time.
1122 .It Va nfs_access_cache
1125 .Va nfs_client_enable
1130 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1132 results should be cached.
1133 A value of 2-10 seconds will substantially reduce network traffic for
1134 many NFS operations. The default is 5 seconds. Note that the attribute
1135 cache holds stat information only. The NFS data cache is independant
1136 of the attribute cache and is only invalidated when the client detects that
1137 the server has modified the underlying file. This value specifies a
1138 maximum timeout. The NFS client will automatically use a shorter timeout
1139 for files which have been recently modified.
1140 .It Va nfs_neg_cache
1143 .Va nfs_client_enable
1148 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existant
1149 filenames), or to the number of seconds for which negative lookups should
1151 A value of 2-10 seconds will substantially reduce network
1152 traffic for many NFS operations, especially source code builds. The
1153 default is 3 seconds.
1154 .It Va nfs_server_enable
1158 run the NFS server daemons at boot time.
1159 .It Va nfs_server_flags
1162 .Va nfs_server_enable
1165 these are the flags to pass to the
1168 .It Va mountd_enable
1173 .Va nfs_server_enable
1179 It is commonly needed to run CFS without real NFS used.
1186 these are the flags to pass to the
1189 .It Va weak_mountd_authentication
1193 allow services like PCNFSD to make non-privileged mount
1195 .It Va nfs_reserved_port_only
1199 provide NFS services only on a secure port.
1200 .It Va nfs_bufpackets
1202 If set to a number, indicates the number of packets worth of
1203 socket buffer space to reserve on an NFS client.
1204 The kernel default is typically 4.
1205 Using a higher number may be
1206 useful on gigabit networks to improve performance.
1207 The minimum value is
1208 2 and the maximum is 64.
1209 .It Va rpc_umntall_enable
1213 (default) and we are also an NFS client, run
1215 at boot time to clear out old mounts on remote servers.
1220 will not be run at boot time.
1221 .It Va rpc_lockd_enable
1225 and also an NFS server, run
1228 .It Va rpc_statd_enable
1232 and also an NFS server, run
1235 .It Va rpcbind_program
1240 .Pa /usr/sbin/rpcbind ) .
1241 .It Va rpcbind_enable
1247 service at boot time.
1248 .It Va rpcbind_flags
1254 these are the flags to pass to the
1257 .It Va keyserv_enable
1263 daemon on boot for running Secure RPC.
1264 .It Va keyserv_flags
1270 these are the flags to pass to
1273 .It Va pppoed_enable
1279 daemon at boot time to provide PPP over Ethernet services.
1280 .It Va pppoed_ Ns Ar provider
1283 listens to requests to this
1289 argument of the same name.
1292 Additional flags to pass to
1294 .It Va pppoed_interface
1296 The network interface to run
1299 This is mandatory when
1309 service at boot time.
1310 This command is intended for networks of
1311 machines where a consistent
1313 for all hosts must be established.
1314 This is often useful in large NFS
1315 environments where time stamps on files are expected to be consistent
1323 these are the flags to pass to the
1332 command at boot time.
1338 .Pa /usr/sbin/ntpd ) .
1345 these are the flags to pass to the
1349 by default which sets the time immediately at startup if the
1350 local clock is off by more than 180 seconds. To prevent
1352 from doing this, set
1356 .It Va nis_client_enable
1362 service at system boot time.
1363 .It Va nis_client_flags
1366 .Va nis_client_enable
1369 these are the flags to pass to the
1372 .It Va nis_ypset_enable
1378 daemon at system boot time.
1379 .It Va nis_ypset_flags
1382 .Va nis_ypset_enable
1385 these are the flags to pass to the
1388 .It Va nis_server_enable
1394 daemon at system boot time.
1395 .It Va nis_server_flags
1398 .Va nis_server_enable
1401 these are the flags to pass to the
1404 .It Va nis_ypxfrd_enable
1410 daemon at system boot time.
1411 .It Va nis_ypxfrd_flags
1414 .Va nis_ypxfrd_enable
1417 these are the flags to pass to the
1420 .It Va nis_yppasswdd_enable
1426 daemon at system boot time.
1427 .It Va nis_yppasswdd_flags
1430 .Va nis_yppasswdd_enable
1433 these are the flags to pass to the
1436 .It Va rpc_ypupdated_enable
1442 daemon at system boot time.
1443 .It Va defaultrouter
1447 create a default route to this host name or IP address
1448 (use an IP address if this router is also required to get to the
1450 .It Va ipv6_defaultrouter
1452 The IPv6 equivalent of
1454 .It Va static_routes
1456 Set to the list of static routes that are to be added at system
1460 then for each whitespace separated
1463 .Va route_ Ns Aq Ar element
1464 variable is assumed to exist
1465 whose contents will later be passed to a
1468 .It Va ipv6_static_routes
1470 The IPv6 equivalent of
1474 then for each whitespace separated
1477 .Va ipv6_route_ Ns Aq Ar element
1478 variable is assumed to exist
1479 whose contents will later be passed to a
1480 .Dq Nm route Cm add Fl inet6
1482 .It Va gateway_enable
1486 configure host to act as an IP router, e.g. to forward packets
1488 .It Va ipv6_gateway_enable
1490 The IPv6 equivalent of
1491 .Va gateway_enable .
1492 .It Va router_enable
1496 run a routing daemon of some sort, based on the
1501 .It Va ipv6_router_enable
1503 The IPv6 equivalent of
1507 run a routing daemon of some sort, based on the
1509 .Va ipv6_router_program
1511 .Va ipv6_router_flags .
1512 .It Va router_program
1518 this is the name of the routing daemon to use.
1519 .It Va ipv6_router_program
1521 The IPv6 equivalent of
1522 .Va router_program .
1529 these are the flags to pass to the routing daemon.
1530 .It Va ipv6_router_flags
1532 The IPv6 equivalent of
1534 .It Va mrouted_enable
1538 run the multicast routing daemon,
1540 .It Va mroute6d_enable
1542 The IPv6 equivalent of
1543 .Va mrouted_enable .
1546 run the IPv6 multicast routing daemon.
1547 Note that no IPv6 multicast routing daemon is included in the
1551 can be installed from the pkgsrc collection.
1552 .It Va mrouted_flags
1558 these are the flags to pass to the
1561 .It Va mroute6d_flags
1563 The IPv6 equivalent of
1569 these are the flags passed to the IPv6 multicast routing daemon.
1570 .It Va mroute6d_program
1576 this is the path to the IPv6 multicast routing daemon.
1577 .It Va rtadvd_enable
1583 daemon at boot time.
1586 .Va ipv6_gateway_enable
1591 utility sends router advertisement packets to the interfaces specified in
1592 .Va rtadvd_interfaces .
1594 and should only be enabled with great care.
1595 You may want to fine-tune
1597 .It Va rtadvd_interfaces
1603 this is the list of interfaces to use.
1604 .It Va ipxgateway_enable
1608 enable the routing of IPX traffic.
1609 .It Va ipxrouted_enable
1615 daemon at system boot time.
1616 .It Va ipxrouted_flags
1619 .Va ipxrouted_enable
1622 these are the flags to pass to the
1629 enable global proxy ARP.
1630 .It Va forward_sourceroute
1638 source-routed packets are forwarded.
1639 .It Va accept_sourceroute
1643 the system will accept source-routed packets directed at it.
1650 daemon at system boot time.
1657 these are the flags to pass to the
1660 .It Va bootparamd_enable
1666 daemon at system boot time.
1667 .It Va bootparamd_flags
1670 .Va bootparamd_enable
1673 these are the flags to pass to the
1676 .It Va stf_interface_ipv4addr
1680 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
1682 Specify this entry to enable the 6to4 interface.
1683 .It Va stf_interface_ipv4plen
1685 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1686 An effective value is 0-31.
1687 .It Va stf_interface_ipv6_ifid
1689 IPv6 interface ID for
1693 .It Va stf_interface_ipv6_slaid
1695 IPv6 Site Level Aggregator for
1697 .It Va ipv6_faith_prefix
1701 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
1706 .It Va ipv6_ipv4mapping
1710 this enables IPv4 mapped IPv6 address communication (like
1711 .Li ::ffff:a.b.c.d ) .
1716 to enable the configuration of ATM interfaces at system boot time.
1717 For all of the ATM variables described below, please refer to the
1719 man page for further details on the available command parameters.
1720 Also refer to the files in
1721 .Pa /usr/share/examples/atm
1722 for more detailed configuration information.
1725 This is a list of physical ATM interface drivers to load. Typical values are
1729 .It Va atm_netif_ Ns Aq Ar intf
1731 For the ATM physical interface
1733 this variable defines the name prefix and count for the ATM network
1734 interfaces to be created.
1735 The value will be passed as the parameters of an
1736 .Dq Nm atm Cm "set netif" Ar intf
1738 .It Va atm_sigmgr_ Ns Aq Ar intf
1740 For the ATM physical interface
1742 this variable defines the ATM signalling manager to be used.
1743 The value will be passed as the parameters of an
1744 .Dq Nm atm Cm attach Ar intf
1746 .It Va atm_prefix_ Ns Aq Ar intf
1748 For the ATM physical interface
1750 this variable defines the NSAP prefix for interfaces using a UNI signalling
1754 the prefix will automatically be set via the
1757 Otherwise, the value will be passed as the parameters of an
1758 .Dq Nm atm Cm "set prefix" Ar intf
1760 .It Va atm_macaddr_ Ns Aq Ar intf
1762 For the ATM physical interface
1764 this variable defines the MAC address for interfaces using a UNI signalling
1768 the hardware MAC address contained in the ATM interface card will be used.
1769 Otherwise, the value will be passed as the parameters of an
1770 .Dq Nm atm Cm "set mac" Ar intf
1772 .It Va atm_arpserver_ Ns Aq Ar netif
1774 For the ATM network interface
1776 this variable defines the ATM address for a host which is to provide ATMARP
1778 This variable is only applicable to interfaces using a UNI signalling
1782 this host will become an ATMARP server.
1783 The value will be passed as the parameters of an
1784 .Dq Nm atm Cm "set arpserver" Ar netif
1786 .It Va atm_scsparp_ Ns Aq Ar netif
1790 SCSP/ATMARP service for the network interface
1792 will be initiated using the
1797 This variable is only applicable if
1798 .Va atm_arpserver_ Ns Aq Ar netif
1803 Set to the list of ATM PVCs to be added at system
1805 For each whitespace separated
1808 .Va atm_pvc_ Ns Aq Ar element
1809 variable is assumed to exist.
1810 The value of each of these variables
1811 will be passed as the parameters of an
1812 .Dq Nm atm Cm "add pvc"
1816 Set to the list of permanent ATM ARP entries to be added
1817 at system boot time.
1818 For each whitespace separated
1821 .Va atm_arp_ Ns Aq Ar element
1822 variable is assumed to exist.
1823 The value of each of these variables
1824 will be passed as the parameters of an
1825 .Dq Nm atm Cm "add arp"
1827 .It Va natm_interfaces
1831 interfaces that will also be used for HARP through
1833 If this list is not empty all interfaces in the list will be brought up
1839 For this to work the interface drivers must be either compiled into the
1840 kernel or must reside on the root partition.
1843 The keyboard bell sound.
1850 if the default behavior is desired.
1851 For details, refer to the
1858 no keymap is installed, otherwise the value is used to install
1860 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1863 The keyboard repeat speed.
1870 if the default behavior is desired.
1875 attempt to program the function keys with the value.
1877 be a single string of the form:
1878 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
1881 Can be set to the value of
1884 .Dq Li destructive ,
1887 to set the cursor behavior explicitly or choose the default behavior.
1892 no screen map is installed, otherwise the value is used to install
1893 the screen map file in
1894 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
1899 the default 8x16 font value is used for screen size requests, otherwise
1901 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1907 the default 8x14 font value is used for screen size requests, otherwise
1909 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1915 the default 8x8 font value is used for screen size requests, otherwise
1917 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1923 the default screen blanking interval is used, otherwise it is set
1931 this is the actual screen saver to use
1932 .Li ( blank , snake , daemon ,
1934 .It Va moused_enable
1940 daemon is started for doing cut/paste selection on the console.
1943 This is the protocol type of the mouse connected to this host.
1944 This variable must be set if
1951 is able to detect the appropriate mouse type automatically in many cases.
1952 Set this variable to
1954 to let the daemon detect it, or
1955 select one from the following list if the automatic detection fails.
1957 If the mouse is attached to the PS/2 mouse port, choose
1961 regardless of the brand and model of the mouse.
1963 mouse is attached to the bus mouse port, choose
1967 All other protocols are for serial mice and will not work with
1968 the PS/2 and bus mice.
1969 If this is a USB mouse,
1971 is the only protocol type which will work.
1973 .Bl -tag -width ".Li x10mouseremote" -compact
1975 Microsoft mouse (serial)
1977 Microsoft IntelliMouse (serial)
1979 Mouse systems Corp. mouse (serial)
1981 MM Series mouse (serial)
1983 Logitech mouse (serial)
1987 Logitech MouseMan and TrackMan (serial)
1989 ALPS GlidePoint (serial)
1990 .It Li thinkingmouse
1991 Kensington ThinkingMouse (serial)
1995 MM HitTablet (serial)
1996 .It Li x10mouseremote
1997 X10 MouseRemote (serial)
1999 Interlink VersaPad (serial)
2002 Even if the mouse is not in the above list, it may be compatible
2003 with one in the list.
2004 Refer to the man page for
2006 for compatibility information.
2008 It should also be noted that while this is enabled, any
2009 other client of the mouse (such as an X server) should access
2010 the mouse through the virtual mouse device,
2012 and configure it as a
2014 type mouse, since all
2015 mouse data is converted to this single canonical format when
2018 If the client program does not support the
2024 It is the second preferred type.
2031 this is the actual port the mouse is on.
2034 for a COM1 serial mouse,
2038 for a bus mouse, for example.
2043 is set, these are the additional flags to pass to the
2046 .It Va mousechar_start
2050 the default mouse cursor character range
2051 .Li 0xd0 Ns - Ns Li 0xd3
2053 otherwise the range start is set
2058 Use if the default range is occupied in the language code table.
2059 .It Va allscreens_flags
2063 is run with these options for each of the virtual terminals
2067 will enable the mouse pointer on all virtual terminals
2072 .It Va allscreens_kbdflags
2076 is run with these options for each of the virtual terminals
2082 scrollback (history) buffer to 200 lines.
2089 daemon at system boot time.
2095 .Pa /usr/sbin/cron ) .
2102 these are the flags to pass to
2109 .Pa /usr/sbin/lpd ) .
2116 daemon at system boot time.
2123 these are the flags to pass to the
2126 .It Va mta_start_script
2128 This variable specifies the full path to the script to run to start
2129 a mail transfer agent.
2131 .Pa /etc/rc.sendmail .
2135 .Pa /etc/rc.sendmail
2136 uses are documented in the
2141 Indicates the device (usually a swap partition) to which a crash dump
2142 should be written in the event of a system crash.
2143 The value of this variable is passed as the argument to
2145 To disable crash dumps, set this variable to
2149 When the system reboots after a crash and a crash dump is found on the
2150 device specified by the
2154 will save that crash dump and a copy of the kernel to the directory
2158 The default value is
2167 .It Va savecore_flags
2169 If crash dumps are enabled, these are the flags to pass to the
2172 .It Va enable_quotas
2176 to turn on user disk quotas on system startup via the
2183 to enable user disk quota checking via the
2186 .It Va accounting_enable
2190 to enable system accounting through the
2197 to enable Linux/ELF binary emulation at system initial
2199 .It Va sysvipc_enable
2203 load System V IPC primitives at boot time.
2204 .\" ----- cleanvar_enable setting--------------------------------
2205 .It Va cleanvar_enable
2213 .Pa /var/spool/uucp/.Temp/*
2215 .\" ----- clear_tmp_enable setting-------------------------------
2216 .It Va clear_tmp_enable
2223 .\" ----- ldconfig_paths setting --------------------------------
2224 .It Va ldconfig_paths
2226 Set to the list of shared library paths to use with
2230 will always be added first, so it need not appear in this list.
2231 .It Va ldconfig_insecure
2235 utility normally refuses to use directories
2236 which are writable by anyone except root.
2237 Set this variable to
2239 to disable that security check during system startup.
2240 .It Va kern_securelevel
2242 The kernel security level to set at startup.
2243 The allowed range of
2245 ranges from \-1 (the compile time default) to 3 (the
2249 for the list of possible security levels and their effect
2250 on system operation.
2255 to enable Low Watermark Mandatory Access Control (LOMAC) at boot time.
2256 This security model enforces integrity constraints for system processes;
2259 for a complete description of the LOMAC model, as well as its impact
2260 on system operation.
2267 at system boot time.
2270 Path to the SSH server program
2271 .Pa ( /usr/sbin/sshd
2279 at system boot time.
2286 these are the flags to pass to the
2295 daemon at boot time.
2302 these are the flags passed to
2305 .It Va watchdogd_enable
2311 daemon at boot time.
2312 This requires that the kernel have been compiled with
2313 .Cd "options WATCHDOG" .
2318 any configured jails will not be started.
2321 A space separated list of names for jails.
2322 This is purely a configuration aid to help identify and
2323 configure multiple jails.
2324 The names specified in this list will be used to
2325 identify settings common to an instance of a jail.
2326 Assuming that the jail in question was named
2328 you would have the following dependant variables:
2330 jail_vjail_hostname="jail.example.com"
2331 jail_vjail_ip="192.168.1.100"
2332 jail_vjail_rootdir="/var/jails/vjail/root"
2333 jail_vjail_exec="/bin/sh /etc/rc"
2336 The last one is optional.
2340 .It Va jail_set_hostname_allow
2344 do not allow the root user in a jail to set its hostname.
2345 .It Va jail_socket_unixiproute_only
2349 do not allow any protocol,
2351 to be used within a jail.
2352 .It Va jail_sysvipc_allow
2356 allow applications within a jail to use System V IPC.
2357 .It Va unaligned_print
2361 unaligned access warnings will not be printed.
2363 .\" ----- isdn settings ---------------------------------
2374 at system boot time.
2378 .Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
2380 Additional flags to pass to
2386 for certain tunable parameters).
2392 The terminal type of the output device when
2394 operates in full-screen mode.
2395 .It Va isdn_screenflags
2400 The video mode for full-screen mode (only for
2410 The output device for
2412 in full-screen mode (or
2422 enables the ISDN protocol trace utility
2424 at system boot time.
2425 .It Va isdn_traceflags
2428 .Dq Fl f Pa /var/tmp/isdntrace0
2432 .\" -----------------------------------------------------
2433 .It Va harvest_interrupt
2437 to use hardware interrupts as an entropy source.
2440 for more information.
2441 .It Va harvest_ethernet
2445 to use LAN traffic as an entropy source.
2448 for more information.
2449 .It Va harvest_p_to_p
2453 to use serial line traffic as an entropy source.
2456 for more information.
2461 to disable caching entropy via
2463 Otherwise set to the directory used to store entropy files in.
2468 to disable caching entropy through reboots.
2469 Otherwise set to the filename used to store cached entropy through
2471 This file should be located on the root file system to seed the
2473 device as early as possible in the boot process.
2474 .It Va entropy_save_sz
2476 Size of the entropy cache files saved by
2479 .It Va entropy_save_num
2481 Number of entropy cache files to save by
2495 Configuration file for
2504 .Pa /var/run/dmesg.boot
2506 .It Va rcshutdown_timeout
2508 If set, start a watchdog timer in the background which will terminate
2512 has not completed within the specified time (in seconds).
2515 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
2516 .It Pa /etc/defaults/rc.conf
2518 .It Pa /etc/rc.conf.local
2581 .An Jordan K. Hubbard .
projects / dragonfly.git / blob