4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions directly.
46 Instead, it is included by the various generic startup scripts in
48 which conditionalize their
49 internal actions according to the settings found there.
52 .Pa /etc/defaults/rc.conf
53 file specifies the default settings for all the available options,
56 file specifies override settings.
57 Options need only be specified in
59 when the system administrator wishes to override the defaults.
61 .Pa /etc/rc.conf.local
62 is used to override settings in
64 for historical reasons.
66 .Pa /etc/rc.conf.local
67 you can also place smaller configuration files for each
71 directory, which will be included by the
74 For jail configurations you could use the file
75 .Pa /etc/rc.conf.d/jail
76 to store jail specific configuration options.
81 The following list provides a name and short description for each
82 variable that can be set in the
99 These values are case insensitive.
102 postfix in the name of a variable for starting a service can be
105 .Bl -tag -width indent-two
110 enable output of debug messages from rc scripts.
111 This variable can be helpful in diagnosing mistakes when
112 editing or integrating new scripts.
113 Beware that this produces copious output to the terminal and
119 disable informational messages from the rc scripts.
120 Informational messages are displayed when
121 a condition that is not serious enough to warrant a warning or an error occurs.
128 when faststart is used (e.g., at boot time).
133 no swapfile is installed, otherwise the value is used as the full
134 pathname to a file to use for additional swap space.
137 driver is needed for a swapfile and will be loaded if it is not
138 already compiled into the kernel or loaded via
140 .It Ao Ar module Ac Ns Ar _load
144 that kernel module will be loaded.
146 .Ao Ar module Ac Ns Ar _name
147 is defined (see below), the
148 module's name is taken to be
150 .It Ao Ar module Ac Ns Ar _name
152 Defines the name of the module.
157 to handle device added, removed or unknown events from the kernel.
164 these are the flags to pass to the
176 a CPU speed control daemon.
180 Additional flags passed to the
184 If you are running a serial port at 115200 baud we recommend setting
185 the flags to "-l 1500" as lower frequencies will cause characters to
187 .It Va sensorsd_enable
196 a sensors monitoring and logging daemon.
197 .It Va sensorsd_flags
200 Additional flags passed to the
203 .It Va sysvipcd_enable
212 a daemon needed for the userspace implementation of the XSI Interprocess
213 Communication functions.
214 .It Va sysvipcd_flags
217 Additional flags passed to the
220 .It Va hotplugd_enable
229 a devices hot plugging monitoring daemon.
230 .It Va hotplugd_flags
233 Additional flags passed to the
236 .It Va pccard_ifconfig
238 List of arguments to be passed to
240 at boot time or on insertion of the card (e.g.\&
241 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
242 for a fixed address or
245 .It Va pccard_ether_delay
247 Set the delay before starting the DHCP client (configured with
250 .Pa /etc/pccard_ether
255 .It Va removable_interfaces
257 List of removable network interfaces to be supported by
258 .Pa /etc/pccard_ether .
261 List of directories to search for startup script files.
262 .It Va script_name_sep
264 The field separator to use for breaking down the list of startup script files
265 into individual filenames.
266 The default is a space.
267 It is not necessary to change this unless there are startup scripts with names
271 The fully qualified domain name (FQDN) of this host on the network.
272 This should almost certainly be set to something meaningful, even if
273 there is no network connection.
274 If DHCP is used to set the hostname,
275 this variable should be set to an empty string.
278 Enable support for IPv6 networking.
279 Note that this requires that the kernel have been compiled with
280 .Cd "options INET6" .
283 The NIS domain name of this host, or
288 Set the rc script that is called to start the DHCP client.
293 .It Va dhclient_program
298 .Pa /sbin/dhclient ) .
299 .It Va dhclient_flags
301 Additional flags to pass to the
310 in master mode (i.e., configure all available Ethernet interfaces) at startup.
311 .It Va dhcpcd_program
319 Additional flags to pass to the
326 to go to background immediately.
334 If the kernel was not built with
338 kernel module will be loaded.
340 .Va firewall_enable .
345 ruleset definition file.
356 these are the flags to pass to
358 when loading the ruleset.
365 which logs packets from
373 this specifies the path of the log file.
384 these are the flags to pass to
386 .It Va firewall_enable
390 to load firewall rules at startup.
391 If the kernel was not built with
392 .Cd "options IPFIREWALL" ,
395 kernel module will be loaded.
398 .It Va ipv6_firewall_enable
400 The IPv6 equivalent of
401 .Va firewall_enable .
404 to load IPv6 firewall rules at startup.
405 If the kernel was not built with
406 .Cd "options IPV6FIREWALL" ,
409 kernel module will be loaded.
410 .It Va firewall_script
412 The full path to the firewall script to run
414 .Pa /etc/rc.firewall ) .
415 .It Va ipv6_firewall_script
417 The IPv6 equivalent of
418 .Va firewall_script .
421 Names the firewall type from the selection in
422 .Pa /etc/rc.firewall ,
423 or the file which contains the local firewall ruleset.
424 Valid selections from
428 .Bl -tag -width ".Li simple" -compact
430 unrestricted IP access
432 all IP services disabled, except via
435 basic protection for a workstation on a LAN
441 If a filename is specified, the full path must be given.
442 .It Va firewall_trusted_nets
444 List of trusted networks (if
448 .It Va firewall_trusted_interfaces
450 List of trusted network interfaces (if
454 .It Va firewall_allowed_icmp_types
456 List of allowed ICMP types (if
460 .It Va firewall_open_tcp_ports
462 List of TCP ports to open (if
466 .It Va firewall_open_udp_ports
468 List of UDP ports to open (if
472 .It Va ipv6_firewall_type
474 The IPv6 equivalent of
476 .It Va firewall_quiet
480 to disable the display of firewall rules on the console during boot.
481 .It Va ipv6_firewall_quiet
483 The IPv6 equivalent of
485 .It Va firewall_logging
489 to enable firewall event logging.
490 This is equivalent to the
491 .Dv IPFIREWALL_VERBOSE
493 .It Va ipv6_firewall_logging
495 The IPv6 equivalent of
496 .Va firewall_logging .
497 .It Va firewall_flags
503 specifies a filename.
504 .It Va ipv6_firewall_flags
506 The IPv6 equivalent of
520 The full path to the shell script to run to set up the ipfw3
521 firewall rules (default
522 .Pa /etc/ipfw3.rules ) .
525 List of ipfw3 modules to be loaded before executing the above
528 .Dq Li ipfw3 ipfw3_basic ) .
544 sockets must be enabled in the kernel.
545 .It Va natd_interface
547 This is the name of the public interface on which
550 The interface may be given as an interface name or as an IP address.
555 flags should be placed here.
560 flag is automatically added with the above
563 .It Va tcp_extensions
570 disables certain TCP options as described by
576 might help remedy such problems with connections as randomly hanging
577 or other weird behavior.
578 Some network devices are known to be broken with respect to these options.
585 .Va net.inet.tcp.log_in_vain
587 .Va net.inet.udp.log_in_vain ,
592 are set to the given value.
600 will disable probing idle TCP connections to verify that the
601 peer is still up and reachable.
602 .It Va tcp_drop_synfin
609 will cause the kernel to ignore TCP frames that have both
610 the SYN and FIN flags set.
611 This prevents OS fingerprinting, but may break some legitimate applications.
612 This option is only available if the kernel was built with the
615 .It Va icmp_drop_redirect
622 will cause the kernel to ignore ICMP REDIRECT packets.
625 for more information.
626 .It Va icmp_log_redirect
633 will cause the kernel to log ICMP REDIRECT packets.
635 the log messages are not rate-limited, so this option should only be used
636 for troubleshooting networks.
639 for more information.
640 .It Va icmp_bmcastecho
644 to respond to broadcast or multicast ICMP ping packets.
647 for more information.
648 .It Va ip_portrange_first
652 this is the first port in the default portrange.
655 for more information.
656 .It Va ip_portrange_last
660 this is the last port in the default portrange.
663 for more information.
665 .It Va ifconfig_ Ns Aq Ar interface
669 Typically includes IP address.
670 Assuming that the interface in question was
672 it might look something like this:
674 ifconfig_ed0="inet 10.0.0.1 netmask 0xffff0000"
678 .Pa /etc/start_if. Ns Aq Ar interface
679 file is present, it is read and executed by the
681 interpreter before configuring the interface as specified in the
682 .Va ifconfig_ Ns Aq Ar interface
684 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
687 It is possible to bring up an interface with DHCP by adding
690 .Va ifconfig_ Ns Aq Ar interface
692 For instance, to initialize the
694 device via DHCP, it is possible to use something like:
700 .Va vlans_ Ns Aq Ar interface
704 interface will be created for each item in the list with the
708 If a vlan interface's name is a number,
709 then that number is used as the vlan tag and the new vlan interface is
711 .Ar interface . Ns Ar tag .
713 the vlan tag must be specified via a
716 .Va create_args_ Ns Aq Ar interface
719 To create a vlan device named
723 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
726 ifconfig_em0_101="inet 192.0.2.1/24"
729 To create a vlan device named
733 with the vlan tag 102:
736 create_args_myvlan="vlan 102"
740 .Va wlans_ Ns Aq Ar interface
744 interface will be created for each item in the list with the
748 Further wlan cloning arguments may be passed to the
751 command by setting the
752 .Va create_args_ Ns Aq Ar interface
756 devices must be created for each wireless devices as of
762 may be specified with an
763 .Va wlandebug_ Ns Aq Ar interface
765 The contents of this variable will be passed directly to
768 Also, if your interface needs WPA authentication, it is possible to add
771 .Va ifconfig_ Ns Aq Ar interface
774 .Xr wpa_supplicant 8 .
776 .Xr wpa_supplicant.conf 5
777 for configuring authentication information.
781 options in this variable, in addition to the
782 .Pa /etc/start_if. Ns Aq Ar interface
784 For instance, to initialize the
786 device via DHCP, using WPA authentication and 802.11b mode, it is
787 possible to use something like:
790 ifconfig_wlan0="up DHCP WPA mode 11b"
792 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
794 Configuration to establish an additional network address for
796 Assuming that the interface in question was
798 it might look something like this:
800 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
801 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
806 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
807 entry that is found, its contents are passed to
809 Execution stops at the first unsuccessful access, so if
810 something like this is present:
812 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
813 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
814 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
815 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
818 Then note that alias4 would
820 be added since the search would stop with the missing alias3 entry.
821 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _name
825 It is possible to rename interface by doing:
827 ifconfig_ed0_name="net0"
828 ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
837 will disable the configuration of network interfaces.
838 .It Va network_interfaces
840 The list of network interfaces to configure on this host,
843 to configure all network interfaces
846 For example, if the only network devices to be configured are the loopback device
850 driver, this could be set to
853 .Va ifconfig_ Ns Aq Ar interface
854 variable is assumed to exist for each value of
856 .It Va ipv6_network_interfaces
858 This is the IPv6 equivalent of
859 .Va network_interfaces .
860 Instead of setting the ifconfig variables as
861 .Va ifconfig_ Ns Aq Ar interface
862 they should be set as
863 .Va ipv6_ifconfig_ Ns Aq Ar interface .
864 Aliases should be set as
865 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
866 Interfaces that do not have a
867 .Va ipv6_ifconfig_ Ns Aq Ar interface
868 setting will be auto configured by
871 .Va ipv6_gateway_enable
874 Note that the IPv6 networking code does not support the
875 .Pa /etc/start_if. Ns Aq Ar interface
877 .It Va ipv6_prefix_ Ns Aq Ar interface
881 prefixlen 64 is used.
882 .It Va ipv6_default_interface
886 this is the default output interface for scoped addresses.
887 Now this works only for IPv6 link local multicast addresses.
888 .It Va ip6addrctl_enable
890 This variable is to enable configuring the default address selection policy table
894 and the policy table to be installed is specified by the
895 .Va ip6addrctl_policy
897 .It Va ip6addrctl_policy
899 This variable specifies the policy table to be installed,
900 and can be one of the following keywords:
913 installs a pre-defined policy table described in Section 2.1
921 is specified, it attempts to read a file
922 .Pa /etc/ip6addrctl.conf
924 If this file is found,
926 reads and installs it.
927 If not found, a policy is automatically set
930 variable; if the variable is set to
932 the IPv6-preferred one is used.
933 Otherwise IPv4-preferred.
934 .It Va ip6addrctl_verbose
938 print the installed policy table after configuring.
941 .It Va cloned_interfaces
943 Set to the list of clonable network interfaces to create on this host.
945 .Va cloned_interfaces
946 are automatically appended to
947 .Va network_interfaces
949 .It Va gif_interfaces
953 tunnel interfaces to configure on this host.
955 .Va gifconfig_ Ns Aq Ar interface
956 variable is assumed to exist for each value of
958 The value of this variable is used to configure the link layer of the
959 tunnel according to the syntax of the
963 Additionally, this option ensures that each listed interface is created via the
967 before attempting to configure it.
968 .It Va sppp_interfaces
972 interfaces to configure on this host.
974 .Va spppconfig_ Ns Aq Ar interface
975 variable is assumed to exist for each value of
977 Each interface should also be configured by a general
978 .Va ifconfig_ Ns Aq Ar interface
982 for more information about available options.
992 Mode in which to run the
1001 See the manual for a full description.
1006 enables network address translation.
1007 Used in conjunction with
1009 allows hosts on private network addresses access to the Internet using
1010 this host as a network address translating router.
1013 The name of the profile to use from
1014 .Pa /etc/ppp/ppp.conf .
1015 Also used for per-profile overrides of
1016 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1017 Where the profile contains any of the characters
1019 they are translated to
1021 for the purposes of the override variable names.
1022 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1024 Set the unit number to be used for this profile.
1025 See the manual description of
1032 The name of the user under which
1039 .It Va rc_conf_files
1041 This option is used to specify a list of files that will override
1043 .Pa /etc/defaults/rc.conf .
1044 The files will be read in the order in which they are specified and should
1045 include the full path to the file.
1046 By default, the files specified are
1049 .Pa /etc/rc.conf.local
1050 .It Va fsck_y_enable
1055 will be run with the
1057 flag if the initial preen of the file systems fails.
1060 List of file system types that are network-based.
1061 This list should generally not be modified by end users.
1063 .Va extra_netfs_types
1065 .It Va extra_netfs_types
1067 If set to something other than
1069 (the default), this variable extends the list of file system types
1070 for which automatic mounting at startup by
1072 should be delayed until the network is initialized.
1074 a whitespace-separated list of network file system descriptor pairs,
1075 each consisting of a file system type as passed to
1077 and a human-readable, one-word description, joined with a colon
1079 Extending the default list in this way is only necessary
1080 when third party file system types are used.
1081 .It Va devfs_config_files
1083 This option is used to specify a list of configuration files containing
1085 rules that will be applied by
1087 in the order in which they are specified and must include the full path
1089 .It Va syslogd_enable
1096 .It Va syslogd_program
1101 .Pa /usr/sbin/syslogd ) .
1102 .It Va syslogd_flags
1108 these are the flags to pass to
1117 .It Va inetd_program
1122 .Pa /usr/sbin/inetd ) .
1129 these are the flags to pass to
1137 daemon at boot time.
1144 these are the flags to pass to it.
1150 will be updated at boot time to reflect the kernel release being run.
1154 will not be updated.
1155 .It Va nfs_client_enable
1159 setup NFS client parameters at boot time.
1160 .It Va nfs_access_cache
1163 .Va nfs_client_enable
1168 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1169 NFS ACCESS results should be cached.
1170 A value of 2-10 seconds will substantially reduce network traffic for
1171 many NFS operations.
1172 The default is 5 seconds.
1173 Note that the attribute cache holds stat information only.
1174 The NFS data cache is independent of the attribute cache and is only
1175 invalidated when the client detects that the server has modified the
1177 This value specifies a maximum timeout.
1178 The NFS client will automatically use a shorter timeout for files which
1179 have been recently modified.
1180 .It Va nfs_neg_cache
1183 .Va nfs_client_enable
1188 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existent
1189 filenames), or to the number of seconds for which negative lookups should
1191 A value of 2-10 seconds will substantially reduce network
1192 traffic for many NFS operations, especially source code builds.
1193 The default is 3 seconds.
1194 .It Va nfs_server_enable
1198 run the NFS server daemons at boot time.
1199 .It Va nfs_server_flags
1202 .Va nfs_server_enable
1205 these are the flags to pass to the
1208 .It Va mountd_enable
1213 .Va nfs_server_enable
1219 It is commonly needed to run CFS without real NFS used.
1226 these are the flags to pass to the
1229 .It Va weak_mountd_authentication
1233 allow services like PCNFSD to make non-privileged mount requests.
1234 .It Va nfs_reserved_port_only
1238 provide NFS services only on a secure port.
1239 .It Va nfs_bufpackets
1241 If set to a number, indicates the number of packets worth of
1242 socket buffer space to reserve on an NFS client.
1243 The kernel default is typically 4.
1244 Using a higher number may be useful on gigabit networks to improve performance.
1245 The minimum value is 2 and the maximum is 64.
1246 .It Va rpc_umntall_enable
1250 (default) and we are also an NFS client, run
1252 at boot time to clear out old mounts on remote servers.
1257 will not be run at boot time.
1258 .It Va rpc_lockd_enable
1262 and also an NFS server, run
1265 .It Va rpc_lockd_flags
1268 .Va rpc_lockd_enable
1271 these are the flags to pass to
1273 .It Va rpc_statd_enable
1277 and also an NFS server, run
1280 .It Va rpc_statd_flags
1283 .Va rpc_statd_enable
1286 these are the flags to pass to
1288 .It Va rpcbind_program
1290 Path to program for rpcbind daemon
1292 .Pa /usr/sbin/rpcbind ) .
1293 .It Va rpcbind_enable
1300 .It Va rpcbind_flags
1306 these are the flags to pass to
1307 .Va rpcbind_program .
1308 .It Va keyserv_enable
1314 daemon on boot for running Secure RPC.
1315 .It Va keyserv_flags
1321 these are the flags to pass to
1324 .It Va pppoed_enable
1330 daemon at boot time to provide PPP over Ethernet services.
1331 .It Va pppoed_provider
1334 listens to requests to this provider and ultimately runs
1338 argument of the same name.
1341 Additional flags to pass to
1343 .It Va pppoed_interface
1345 The network interface to run
1348 This is mandatory when
1358 at system boot time.
1359 .It Va dntpd_program
1364 .Pa /usr/sbin/dntpd ) .
1371 these are the flags to pass to the
1374 .It Va btconfig_enable
1378 configure Bluetooth devices via
1380 at system boot time.
1381 .It Va btconfig_devices
1387 this is the list of Bluetooth devices to configure.
1389 .Va btconfig_devices
1390 is not specified, all devices known to the system will be configured.
1392 .Va btconfig_ Ns Aq Ar device
1393 variable can be set to specify parameters to be passed to
1395 .It Va btconfig_args
1401 this is the list of configuration parameters to pass to all Bluetooth
1407 run the Service Discovery Profile daemon
1409 at system boot time.
1416 these are the flags to pass to the
1419 .It Va bthcid_enable
1423 run the Bluetooth Link Key/PIN Code Manager daemon
1425 at system boot time.
1432 these are the flags to pass to the
1435 .It Va nis_client_enable
1441 service at system boot time.
1442 .It Va nis_client_flags
1445 .Va nis_client_enable
1448 these are the flags to pass to the
1451 .It Va nis_ypset_enable
1457 daemon at system boot time.
1458 .It Va nis_ypset_flags
1461 .Va nis_ypset_enable
1464 these are the flags to pass to the
1467 .It Va nis_server_enable
1473 daemon at system boot time.
1474 .It Va nis_server_flags
1477 .Va nis_server_enable
1480 these are the flags to pass to the
1483 .It Va nis_ypxfrd_enable
1489 daemon at system boot time.
1490 .It Va nis_ypxfrd_flags
1493 .Va nis_ypxfrd_enable
1496 these are the flags to pass to the
1499 .It Va nis_yppasswdd_enable
1505 daemon at system boot time.
1506 .It Va nis_yppasswdd_flags
1509 .Va nis_yppasswdd_enable
1512 these are the flags to pass to the
1515 .It Va rpc_ypupdated_enable
1521 daemon at system boot time.
1522 .It Va defaultrouter
1526 create a default route to this host name or IP address
1527 (use an IP address if this router is also required to get to the
1529 .It Va ipv6_defaultrouter
1531 The IPv6 equivalent of
1533 .It Va static_routes
1535 Set to the list of static routes that are to be added at system boot time.
1538 then for each whitespace separated
1541 .Va route_ Ns Aq Ar element
1542 variable is assumed to exist whose contents will later be passed to a
1545 .It Va change_routes
1547 Set to the list of static routes that are to be changed at system boot time
1548 (such as those added by the kernel).
1551 then for each whitespace separated
1554 .Va change_route_ Ns Aq Ar element
1555 variable is assumed to exist whose contents will later be passed to a
1556 .Dq Nm route Cm change
1558 .It Va ipv6_static_routes
1560 The IPv6 equivalent of
1564 then for each whitespace separated
1567 .Va ipv6_route_ Ns Aq Ar element
1568 variable is assumed to exist whose contents will later be passed to a
1569 .Dq Nm route Cm add Fl inet6
1571 .It Va gateway_enable
1575 configure host to act as an IP router, e.g. to forward packets
1577 .It Va ipv6_gateway_enable
1579 The IPv6 equivalent of
1580 .Va gateway_enable .
1581 .It Va router_enable
1585 run a routing daemon of some sort, based on the settings of
1589 .It Va ipv6_router_enable
1591 The IPv6 equivalent of
1595 run a routing daemon of some sort, based on the settings of
1596 .Va ipv6_router_program
1598 .Va ipv6_router_flags .
1599 .It Va router_program
1605 this is the name of the routing daemon to use
1607 .Pa /sbin/routed ) .
1608 .It Va ipv6_router_program
1610 The IPv6 equivalent of
1613 .Pa /sbin/route6d ) .
1620 these are the flags to pass to the routing daemon.
1621 .It Va ipv6_router_flags
1623 The IPv6 equivalent of
1625 .It Va rtadvd_enable
1631 daemon at boot time.
1634 .Va ipv6_gateway_enable
1639 utility sends router advertisement packets to the interfaces specified in
1640 .Va rtadvd_interfaces .
1642 and should only be enabled with great care.
1643 You may want to fine-tune
1645 .It Va rtadvd_interfaces
1651 this is the list of interfaces to use.
1652 .It Va rtsold_enable
1658 daemon at boot time.
1661 daemon is used for automatic discovery of non-link local addresses.
1668 these are the flags to pass to the
1675 enable global proxy ARP.
1676 .It Va forward_sourceroute
1684 source-routed packets are forwarded.
1685 .It Va accept_sourceroute
1689 the system will accept source-routed packets directed at it.
1696 daemon at system boot time.
1703 these are the flags to pass to the
1706 .It Va bootparamd_enable
1712 daemon at system boot time.
1713 .It Va bootparamd_flags
1716 .Va bootparamd_enable
1719 these are the flags to pass to the
1722 .It Va stf_interface_ipv4addr
1726 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling interface).
1727 Specify this entry to enable the 6to4 interface.
1728 .It Va stf_interface_ipv4plen
1730 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1731 An effective value is 0-31.
1732 .It Va stf_interface_ipv6_ifid
1734 IPv6 interface ID for
1738 .It Va stf_interface_ipv6_slaid
1740 IPv6 Site Level Aggregator for
1744 The keyboard bell sound.
1751 if the default behavior is desired.
1752 For details, refer to the
1759 no keymap is installed, otherwise the value is used to install
1761 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1764 The keyboard repeat speed.
1771 if the default behavior is desired.
1776 attempt to program the function keys with the value.
1777 The value should be a single string of the form:
1778 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
1781 Can be set to the value of
1784 .Dq Li destructive ,
1787 to set the cursor behavior explicitly or choose the default behavior.
1792 no screen map is installed, otherwise the value is used to install
1793 the screen map file in
1794 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
1799 the default 8x16 font value is used for screen size requests, otherwise
1801 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1807 the default 8x14 font value is used for screen size requests, otherwise
1809 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1815 the default 8x8 font value is used for screen size requests, otherwise
1817 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1823 the default screen blanking interval is used, otherwise it is set to
1830 this is the actual screen saver to use
1831 .Li ( blank , snake , daemon ,
1833 .It Va moused_nondefault_enable
1837 the mouse device specified on
1838 the command line is not automatically treated as enabled by the
1839 .Pa /etc/rc.d/moused
1841 Having this variable set to
1847 to be enabled as soon as it is plugged in.
1848 .It Va moused_enable
1854 daemon is started for doing cut/paste selection on the console.
1861 this is the protocol type of the mouse connected to this host.
1867 is able to detect the appropriate mouse type automatically in many cases.
1868 Leave this variable at the default
1870 to let the daemon detect it, or
1871 select one from the following list if the automatic detection fails.
1873 If the mouse is attached to the PS/2 mouse port, leave the variable at the
1878 regardless of the brand and model of the mouse.
1879 Likewise, if the mouse is attached to the bus mouse port, leave it at
1883 All other protocols are for serial mice and will not work with
1884 the PS/2 and bus mice.
1885 If this is a USB mouse,
1887 is the only protocol type which will work.
1889 .Bl -tag -width ".Li x10mouseremote" -compact
1891 Microsoft mouse (serial)
1893 Microsoft IntelliMouse (serial)
1895 Mouse systems Corp. mouse (serial)
1897 MM Series mouse (serial)
1899 Logitech mouse (serial)
1903 Logitech MouseMan and TrackMan (serial)
1905 ALPS GlidePoint (serial)
1906 .It Li thinkingmouse
1907 Kensington ThinkingMouse (serial)
1911 MM HitTablet (serial)
1912 .It Li x10mouseremote
1913 X10 MouseRemote (serial)
1915 Interlink VersaPad (serial)
1918 Even if the mouse is not in the above list, it may be compatible
1919 with one in the list.
1920 Refer to the man page for
1922 for compatibility information.
1924 It should also be noted that while this is enabled, any
1925 other client of the mouse (such as an X server) should access
1926 the mouse through the virtual mouse device,
1928 and configure it as a
1930 type mouse, since all
1931 mouse data is converted to this single canonical format when using
1933 If the client program does not support the
1938 It is the second preferred type.
1945 this is the actual port the mouse is on.
1948 for a COM1 serial mouse or
1950 for a PS/2 mouse, for example.
1955 is set, these are the additional flags to pass to the
1958 .It Va mousechar_start
1962 the default mouse cursor character range
1963 .Li 0xd0 Ns - Ns Li 0xd3
1964 is used, otherwise the range start is set to
1968 Use if the default range is occupied in the language code table.
1971 Set the size of the history (scrollback) buffer in lines.
1972 .It Va allscreens_flags
1976 is run with these options for each of the virtual terminals
1980 will enable the mouse pointer on all virtual terminals if
1984 .It Va allscreens_kbdflags
1988 is run with these options for each of the virtual terminals
1994 scrollback (history) buffer to 200 lines.
2001 daemon at system boot time.
2007 .Pa /usr/sbin/cron ) .
2014 these are the flags to pass to
2021 .Pa /usr/sbin/lpd ) .
2028 daemon at system boot time.
2035 these are the flags to pass to the
2044 daemon at system boot time.
2051 settings across reboots.
2052 .It Va mta_start_script
2054 The full path to the script to run to start
2055 a mail transfer agent.
2057 .Pa /etc/rc.sendmail .
2061 .Pa /etc/rc.sendmail
2062 uses are documented in the
2068 .Sq HAMMER ROOT with UFS /boot
2069 setup, the boot loader will not set up the
2072 The system will attempt to fix this on its own.
2073 Set this variable to
2075 to turn this behavior off.
2078 Indicates the device (usually a swap partition) to which a crash dump
2079 should be written in the event of a system crash.
2080 The value of this variable is passed as the argument to
2084 To disable crash dumps, set this variable to
2088 When the system reboots after a crash and a crash dump is found on the
2089 device specified by the
2093 will save that crash dump and a copy of the kernel to the directory
2097 The default value is
2106 .It Va savecore_flags
2108 If crash dumps are enabled, these are the flags to pass to the
2111 .It Va crashinfo_enable
2115 to turn on automatic crash dump summary generation using the utility
2117 .Va crashinfo_program
2119 .It Va crashinfo_program
2121 Program to run to generate a crash dump summary if the variable
2122 .Va crashinfo_enable
2125 The default value is
2126 .Pa /usr/sbin/crashinfo .
2127 .It Va enable_quotas
2131 to turn on user disk quotas on system startup via the
2138 to enable user disk quota checking via the
2141 .It Va accounting_enable
2145 to enable system accounting through the
2148 .\" ----- cleanvar_enable setting--------------------------------
2149 .It Va cleanvar_enable
2157 .Pa /var/spool/uucp/.Temp/*
2159 .\" ----- clear_tmp_enable setting-------------------------------
2160 .It Va clear_tmp_enable
2167 .\" ----- ldconfig_paths setting --------------------------------
2168 .It Va ldconfig_paths
2170 Set to the list of shared library paths to use with
2174 will always be added first, so it need not appear in this list.
2175 .It Va ldconfig_insecure
2179 utility normally refuses to use directories
2180 which are writable by anyone except root.
2181 Set this variable to
2183 to disable that security check during system startup.
2184 .It Va ldconfig_local_dirs
2186 Set to the list of local
2189 The names of all files in the directories listed will be
2190 passed as arguments to
2192 .It Va kern_securelevel
2194 The kernel security level to set at startup.
2195 The allowed range of
2197 ranges from \-1 (the compile time default) to 3 (the most secure).
2200 for the list of possible security levels and their effect on system operation.
2207 at system boot time.
2214 at system boot time.
2217 Path to the SSH server program
2219 .Pa /usr/sbin/sshd ) .
2226 these are the flags to pass to the
2235 at system boot time.
2242 these are the flags to pass to the
2245 .It Va watchdogd_enable
2251 daemon at boot time.
2256 any configured jails will not be started.
2259 A space separated list of names for jails.
2260 This is purely a configuration aid to help identify and
2261 configure multiple jails.
2262 The names specified in this list will be used to
2263 identify settings common to an instance of a jail.
2264 Assuming that the jail in question was named
2266 you would have the following dependent variables:
2268 jail_vjail_hostname="jail.example.com"
2269 jail_vjail_ip="192.168.1.100"
2270 jail_vjail_rootdir="/var/jails/vjail/root"
2275 When set, use as default value for
2276 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2279 .It Va jail_interface
2282 When set, use as default value for
2283 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2289 When set, use as default value for
2290 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2293 .It Va jail_mount_enable
2301 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2304 by default for every jail in
2306 .It Va jail_procfs_enable
2314 .Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2317 by default for every jail in
2319 .It Va jail_devfs_enable
2327 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2330 by default for every jail in
2332 .It Va jail_exec_start
2335 When set, use as default value for
2336 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2339 .It Va jail_exec_stop
2341 When set, use as default value for
2342 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2345 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
2348 Set to the root directory used by jail
2350 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
2353 Set to the fully qualified domain name (FQDN) assigned to jail
2355 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
2358 Set to the IP address assigned to jail
2360 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2365 These are flags to pass to
2367 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2370 When set, sets the interface to use when setting IP address alias.
2371 Note that the alias is created at jail startup and removed at jail shutdown.
2372 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2375 .Pa /etc/fstab. Ns Aq Ar jname
2377 This is the file system information file to use for jail
2379 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2386 mount all file systems from
2387 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2389 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2396 mount the process file system inside jail
2399 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2406 mount the device file system inside jail
2409 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2412 .Dq Li /bin/sh /etc/rc
2414 This is the command executed at jail startup.
2415 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2418 .Dq Li /bin/sh /etc/rc.shutdown
2420 This is the command executed at jail shutdown.
2421 .It Va jail_default_set_hostname_allow
2425 do not allow the root user in a jail to set its hostname.
2426 .It Va jail_default_socket_unixiproute_only
2430 do not allow any sockets,
2431 besides UNIX/IP/route sockets,
2432 to be used within a jail.
2433 .It Va jail_default_sysvipc_allow
2437 allow applications within a jail to use System V IPC.
2438 .It Va jail_default_chflags_allow
2442 allow applications within a jail to alter system file flags.
2443 .It Va jail_default_raw_sockets_allow
2447 allow applications within a jail to user raw sockets.
2452 LVM volumes will be discovered and configured on boot.
2453 .It Va newsyslog_enable
2459 before syslogd starts.
2460 .It Va newsyslog_flags
2463 .Va newsyslog_enable
2466 these are the flags passed to
2468 .It Va resident_enable
2472 make the dynamic binaries listed in
2473 .Pa /etc/resident.conf
2475 .It Va varsym_enable
2480 .Pa /etc/varsym.conf
2481 to set system-wide variables for variant symlinks.
2486 or a whitespace separated list of IRQ numbers which will be used as a source of
2488 .\" -----------------------------------------------------
2493 to disable caching entropy via
2495 Otherwise set to the directory used to store entropy files in.
2500 to disable caching entropy through reboots.
2501 Otherwise set to the filename used to store cached entropy through reboots.
2502 This file should be located on the root file system to seed the
2504 device as early as possible in the boot process.
2505 .It Va entropy_save_sz
2507 Determines the size of the entropy cache files used for entropy cached
2508 through reboots and also entropy cached via
2510 The entropy is fed to the system in blocks of 512 bytes, so this number
2511 should be large enough to fill as many of the entropy pools in the kernel
2513 By default, it is set to 16384, which should be able to seed all 32 entropy
2514 pools in the Fortuna CSPRNG.
2522 .Pa /var/run/dmesg.boot
2524 .It Va rcshutdown_timeout
2526 If set, start a watchdog timer in the background which will terminate
2530 has not completed within the specified time (in seconds).
2531 Notice that in addition to this soft timeout,
2533 also applies a hard timeout for the execution of
2535 This is configured via
2538 .Va kern.init_shutdown_timeout
2539 and defaults to 120 seconds. Setting the value of
2540 .Va rcshutdown_timeout
2541 to more than 120 seconds will have no effect until the
2544 .Va kern.init_shutdown_timeout
2550 the udevd daemon will be started on boot.
2551 .It Va vfs_quota_enable
2555 vfs quota rc.d scripts will be run on boot.
2556 .It Va vfs_quota_sync
2558 List of mount points whose counters are to be synchronized with on-disk
2559 usage during system startup.
2562 .It Va vknetd_enable
2567 will be started on boot.
2570 Additional flags passed to
2572 Usually address/cidrbits is specified here.
2573 When no flags are passed, default option
2576 .It Va vkernel_enable
2580 any configured vkernels will not be started.
2581 .It Va vkernel_kill_timeout
2583 This defines the default number of seconds that we will wait for the
2584 vkernel to shut down on its own.
2585 If after this time it's still alive,
2586 it will be killed with SIGKILL.
2589 Defines the default path to the vkernel binary.
2592 A space separated list of names for vkernels.
2593 This is purely a configuration aid to help identify and
2594 configure multiple vkernels.
2595 The names specified in this list will be used to
2596 identify settings common to a vkernel instance.
2597 Assuming that the vkernel in question was named
2599 you would have the following dependent variables
2600 (filled with reference values in this text):
2602 vkernel_example_bin="/usr/obj/usr/src/sys/VKERNEL64/kernel.debug"
2603 vkernel_example_memsize="64m"
2604 vkernel_example_rootimg_list="/var/vkernel/rootimg.01"
2605 vkernel_example_memimg="/var/vkernel/memimg.000001"
2606 vkernel_example_user="myuser"
2607 vkernel_example_iface_list="auto:bridge0"
2608 vkernel_example_logfile="/dev/null"
2609 vkernel_example_flags="-U"
2610 vkernel_example_kill_timeout="45"
2613 The last six are optional.
2614 They default to an empty string if not set, except for logfile which defaults to
2624 which is the vkernel's default directory for memory images,
2625 with permissions of 1777, i.e. world writable with the sticky bit set
2628 .It Va autofs_enable
2638 daemons at boot time.
2639 .It Va automount_flags
2645 these are the flags to pass to the
2648 By default no flags are passed.
2649 .It Va automountd_flags
2655 these are the flags to pass to the
2658 By default no flags are passed.
2659 .It Va autounmountd_flags
2665 these are the flags to pass to the
2668 By default no flags are passed.
2671 .Bl -tag -width ".Pa /etc/start_if. Ns Aq Ar interface" -compact
2672 .It Pa /etc/defaults/rc.conf
2674 .It Pa /etc/rc.conf.local
2675 .It Pa /etc/start_if. Ns Aq Ar interface
2694 .Xr resident.conf 5 ,
2699 .Xr autounmountd 8 ,
2754 .An Jordan K. Hubbard .
projects / dragonfly.git / blob