4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
26 .\" $DragonFly: src/share/man/man5/rc.conf.5,v 1.50 2008/01/20 11:23:35 swildner Exp $
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions directly.
46 Instead, it is included by the various generic startup scripts in
48 which conditionalize their
49 internal actions according to the settings found there.
53 file is included from the file
54 .Pa /etc/defaults/rc.conf ,
55 which specifies the default settings for all the available options.
56 Options need only be specified in
58 when the system administrator wishes to override these defaults.
60 .Pa /etc/rc.conf.local
61 is used to override settings in
63 for historical reasons.
68 The following list provides a name and short description for each
69 variable that can be set in the
86 These values are case insensitive.
89 postfix in the name of a variables for starting a service can be
92 .Bl -tag -width indent-two
97 enable output of debug messages from rc scripts.
98 This variable can be helpful in diagnosing mistakes when
99 editing or integrating new scripts.
100 Beware that this produces copious output to the terminal and
106 disable informational messages from the rc scripts.
107 Informational messages are displayed when
108 a condition that is not serious enough to warrant a warning or an error occurs.
113 no swapfile is installed, otherwise the value is used as the full
114 pathname to a file to use for additional swap space.
119 enable support for Automatic Power Management with the
126 to handle APM event from userland.
127 This also enables support for APM.
134 these are the flags to pass to the
140 to monitor the status of batteries present in the system.
141 This also enables support for APM.
148 these are the flags to pass to the
151 .It Va sensorsd_enable
160 a sensors monitoring and logging daemon.
161 .It Va sensorsd_flags
164 This variable contains additional flags passed to the
167 .It Va pccard_ifconfig
169 List of arguments to be passed to
171 at boot time or on insertion of the card (e.g.\&
172 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
173 for a fixed address or
176 .It Va pccard_ether_delay
178 Set the delay before starting
181 .Pa /etc/pccard_ether
183 This defaults to 5 seconds to work around a bug in the
185 driver which can lead to system hangs when using some newer
188 .It Va removable_interfaces
190 List of removable network interfaces to be supported by
191 .Pa /etc/pccard_ether .
194 List of directories to search for startup script files.
195 .It Va script_name_sep
197 The field separator to use for breaking down the list of startup script files
198 into individual filenames.
199 The default is a space.
200 It is not necessary to change this unless there are startup scripts with names
202 .It Va hostapd_enable
211 The fully qualified domain name (FQDN) of this host on the network.
212 This should almost certainly be set to something meaningful, even if
213 there is no network connection.
216 is used to set the hostname via DHCP,
217 this variable should be set to an empty string.
220 Enable support for IPv6 networking.
221 Note that this requires that the kernel have been compiled with
222 .Cd "options INET6" .
225 The NIS domain name of this host, or
228 .It Va dhclient_program
230 Path to the DHCP client program
231 .Pa ( /sbin/dhclient ,
232 the ISC DHCP client, is the default).
233 .It Va dhclient_flags
235 Additional flags to pass to the DHCP client program.
236 For the ISC DHCP client, see the
238 manpage for a description of the command line options available.
239 .\".It Va background_dhclient
243 .\"to start the DHCP client in background.
244 .\"This can cause trouble with applications depending on
245 .\"a working network, but it will provide a faster startup in many cases.
253 .It Va dhcrelay_enable
266 If the kernel was not built with
270 kernel module will be loaded.
274 .Va ipfilter_enable .
279 ruleset definition file.
290 these are the flags to pass to
292 when loading the ruleset.
299 which logs packets from
307 this specifies the path of the log file.
318 these are the flags to pass to
320 .It Va firewall_enable
324 to load firewall rules at startup.
325 If the kernel was not built with
326 .Cd "options IPFIREWALL" ,
329 kernel module will be loaded.
333 .Va ipfilter_enable .
334 .It Va ipv6_firewall_enable
336 The IPv6 equivalent of
337 .Va firewall_enable .
340 to load IPv6 firewall rules at startup.
341 If the kernel was not built with
342 .Cd "options IPV6FIREWALL" ,
345 kernel module will be loaded.
346 .It Va firewall_script
348 This variable specifies the full path to the firewall script to run.
350 .Pa /etc/rc.firewall .
351 .It Va ipv6_firewall_script
353 The IPv6 equivalent of
354 .Va firewall_script .
357 Names the firewall type from the selection in
358 .Pa /etc/rc.firewall ,
359 or the file which contains the local firewall ruleset.
360 Valid selections from
364 .Bl -tag -width ".Li simple" -compact
366 unrestricted IP access
368 all IP services disabled, except via
371 basic protection for a workstation on a LAN
377 If a filename is specified, the full path must be given.
378 .It Va firewall_trusted_nets
380 List of trusted networks (if
384 .It Va firewall_trusted_interfaces
386 List of trusted network interfaces (if
390 .It Va firewall_allowed_icmp_types
392 List of allowed ICMP types (if
396 .It Va firewall_open_tcp_ports
398 List of TCP ports to open (if
402 .It Va firewall_open_udp_ports
404 List of UDP ports to open (if
408 .It Va ipv6_firewall_type
410 The IPv6 equivalent of
412 .It Va firewall_quiet
416 to disable the display of firewall rules on the console during boot.
417 .It Va ipv6_firewall_quiet
419 The IPv6 equivalent of
421 .It Va firewall_logging
425 to enable firewall event logging.
426 This is equivalent to the
427 .Dv IPFIREWALL_VERBOSE
429 .It Va ipv6_firewall_logging
431 The IPv6 equivalent of
432 .Va firewall_logging .
433 .It Va firewall_flags
439 specifies a filename.
440 .It Va ipv6_firewall_flags
442 The IPv6 equivalent of
459 sockets must be enabled in the kernel.
460 .It Va natd_interface
462 This is the name of the public interface on which
465 The interface may be given as an interface name or as an IP address.
470 flags should be placed here.
475 flag is automatically added with the above
478 .\" ----- ipfilter_enable setting --------------------------------
479 .It Va ipfilter_enable
490 Typical usage will require putting
492 ipfilter_enable="YES"
510 can be enabled independently.
514 both require at least one of
524 options IPFILTER_DEFAULT_BLOCK
527 in the kernel configuration file is a good idea, too.
531 .Va firewall_enable .
532 .\" ----- ipfilter_program setting ------------------------------
533 .It Va ipfilter_program
539 .\" ----- ipfilter_rules setting --------------------------------
540 .It Va ipfilter_rules
545 This variable contains the name of the filter rule definition file.
546 The file is expected to be readable for the
549 .\" ----- ipv6_ipfilter_rules setting ---------------------------
550 .It Va ipv6_ipfilter_rules
555 This variable contains the IPv6 filter rule definition file.
556 The file is expected to be readable for the
559 .\" ----- ipfilter_flags setting --------------------------------
560 .It Va ipfilter_flags
563 This variable contains flags passed to the
566 .\" ----- ipnat_enable setting ----------------------------------
576 network address translation.
579 for a detailed discussion.
580 .\" ----- ipnat_program setting ---------------------------------
587 .\" ----- ipnat_rules setting -----------------------------------
593 This variable contains the name of the file
594 holding the network address translation definition.
595 This file is expected to be readable for the
598 .\" ----- ipnat_flags setting -----------------------------------
602 This variable contains flags passed to the
605 .\" ----- ipmon_enable setting ----------------------------------
620 Setting this variable needs setting
627 for a detailed discussion.
628 .\" ----- ipmon_program setting ---------------------------------
635 .\" ----- ipmon_flags setting -----------------------------------
641 This variable contains flags passed to the
644 Another typical example would be
645 .Dq Fl D Pa /var/log/ipflog
648 log directly to a file bypassing
651 .Pa /etc/newsyslog.conf
652 in such case like this:
654 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
656 .\" ----- ipfs_enable setting -----------------------------------
666 saving the filter and NAT state tables during shutdown
667 and reloading them during startup again.
668 Setting this variable needs setting
677 for a detailed discussion.
682 cannot be used because the raised securelevel will prevent
684 from saving the state tables at shutdown time.
685 .\" ----- ipfs_program setting ----------------------------------
692 .\" ----- ipfs_flags setting ------------------------------------
696 This variable contains flags passed to the
699 .\" ----- end of added ipf hook ---------------------------------
700 .It Va tcp_extensions
707 disables certain TCP options as described by
713 might help remedy such problems with connections as randomly hanging
714 or other weird behavior.
715 Some network devices are known to be broken with respect to these options.
722 .Va net.inet.tcp.log_in_vain
724 .Va net.inet.udp.log_in_vain ,
729 are set to the given value.
737 will disable probing idle TCP connections to verify that the
738 peer is still up and reachable.
739 .It Va tcp_drop_synfin
746 will cause the kernel to ignore TCP frames that have both
747 the SYN and FIN flags set.
748 This prevents OS fingerprinting, but may break some legitimate applications.
749 This option is only available if the kernel was built with the
752 .It Va icmp_drop_redirect
759 will cause the kernel to ignore ICMP REDIRECT packets.
762 for more information.
763 .It Va icmp_log_redirect
770 will cause the kernel to log ICMP REDIRECT packets.
772 the log messages are not rate-limited, so this option should only be used
773 for troubleshooting networks.
776 for more information.
777 .It Va icmp_bmcastecho
781 to respond to broadcast or multicast ICMP ping packets.
784 for more information.
785 .It Va ip_portrange_first
789 this is the first port in the default portrange.
792 for more information.
793 .It Va ip_portrange_last
797 this is the last port in the default portrange.
800 for more information.
801 .It Va network_interfaces
803 Set to the list of network interfaces to configure on this host.
804 For example, if the only network devices in the system are the loopback device
808 driver, this could be set to
811 .Va ifconfig_ Ns Aq Ar interface
812 variable is also assumed to exist for each value of
814 It is also possible to add IP alias entries here in cases where
815 multiple IP addresses registered against a single interface are desired.
816 Assuming that the interface in question was
818 it might look something like this:
820 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
821 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
826 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
827 entry that is found, its contents are passed to
829 Execution stops at the first unsuccessful access, so if
830 something like this is present:
832 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
833 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
834 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
835 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
838 Then note that alias4 would
840 be added since the search would stop with the missing alias3 entry.
843 .Pa /etc/start_if. Ns Aq Ar interface
844 file is present, it is read and executed by the
846 interpreter before configuring the interface as specified in the
847 .Va ifconfig_ Ns Aq Ar interface
849 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
852 It is possible to bring up an interface with DHCP by adding
855 .Va ifconfig_ Ns Aq Ar interface
857 For instance, to initialize the
859 device via DHCP, it is possible to use something like:
864 Also, if your interface needs WPA authentication, it is possible to add
867 .Va ifconfig_ Ns Aq Ar interface
872 options in this variable, in addition to the
873 .Pa /etc/start_if. Ns Aq Ar interface
875 For instance, to initialize the
877 device via DHCP, using WPA authentication and 802.11b mode, it is
878 possible to use something like:
880 ifconfig_wi0="up DHCP WPA mode 11b"
883 It is also possible to rename interface by doing:
885 ifconfig_ed0_name="net0"
886 ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
888 .It Va ipv6_network_interfaces
890 This is the IPv6 equivalent of
891 .Va network_interfaces .
892 Instead of setting the ifconfig variables as
893 .Va ifconfig_ Ns Aq Ar interface
894 they should be set as
895 .Va ipv6_ifconfig_ Ns Aq Ar interface .
896 Aliases should be set as
897 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
898 .Va ipv6_prefix_ Ns Aq Ar interface
900 Interfaces that do not have a
901 .Va ipv6_ifconfig_ Ns Aq Ar interface
902 setting will be auto configured by
905 .Va ipv6_gateway_enable
908 Note that the IPv6 networking code does not support the
909 .Pa /etc/start_if. Ns Aq Ar interface
911 .It Va ipv6_default_interface
915 this is the default output interface for scoped addresses.
916 Now this works only for IPv6 link local multicast addresses.
917 .It Va cloned_interfaces
919 Set to the list of clonable network interfaces to create on this host.
921 .Va cloned_interfaces
922 are automatically appended to
923 .Va network_interfaces
925 .It Va gif_interfaces
929 tunnel interfaces to configure on this host.
931 .Va gifconfig_ Ns Aq Ar interface
932 variable is assumed to exist for each value of
934 The value of this variable is used to configure the link layer of the
935 tunnel according to the syntax of the
939 Additionally, this option ensures that each listed interface is created via the
943 before attempting to configure it.
944 .It Va sppp_interfaces
948 interfaces to configure on this host.
950 .Va spppconfig_ Ns Aq Ar interface
951 variable is assumed to exist for each value of
953 Each interface should also be configured by a general
954 .Va ifconfig_ Ns Aq Ar interface
958 for more information about available options.
968 Mode in which to run the
977 See the manual for a full description.
982 enables network address translation.
983 Used in conjunction with
985 allows hosts on private network addresses access to the Internet using
986 this host as a network address translating router.
989 The name of the profile to use from
990 .Pa /etc/ppp/ppp.conf .
993 The name of the user under which
1000 .It Va rc_conf_files
1002 This option is used to specify a list of files that will override
1004 .Pa /etc/defaults/rc.conf .
1005 The files will be read in the order in which they are specified and should
1006 include the full path to the file.
1007 By default, the files specified are
1010 .Pa /etc/rc.conf.local
1011 .It Va fsck_y_enable
1016 will be run with the
1018 flag if the initial preen of the file systems fails.
1021 List of file system types that are network-based.
1022 This list should generally not be modified by end users.
1024 .Va extra_netfs_types
1026 .It Va extra_netfs_types
1028 If set to something other than
1030 (the default), this variable extends the list of file system types
1031 for which automatic mounting at startup by
1033 should be delayed until the network is initialized.
1035 a whitespace-separated list of network file system descriptor pairs,
1036 each consisting of a file system type as passed to
1038 and a human-readable, one-word description, joined with a colon
1040 Extending the default list in this way is only necessary
1041 when third party file system types are used.
1042 .It Va syslogd_enable
1049 .It Va syslogd_program
1054 .Pa /usr/sbin/syslogd ) .
1055 .It Va syslogd_flags
1061 these are the flags to pass to
1070 .It Va inetd_program
1075 .Pa /usr/sbin/inetd ) .
1082 these are the flags to pass to
1091 .It Va named_program
1096 .Pa /usr/sbin/named ) .
1103 these are the flags to pass to
1105 .It Va named_pidfile
1107 This is the default path to the
1110 Change it if you change the location in
1111 .Pa /etc/namedb/named.conf .
1112 .It Va named_chrootdir
1114 The root directory for a name server run in a
1119 will not be run in a
1122 .It Va kerberos5_server_enable
1126 to start a Kerberos 5 authentication server at boot time.
1127 .It Va kerberos5_server_program
1130 .Va kerberos5_server_enable
1133 this is the path to Kerberos 5 Authentication Server.
1134 .It Va kadmind5_server_enable
1140 the Kerberos 5 Administration Daemon; set to
1143 .It Va kadmind5_server_program
1146 .Va kadmind5_server_enable
1149 this is the path to Kerberos 5 Administration Daemon.
1150 .It Va kpasswdd_server_enable
1156 the Kerberos 5 Password-Changing Daemon; set to
1159 .It Va kpasswdd_server_program
1162 .Va kpasswdd_server_enable
1165 this is the path to Kerberos 5 Password-Changing Daemon.
1172 daemon at boot time.
1179 these are the flags to pass to it.
1186 daemon at boot time.
1193 these are the flags to pass to it.
1196 manpage for more information.
1197 .It Va amd_map_program
1199 If set, the specified program is run to get the list of
1204 maps are stored in NIS, one can set this to run
1216 will be updated at boot time to reflect the kernel release being run.
1220 will not be updated.
1221 .It Va nfs_client_enable
1225 run the NFS client daemons at boot time.
1226 .It Va nfs_client_flags
1229 .Va nfs_client_enable
1232 these are the flags to pass to the
1235 .It Va nfs_access_cache
1238 .Va nfs_client_enable
1243 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1244 NFS ACCESS results should be cached.
1245 A value of 2-10 seconds will substantially reduce network traffic for
1246 many NFS operations.
1247 The default is 5 seconds.
1248 Note that the attribute cache holds stat information only.
1249 The NFS data cache is independent of the attribute cache and is only
1250 invalidated when the client detects that the server has modified the
1252 This value specifies a maximum timeout.
1253 The NFS client will automatically use a shorter timeout for files which
1254 have been recently modified.
1255 .It Va nfs_neg_cache
1258 .Va nfs_client_enable
1263 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existent
1264 filenames), or to the number of seconds for which negative lookups should
1266 A value of 2-10 seconds will substantially reduce network
1267 traffic for many NFS operations, especially source code builds.
1268 The default is 3 seconds.
1269 .It Va nfs_server_enable
1273 run the NFS server daemons at boot time.
1274 .It Va nfs_server_flags
1277 .Va nfs_server_enable
1280 these are the flags to pass to the
1283 .It Va mountd_enable
1288 .Va nfs_server_enable
1294 It is commonly needed to run CFS without real NFS used.
1301 these are the flags to pass to the
1304 .It Va weak_mountd_authentication
1308 allow services like PCNFSD to make non-privileged mount requests.
1309 .It Va nfs_reserved_port_only
1313 provide NFS services only on a secure port.
1314 .It Va nfs_bufpackets
1316 If set to a number, indicates the number of packets worth of
1317 socket buffer space to reserve on an NFS client.
1318 The kernel default is typically 4.
1319 Using a higher number may be useful on gigabit networks to improve performance.
1320 The minimum value is 2 and the maximum is 64.
1321 .It Va rpc_umntall_enable
1325 (default) and we are also an NFS client, run
1327 at boot time to clear out old mounts on remote servers.
1332 will not be run at boot time.
1333 .It Va rpc_lockd_enable
1337 and also an NFS server, run
1340 .It Va rpc_statd_enable
1344 and also an NFS server, run
1347 .It Va rpcbind_program
1352 .Pa /usr/sbin/rpcbind ) .
1353 .It Va rpcbind_enable
1359 service at boot time.
1360 .It Va rpcbind_flags
1366 these are the flags to pass to the
1369 .It Va keyserv_enable
1375 daemon on boot for running Secure RPC.
1376 .It Va keyserv_flags
1382 these are the flags to pass to
1385 .It Va pppoed_enable
1391 daemon at boot time to provide PPP over Ethernet services.
1392 .It Va pppoed_provider
1395 listens to requests to this provider and ultimately runs
1399 argument of the same name.
1402 Additional flags to pass to
1404 .It Va pppoed_interface
1406 The network interface to run
1409 This is mandatory when
1419 service at boot time.
1420 This command is intended for networks of machines where a consistent
1422 for all hosts must be established.
1423 This is often useful in large NFS environments where time stamps on
1424 files are expected to be consistent network-wide.
1431 these are the flags to pass to the
1440 command at boot time.
1446 .Pa /usr/sbin/ntpd ) .
1453 these are the flags to pass to the
1458 by default which sets the time immediately at startup if the
1459 local clock is off by more than 180 seconds.
1462 from doing this, set
1472 at system boot time.
1473 .It Va dntpd_program
1478 .Pa /usr/sbin/dntpd ) .
1485 these are the flags to pass to the
1488 .It Va btconfig_enable
1492 configure Bluetooth devices via
1494 at system boot time.
1495 .It Va btconfig_devices
1501 this is the list of Bluetooth devices to configure.
1503 .Va btconfig_devices
1504 is not specified, all devices known to the system will be configured.
1506 .Va btconfig_ Ns Aq Ar device
1507 variable can be set to specify parameters to be passed to
1509 .It Va btconfig_args
1515 this is the list of configuration parameters to pass to all Bluetooth
1521 run the Service Discovery Profile daemon
1523 at system boot time.
1530 these are the flags to pass to the
1533 .It Va nis_client_enable
1539 service at system boot time.
1540 .It Va nis_client_flags
1543 .Va nis_client_enable
1546 these are the flags to pass to the
1549 .It Va nis_ypset_enable
1555 daemon at system boot time.
1556 .It Va nis_ypset_flags
1559 .Va nis_ypset_enable
1562 these are the flags to pass to the
1565 .It Va nis_server_enable
1571 daemon at system boot time.
1572 .It Va nis_server_flags
1575 .Va nis_server_enable
1578 these are the flags to pass to the
1581 .It Va nis_ypxfrd_enable
1587 daemon at system boot time.
1588 .It Va nis_ypxfrd_flags
1591 .Va nis_ypxfrd_enable
1594 these are the flags to pass to the
1597 .It Va nis_yppasswdd_enable
1603 daemon at system boot time.
1604 .It Va nis_yppasswdd_flags
1607 .Va nis_yppasswdd_enable
1610 these are the flags to pass to the
1613 .It Va rpc_ypupdated_enable
1619 daemon at system boot time.
1620 .It Va defaultrouter
1624 create a default route to this host name or IP address
1625 (use an IP address if this router is also required to get to the
1627 .It Va ipv6_defaultrouter
1629 The IPv6 equivalent of
1631 .It Va static_routes
1633 Set to the list of static routes that are to be added at system boot time.
1636 then for each whitespace separated
1639 .Va route_ Ns Aq Ar element
1640 variable is assumed to exist whose contents will later be passed to a
1643 .It Va ipv6_static_routes
1645 The IPv6 equivalent of
1649 then for each whitespace separated
1652 .Va ipv6_route_ Ns Aq Ar element
1653 variable is assumed to exist whose contents will later be passed to a
1654 .Dq Nm route Cm add Fl inet6
1656 .It Va gateway_enable
1660 configure host to act as an IP router, e.g. to forward packets
1662 .It Va ipv6_gateway_enable
1664 The IPv6 equivalent of
1665 .Va gateway_enable .
1666 .It Va router_enable
1670 run a routing daemon of some sort, based on the settings of
1674 .It Va ipv6_router_enable
1676 The IPv6 equivalent of
1680 run a routing daemon of some sort, based on the settings of
1681 .Va ipv6_router_program
1683 .Va ipv6_router_flags .
1684 .It Va router_program
1690 this is the name of the routing daemon to use.
1691 .It Va ipv6_router_program
1693 The IPv6 equivalent of
1694 .Va router_program .
1701 these are the flags to pass to the routing daemon.
1702 .It Va ipv6_router_flags
1704 The IPv6 equivalent of
1706 .It Va mrouted_enable
1710 run the multicast routing daemon,
1712 .It Va mroute6d_enable
1714 The IPv6 equivalent of
1715 .Va mrouted_enable .
1718 run the IPv6 multicast routing daemon.
1719 Note that no IPv6 multicast routing daemon is included in the
1723 can be installed from the
1726 .It Va mrouted_flags
1732 these are the flags to pass to the
1735 .It Va mroute6d_flags
1737 The IPv6 equivalent of
1743 these are the flags passed to the IPv6 multicast routing daemon.
1744 .It Va mroute6d_program
1750 this is the path to the IPv6 multicast routing daemon.
1751 .It Va rtadvd_enable
1757 daemon at boot time.
1760 .Va ipv6_gateway_enable
1765 utility sends router advertisement packets to the interfaces specified in
1766 .Va rtadvd_interfaces .
1768 and should only be enabled with great care.
1769 You may want to fine-tune
1771 .It Va rtadvd_interfaces
1777 this is the list of interfaces to use.
1778 .It Va rtsold_enable
1784 daemon at boot time.
1787 daemon is used for automatic discovery of non-link local addresses.
1794 these are the flags to pass to the
1797 .It Va ipxgateway_enable
1801 enable the routing of IPX traffic.
1802 .It Va ipxrouted_enable
1808 daemon at system boot time.
1809 .It Va ipxrouted_flags
1812 .Va ipxrouted_enable
1815 these are the flags to pass to the
1822 enable global proxy ARP.
1823 .It Va forward_sourceroute
1831 source-routed packets are forwarded.
1832 .It Va accept_sourceroute
1836 the system will accept source-routed packets directed at it.
1843 daemon at system boot time.
1850 these are the flags to pass to the
1853 .It Va bootparamd_enable
1859 daemon at system boot time.
1860 .It Va bootparamd_flags
1863 .Va bootparamd_enable
1866 these are the flags to pass to the
1869 .It Va stf_interface_ipv4addr
1873 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling interface).
1874 Specify this entry to enable the 6to4 interface.
1875 .It Va stf_interface_ipv4plen
1877 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1878 An effective value is 0-31.
1879 .It Va stf_interface_ipv6_ifid
1881 IPv6 interface ID for
1885 .It Va stf_interface_ipv6_slaid
1887 IPv6 Site Level Aggregator for
1889 .It Va ipv6_faith_prefix
1893 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP translator.
1897 .It Va ipv6_ipv4mapping
1901 this enables IPv4 mapped IPv6 address communication (like
1902 .Li ::ffff:a.b.c.d ) .
1907 to enable the configuration of ATM interfaces at system boot time.
1908 For all of the ATM variables described below, please refer to the
1910 man page for further details on the available command parameters.
1911 Also refer to the files in
1912 .Pa /usr/share/examples/atm
1913 for more detailed configuration information.
1914 .It Va atm_netif_ Ns Aq Ar intf
1916 For the ATM physical interface
1918 this variable defines the name prefix and count for the ATM network
1919 interfaces to be created.
1920 The value will be passed as the parameters of an
1921 .Dq Nm atm Cm "set netif" Ar intf
1923 .It Va atm_sigmgr_ Ns Aq Ar intf
1925 For the ATM physical interface
1927 this variable defines the ATM signalling manager to be used.
1928 The value will be passed as the parameters of an
1929 .Dq Nm atm Cm attach Ar intf
1931 .It Va atm_prefix_ Ns Aq Ar intf
1933 For the ATM physical interface
1935 this variable defines the NSAP prefix for interfaces using a UNI signalling
1939 the prefix will automatically be set via the
1942 Otherwise, the value will be passed as the parameters of an
1943 .Dq Nm atm Cm "set prefix" Ar intf
1945 .It Va atm_macaddr_ Ns Aq Ar intf
1947 For the ATM physical interface
1949 this variable defines the MAC address for interfaces using a UNI signalling
1953 the hardware MAC address contained in the ATM interface card will be used.
1954 Otherwise, the value will be passed as the parameters of an
1955 .Dq Nm atm Cm "set mac" Ar intf
1957 .It Va atm_arpserver_ Ns Aq Ar netif
1959 For the ATM network interface
1961 this variable defines the ATM address for a host which is to provide ATMARP
1963 This variable is only applicable to interfaces using a UNI signalling manager.
1966 this host will become an ATMARP server.
1967 The value will be passed as the parameters of an
1968 .Dq Nm atm Cm "set arpserver" Ar netif
1970 .It Va atm_scsparp_ Ns Aq Ar netif
1974 SCSP/ATMARP service for the network interface
1976 will be initiated using the
1981 This variable is only applicable if
1982 .Va atm_arpserver_ Ns Aq Ar netif
1987 Set to the list of permanent ATM ARP entries to be added at system boot time.
1988 For each whitespace separated
1991 .Va atm_arp_ Ns Aq Ar element
1992 variable is assumed to exist.
1993 The value of each of these variables will be passed as the parameters of an
1994 .Dq Nm atm Cm "add arp"
1998 The keyboard bell sound.
2005 if the default behavior is desired.
2006 For details, refer to the
2013 no keymap is installed, otherwise the value is used to install
2015 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
2018 The keyboard repeat speed.
2025 if the default behavior is desired.
2030 attempt to program the function keys with the value.
2031 The value should be a single string of the form:
2032 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
2035 Can be set to the value of
2038 .Dq Li destructive ,
2041 to set the cursor behavior explicitly or choose the default behavior.
2046 no screen map is installed, otherwise the value is used to install
2047 the screen map file in
2048 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
2053 the default 8x16 font value is used for screen size requests, otherwise
2055 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2061 the default 8x14 font value is used for screen size requests, otherwise
2063 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2069 the default 8x8 font value is used for screen size requests, otherwise
2071 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2077 the default screen blanking interval is used, otherwise it is set to
2084 this is the actual screen saver to use
2085 .Li ( blank , snake , daemon ,
2087 .It Va moused_enable
2093 daemon is started for doing cut/paste selection on the console.
2096 This is the protocol type of the mouse connected to this host.
2097 This variable must be set if
2104 is able to detect the appropriate mouse type automatically in many cases.
2105 Set this variable to
2107 to let the daemon detect it, or
2108 select one from the following list if the automatic detection fails.
2110 If the mouse is attached to the PS/2 mouse port, choose
2114 regardless of the brand and model of the mouse.
2115 Likewise, if the mouse is attached to the bus mouse port, choose
2119 All other protocols are for serial mice and will not work with
2120 the PS/2 and bus mice.
2121 If this is a USB mouse,
2123 is the only protocol type which will work.
2125 .Bl -tag -width ".Li x10mouseremote" -compact
2127 Microsoft mouse (serial)
2129 Microsoft IntelliMouse (serial)
2131 Mouse systems Corp. mouse (serial)
2133 MM Series mouse (serial)
2135 Logitech mouse (serial)
2139 Logitech MouseMan and TrackMan (serial)
2141 ALPS GlidePoint (serial)
2142 .It Li thinkingmouse
2143 Kensington ThinkingMouse (serial)
2147 MM HitTablet (serial)
2148 .It Li x10mouseremote
2149 X10 MouseRemote (serial)
2151 Interlink VersaPad (serial)
2154 Even if the mouse is not in the above list, it may be compatible
2155 with one in the list.
2156 Refer to the man page for
2158 for compatibility information.
2160 It should also be noted that while this is enabled, any
2161 other client of the mouse (such as an X server) should access
2162 the mouse through the virtual mouse device,
2164 and configure it as a
2166 type mouse, since all
2167 mouse data is converted to this single canonical format when using
2169 If the client program does not support the
2174 It is the second preferred type.
2181 this is the actual port the mouse is on.
2184 for a COM1 serial mouse,
2188 for a bus mouse, for example.
2193 is set, these are the additional flags to pass to the
2196 .It Va mousechar_start
2200 the default mouse cursor character range
2201 .Li 0xd0 Ns - Ns Li 0xd3
2202 is used, otherwise the range start is set to
2206 Use if the default range is occupied in the language code table.
2209 Set the size of the history (scrollback) buffer in lines.
2210 .It Va allscreens_flags
2214 is run with these options for each of the virtual terminals
2218 will enable the mouse pointer on all virtual terminals if
2222 .It Va allscreens_kbdflags
2226 is run with these options for each of the virtual terminals
2232 scrollback (history) buffer to 200 lines.
2239 daemon at system boot time.
2245 .Pa /usr/sbin/cron ) .
2252 these are the flags to pass to
2259 .Pa /usr/sbin/lpd ) .
2266 daemon at system boot time.
2273 these are the flags to pass to the
2282 settings across reboots.
2283 .It Va mta_start_script
2285 This variable specifies the full path to the script to run to start
2286 a mail transfer agent.
2288 .Pa /etc/rc.sendmail .
2292 .Pa /etc/rc.sendmail
2293 uses are documented in the
2298 Indicates the device (usually a swap partition) to which a crash dump
2299 should be written in the event of a system crash.
2300 The value of this variable is passed as the argument to
2302 To disable crash dumps, set this variable to
2306 When the system reboots after a crash and a crash dump is found on the
2307 device specified by the
2311 will save that crash dump and a copy of the kernel to the directory
2315 The default value is
2324 .It Va savecore_flags
2326 If crash dumps are enabled, these are the flags to pass to the
2329 .It Va enable_quotas
2333 to turn on user disk quotas on system startup via the
2340 to enable user disk quota checking via the
2343 .It Va accounting_enable
2347 to enable system accounting through the
2354 to enable Linux/ELF binary emulation at system initial boot time.
2355 .It Va sysvipc_enable
2359 load System V IPC primitives at boot time.
2360 .\" ----- cleanvar_enable setting--------------------------------
2361 .It Va cleanvar_enable
2369 .Pa /var/spool/uucp/.Temp/*
2371 .\" ----- clear_tmp_enable setting-------------------------------
2372 .It Va clear_tmp_enable
2379 .\" ----- ldconfig_paths setting --------------------------------
2380 .It Va ldconfig_paths
2382 Set to the list of shared library paths to use with
2386 will always be added first, so it need not appear in this list.
2387 .It Va ldconfig_insecure
2391 utility normally refuses to use directories
2392 which are writable by anyone except root.
2393 Set this variable to
2395 to disable that security check during system startup.
2396 .It Va kern_securelevel
2398 The kernel security level to set at startup.
2399 The allowed range of
2401 ranges from \-1 (the compile time default) to 3 (the most secure).
2404 for the list of possible security levels and their effect on system operation.
2411 at system boot time.
2418 at system boot time.
2421 Path to the SSH server program
2422 .Pa ( /usr/sbin/sshd
2430 these are the flags to pass to the
2439 at system boot time.
2446 these are the flags to pass to the
2455 daemon at boot time.
2462 these are the flags passed to
2465 .It Va watchdogd_enable
2471 daemon at boot time.
2472 This requires that the kernel have been compiled with
2473 .Cd "options WATCHDOG" .
2478 any configured jails will not be started.
2481 A space separated list of names for jails.
2482 This is purely a configuration aid to help identify and
2483 configure multiple jails.
2484 The names specified in this list will be used to
2485 identify settings common to an instance of a jail.
2486 Assuming that the jail in question was named
2488 you would have the following dependent variables:
2490 jail_vjail_hostname="jail.example.com"
2491 jail_vjail_ip="192.168.1.100"
2492 jail_vjail_rootdir="/var/jails/vjail/root"
2498 When set, use as default value for
2499 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2502 .It Va jail_interface
2505 When set, use as default value for
2506 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2512 When set, use as default value for
2513 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2516 .It Va jail_mount_enable
2524 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2527 by default for every jail in
2529 .It Va jail_fdesc_enable
2537 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2540 by default for every jail in
2542 .It Va jail_procfs_enable
2550 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2553 by default for every jail in
2555 .It Va jail_exec_start
2558 When set, use as default value for
2559 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2562 .It Va jail_exec_stop
2564 When set, use as default value for
2565 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2568 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
2571 Set to the root directory used by jail
2573 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
2576 Set to the fully qualified domain name (FQDN) assigned to jail
2578 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
2581 Set to the IP address assigned to jail
2583 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2588 These are flags to pass to
2590 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2593 When set, sets the interface to use when setting IP address alias.
2594 Note that the alias is created at jail startup and removed at jail shutdown.
2595 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2598 .Pa /etc/fstab. Ns Aq Ar jname
2600 This is the file system information file to use for jail
2602 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2609 mount all file systems from
2610 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2612 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2619 mount the file-descriptor file system inside jail
2622 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2629 mount the process file system inside jail
2632 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2635 .Dq Li /bin/sh /etc/rc
2637 This is the command executed at jail startup.
2638 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2641 .Dq Li /bin/sh /etc/rc.shutdown
2643 This is the command executed at jail shutdown.
2644 .It Va jail_set_hostname_allow
2648 do not allow the root user in a jail to set its hostname.
2649 .It Va jail_socket_unixiproute_only
2653 do not allow any sockets,
2654 besides UNIX/IP/route sockets,
2655 to be used within a jail.
2656 .It Va jail_sysvipc_allow
2660 allow applications within a jail to use System V IPC.
2661 .It Va newsyslog_enable
2667 before syslogd starts.
2668 .It Va newsyslog_flags
2671 .Va newsyslog_enable
2674 these are the flags passed to
2676 .It Va resident_enable
2680 make the dynamic binaries listed in
2681 .Pa /etc/resident.conf
2683 .It Va varsym_enable
2688 .Pa /etc/varsym.conf
2689 to set system-wide variables for variant symlinks.
2694 or a whitespace separated list of IRQ numbers which will be used as a source of
2696 .\" ----- isdn settings ---------------------------------
2706 daemon at system boot time.
2710 .Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
2712 Additional flags to pass to
2718 for certain tunable parameters).
2724 The terminal type of the output device when
2726 operates in full-screen mode.
2727 .It Va isdn_screenflags
2732 The video mode for full-screen mode (only for
2742 The output device for
2744 in full-screen mode (or
2754 enables the ISDN protocol trace utility
2756 at system boot time.
2757 .It Va isdn_traceflags
2760 .Dq Fl f Pa /var/tmp/isdntrace0
2764 .\" -----------------------------------------------------
2769 to disable caching entropy via
2771 Otherwise set to the directory used to store entropy files in.
2776 to disable caching entropy through reboots.
2777 Otherwise set to the filename used to store cached entropy through reboots.
2778 This file should be located on the root file system to seed the
2780 device as early as possible in the boot process.
2781 .It Va entropy_save_sz
2783 Size of the entropy cache files saved by
2786 .It Va entropy_save_num
2788 Number of entropy cache files to save by
2802 Configuration file for
2811 .Pa /var/run/dmesg.boot
2813 .It Va rcshutdown_timeout
2815 If set, start a watchdog timer in the background which will terminate
2819 has not completed within the specified time (in seconds).
2822 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
2823 .It Pa /etc/defaults/rc.conf
2825 .It Pa /etc/rc.conf.local
2843 .Xr resident.conf 5 ,
2907 .An Jordan K. Hubbard .