4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions directly.
46 Instead, it is included by the various generic startup scripts in
48 which conditionalize their
49 internal actions according to the settings found there.
52 .Pa /etc/defaults/rc.conf
53 file specifies the default settings for all the available options,
56 file specifies override settings.
57 Options need only be specified in
59 when the system administrator wishes to override the defaults.
61 .Pa /etc/rc.conf.local
62 is used to override settings in
64 for historical reasons.
69 The following list provides a name and short description for each
70 variable that can be set in the
87 These values are case insensitive.
90 postfix in the name of a variable for starting a service can be
93 .Bl -tag -width indent-two
98 enable output of debug messages from rc scripts.
99 This variable can be helpful in diagnosing mistakes when
100 editing or integrating new scripts.
101 Beware that this produces copious output to the terminal and
107 disable informational messages from the rc scripts.
108 Informational messages are displayed when
109 a condition that is not serious enough to warrant a warning or an error occurs.
114 no swapfile is installed, otherwise the value is used as the full
115 pathname to a file to use for additional swap space.
120 enable support for Automatic Power Management with the
127 to handle APM event from userland.
128 This also enables support for APM.
135 these are the flags to pass to the
141 to monitor the status of batteries present in the system.
142 This also enables support for APM.
149 these are the flags to pass to the
156 to handle device added, removed or unknown events from the kernel.
163 these are the flags to pass to the
175 a CPU speed control daemon.
176 .It Va sensorsd_enable
185 a sensors monitoring and logging daemon.
186 .It Va sensorsd_flags
189 Additional flags passed to the
192 .It Va hotplugd_enable
201 a devices hot plugging monitoring daemon.
202 .It Va hotplugd_flags
205 Additional flags passed to the
208 .It Va pccard_ifconfig
210 List of arguments to be passed to
212 at boot time or on insertion of the card (e.g.\&
213 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
214 for a fixed address or
217 .It Va pccard_ether_delay
219 Set the delay before starting
222 .Pa /etc/pccard_ether
224 This defaults to 5 seconds to work around a bug in the
226 driver which can lead to system hangs when using some newer
229 .It Va removable_interfaces
231 List of removable network interfaces to be supported by
232 .Pa /etc/pccard_ether .
235 List of directories to search for startup script files.
236 .It Va script_name_sep
238 The field separator to use for breaking down the list of startup script files
239 into individual filenames.
240 The default is a space.
241 It is not necessary to change this unless there are startup scripts with names
243 .It Va hostapd_enable
252 The fully qualified domain name (FQDN) of this host on the network.
253 This should almost certainly be set to something meaningful, even if
254 there is no network connection.
257 is used to set the hostname via DHCP,
258 this variable should be set to an empty string.
261 Enable support for IPv6 networking.
262 Note that this requires that the kernel have been compiled with
263 .Cd "options INET6" .
266 The NIS domain name of this host, or
269 .It Va dhclient_program
271 Path to the DHCP client program
273 .Pa /sbin/dhclient ) .
274 .It Va dhclient_flags
276 Additional flags to pass to the DHCP client program.
284 If the kernel was not built with
288 kernel module will be loaded.
292 .Va ipfilter_enable .
297 ruleset definition file.
308 these are the flags to pass to
310 when loading the ruleset.
317 which logs packets from
325 this specifies the path of the log file.
336 these are the flags to pass to
338 .It Va firewall_enable
342 to load firewall rules at startup.
343 If the kernel was not built with
344 .Cd "options IPFIREWALL" ,
347 kernel module will be loaded.
351 .Va ipfilter_enable .
352 .It Va ipv6_firewall_enable
354 The IPv6 equivalent of
355 .Va firewall_enable .
358 to load IPv6 firewall rules at startup.
359 If the kernel was not built with
360 .Cd "options IPV6FIREWALL" ,
363 kernel module will be loaded.
364 .It Va firewall_script
366 The full path to the firewall script to run
368 .Pa /etc/rc.firewall ) .
369 .It Va ipv6_firewall_script
371 The IPv6 equivalent of
372 .Va firewall_script .
375 Names the firewall type from the selection in
376 .Pa /etc/rc.firewall ,
377 or the file which contains the local firewall ruleset.
378 Valid selections from
382 .Bl -tag -width ".Li simple" -compact
384 unrestricted IP access
386 all IP services disabled, except via
389 basic protection for a workstation on a LAN
395 If a filename is specified, the full path must be given.
396 .It Va firewall_trusted_nets
398 List of trusted networks (if
402 .It Va firewall_trusted_interfaces
404 List of trusted network interfaces (if
408 .It Va firewall_allowed_icmp_types
410 List of allowed ICMP types (if
414 .It Va firewall_open_tcp_ports
416 List of TCP ports to open (if
420 .It Va firewall_open_udp_ports
422 List of UDP ports to open (if
426 .It Va ipv6_firewall_type
428 The IPv6 equivalent of
430 .It Va firewall_quiet
434 to disable the display of firewall rules on the console during boot.
435 .It Va ipv6_firewall_quiet
437 The IPv6 equivalent of
439 .It Va firewall_logging
443 to enable firewall event logging.
444 This is equivalent to the
445 .Dv IPFIREWALL_VERBOSE
447 .It Va ipv6_firewall_logging
449 The IPv6 equivalent of
450 .Va firewall_logging .
451 .It Va firewall_flags
457 specifies a filename.
458 .It Va ipv6_firewall_flags
460 The IPv6 equivalent of
477 sockets must be enabled in the kernel.
478 .It Va natd_interface
480 This is the name of the public interface on which
483 The interface may be given as an interface name or as an IP address.
488 flags should be placed here.
493 flag is automatically added with the above
496 .\" ----- ipfilter_enable setting --------------------------------
497 .It Va ipfilter_enable
508 Typical usage will require putting
510 ipfilter_enable="YES"
528 can be enabled independently.
532 both require at least one of
542 options IPFILTER_DEFAULT_BLOCK
545 in the kernel configuration file is a good idea, too.
549 .Va firewall_enable .
550 .\" ----- ipfilter_program setting ------------------------------
551 .It Va ipfilter_program
557 .\" ----- ipfilter_rules setting --------------------------------
558 .It Va ipfilter_rules
563 The name of the filter rule definition file.
564 The file is expected to be readable for the
567 .\" ----- ipv6_ipfilter_rules setting ---------------------------
568 .It Va ipv6_ipfilter_rules
573 The name of the IPv6 filter rule definition file.
574 The file is expected to be readable for the
577 .\" ----- ipfilter_flags setting --------------------------------
578 .It Va ipfilter_flags
584 .\" ----- ipnat_enable setting ----------------------------------
594 network address translation.
597 for a detailed discussion.
598 .\" ----- ipnat_program setting ---------------------------------
605 .\" ----- ipnat_rules setting -----------------------------------
612 holding the network address translation definition.
613 This file is expected to be readable for the
616 .\" ----- ipnat_flags setting -----------------------------------
623 .\" ----- ipmon_enable setting ----------------------------------
638 Setting this variable needs setting
645 for a detailed discussion.
646 .\" ----- ipmon_program setting ---------------------------------
653 .\" ----- ipmon_flags setting -----------------------------------
662 Another typical example would be
663 .Dq Fl D Pa /var/log/ipflog
666 log directly to a file bypassing
669 .Pa /etc/newsyslog.conf
670 in such case like this:
672 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
674 .\" ----- ipfs_enable setting -----------------------------------
684 saving the filter and NAT state tables during shutdown
685 and reloading them during startup again.
686 Setting this variable needs setting
695 for a detailed discussion.
700 cannot be used because the raised securelevel will prevent
702 from saving the state tables at shutdown time.
703 .\" ----- ipfs_program setting ----------------------------------
710 .\" ----- ipfs_flags setting ------------------------------------
717 .\" ----- end of added ipf hook ---------------------------------
718 .It Va tcp_extensions
725 disables certain TCP options as described by
731 might help remedy such problems with connections as randomly hanging
732 or other weird behavior.
733 Some network devices are known to be broken with respect to these options.
740 .Va net.inet.tcp.log_in_vain
742 .Va net.inet.udp.log_in_vain ,
747 are set to the given value.
755 will disable probing idle TCP connections to verify that the
756 peer is still up and reachable.
757 .It Va tcp_drop_synfin
764 will cause the kernel to ignore TCP frames that have both
765 the SYN and FIN flags set.
766 This prevents OS fingerprinting, but may break some legitimate applications.
767 This option is only available if the kernel was built with the
770 .It Va icmp_drop_redirect
777 will cause the kernel to ignore ICMP REDIRECT packets.
780 for more information.
781 .It Va icmp_log_redirect
788 will cause the kernel to log ICMP REDIRECT packets.
790 the log messages are not rate-limited, so this option should only be used
791 for troubleshooting networks.
794 for more information.
795 .It Va icmp_bmcastecho
799 to respond to broadcast or multicast ICMP ping packets.
802 for more information.
803 .It Va ip_portrange_first
807 this is the first port in the default portrange.
810 for more information.
811 .It Va ip_portrange_last
815 this is the last port in the default portrange.
818 for more information.
820 .It Va ifconfig_ Ns Aq Ar interface
824 Typically includes IP address.
825 Assuming that the interface in question was
827 it might look something like this:
829 ifconfig_ed0="inet 10.0.0.1 netmask 0xffff0000"
833 .Pa /etc/start_if. Ns Aq Ar interface
834 file is present, it is read and executed by the
836 interpreter before configuring the interface as specified in the
837 .Va ifconfig_ Ns Aq Ar interface
839 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
842 It is possible to bring up an interface with DHCP by adding
845 .Va ifconfig_ Ns Aq Ar interface
847 For instance, to initialize the
849 device via DHCP, it is possible to use something like:
855 .Va wlans_ Ns Aq Ar interface
859 interface will be created for each item in the list with the
863 Further wlan cloning arguments may be passed to the
866 command by setting the
867 .Va create_args_ Ns Aq Ar interface
871 devices must be created for each wireless devices as of
877 may be specified with an
878 .Va wlandebug_ Ns Aq Ar interface
880 The contents of this variable will be passed directly to
883 Also, if your interface needs WPA authentication, it is possible to add
886 .Va ifconfig_ Ns Aq Ar interface
889 .Xr wpa_supplicant 8 .
891 .Xr wpa_supplicant.conf 5
892 for configuring authentication information.
896 options in this variable, in addition to the
897 .Pa /etc/start_if. Ns Aq Ar interface
899 For instance, to initialize the
901 device via DHCP, using WPA authentication and 802.11b mode, it is
902 possible to use something like:
904 ifconfig_wi0="up DHCP WPA mode 11b"
908 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
910 Configuration to establish an additional network address for
912 Assuming that the interface in question was
914 it might look something like this:
916 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
917 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
922 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
923 entry that is found, its contents are passed to
925 Execution stops at the first unsuccessful access, so if
926 something like this is present:
928 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
929 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
930 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
931 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
934 Then note that alias4 would
936 be added since the search would stop with the missing alias3 entry.
939 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _name
943 It is possible to rename interface by doing:
945 ifconfig_ed0_name="net0"
946 ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
948 .It Va network_interfaces
950 The list of network interfaces to configure on this host,
953 to configure all network interfaces
956 For example, if the only network devices to be configured are the loopback device
960 driver, this could be set to
963 .Va ifconfig_ Ns Aq Ar interface
964 variable is assumed to exist for each value of
966 .It Va ipv6_network_interfaces
968 This is the IPv6 equivalent of
969 .Va network_interfaces .
970 Instead of setting the ifconfig variables as
971 .Va ifconfig_ Ns Aq Ar interface
972 they should be set as
973 .Va ipv6_ifconfig_ Ns Aq Ar interface .
974 Aliases should be set as
975 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
976 Interfaces that do not have a
977 .Va ipv6_ifconfig_ Ns Aq Ar interface
978 setting will be auto configured by
981 .Va ipv6_gateway_enable
984 Note that the IPv6 networking code does not support the
985 .Pa /etc/start_if. Ns Aq Ar interface
987 .It Va ipv6_prefix_ Ns Aq Ar interface
991 prefixlen 64 is used.
992 .It Va ipv6_default_interface
996 this is the default output interface for scoped addresses.
997 Now this works only for IPv6 link local multicast addresses.
998 .It Va cloned_interfaces
1000 Set to the list of clonable network interfaces to create on this host.
1002 .Va cloned_interfaces
1003 are automatically appended to
1004 .Va network_interfaces
1006 .It Va gif_interfaces
1010 tunnel interfaces to configure on this host.
1012 .Va gifconfig_ Ns Aq Ar interface
1013 variable is assumed to exist for each value of
1015 The value of this variable is used to configure the link layer of the
1016 tunnel according to the syntax of the
1020 Additionally, this option ensures that each listed interface is created via the
1024 before attempting to configure it.
1025 .It Va sppp_interfaces
1029 interfaces to configure on this host.
1031 .Va spppconfig_ Ns Aq Ar interface
1032 variable is assumed to exist for each value of
1034 Each interface should also be configured by a general
1035 .Va ifconfig_ Ns Aq Ar interface
1039 for more information about available options.
1049 Mode in which to run the
1058 See the manual for a full description.
1063 enables network address translation.
1064 Used in conjunction with
1066 allows hosts on private network addresses access to the Internet using
1067 this host as a network address translating router.
1070 The name of the profile to use from
1071 .Pa /etc/ppp/ppp.conf .
1074 The name of the user under which
1081 .It Va rc_conf_files
1083 This option is used to specify a list of files that will override
1085 .Pa /etc/defaults/rc.conf .
1086 The files will be read in the order in which they are specified and should
1087 include the full path to the file.
1088 By default, the files specified are
1091 .Pa /etc/rc.conf.local
1092 .It Va fsck_y_enable
1097 will be run with the
1099 flag if the initial preen of the file systems fails.
1102 List of file system types that are network-based.
1103 This list should generally not be modified by end users.
1105 .Va extra_netfs_types
1107 .It Va extra_netfs_types
1109 If set to something other than
1111 (the default), this variable extends the list of file system types
1112 for which automatic mounting at startup by
1114 should be delayed until the network is initialized.
1116 a whitespace-separated list of network file system descriptor pairs,
1117 each consisting of a file system type as passed to
1119 and a human-readable, one-word description, joined with a colon
1121 Extending the default list in this way is only necessary
1122 when third party file system types are used.
1123 .It Va devfs_config_files
1125 This option is used to specify a list of configuration files containing
1127 rules that will be applied by
1129 in the order in which they are specified and must include the full path
1131 .It Va syslogd_enable
1138 .It Va syslogd_program
1143 .Pa /usr/sbin/syslogd ) .
1144 .It Va syslogd_flags
1150 these are the flags to pass to
1159 .It Va inetd_program
1164 .Pa /usr/sbin/inetd ) .
1171 these are the flags to pass to
1179 daemon at boot time.
1186 these are the flags to pass to it.
1193 daemon at boot time.
1200 these are the flags to pass to it.
1203 manpage for more information.
1204 .It Va amd_map_program
1206 If set, the specified program is run to get the list of
1211 maps are stored in NIS, one can set this to run
1223 will be updated at boot time to reflect the kernel release being run.
1227 will not be updated.
1228 .It Va nfs_client_enable
1232 setup NFS client parameters at boot time.
1233 .It Va nfs_access_cache
1236 .Va nfs_client_enable
1241 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1242 NFS ACCESS results should be cached.
1243 A value of 2-10 seconds will substantially reduce network traffic for
1244 many NFS operations.
1245 The default is 5 seconds.
1246 Note that the attribute cache holds stat information only.
1247 The NFS data cache is independent of the attribute cache and is only
1248 invalidated when the client detects that the server has modified the
1250 This value specifies a maximum timeout.
1251 The NFS client will automatically use a shorter timeout for files which
1252 have been recently modified.
1253 .It Va nfs_neg_cache
1256 .Va nfs_client_enable
1261 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existent
1262 filenames), or to the number of seconds for which negative lookups should
1264 A value of 2-10 seconds will substantially reduce network
1265 traffic for many NFS operations, especially source code builds.
1266 The default is 3 seconds.
1267 .It Va nfs_server_enable
1271 run the NFS server daemons at boot time.
1272 .It Va nfs_server_flags
1275 .Va nfs_server_enable
1278 these are the flags to pass to the
1281 .It Va mountd_enable
1286 .Va nfs_server_enable
1292 It is commonly needed to run CFS without real NFS used.
1299 these are the flags to pass to the
1302 .It Va weak_mountd_authentication
1306 allow services like PCNFSD to make non-privileged mount requests.
1307 .It Va nfs_reserved_port_only
1311 provide NFS services only on a secure port.
1312 .It Va nfs_bufpackets
1314 If set to a number, indicates the number of packets worth of
1315 socket buffer space to reserve on an NFS client.
1316 The kernel default is typically 4.
1317 Using a higher number may be useful on gigabit networks to improve performance.
1318 The minimum value is 2 and the maximum is 64.
1319 .It Va rpc_umntall_enable
1323 (default) and we are also an NFS client, run
1325 at boot time to clear out old mounts on remote servers.
1330 will not be run at boot time.
1331 .It Va rpc_lockd_enable
1335 and also an NFS server, run
1338 .It Va rpc_lockd_flags
1341 .Va rpc_lockd_enable
1344 these are the flags to pass to
1346 .It Va rpc_statd_enable
1350 and also an NFS server, run
1353 .It Va rpc_statd_flags
1356 .Va rpc_statd_enable
1359 these are the flags to pass to
1361 .It Va rpcbind_program
1363 Path to program for rpcbind daemon
1365 .Pa /usr/sbin/rpcbind ) .
1366 .It Va rpcbind_enable
1373 .It Va rpcbind_flags
1379 these are the flags to pass to
1380 .Va rpcbind_program .
1381 .It Va keyserv_enable
1387 daemon on boot for running Secure RPC.
1388 .It Va keyserv_flags
1394 these are the flags to pass to
1397 .It Va pppoed_enable
1403 daemon at boot time to provide PPP over Ethernet services.
1404 .It Va pppoed_provider
1407 listens to requests to this provider and ultimately runs
1411 argument of the same name.
1414 Additional flags to pass to
1416 .It Va pppoed_interface
1418 The network interface to run
1421 This is mandatory when
1431 service at boot time.
1432 This command is intended for networks of machines where a consistent
1434 for all hosts must be established.
1435 This is often useful in large NFS environments where time stamps on
1436 files are expected to be consistent network-wide.
1443 these are the flags to pass to the
1452 at system boot time.
1453 .It Va dntpd_program
1458 .Pa /usr/sbin/dntpd ) .
1465 these are the flags to pass to the
1468 .It Va btconfig_enable
1472 configure Bluetooth devices via
1474 at system boot time.
1475 .It Va btconfig_devices
1481 this is the list of Bluetooth devices to configure.
1483 .Va btconfig_devices
1484 is not specified, all devices known to the system will be configured.
1486 .Va btconfig_ Ns Aq Ar device
1487 variable can be set to specify parameters to be passed to
1489 .It Va btconfig_args
1495 this is the list of configuration parameters to pass to all Bluetooth
1501 run the Service Discovery Profile daemon
1503 at system boot time.
1510 these are the flags to pass to the
1513 .It Va bthcid_enable
1517 run the Bluetooth Link Key/PIN Code Manager daemon
1519 at system boot time.
1526 these are the flags to pass to the
1529 .It Va nis_client_enable
1535 service at system boot time.
1536 .It Va nis_client_flags
1539 .Va nis_client_enable
1542 these are the flags to pass to the
1545 .It Va nis_ypset_enable
1551 daemon at system boot time.
1552 .It Va nis_ypset_flags
1555 .Va nis_ypset_enable
1558 these are the flags to pass to the
1561 .It Va nis_server_enable
1567 daemon at system boot time.
1568 .It Va nis_server_flags
1571 .Va nis_server_enable
1574 these are the flags to pass to the
1577 .It Va nis_ypxfrd_enable
1583 daemon at system boot time.
1584 .It Va nis_ypxfrd_flags
1587 .Va nis_ypxfrd_enable
1590 these are the flags to pass to the
1593 .It Va nis_yppasswdd_enable
1599 daemon at system boot time.
1600 .It Va nis_yppasswdd_flags
1603 .Va nis_yppasswdd_enable
1606 these are the flags to pass to the
1609 .It Va rpc_ypupdated_enable
1615 daemon at system boot time.
1616 .It Va defaultrouter
1620 create a default route to this host name or IP address
1621 (use an IP address if this router is also required to get to the
1623 .It Va ipv6_defaultrouter
1625 The IPv6 equivalent of
1627 .It Va static_routes
1629 Set to the list of static routes that are to be added at system boot time.
1632 then for each whitespace separated
1635 .Va route_ Ns Aq Ar element
1636 variable is assumed to exist whose contents will later be passed to a
1639 .It Va ipv6_static_routes
1641 The IPv6 equivalent of
1645 then for each whitespace separated
1648 .Va ipv6_route_ Ns Aq Ar element
1649 variable is assumed to exist whose contents will later be passed to a
1650 .Dq Nm route Cm add Fl inet6
1652 .It Va gateway_enable
1656 configure host to act as an IP router, e.g. to forward packets
1658 .It Va ipv6_gateway_enable
1660 The IPv6 equivalent of
1661 .Va gateway_enable .
1662 .It Va router_enable
1666 run a routing daemon of some sort, based on the settings of
1670 .It Va ipv6_router_enable
1672 The IPv6 equivalent of
1676 run a routing daemon of some sort, based on the settings of
1677 .Va ipv6_router_program
1679 .Va ipv6_router_flags .
1680 .It Va router_program
1686 this is the name of the routing daemon to use
1688 .Pa /sbin/routed ) .
1689 .It Va ipv6_router_program
1691 The IPv6 equivalent of
1694 .Pa /sbin/route6d ) .
1701 these are the flags to pass to the routing daemon.
1702 .It Va ipv6_router_flags
1704 The IPv6 equivalent of
1706 .It Va mrouted_enable
1710 run the multicast routing daemon,
1712 .It Va mroute6d_enable
1714 The IPv6 equivalent of
1715 .Va mrouted_enable .
1718 run the IPv6 multicast routing daemon.
1719 Note that no IPv6 multicast routing daemon is included in the
1723 can be installed from the
1726 .It Va mrouted_flags
1732 these are the flags to pass to the
1735 .It Va mroute6d_flags
1737 The IPv6 equivalent of
1743 these are the flags passed to the IPv6 multicast routing daemon.
1744 .It Va mroute6d_program
1750 this is the path to the IPv6 multicast routing daemon.
1751 .It Va rtadvd_enable
1757 daemon at boot time.
1760 .Va ipv6_gateway_enable
1765 utility sends router advertisement packets to the interfaces specified in
1766 .Va rtadvd_interfaces .
1768 and should only be enabled with great care.
1769 You may want to fine-tune
1771 .It Va rtadvd_interfaces
1777 this is the list of interfaces to use.
1778 .It Va rtsold_enable
1784 daemon at boot time.
1787 daemon is used for automatic discovery of non-link local addresses.
1794 these are the flags to pass to the
1797 .It Va ipxgateway_enable
1801 enable the routing of IPX traffic.
1802 .It Va ipxrouted_enable
1808 daemon at system boot time.
1809 .It Va ipxrouted_flags
1812 .Va ipxrouted_enable
1815 these are the flags to pass to the
1822 enable global proxy ARP.
1823 .It Va forward_sourceroute
1831 source-routed packets are forwarded.
1832 .It Va accept_sourceroute
1836 the system will accept source-routed packets directed at it.
1843 daemon at system boot time.
1850 these are the flags to pass to the
1853 .It Va bootparamd_enable
1859 daemon at system boot time.
1860 .It Va bootparamd_flags
1863 .Va bootparamd_enable
1866 these are the flags to pass to the
1869 .It Va stf_interface_ipv4addr
1873 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling interface).
1874 Specify this entry to enable the 6to4 interface.
1875 .It Va stf_interface_ipv4plen
1877 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1878 An effective value is 0-31.
1879 .It Va stf_interface_ipv6_ifid
1881 IPv6 interface ID for
1885 .It Va stf_interface_ipv6_slaid
1887 IPv6 Site Level Aggregator for
1889 .It Va ipv6_faith_prefix
1893 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP translator.
1897 .It Va ipv6_ipv4mapping
1901 this enables IPv4 mapped IPv6 address communication (like
1902 .Li ::ffff:a.b.c.d ) .
1907 to enable the configuration of ATM interfaces at system boot time.
1908 For all of the ATM variables described below, please refer to the
1910 man page for further details on the available command parameters.
1911 Also refer to the files in
1912 .Pa /usr/share/examples/atm
1913 for more detailed configuration information.
1914 .It Va atm_netif_ Ns Aq Ar intf
1916 For the ATM physical interface
1918 this variable defines the name prefix and count for the ATM network
1919 interfaces to be created.
1920 The value will be passed as the parameters of an
1921 .Dq Nm atm Cm "set netif" Ar intf
1923 .It Va atm_sigmgr_ Ns Aq Ar intf
1925 For the ATM physical interface
1927 this variable defines the ATM signalling manager to be used.
1928 The value will be passed as the parameters of an
1929 .Dq Nm atm Cm attach Ar intf
1931 .It Va atm_prefix_ Ns Aq Ar intf
1933 For the ATM physical interface
1935 this variable defines the NSAP prefix for interfaces using a UNI signalling
1939 the prefix will automatically be set via the
1942 Otherwise, the value will be passed as the parameters of an
1943 .Dq Nm atm Cm "set prefix" Ar intf
1945 .It Va atm_macaddr_ Ns Aq Ar intf
1947 For the ATM physical interface
1949 this variable defines the MAC address for interfaces using a UNI signalling
1953 the hardware MAC address contained in the ATM interface card will be used.
1954 Otherwise, the value will be passed as the parameters of an
1955 .Dq Nm atm Cm "set mac" Ar intf
1957 .It Va atm_arpserver_ Ns Aq Ar netif
1959 For the ATM network interface
1961 this variable defines the ATM address for a host which is to provide ATMARP
1963 This variable is only applicable to interfaces using a UNI signalling manager.
1966 this host will become an ATMARP server.
1967 The value will be passed as the parameters of an
1968 .Dq Nm atm Cm "set arpserver" Ar netif
1970 .It Va atm_scsparp_ Ns Aq Ar netif
1974 SCSP/ATMARP service for the network interface
1976 will be initiated using the
1981 This variable is only applicable if
1982 .Va atm_arpserver_ Ns Aq Ar netif
1987 Set to the list of permanent ATM ARP entries to be added at system boot time.
1988 For each whitespace separated
1991 .Va atm_arp_ Ns Aq Ar element
1992 variable is assumed to exist.
1993 The value of each of these variables will be passed as the parameters of an
1994 .Dq Nm atm Cm "add arp"
1998 The keyboard bell sound.
2005 if the default behavior is desired.
2006 For details, refer to the
2013 no keymap is installed, otherwise the value is used to install
2015 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
2018 The keyboard repeat speed.
2025 if the default behavior is desired.
2030 attempt to program the function keys with the value.
2031 The value should be a single string of the form:
2032 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
2035 Can be set to the value of
2038 .Dq Li destructive ,
2041 to set the cursor behavior explicitly or choose the default behavior.
2046 no screen map is installed, otherwise the value is used to install
2047 the screen map file in
2048 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
2053 the default 8x16 font value is used for screen size requests, otherwise
2055 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2061 the default 8x14 font value is used for screen size requests, otherwise
2063 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2069 the default 8x8 font value is used for screen size requests, otherwise
2071 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2077 the default screen blanking interval is used, otherwise it is set to
2084 this is the actual screen saver to use
2085 .Li ( blank , snake , daemon ,
2087 .It Va moused_enable
2093 daemon is started for doing cut/paste selection on the console.
2096 This is the protocol type of the mouse connected to this host.
2097 This variable must be set if
2104 is able to detect the appropriate mouse type automatically in many cases.
2105 Set this variable to
2107 to let the daemon detect it, or
2108 select one from the following list if the automatic detection fails.
2110 If the mouse is attached to the PS/2 mouse port, choose
2114 regardless of the brand and model of the mouse.
2115 Likewise, if the mouse is attached to the bus mouse port, choose
2119 All other protocols are for serial mice and will not work with
2120 the PS/2 and bus mice.
2121 If this is a USB mouse,
2123 is the only protocol type which will work.
2125 .Bl -tag -width ".Li x10mouseremote" -compact
2127 Microsoft mouse (serial)
2129 Microsoft IntelliMouse (serial)
2131 Mouse systems Corp. mouse (serial)
2133 MM Series mouse (serial)
2135 Logitech mouse (serial)
2139 Logitech MouseMan and TrackMan (serial)
2141 ALPS GlidePoint (serial)
2142 .It Li thinkingmouse
2143 Kensington ThinkingMouse (serial)
2147 MM HitTablet (serial)
2148 .It Li x10mouseremote
2149 X10 MouseRemote (serial)
2151 Interlink VersaPad (serial)
2154 Even if the mouse is not in the above list, it may be compatible
2155 with one in the list.
2156 Refer to the man page for
2158 for compatibility information.
2160 It should also be noted that while this is enabled, any
2161 other client of the mouse (such as an X server) should access
2162 the mouse through the virtual mouse device,
2164 and configure it as a
2166 type mouse, since all
2167 mouse data is converted to this single canonical format when using
2169 If the client program does not support the
2174 It is the second preferred type.
2181 this is the actual port the mouse is on.
2184 for a COM1 serial mouse,
2188 for a bus mouse, for example.
2193 is set, these are the additional flags to pass to the
2196 .It Va mousechar_start
2200 the default mouse cursor character range
2201 .Li 0xd0 Ns - Ns Li 0xd3
2202 is used, otherwise the range start is set to
2206 Use if the default range is occupied in the language code table.
2209 Set the size of the history (scrollback) buffer in lines.
2210 .It Va allscreens_flags
2214 is run with these options for each of the virtual terminals
2218 will enable the mouse pointer on all virtual terminals if
2222 .It Va allscreens_kbdflags
2226 is run with these options for each of the virtual terminals
2232 scrollback (history) buffer to 200 lines.
2239 daemon at system boot time.
2245 .Pa /usr/sbin/cron ) .
2252 these are the flags to pass to
2259 .Pa /usr/sbin/lpd ) .
2266 daemon at system boot time.
2273 these are the flags to pass to the
2282 daemon at system boot time.
2289 settings across reboots.
2290 .It Va mta_start_script
2292 The full path to the script to run to start
2293 a mail transfer agent.
2295 .Pa /etc/rc.sendmail .
2299 .Pa /etc/rc.sendmail
2300 uses are documented in the
2306 .Sq HAMMER ROOT with UFS /boot
2307 setup, the boot loader will not set up the
2310 The system will attempt to fix this on its own.
2311 Set this variable to
2313 to turn this behavior off.
2316 Indicates the device (usually a swap partition) to which a crash dump
2317 should be written in the event of a system crash.
2318 The value of this variable is passed as the argument to
2322 To disable crash dumps, set this variable to
2326 When the system reboots after a crash and a crash dump is found on the
2327 device specified by the
2331 will save that crash dump and a copy of the kernel to the directory
2335 The default value is
2344 .It Va savecore_flags
2346 If crash dumps are enabled, these are the flags to pass to the
2349 .It Va crashinfo_enable
2353 to turn on automatic crash dump summary generation using the utility
2355 .Va crashinfo_program
2357 .It Va crashinfo_program
2359 Program to run to generate a crash dump summary if the variable
2360 .Va crashinfo_enable
2363 The default value is
2364 .Pa /usr/sbin/crashinfo .
2365 .It Va enable_quotas
2369 to turn on user disk quotas on system startup via the
2376 to enable user disk quota checking via the
2379 .It Va accounting_enable
2383 to enable system accounting through the
2390 to enable Linux/ELF binary emulation at system initial boot time.
2391 .It Va sysvipc_enable
2395 load System V IPC primitives at boot time.
2396 .\" ----- cleanvar_enable setting--------------------------------
2397 .It Va cleanvar_enable
2405 .Pa /var/spool/uucp/.Temp/*
2407 .\" ----- clear_tmp_enable setting-------------------------------
2408 .It Va clear_tmp_enable
2415 .\" ----- ldconfig_paths setting --------------------------------
2416 .It Va ldconfig_paths
2418 Set to the list of shared library paths to use with
2422 will always be added first, so it need not appear in this list.
2423 .It Va ldconfig_insecure
2427 utility normally refuses to use directories
2428 which are writable by anyone except root.
2429 Set this variable to
2431 to disable that security check during system startup.
2432 .It Va kern_securelevel
2434 The kernel security level to set at startup.
2435 The allowed range of
2437 ranges from \-1 (the compile time default) to 3 (the most secure).
2440 for the list of possible security levels and their effect on system operation.
2447 at system boot time.
2454 at system boot time.
2457 Path to the SSH server program
2459 .Pa /usr/sbin/sshd ) .
2466 these are the flags to pass to the
2475 at system boot time.
2482 these are the flags to pass to the
2491 daemon at boot time.
2498 these are the flags passed to
2501 .It Va watchdogd_enable
2507 daemon at boot time.
2508 This requires that the kernel have been compiled with
2509 .Cd "options WATCHDOG" .
2514 any configured jails will not be started.
2517 A space separated list of names for jails.
2518 This is purely a configuration aid to help identify and
2519 configure multiple jails.
2520 The names specified in this list will be used to
2521 identify settings common to an instance of a jail.
2522 Assuming that the jail in question was named
2524 you would have the following dependent variables:
2526 jail_vjail_hostname="jail.example.com"
2527 jail_vjail_ip="192.168.1.100"
2528 jail_vjail_rootdir="/var/jails/vjail/root"
2534 When set, use as default value for
2535 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2538 .It Va jail_interface
2541 When set, use as default value for
2542 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2548 When set, use as default value for
2549 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2552 .It Va jail_mount_enable
2560 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2563 by default for every jail in
2565 .It Va jail_fdesc_enable
2573 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2576 by default for every jail in
2578 .It Va jail_procfs_enable
2586 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2589 by default for every jail in
2591 .It Va jail_exec_start
2594 When set, use as default value for
2595 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2598 .It Va jail_exec_stop
2600 When set, use as default value for
2601 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2604 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
2607 Set to the root directory used by jail
2609 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
2612 Set to the fully qualified domain name (FQDN) assigned to jail
2614 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
2617 Set to the IP address assigned to jail
2619 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2624 These are flags to pass to
2626 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2629 When set, sets the interface to use when setting IP address alias.
2630 Note that the alias is created at jail startup and removed at jail shutdown.
2631 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2634 .Pa /etc/fstab. Ns Aq Ar jname
2636 This is the file system information file to use for jail
2638 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2645 mount all file systems from
2646 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2648 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2655 mount the file-descriptor file system inside jail
2658 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2665 mount the process file system inside jail
2668 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2671 .Dq Li /bin/sh /etc/rc
2673 This is the command executed at jail startup.
2674 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2677 .Dq Li /bin/sh /etc/rc.shutdown
2679 This is the command executed at jail shutdown.
2680 .It Va jail_set_hostname_allow
2684 do not allow the root user in a jail to set its hostname.
2685 .It Va jail_socket_unixiproute_only
2689 do not allow any sockets,
2690 besides UNIX/IP/route sockets,
2691 to be used within a jail.
2692 .It Va jail_sysvipc_allow
2696 allow applications within a jail to use System V IPC.
2701 LVM volumes will be discovered and configured on boot.
2702 .It Va newsyslog_enable
2708 before syslogd starts.
2709 .It Va newsyslog_flags
2712 .Va newsyslog_enable
2715 these are the flags passed to
2717 .It Va resident_enable
2721 make the dynamic binaries listed in
2722 .Pa /etc/resident.conf
2724 .It Va varsym_enable
2729 .Pa /etc/varsym.conf
2730 to set system-wide variables for variant symlinks.
2735 or a whitespace separated list of IRQ numbers which will be used as a source of
2737 .\" ----- isdn settings ---------------------------------
2747 daemon at system boot time.
2751 .Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
2753 Additional flags to pass to
2759 for certain tunable parameters).
2765 The terminal type of the output device when
2767 operates in full-screen mode.
2768 .It Va isdn_screenflags
2773 The video mode for full-screen mode (only for
2783 The output device for
2785 in full-screen mode (or
2795 enables the ISDN protocol trace utility
2797 at system boot time.
2798 .It Va isdn_traceflags
2801 .Dq Fl f Pa /var/tmp/isdntrace0
2805 .\" -----------------------------------------------------
2810 to disable caching entropy via
2812 Otherwise set to the directory used to store entropy files in.
2817 to disable caching entropy through reboots.
2818 Otherwise set to the filename used to store cached entropy through reboots.
2819 This file should be located on the root file system to seed the
2821 device as early as possible in the boot process.
2833 Configuration file for
2842 .Pa /var/run/dmesg.boot
2844 .It Va rcshutdown_timeout
2846 If set, start a watchdog timer in the background which will terminate
2850 has not completed within the specified time (in seconds).
2855 the udevd daemon will be started on boot.
2856 .It Va vkernel_enable
2860 any configured vkernels will not be started.
2861 .It Va vkernel_kill_timeout
2863 This defines the default number of seconds that we will wait for the
2864 vkernel to shut down on it's own. If after this time it's still alive,
2865 it will be killed with SIGKILL.
2868 Defines the default path to the vkernel binary.
2871 A space separated list of names for vkernels.
2872 This is purely a configuration aid to help identify and
2873 configure multiple vkernels.
2874 The names specified in this list will be used to
2875 identify settings common to a vkernel instance.
2876 Assuming that the vkernel in question was named
2878 you would have the following dependent variables
2879 (filled with reference values in this text):
2881 vkernel_example_bin="/usr/obj/usr/src/sys/VKERNEL/kernel.debug"
2882 vkernel_example_memsize="64m"
2883 vkernel_example_rootimg_list="/var/vkernel/rootimg.01"
2884 vkernel_example_iface_list="auto:bridge0"
2885 vkernel_example_logfile="/dev/null"
2886 vkernel_example_flags="-U"
2887 vkernel_example_kill_timeout="45"
2890 The last five are optional.
2891 They default to an empty string if not set, except for logfile which defaults to
2896 .Bl -tag -width ".Pa /etc/start_if. Ns Aq Ar interface" -compact
2897 .It Pa /etc/defaults/rc.conf
2899 .It Pa /etc/rc.conf.local
2900 .It Pa /etc/start_if. Ns Aq Ar interface
2918 .Xr resident.conf 5 ,
2981 .An Jordan K. Hubbard .
projects / dragonfly.git / blob