4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions directly.
46 Instead, it is included by the various generic startup scripts in
48 which conditionalize their
49 internal actions according to the settings found there.
52 .Pa /etc/defaults/rc.conf
53 file specifies the default settings for all the available options,
56 file specifies override settings.
57 Options need only be specified in
59 when the system administrator wishes to override the defaults.
61 .Pa /etc/rc.conf.local
62 is used to override settings in
64 for historical reasons.
66 .Pa /etc/rc.conf.local
67 you can also place smaller configuration files for each
71 directory, which will be included by the
74 For jail configurations you could use the file
75 .Pa /etc/rc.conf.d/jail
76 to store jail specific configuration options.
81 The following list provides a name and short description for each
82 variable that can be set in the
99 These values are case insensitive.
102 postfix in the name of a variable for starting a service can be
105 .Bl -tag -width indent-two
110 enable output of debug messages from rc scripts.
111 This variable can be helpful in diagnosing mistakes when
112 editing or integrating new scripts.
113 Beware that this produces copious output to the terminal and
119 disable informational messages from the rc scripts.
120 Informational messages are displayed when
121 a condition that is not serious enough to warrant a warning or an error occurs.
128 when faststart is used (e.g., at boot time).
133 no swapfile is installed, otherwise the value is used as the full
134 pathname to a file to use for additional swap space.
137 driver is needed for a swapfile and will be loaded if it is not
138 already compiled into the kernel or loaded via
144 enable support for Automatic Power Management with the
151 to handle APM event from userland.
152 This also enables support for APM.
159 these are the flags to pass to the
165 to monitor the status of batteries present in the system.
166 This also enables support for APM.
173 these are the flags to pass to the
180 to handle device added, removed or unknown events from the kernel.
187 these are the flags to pass to the
199 a CPU speed control daemon.
200 .It Va sensorsd_enable
209 a sensors monitoring and logging daemon.
210 .It Va sensorsd_flags
213 Additional flags passed to the
216 .It Va sysvipcd_enable
225 a daemon needed for the userspace implementation of the XSI Interprocess
226 Communication functions.
227 .It Va sysvipcd_flags
230 Additional flags passed to the
233 .It Va hotplugd_enable
242 a devices hot plugging monitoring daemon.
243 .It Va hotplugd_flags
246 Additional flags passed to the
249 .It Va pccard_ifconfig
251 List of arguments to be passed to
253 at boot time or on insertion of the card (e.g.\&
254 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
255 for a fixed address or
258 .It Va pccard_ether_delay
260 Set the delay before starting
263 .Pa /etc/pccard_ether
265 This defaults to 5 seconds to work around a bug in the
267 driver which can lead to system hangs when using some newer
270 .It Va removable_interfaces
272 List of removable network interfaces to be supported by
273 .Pa /etc/pccard_ether .
276 List of directories to search for startup script files.
277 .It Va script_name_sep
279 The field separator to use for breaking down the list of startup script files
280 into individual filenames.
281 The default is a space.
282 It is not necessary to change this unless there are startup scripts with names
284 .It Va hostapd_enable
293 The fully qualified domain name (FQDN) of this host on the network.
294 This should almost certainly be set to something meaningful, even if
295 there is no network connection.
298 is used to set the hostname via DHCP,
299 this variable should be set to an empty string.
302 Enable support for IPv6 networking.
303 Note that this requires that the kernel have been compiled with
304 .Cd "options INET6" .
307 The NIS domain name of this host, or
310 .It Va dhclient_program
312 Path to the DHCP client program
314 .Pa /sbin/dhclient ) .
315 .It Va dhclient_flags
317 Additional flags to pass to the DHCP client program.
325 If the kernel was not built with
329 kernel module will be loaded.
331 .Va firewall_enable .
336 ruleset definition file.
347 these are the flags to pass to
349 when loading the ruleset.
356 which logs packets from
364 this specifies the path of the log file.
375 these are the flags to pass to
377 .It Va firewall_enable
381 to load firewall rules at startup.
382 If the kernel was not built with
383 .Cd "options IPFIREWALL" ,
386 kernel module will be loaded.
389 .It Va ipv6_firewall_enable
391 The IPv6 equivalent of
392 .Va firewall_enable .
395 to load IPv6 firewall rules at startup.
396 If the kernel was not built with
397 .Cd "options IPV6FIREWALL" ,
400 kernel module will be loaded.
401 .It Va firewall_script
403 The full path to the firewall script to run
405 .Pa /etc/rc.firewall ) .
406 .It Va ipv6_firewall_script
408 The IPv6 equivalent of
409 .Va firewall_script .
412 Names the firewall type from the selection in
413 .Pa /etc/rc.firewall ,
414 or the file which contains the local firewall ruleset.
415 Valid selections from
419 .Bl -tag -width ".Li simple" -compact
421 unrestricted IP access
423 all IP services disabled, except via
426 basic protection for a workstation on a LAN
432 If a filename is specified, the full path must be given.
433 .It Va firewall_trusted_nets
435 List of trusted networks (if
439 .It Va firewall_trusted_interfaces
441 List of trusted network interfaces (if
445 .It Va firewall_allowed_icmp_types
447 List of allowed ICMP types (if
451 .It Va firewall_open_tcp_ports
453 List of TCP ports to open (if
457 .It Va firewall_open_udp_ports
459 List of UDP ports to open (if
463 .It Va ipv6_firewall_type
465 The IPv6 equivalent of
467 .It Va firewall_quiet
471 to disable the display of firewall rules on the console during boot.
472 .It Va ipv6_firewall_quiet
474 The IPv6 equivalent of
476 .It Va firewall_logging
480 to enable firewall event logging.
481 This is equivalent to the
482 .Dv IPFIREWALL_VERBOSE
484 .It Va ipv6_firewall_logging
486 The IPv6 equivalent of
487 .Va firewall_logging .
488 .It Va firewall_flags
494 specifies a filename.
495 .It Va ipv6_firewall_flags
497 The IPv6 equivalent of
514 sockets must be enabled in the kernel.
515 .It Va natd_interface
517 This is the name of the public interface on which
520 The interface may be given as an interface name or as an IP address.
525 flags should be placed here.
530 flag is automatically added with the above
533 .It Va tcp_extensions
540 disables certain TCP options as described by
546 might help remedy such problems with connections as randomly hanging
547 or other weird behavior.
548 Some network devices are known to be broken with respect to these options.
555 .Va net.inet.tcp.log_in_vain
557 .Va net.inet.udp.log_in_vain ,
562 are set to the given value.
570 will disable probing idle TCP connections to verify that the
571 peer is still up and reachable.
572 .It Va tcp_drop_synfin
579 will cause the kernel to ignore TCP frames that have both
580 the SYN and FIN flags set.
581 This prevents OS fingerprinting, but may break some legitimate applications.
582 This option is only available if the kernel was built with the
585 .It Va icmp_drop_redirect
592 will cause the kernel to ignore ICMP REDIRECT packets.
595 for more information.
596 .It Va icmp_log_redirect
603 will cause the kernel to log ICMP REDIRECT packets.
605 the log messages are not rate-limited, so this option should only be used
606 for troubleshooting networks.
609 for more information.
610 .It Va icmp_bmcastecho
614 to respond to broadcast or multicast ICMP ping packets.
617 for more information.
618 .It Va ip_portrange_first
622 this is the first port in the default portrange.
625 for more information.
626 .It Va ip_portrange_last
630 this is the last port in the default portrange.
633 for more information.
635 .It Va ifconfig_ Ns Aq Ar interface
639 Typically includes IP address.
640 Assuming that the interface in question was
642 it might look something like this:
644 ifconfig_ed0="inet 10.0.0.1 netmask 0xffff0000"
648 .Pa /etc/start_if. Ns Aq Ar interface
649 file is present, it is read and executed by the
651 interpreter before configuring the interface as specified in the
652 .Va ifconfig_ Ns Aq Ar interface
654 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
657 It is possible to bring up an interface with DHCP by adding
660 .Va ifconfig_ Ns Aq Ar interface
662 For instance, to initialize the
664 device via DHCP, it is possible to use something like:
670 .Va vlans_ Ns Aq Ar interface
674 interface will be created for each item in the list with the
678 If a vlan interface's name is a number,
679 then that number is used as the vlan tag and the new vlan interface is
681 .Ar interface . Ns Ar tag .
683 the vlan tag must be specified via a
686 .Va create_args_ Ns Aq Ar interface
689 To create a vlan device named
693 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
696 ifconfig_em0_101="inet 192.0.2.1/24"
699 To create a vlan device named
703 with the vlan tag 102:
706 create_args_myvlan="vlan 102"
710 .Va wlans_ Ns Aq Ar interface
714 interface will be created for each item in the list with the
718 Further wlan cloning arguments may be passed to the
721 command by setting the
722 .Va create_args_ Ns Aq Ar interface
726 devices must be created for each wireless devices as of
732 may be specified with an
733 .Va wlandebug_ Ns Aq Ar interface
735 The contents of this variable will be passed directly to
738 Also, if your interface needs WPA authentication, it is possible to add
741 .Va ifconfig_ Ns Aq Ar interface
744 .Xr wpa_supplicant 8 .
746 .Xr wpa_supplicant.conf 5
747 for configuring authentication information.
751 options in this variable, in addition to the
752 .Pa /etc/start_if. Ns Aq Ar interface
754 For instance, to initialize the
756 device via DHCP, using WPA authentication and 802.11b mode, it is
757 possible to use something like:
760 ifconfig_wlan0="up DHCP WPA mode 11b"
762 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
764 Configuration to establish an additional network address for
766 Assuming that the interface in question was
768 it might look something like this:
770 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
771 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
776 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
777 entry that is found, its contents are passed to
779 Execution stops at the first unsuccessful access, so if
780 something like this is present:
782 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
783 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
784 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
785 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
788 Then note that alias4 would
790 be added since the search would stop with the missing alias3 entry.
791 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _name
795 It is possible to rename interface by doing:
797 ifconfig_ed0_name="net0"
798 ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
800 .It Va network_interfaces
802 The list of network interfaces to configure on this host,
805 to configure all network interfaces
808 For example, if the only network devices to be configured are the loopback device
812 driver, this could be set to
815 .Va ifconfig_ Ns Aq Ar interface
816 variable is assumed to exist for each value of
818 .It Va ipv6_network_interfaces
820 This is the IPv6 equivalent of
821 .Va network_interfaces .
822 Instead of setting the ifconfig variables as
823 .Va ifconfig_ Ns Aq Ar interface
824 they should be set as
825 .Va ipv6_ifconfig_ Ns Aq Ar interface .
826 Aliases should be set as
827 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
828 Interfaces that do not have a
829 .Va ipv6_ifconfig_ Ns Aq Ar interface
830 setting will be auto configured by
833 .Va ipv6_gateway_enable
836 Note that the IPv6 networking code does not support the
837 .Pa /etc/start_if. Ns Aq Ar interface
839 .It Va ipv6_prefix_ Ns Aq Ar interface
843 prefixlen 64 is used.
844 .It Va ipv6_default_interface
848 this is the default output interface for scoped addresses.
849 Now this works only for IPv6 link local multicast addresses.
850 .It Va cloned_interfaces
852 Set to the list of clonable network interfaces to create on this host.
854 .Va cloned_interfaces
855 are automatically appended to
856 .Va network_interfaces
858 .It Va gif_interfaces
862 tunnel interfaces to configure on this host.
864 .Va gifconfig_ Ns Aq Ar interface
865 variable is assumed to exist for each value of
867 The value of this variable is used to configure the link layer of the
868 tunnel according to the syntax of the
872 Additionally, this option ensures that each listed interface is created via the
876 before attempting to configure it.
877 .It Va sppp_interfaces
881 interfaces to configure on this host.
883 .Va spppconfig_ Ns Aq Ar interface
884 variable is assumed to exist for each value of
886 Each interface should also be configured by a general
887 .Va ifconfig_ Ns Aq Ar interface
891 for more information about available options.
901 Mode in which to run the
910 See the manual for a full description.
915 enables network address translation.
916 Used in conjunction with
918 allows hosts on private network addresses access to the Internet using
919 this host as a network address translating router.
922 The name of the profile to use from
923 .Pa /etc/ppp/ppp.conf .
924 Also used for per-profile overrides of
925 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
926 Where the profile contains any of the characters
928 they are translated to
930 for the purposes of the override variable names.
931 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
933 Set the unit number to be used for this profile.
934 See the manual description of
941 The name of the user under which
950 This option is used to specify a list of files that will override
952 .Pa /etc/defaults/rc.conf .
953 The files will be read in the order in which they are specified and should
954 include the full path to the file.
955 By default, the files specified are
958 .Pa /etc/rc.conf.local
966 flag if the initial preen of the file systems fails.
969 List of file system types that are network-based.
970 This list should generally not be modified by end users.
972 .Va extra_netfs_types
974 .It Va extra_netfs_types
976 If set to something other than
978 (the default), this variable extends the list of file system types
979 for which automatic mounting at startup by
981 should be delayed until the network is initialized.
983 a whitespace-separated list of network file system descriptor pairs,
984 each consisting of a file system type as passed to
986 and a human-readable, one-word description, joined with a colon
988 Extending the default list in this way is only necessary
989 when third party file system types are used.
990 .It Va devfs_config_files
992 This option is used to specify a list of configuration files containing
994 rules that will be applied by
996 in the order in which they are specified and must include the full path
998 .It Va syslogd_enable
1005 .It Va syslogd_program
1010 .Pa /usr/sbin/syslogd ) .
1011 .It Va syslogd_flags
1017 these are the flags to pass to
1026 .It Va inetd_program
1031 .Pa /usr/sbin/inetd ) .
1038 these are the flags to pass to
1046 daemon at boot time.
1053 these are the flags to pass to it.
1060 daemon at boot time.
1067 these are the flags to pass to it.
1070 manpage for more information.
1071 .It Va amd_map_program
1073 If set, the specified program is run to get the list of
1078 maps are stored in NIS, one can set this to run
1090 will be updated at boot time to reflect the kernel release being run.
1094 will not be updated.
1095 .It Va nfs_client_enable
1099 setup NFS client parameters at boot time.
1100 .It Va nfs_access_cache
1103 .Va nfs_client_enable
1108 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1109 NFS ACCESS results should be cached.
1110 A value of 2-10 seconds will substantially reduce network traffic for
1111 many NFS operations.
1112 The default is 5 seconds.
1113 Note that the attribute cache holds stat information only.
1114 The NFS data cache is independent of the attribute cache and is only
1115 invalidated when the client detects that the server has modified the
1117 This value specifies a maximum timeout.
1118 The NFS client will automatically use a shorter timeout for files which
1119 have been recently modified.
1120 .It Va nfs_neg_cache
1123 .Va nfs_client_enable
1128 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existent
1129 filenames), or to the number of seconds for which negative lookups should
1131 A value of 2-10 seconds will substantially reduce network
1132 traffic for many NFS operations, especially source code builds.
1133 The default is 3 seconds.
1134 .It Va nfs_server_enable
1138 run the NFS server daemons at boot time.
1139 .It Va nfs_server_flags
1142 .Va nfs_server_enable
1145 these are the flags to pass to the
1148 .It Va mountd_enable
1153 .Va nfs_server_enable
1159 It is commonly needed to run CFS without real NFS used.
1166 these are the flags to pass to the
1169 .It Va weak_mountd_authentication
1173 allow services like PCNFSD to make non-privileged mount requests.
1174 .It Va nfs_reserved_port_only
1178 provide NFS services only on a secure port.
1179 .It Va nfs_bufpackets
1181 If set to a number, indicates the number of packets worth of
1182 socket buffer space to reserve on an NFS client.
1183 The kernel default is typically 4.
1184 Using a higher number may be useful on gigabit networks to improve performance.
1185 The minimum value is 2 and the maximum is 64.
1186 .It Va rpc_umntall_enable
1190 (default) and we are also an NFS client, run
1192 at boot time to clear out old mounts on remote servers.
1197 will not be run at boot time.
1198 .It Va rpc_lockd_enable
1202 and also an NFS server, run
1205 .It Va rpc_lockd_flags
1208 .Va rpc_lockd_enable
1211 these are the flags to pass to
1213 .It Va rpc_statd_enable
1217 and also an NFS server, run
1220 .It Va rpc_statd_flags
1223 .Va rpc_statd_enable
1226 these are the flags to pass to
1228 .It Va rpcbind_program
1230 Path to program for rpcbind daemon
1232 .Pa /usr/sbin/rpcbind ) .
1233 .It Va rpcbind_enable
1240 .It Va rpcbind_flags
1246 these are the flags to pass to
1247 .Va rpcbind_program .
1248 .It Va keyserv_enable
1254 daemon on boot for running Secure RPC.
1255 .It Va keyserv_flags
1261 these are the flags to pass to
1264 .It Va pppoed_enable
1270 daemon at boot time to provide PPP over Ethernet services.
1271 .It Va pppoed_provider
1274 listens to requests to this provider and ultimately runs
1278 argument of the same name.
1281 Additional flags to pass to
1283 .It Va pppoed_interface
1285 The network interface to run
1288 This is mandatory when
1298 service at boot time.
1299 This command is intended for networks of machines where a consistent
1301 for all hosts must be established.
1302 This is often useful in large NFS environments where time stamps on
1303 files are expected to be consistent network-wide.
1310 these are the flags to pass to the
1319 at system boot time.
1320 .It Va dntpd_program
1325 .Pa /usr/sbin/dntpd ) .
1332 these are the flags to pass to the
1335 .It Va btconfig_enable
1339 configure Bluetooth devices via
1341 at system boot time.
1342 .It Va btconfig_devices
1348 this is the list of Bluetooth devices to configure.
1350 .Va btconfig_devices
1351 is not specified, all devices known to the system will be configured.
1353 .Va btconfig_ Ns Aq Ar device
1354 variable can be set to specify parameters to be passed to
1356 .It Va btconfig_args
1362 this is the list of configuration parameters to pass to all Bluetooth
1368 run the Service Discovery Profile daemon
1370 at system boot time.
1377 these are the flags to pass to the
1380 .It Va bthcid_enable
1384 run the Bluetooth Link Key/PIN Code Manager daemon
1386 at system boot time.
1393 these are the flags to pass to the
1396 .It Va nis_client_enable
1402 service at system boot time.
1403 .It Va nis_client_flags
1406 .Va nis_client_enable
1409 these are the flags to pass to the
1412 .It Va nis_ypset_enable
1418 daemon at system boot time.
1419 .It Va nis_ypset_flags
1422 .Va nis_ypset_enable
1425 these are the flags to pass to the
1428 .It Va nis_server_enable
1434 daemon at system boot time.
1435 .It Va nis_server_flags
1438 .Va nis_server_enable
1441 these are the flags to pass to the
1444 .It Va nis_ypxfrd_enable
1450 daemon at system boot time.
1451 .It Va nis_ypxfrd_flags
1454 .Va nis_ypxfrd_enable
1457 these are the flags to pass to the
1460 .It Va nis_yppasswdd_enable
1466 daemon at system boot time.
1467 .It Va nis_yppasswdd_flags
1470 .Va nis_yppasswdd_enable
1473 these are the flags to pass to the
1476 .It Va rpc_ypupdated_enable
1482 daemon at system boot time.
1483 .It Va defaultrouter
1487 create a default route to this host name or IP address
1488 (use an IP address if this router is also required to get to the
1490 .It Va ipv6_defaultrouter
1492 The IPv6 equivalent of
1494 .It Va static_routes
1496 Set to the list of static routes that are to be added at system boot time.
1499 then for each whitespace separated
1502 .Va route_ Ns Aq Ar element
1503 variable is assumed to exist whose contents will later be passed to a
1506 .It Va change_routes
1508 Set to the list of static routes that are to be changed at system boot time
1509 (such as those added by the kernel).
1512 then for each whitespace separated
1515 .Va change_route_ Ns Aq Ar element
1516 variable is assumed to exist whose contents will later be passed to a
1517 .Dq Nm route Cm change
1519 .It Va ipv6_static_routes
1521 The IPv6 equivalent of
1525 then for each whitespace separated
1528 .Va ipv6_route_ Ns Aq Ar element
1529 variable is assumed to exist whose contents will later be passed to a
1530 .Dq Nm route Cm add Fl inet6
1532 .It Va gateway_enable
1536 configure host to act as an IP router, e.g. to forward packets
1538 .It Va ipv6_gateway_enable
1540 The IPv6 equivalent of
1541 .Va gateway_enable .
1542 .It Va router_enable
1546 run a routing daemon of some sort, based on the settings of
1550 .It Va ipv6_router_enable
1552 The IPv6 equivalent of
1556 run a routing daemon of some sort, based on the settings of
1557 .Va ipv6_router_program
1559 .Va ipv6_router_flags .
1560 .It Va router_program
1566 this is the name of the routing daemon to use
1568 .Pa /sbin/routed ) .
1569 .It Va ipv6_router_program
1571 The IPv6 equivalent of
1574 .Pa /sbin/route6d ) .
1581 these are the flags to pass to the routing daemon.
1582 .It Va ipv6_router_flags
1584 The IPv6 equivalent of
1586 .It Va mrouted_enable
1590 run the multicast routing daemon,
1592 .It Va mroute6d_enable
1594 The IPv6 equivalent of
1595 .Va mrouted_enable .
1598 run the IPv6 multicast routing daemon.
1599 Note that no IPv6 multicast routing daemon is included in the
1603 can be installed from the
1606 .Pa ( net/mcast-tools ) .
1607 .It Va mrouted_flags
1613 these are the flags to pass to the
1616 .It Va mroute6d_flags
1618 The IPv6 equivalent of
1624 these are the flags passed to the IPv6 multicast routing daemon.
1625 .It Va mroute6d_program
1631 this is the path to the IPv6 multicast routing daemon.
1632 .It Va rtadvd_enable
1638 daemon at boot time.
1641 .Va ipv6_gateway_enable
1646 utility sends router advertisement packets to the interfaces specified in
1647 .Va rtadvd_interfaces .
1649 and should only be enabled with great care.
1650 You may want to fine-tune
1652 .It Va rtadvd_interfaces
1658 this is the list of interfaces to use.
1659 .It Va rtsold_enable
1665 daemon at boot time.
1668 daemon is used for automatic discovery of non-link local addresses.
1675 these are the flags to pass to the
1682 enable global proxy ARP.
1683 .It Va forward_sourceroute
1691 source-routed packets are forwarded.
1692 .It Va accept_sourceroute
1696 the system will accept source-routed packets directed at it.
1703 daemon at system boot time.
1710 these are the flags to pass to the
1713 .It Va bootparamd_enable
1719 daemon at system boot time.
1720 .It Va bootparamd_flags
1723 .Va bootparamd_enable
1726 these are the flags to pass to the
1729 .It Va stf_interface_ipv4addr
1733 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling interface).
1734 Specify this entry to enable the 6to4 interface.
1735 .It Va stf_interface_ipv4plen
1737 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1738 An effective value is 0-31.
1739 .It Va stf_interface_ipv6_ifid
1741 IPv6 interface ID for
1745 .It Va stf_interface_ipv6_slaid
1747 IPv6 Site Level Aggregator for
1749 .It Va ipv6_faith_prefix
1753 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP translator.
1759 The keyboard bell sound.
1766 if the default behavior is desired.
1767 For details, refer to the
1774 no keymap is installed, otherwise the value is used to install
1776 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1779 The keyboard repeat speed.
1786 if the default behavior is desired.
1791 attempt to program the function keys with the value.
1792 The value should be a single string of the form:
1793 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
1796 Can be set to the value of
1799 .Dq Li destructive ,
1802 to set the cursor behavior explicitly or choose the default behavior.
1807 no screen map is installed, otherwise the value is used to install
1808 the screen map file in
1809 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
1814 the default 8x16 font value is used for screen size requests, otherwise
1816 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1822 the default 8x14 font value is used for screen size requests, otherwise
1824 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1830 the default 8x8 font value is used for screen size requests, otherwise
1832 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1838 the default screen blanking interval is used, otherwise it is set to
1845 this is the actual screen saver to use
1846 .Li ( blank , snake , daemon ,
1848 .It Va moused_nondefault_enable
1852 the mouse device specified on
1853 the command line is not automatically treated as enabled by the
1854 .Pa /etc/rc.d/moused
1856 Having this variable set to
1862 to be enabled as soon as it is plugged in.
1863 .It Va moused_enable
1869 daemon is started for doing cut/paste selection on the console.
1872 This is the protocol type of the mouse connected to this host.
1873 This variable must be set if
1880 is able to detect the appropriate mouse type automatically in many cases.
1881 Set this variable to
1883 to let the daemon detect it, or
1884 select one from the following list if the automatic detection fails.
1886 If the mouse is attached to the PS/2 mouse port, choose
1890 regardless of the brand and model of the mouse.
1891 Likewise, if the mouse is attached to the bus mouse port, choose
1895 All other protocols are for serial mice and will not work with
1896 the PS/2 and bus mice.
1897 If this is a USB mouse,
1899 is the only protocol type which will work.
1901 .Bl -tag -width ".Li x10mouseremote" -compact
1903 Microsoft mouse (serial)
1905 Microsoft IntelliMouse (serial)
1907 Mouse systems Corp. mouse (serial)
1909 MM Series mouse (serial)
1911 Logitech mouse (serial)
1915 Logitech MouseMan and TrackMan (serial)
1917 ALPS GlidePoint (serial)
1918 .It Li thinkingmouse
1919 Kensington ThinkingMouse (serial)
1923 MM HitTablet (serial)
1924 .It Li x10mouseremote
1925 X10 MouseRemote (serial)
1927 Interlink VersaPad (serial)
1930 Even if the mouse is not in the above list, it may be compatible
1931 with one in the list.
1932 Refer to the man page for
1934 for compatibility information.
1936 It should also be noted that while this is enabled, any
1937 other client of the mouse (such as an X server) should access
1938 the mouse through the virtual mouse device,
1940 and configure it as a
1942 type mouse, since all
1943 mouse data is converted to this single canonical format when using
1945 If the client program does not support the
1950 It is the second preferred type.
1957 this is the actual port the mouse is on.
1960 for a COM1 serial mouse or
1962 for a PS/2 mouse, for example.
1967 is set, these are the additional flags to pass to the
1970 .It Va mousechar_start
1974 the default mouse cursor character range
1975 .Li 0xd0 Ns - Ns Li 0xd3
1976 is used, otherwise the range start is set to
1980 Use if the default range is occupied in the language code table.
1983 Set the size of the history (scrollback) buffer in lines.
1984 .It Va allscreens_flags
1988 is run with these options for each of the virtual terminals
1992 will enable the mouse pointer on all virtual terminals if
1996 .It Va allscreens_kbdflags
2000 is run with these options for each of the virtual terminals
2006 scrollback (history) buffer to 200 lines.
2013 daemon at system boot time.
2019 .Pa /usr/sbin/cron ) .
2026 these are the flags to pass to
2033 .Pa /usr/sbin/lpd ) .
2040 daemon at system boot time.
2047 these are the flags to pass to the
2056 daemon at system boot time.
2063 settings across reboots.
2064 .It Va mta_start_script
2066 The full path to the script to run to start
2067 a mail transfer agent.
2069 .Pa /etc/rc.sendmail .
2073 .Pa /etc/rc.sendmail
2074 uses are documented in the
2080 .Sq HAMMER ROOT with UFS /boot
2081 setup, the boot loader will not set up the
2084 The system will attempt to fix this on its own.
2085 Set this variable to
2087 to turn this behavior off.
2090 Indicates the device (usually a swap partition) to which a crash dump
2091 should be written in the event of a system crash.
2092 The value of this variable is passed as the argument to
2096 To disable crash dumps, set this variable to
2100 When the system reboots after a crash and a crash dump is found on the
2101 device specified by the
2105 will save that crash dump and a copy of the kernel to the directory
2109 The default value is
2118 .It Va savecore_flags
2120 If crash dumps are enabled, these are the flags to pass to the
2123 .It Va crashinfo_enable
2127 to turn on automatic crash dump summary generation using the utility
2129 .Va crashinfo_program
2131 .It Va crashinfo_program
2133 Program to run to generate a crash dump summary if the variable
2134 .Va crashinfo_enable
2137 The default value is
2138 .Pa /usr/sbin/crashinfo .
2139 .It Va enable_quotas
2143 to turn on user disk quotas on system startup via the
2150 to enable user disk quota checking via the
2153 .It Va accounting_enable
2157 to enable system accounting through the
2164 to enable Linux/ELF binary emulation at system initial boot time.
2165 .\" ----- cleanvar_enable setting--------------------------------
2166 .It Va cleanvar_enable
2174 .Pa /var/spool/uucp/.Temp/*
2176 .\" ----- clear_tmp_enable setting-------------------------------
2177 .It Va clear_tmp_enable
2184 .\" ----- ldconfig_paths setting --------------------------------
2185 .It Va ldconfig_paths
2187 Set to the list of shared library paths to use with
2191 will always be added first, so it need not appear in this list.
2192 .It Va ldconfig_insecure
2196 utility normally refuses to use directories
2197 which are writable by anyone except root.
2198 Set this variable to
2200 to disable that security check during system startup.
2201 .It Va ldconfig_local_dirs
2203 Set to the list of local
2206 The names of all files in the directories listed will be
2207 passed as arguments to
2209 .It Va kern_securelevel
2211 The kernel security level to set at startup.
2212 The allowed range of
2214 ranges from \-1 (the compile time default) to 3 (the most secure).
2217 for the list of possible security levels and their effect on system operation.
2224 at system boot time.
2231 at system boot time.
2234 Path to the SSH server program
2236 .Pa /usr/sbin/sshd ) .
2243 these are the flags to pass to the
2252 at system boot time.
2259 these are the flags to pass to the
2262 .It Va watchdogd_enable
2268 daemon at boot time.
2269 This requires that the kernel have been compiled with
2270 .Cd "options WATCHDOG" .
2275 any configured jails will not be started.
2278 A space separated list of names for jails.
2279 This is purely a configuration aid to help identify and
2280 configure multiple jails.
2281 The names specified in this list will be used to
2282 identify settings common to an instance of a jail.
2283 Assuming that the jail in question was named
2285 you would have the following dependent variables:
2287 jail_vjail_hostname="jail.example.com"
2288 jail_vjail_ip="192.168.1.100"
2289 jail_vjail_rootdir="/var/jails/vjail/root"
2294 When set, use as default value for
2295 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2298 .It Va jail_interface
2301 When set, use as default value for
2302 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2308 When set, use as default value for
2309 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2312 .It Va jail_mount_enable
2320 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2323 by default for every jail in
2325 .It Va jail_procfs_enable
2333 .Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2336 by default for every jail in
2338 .It Va jail_devfs_enable
2346 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2349 by default for every jail in
2351 .It Va jail_exec_start
2354 When set, use as default value for
2355 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2358 .It Va jail_exec_stop
2360 When set, use as default value for
2361 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2364 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
2367 Set to the root directory used by jail
2369 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
2372 Set to the fully qualified domain name (FQDN) assigned to jail
2374 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
2377 Set to the IP address assigned to jail
2379 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2384 These are flags to pass to
2386 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2389 When set, sets the interface to use when setting IP address alias.
2390 Note that the alias is created at jail startup and removed at jail shutdown.
2391 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2394 .Pa /etc/fstab. Ns Aq Ar jname
2396 This is the file system information file to use for jail
2398 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2405 mount all file systems from
2406 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2408 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2415 mount the process file system inside jail
2418 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2425 mount the device file system inside jail
2428 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2431 .Dq Li /bin/sh /etc/rc
2433 This is the command executed at jail startup.
2434 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2437 .Dq Li /bin/sh /etc/rc.shutdown
2439 This is the command executed at jail shutdown.
2440 .It Va jail_set_hostname_allow
2444 do not allow the root user in a jail to set its hostname.
2445 .It Va jail_socket_unixiproute_only
2449 do not allow any sockets,
2450 besides UNIX/IP/route sockets,
2451 to be used within a jail.
2452 .It Va jail_sysvipc_allow
2456 allow applications within a jail to use System V IPC.
2461 LVM volumes will be discovered and configured on boot.
2462 .It Va newsyslog_enable
2468 before syslogd starts.
2469 .It Va newsyslog_flags
2472 .Va newsyslog_enable
2475 these are the flags passed to
2477 .It Va resident_enable
2481 make the dynamic binaries listed in
2482 .Pa /etc/resident.conf
2484 .It Va varsym_enable
2489 .Pa /etc/varsym.conf
2490 to set system-wide variables for variant symlinks.
2495 or a whitespace separated list of IRQ numbers which will be used as a source of
2497 .\" -----------------------------------------------------
2502 to disable caching entropy via
2504 Otherwise set to the directory used to store entropy files in.
2509 to disable caching entropy through reboots.
2510 Otherwise set to the filename used to store cached entropy through reboots.
2511 This file should be located on the root file system to seed the
2513 device as early as possible in the boot process.
2514 .It Va entropy_save_sz
2516 Determines the size of the entropy cache files used for entropy cached
2517 through reboots and also entropy cached via
2519 The entropy is fed to the system in blocks of 512 bytes, so this number
2520 should be large enough to fill as many of the entropy pools in the kernel
2522 By default, it is set to 16384, which should be able to seed all 32 entropy
2523 pools in the Fortuna CSPRNG.
2535 Configuration file for
2544 .Pa /var/run/dmesg.boot
2546 .It Va rcshutdown_timeout
2548 If set, start a watchdog timer in the background which will terminate
2552 has not completed within the specified time (in seconds).
2553 Notice that in addition to this soft timeout,
2555 also applies a hard timeout for the execution of
2557 This is configured via
2560 .Va kern.init_shutdown_timeout
2561 and defaults to 120 seconds. Setting the value of
2562 .Va rcshutdown_timeout
2563 to more than 120 seconds will have no effect until the
2566 .Va kern.init_shutdown_timeout
2572 the udevd daemon will be started on boot.
2573 .It Va vfs_quota_enable
2577 vfs quota rc.d scripts will be run on boot.
2578 .It Va vfs_quota_sync
2580 List of mount points whose counters are to be synchronized with on-disk
2581 usage during system startup. See also
2583 .It Va vknetd_enable
2588 will be started on boot.
2591 Additional flags passed to
2593 Usually address/cidrbits is specified here.
2594 When no flags are passed, default option
2597 .It Va vkernel_enable
2601 any configured vkernels will not be started.
2602 .It Va vkernel_kill_timeout
2604 This defines the default number of seconds that we will wait for the
2605 vkernel to shut down on it's own. If after this time it's still alive,
2606 it will be killed with SIGKILL.
2609 Defines the default path to the vkernel binary.
2612 A space separated list of names for vkernels.
2613 This is purely a configuration aid to help identify and
2614 configure multiple vkernels.
2615 The names specified in this list will be used to
2616 identify settings common to a vkernel instance.
2617 Assuming that the vkernel in question was named
2619 you would have the following dependent variables
2620 (filled with reference values in this text):
2622 vkernel_example_bin="/usr/obj/usr/src/sys/VKERNEL/kernel.debug"
2623 vkernel_example_memsize="64m"
2624 vkernel_example_rootimg_list="/var/vkernel/rootimg.01"
2625 vkernel_example_iface_list="auto:bridge0"
2626 vkernel_example_logfile="/dev/null"
2627 vkernel_example_flags="-U"
2628 vkernel_example_kill_timeout="45"
2631 The last five are optional.
2632 They default to an empty string if not set, except for logfile which defaults to
2637 .Bl -tag -width ".Pa /etc/start_if. Ns Aq Ar interface" -compact
2638 .It Pa /etc/defaults/rc.conf
2640 .It Pa /etc/rc.conf.local
2641 .It Pa /etc/start_if. Ns Aq Ar interface
2659 .Xr resident.conf 5 ,
2719 .An Jordan K. Hubbard .