4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
26 .\" $DragonFly: src/share/man/man5/rc.conf.5,v 1.9 2005/02/17 22:44:39 liamfoy Exp $
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the system installation utility,
46 is not to run commands or perform system startup actions
48 Instead, it is included by the
49 various generic startup scripts in
51 which conditionalize their
52 internal actions according to the settings found there.
56 file is included from the file
57 .Pa /etc/defaults/rc.conf ,
58 which specifies the default settings for all the available options.
59 Options need only be specified in
61 when the system administrator wishes to override these defaults.
63 .Pa /etc/rc.conf.local
64 is used to override settings in
66 for historical reasons.
71 The following list provides a name and short description for each
72 variable that can be set in the
75 .Bl -tag -width indent-two
80 enable output of debug messages from rc scripts.
81 This variable can be helpful in diagnosing mistakes when
82 editing or integrating new scripts.
83 Beware that this produces copious output to the terminal and
89 disable informational messages from the rc scripts.
90 Informational messages are displayed when
91 a condition that is not serious enough to warrant a warning or
97 no swapfile is installed, otherwise the value is used as the full
98 pathname to a file to use for additional swap space.
103 enable support for Automatic Power Management with
111 to handle APM event from userland.
112 This also enables support for APM.
119 these are the flags to pass to the
125 to monitor the status of batteries present in the system.
126 This also enables support for APM.
133 these are the flags to pass to the
140 to handle device added, removed or unknown events from the kernel.
145 enable PCCARD support at boot time.
148 Set to PCCARD controller memory address or
150 for the default value.
151 .It Va pccard_ifconfig
153 List of arguments to be passed to
156 insertion of the card (e.g.\&
157 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
158 for a fixed address or
164 set the PCCARD controller to silent mode.
168 set it to melody mode.
171 Path to the configuration file for the
174 .Pa /etc/pccard.conf.sample ) .
181 these are the flags to pass to the
184 .It Va pccard_ether_delay
186 Set the delay before starting
189 .Pa /etc/pccard_ether
191 This defaults to 5 seconds to work around a bug in the
193 driver which can lead to system hangs when using some newer
196 .It Va removable_interfaces
198 List of removable network interfaces to be supported by
199 .Pa /etc/pccard_ether .
202 List of directories to search for startup script files.
203 .It Va script_name_sep
205 The field separator to use for breaking down the list of startup script files
206 into individual filenames.
207 The default is a space.
208 It is not necessary to change this unless there are startup scripts with names
212 The fully qualified domain name (FQDN) of this host on the network.
213 This should almost certainly be set to something meaningful, even if
214 there is no network connection.
217 is used to set the hostname via DHCP,
218 this variable should be set to an empty string.
221 Enable support for IPv6 networking.
222 Note that this requires that the kernel have been compiled with
223 .Cd "options INET6" .
226 The NIS domain name of this host, or
229 .It Va dhclient_program
231 Path to the DHCP client program
232 .Pa ( /sbin/dhclient ,
235 .It Va dhclient_flags
237 Additional flags to pass to the DHCP client program.
238 For the ISC DHCP client, see the
240 manpage for a description of the command line options available.
241 .It Va background_dhclient
245 to start the dhcp client in background.
246 This can cause trouble with applications depending on
247 a working network, but it will provide a faster startup
249 .It Va firewall_enable
253 to load firewall rules at startup.
254 If the kernel was not built with
255 .Cd "options IPFIREWALL" ,
258 kernel module will be loaded.
260 .Va ipfilter_enable .
261 .It Va ipv6_firewall_enable
263 The IPv6 equivalent of
264 .Va firewall_enable .
267 to load IPv6 firewall rules at startup.
268 If the kernel was not built with
269 .Cd "options IPV6FIREWALL" ,
272 kernel module will be loaded.
273 .It Va firewall_script
275 This variable specifies the full path to the firewall script to run.
277 .Pa /etc/rc.firewall .
278 .It Va ipv6_firewall_script
280 The IPv6 equivalent of
281 .Va firewall_script .
284 Names the firewall type from the selection in
285 .Pa /etc/rc.firewall ,
286 or the file which contains the local firewall ruleset.
287 Valid selections from
291 .Bl -tag -width ".Li simple" -compact
293 unrestricted IP access
295 all IP services disabled, except via
298 basic protection for a workstation
300 basic protection for a LAN.
303 If a filename is specified, the full path
305 .It Va ipv6_firewall_type
307 The IPv6 equivalent of
309 .It Va firewall_quiet
313 to disable the display of firewall rules on the console during boot.
314 .It Va ipv6_firewall_quiet
316 The IPv6 equivalent of
318 .It Va firewall_logging
322 to enable firewall event logging.
323 This is equivalent to the
324 .Dv IPFIREWALL_VERBOSE
326 .It Va ipv6_firewall_logging
328 The IPv6 equivalent of
329 .Va firewall_logging .
330 .It Va firewall_flags
336 specifies a filename.
337 .It Va ipv6_firewall_flags
339 The IPv6 equivalent of
356 sockets must be enabled in the kernel.
357 .It Va natd_interface
359 This is the name of the public interface on which
362 The interface may be given as an interface name or as an IP address.
367 flags should be placed here.
372 flag is automatically added with the above
375 .\" ----- ipfilter_enable setting --------------------------------
376 .It Va ipfilter_enable
387 Typical usage will require putting
389 ipfilter_enable="YES"
407 can be enabled independently.
411 both require at least one of
421 options IPFILTER_DEFAULT_BLOCK
424 in the kernel configuration file is a good idea, too.
425 .\" ----- ipfilter_program setting ------------------------------
426 .It Va ipfilter_program
432 .\" ----- ipfilter_rules setting --------------------------------
433 .It Va ipfilter_rules
438 This variable contains the name of the filter rule definition file.
439 The file is expected to be readable for the
442 .\" ----- ipv6_ipfilter_rules setting ---------------------------
443 .It Va ipv6_ipfilter_rules
448 This variable contains the IPv6 filter rule definition file.
449 The file is expected to be readable for the
452 .\" ----- ipfilter_flags setting --------------------------------
453 .It Va ipfilter_flags
456 This variable contains flags passed to the
459 .\" ----- ipnat_enable setting ----------------------------------
469 network address translation.
472 for a detailed discussion.
473 .\" ----- ipnat_program setting ---------------------------------
480 .\" ----- ipnat_rules setting -----------------------------------
486 This variable contains the name of the file
487 holding the network address translation definition.
488 This file is expected to be readable for the
491 .\" ----- ipnat_flags setting -----------------------------------
495 This variable contains flags passed to the
498 .\" ----- ipmon_enable setting ----------------------------------
513 Setting this variable needs setting
520 for a detailed discussion.
521 .\" ----- ipmon_program setting ---------------------------------
528 .\" ----- ipmon_flags setting -----------------------------------
534 This variable contains flags passed to the
537 Another typical example would be
538 .Dq Fl D Pa /var/log/ipflog
541 log directly to a file bypassing
544 .Pa /etc/newsyslog.conf
545 in such case like this:
547 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
549 .\" ----- ipfs_enable setting -----------------------------------
559 saving the filter and NAT state tables during shutdown
560 and reloading them during startup again.
561 Setting this variable needs setting
570 for a detailed discussion.
576 because the raised securelevel will prevent
578 from saving the state tables at shutdown time.
579 .\" ----- ipfs_program setting ----------------------------------
586 .\" ----- ipfs_flags setting ------------------------------------
590 This variable contains flags passed to the
593 .\" ----- end of added ipf hook ---------------------------------
594 .It Va tcp_extensions
601 disables certain TCP options as described by
607 might help remedy such problems with connections as randomly hanging
608 or other weird behavior.
609 Some network devices are known
610 to be broken with respect to these options.
617 .Va net.inet.tcp.log_in_vain
619 .Va net.inet.udp.log_in_vain ,
624 are set to the given value.
632 will disable probing idle TCP connections to verify that the
633 peer is still up and reachable.
634 .It Va tcp_drop_synfin
641 will cause the kernel to ignore TCP frames that have both
642 the SYN and FIN flags set.
643 This prevents OS fingerprinting, but may
644 break some legitimate applications.
645 This option is only available if the
646 kernel was built with the
649 .It Va icmp_drop_redirect
656 will cause the kernel to ignore ICMP REDIRECT packets.
659 for more information.
660 .It Va icmp_log_redirect
667 will cause the kernel to log ICMP REDIRECT packets.
669 the log messages are not rate-limited, so this option should only be used
670 for troubleshooting networks.
673 for more information.
674 .It Va icmp_bmcastecho
678 to respond to broadcast or multicast ICMP ping packets.
681 for more information.
682 .It Va ip_portrange_first
686 this is the first port in the default portrange.
689 for more information.
690 .It Va ip_portrange_last
694 this is the last port in the default portrange.
697 for more information.
698 .It Va network_interfaces
700 Set to the list of network interfaces to configure on this host.
701 For example, if the only network devices in the system are the loopback
710 .Va ifconfig_ Ns Aq Ar interface
711 variable is also assumed to exist for each value of
713 It is also possible to add IP alias entries here in cases where
714 multiple IP addresses registered against a single interface
716 Assuming that the interface in question was
721 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
722 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
727 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
729 its contents are passed to
731 Execution stops at the first unsuccessful access, so if
732 something like this is present:
734 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
735 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
736 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
737 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
740 Then note that alias4 would
742 be added since the search would
743 stop with the missing alias3 entry.
746 .Pa /etc/start_if. Ns Aq Ar interface
747 file is present, it is read and executed by the
750 before configuring the interface as specified in the
751 .Va ifconfig_ Ns Aq Ar interface
753 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
756 It is possible to bring up an interface with DHCP by setting the
757 .Va ifconfig_ Ns Aq Ar interface
760 For instance, to initialize the
763 it is possible to use something like:
767 .It Va ipv6_network_interfaces
769 This is the IPv6 equivalent of
770 .Va network_interfaces .
771 Instead of setting the ifconfig variables as
772 .Va ifconfig_ Ns Aq Ar interface
773 they should be set as
774 .Va ipv6_ifconfig_ Ns Aq Ar interface .
775 Aliases should be set as
776 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
777 .Va ipv6_prefix_ Ns Aq Ar interface
779 Interfaces that do not have a
780 .Va ipv6_ifconfig_ Ns Aq Ar interface
781 setting will be auto configured by
784 .Va ipv6_gateway_enable
787 Note that the IPv6 networking code does not support the
788 .Pa /etc/start_if. Ns Aq Ar interface
790 .It Va ipv6_default_interface
794 this is the default output interface for scoped addresses.
795 Now this works only for IPv6 link local multicast addresses.
796 .It Va cloned_interfaces
798 Set to the list of clonable network interfaces to create on this host.
800 .Va cloned_interfaces
801 are automatically appended to
802 .Va network_interfaces
804 .It Va gif_interfaces
808 tunnel interfaces to configure on this host.
810 .Va gifconfig_ Ns Aq Ar interface
811 variable is assumed to exist for each value of
813 The value of this variable is used to configure the link layer of the
814 tunnel according to the syntax of the
818 Additionally, this option ensures that each listed interface is created
823 before attempting to configure it.
824 .It Va sppp_interfaces
828 interfaces to configure on this host.
830 .Va spppconfig_ Ns Aq Ar interface
831 variable is assumed to exist for each value of
833 Each interface should also be configured by a general
834 .Va ifconfig_ Ns Aq Ar interface
838 for more information about available options.
848 Mode in which to run the
857 See the manual for a full description.
862 enables network address translation.
863 Used in conjunction with
865 allows hosts on private network addresses access to the Internet using
866 this host as a network address translating router.
869 The name of the profile to use from
870 .Pa /etc/ppp/ppp.conf .
873 The name of the user under which
883 This option is used to specify a list of files that will override
885 .Pa /etc/defaults/rc.conf .
886 The files will be read in the order in which they are specified and should
887 include the full path to the file.
888 By default, the files specified are
891 .Pa /etc/rc.conf.local
899 flag if the initial preen
900 of the file systems fails.
903 List of file system types that are network-based.
904 This list should generally not be modified by end users.
906 .Va extra_netfs_types
908 .It Va extra_netfs_types
910 If set to something other than
913 this variable extends the list of file system types
914 for which automatic mounting at startup by
916 should be delayed until the network is initialized.
918 a whitespace-separated list of network file system descriptor pairs,
919 each consisting of a file system type as passed to
921 and a human-readable, one-word description,
924 Extending the default list in this way is only necessary
925 when third party file system types are used.
926 .It Va syslogd_enable
933 .It Va syslogd_program
938 .Pa /usr/sbin/syslogd ) .
945 these are the flags to pass to
959 .Pa /usr/sbin/inetd ) .
966 these are the flags to pass to
972 use new functionality provided in the
974 script to facilitate a
978 This variable is experimental.
979 It may be removed or changed in the near future.
992 .Pa /usr/sbin/named ) .
999 these are the flags to pass to
1001 .It Va named_pidfile
1003 This is the default path to the
1006 Change it if you change the location in
1008 .It Va named_chrootdir
1010 The root directory for a name server run in a
1015 will not be run in a
1018 This variable has no effect if
1021 This variable is experimental.
1022 It may be removed or changed in the near future.
1023 .It Va named_chroot_autoupdate
1027 to disable automatic syncing of libraries and
1028 other system files between the root file system and the
1030 This variable has no effect if
1033 This variable is experimental.
1034 It may be removed or changed in the near future.
1035 .It Va named_symlink_enable
1039 to disable symlinking of
1045 environment in which
1048 This variable has no effect if
1051 This variable is experimental.
1052 It may be removed or changed in the near future.
1053 .It Va kerberos5_server_enable
1057 to start a Kerberos 5 authentication server
1059 .It Va kerberos5_server
1062 .Va kerberos5_server_enable
1065 this is the path to Kerberos 5 Authentication Server.
1066 .It Va kadmind5_server_enable
1072 the Kerberos 5 Administration Daemon; set to
1075 .It Va kadmind5_server
1078 .Va kadmind5_server_enable
1081 this is the path to Kerberos 5 Administration Daemon.
1082 .It Va kpasswdd_server_enable
1088 the Kerberos 5 Password-Changing Daemon; set to
1091 .It Va kpasswdd_server
1094 .Va kpasswdd_server_enable
1097 this is the path to Kerberos 5 Password-Changing Daemon.
1104 daemon at boot time.
1111 these are the flags to pass to it.
1118 daemon at boot time.
1125 these are the flags to pass to it.
1128 manpage for more information.
1129 .It Va amd_map_program
1132 the specified program is run to get the list of
1137 maps are stored in NIS, one can set this to
1150 will be updated at boot time to reflect the kernel release
1155 will not be updated.
1156 .It Va nfs_client_enable
1160 run the NFS client daemons at boot time.
1161 .It Va nfs_access_cache
1164 .Va nfs_client_enable
1169 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1171 results should be cached.
1172 A value of 2-10 seconds will substantially reduce network
1173 traffic for many NFS operations.
1174 .It Va nfs_server_enable
1178 run the NFS server daemons at boot time.
1179 .It Va nfs_server_flags
1182 .Va nfs_server_enable
1185 these are the flags to pass to the
1188 .It Va mountd_enable
1193 .Va nfs_server_enable
1199 It is commonly needed to run CFS without real NFS used.
1206 these are the flags to pass to the
1209 .It Va weak_mountd_authentication
1213 allow services like PCNFSD to make non-privileged mount
1215 .It Va nfs_reserved_port_only
1219 provide NFS services only on a secure port.
1220 .It Va nfs_bufpackets
1222 If set to a number, indicates the number of packets worth of
1223 socket buffer space to reserve on an NFS client.
1224 The kernel default is typically 4.
1225 Using a higher number may be
1226 useful on gigabit networks to improve performance.
1227 The minimum value is
1228 2 and the maximum is 64.
1229 .It Va rpc_umntall_enable
1233 (default) and we are also an NFS client, run
1235 at boot time to clear out old mounts on remote servers.
1240 will not be run at boot time.
1241 .It Va rpc_lockd_enable
1245 and also an NFS server, run
1248 .It Va rpc_statd_enable
1252 and also an NFS server, run
1255 .It Va rpcbind_program
1260 .Pa /usr/sbin/rpcbind ) .
1261 .It Va rpcbind_enable
1267 service at boot time.
1268 .It Va rpcbind_flags
1274 these are the flags to pass to the
1277 .It Va keyserv_enable
1283 daemon on boot for running Secure RPC.
1284 .It Va keyserv_flags
1290 these are the flags to pass to
1293 .It Va pppoed_enable
1299 daemon at boot time to provide PPP over Ethernet services.
1300 .It Va pppoed_ Ns Ar provider
1303 listens to requests to this
1309 argument of the same name.
1312 Additional flags to pass to
1314 .It Va pppoed_interface
1316 The network interface to run
1319 This is mandatory when
1329 service at boot time.
1330 This command is intended for networks of
1331 machines where a consistent
1333 for all hosts must be established.
1334 This is often useful in large NFS
1335 environments where time stamps on files are expected to be consistent
1343 these are the flags to pass to the
1352 command at boot time.
1358 .Pa /usr/sbin/ntpd ) .
1365 these are the flags to pass to the
1369 by default which sets the time immediately at startup if the
1370 local clock is off by more than 180 seconds. To prevent
1372 from doing this, set
1376 .It Va nis_client_enable
1382 service at system boot time.
1383 .It Va nis_client_flags
1386 .Va nis_client_enable
1389 these are the flags to pass to the
1392 .It Va nis_ypset_enable
1398 daemon at system boot time.
1399 .It Va nis_ypset_flags
1402 .Va nis_ypset_enable
1405 these are the flags to pass to the
1408 .It Va nis_server_enable
1414 daemon at system boot time.
1415 .It Va nis_server_flags
1418 .Va nis_server_enable
1421 these are the flags to pass to the
1424 .It Va nis_ypxfrd_enable
1430 daemon at system boot time.
1431 .It Va nis_ypxfrd_flags
1434 .Va nis_ypxfrd_enable
1437 these are the flags to pass to the
1440 .It Va nis_yppasswdd_enable
1446 daemon at system boot time.
1447 .It Va nis_yppasswdd_flags
1450 .Va nis_yppasswdd_enable
1453 these are the flags to pass to the
1456 .It Va rpc_ypupdated_enable
1462 daemon at system boot time.
1463 .It Va defaultrouter
1467 create a default route to this host name or IP address
1468 (use an IP address if this router is also required to get to the
1470 .It Va ipv6_defaultrouter
1472 The IPv6 equivalent of
1474 .It Va static_routes
1476 Set to the list of static routes that are to be added at system
1480 then for each whitespace separated
1483 .Va route_ Ns Aq Ar element
1484 variable is assumed to exist
1485 whose contents will later be passed to a
1488 .It Va ipv6_static_routes
1490 The IPv6 equivalent of
1494 then for each whitespace separated
1497 .Va ipv6_route_ Ns Aq Ar element
1498 variable is assumed to exist
1499 whose contents will later be passed to a
1500 .Dq Nm route Cm add Fl inet6
1502 .It Va gateway_enable
1506 configure host to act as an IP router, e.g. to forward packets
1508 .It Va ipv6_gateway_enable
1510 The IPv6 equivalent of
1511 .Va gateway_enable .
1512 .It Va router_enable
1516 run a routing daemon of some sort, based on the
1521 .It Va ipv6_router_enable
1523 The IPv6 equivalent of
1527 run a routing daemon of some sort, based on the
1531 .Va ipv6_router_flags .
1538 this is the name of the routing daemon to use.
1541 The IPv6 equivalent of
1549 these are the flags to pass to the routing daemon.
1550 .It Va ipv6_router_flags
1552 The IPv6 equivalent of
1554 .It Va mrouted_enable
1558 run the multicast routing daemon,
1560 .It Va mroute6d_enable
1562 The IPv6 equivalent of
1563 .Va mrouted_enable .
1566 run the IPv6 multicast routing daemon.
1567 Note that no IPv6 multicast routing daemon is included in the
1571 can be installed from the
1574 .It Va mrouted_flags
1580 these are the flags to pass to the
1583 .It Va mroute6d_flags
1585 The IPv6 equivalent of
1591 these are the flags passed to the IPv6 multicast routing daemon.
1592 .It Va mroute6d_program
1598 this is the path to the IPv6 multicast routing daemon.
1599 .It Va rtadvd_enable
1605 daemon at boot time.
1608 .Va ipv6_gateway_enable
1613 utility sends router advertisement packets to the interfaces specified in
1614 .Va rtadvd_interfaces .
1616 and should only be enabled with great care.
1617 You may want to fine-tune
1619 .It Va rtadvd_interfaces
1625 this is the list of interfaces to use.
1626 .It Va ipxgateway_enable
1630 enable the routing of IPX traffic.
1631 .It Va ipxrouted_enable
1637 daemon at system boot time.
1638 .It Va ipxrouted_flags
1641 .Va ipxrouted_enable
1644 these are the flags to pass to the
1651 enable global proxy ARP.
1652 .It Va forward_sourceroute
1660 source-routed packets are forwarded.
1661 .It Va accept_sourceroute
1665 the system will accept source-routed packets directed at it.
1672 daemon at system boot time.
1679 these are the flags to pass to the
1682 .It Va bootparamd_enable
1688 daemon at system boot time.
1689 .It Va bootparamd_flags
1692 .Va bootparamd_enable
1695 these are the flags to pass to the
1698 .It Va stf_interface_ipv4addr
1702 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
1704 Specify this entry to enable the 6to4 interface.
1705 .It Va stf_interface_ipv4plen
1707 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1708 An effective value is 0-31.
1709 .It Va stf_interface_ipv6_ifid
1711 IPv6 interface ID for
1715 .It Va stf_interface_ipv6_slaid
1717 IPv6 Site Level Aggregator for
1719 .It Va ipv6_faith_prefix
1723 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
1728 .It Va ipv6_ipv4mapping
1732 this enables IPv4 mapped IPv6 address communication (like
1733 .Li ::ffff:a.b.c.d ) .
1738 to enable the configuration of ATM interfaces at system boot time.
1739 For all of the ATM variables described below, please refer to the
1741 man page for further details on the available command parameters.
1742 Also refer to the files in
1743 .Pa /usr/share/examples/atm
1744 for more detailed configuration information.
1747 This is a list of physical ATM interface drivers to load. Typical values are
1751 .It Va atm_netif_ Ns Aq Ar intf
1753 For the ATM physical interface
1755 this variable defines the name prefix and count for the ATM network
1756 interfaces to be created.
1757 The value will be passed as the parameters of an
1758 .Dq Nm atm Cm "set netif" Ar intf
1760 .It Va atm_sigmgr_ Ns Aq Ar intf
1762 For the ATM physical interface
1764 this variable defines the ATM signalling manager to be used.
1765 The value will be passed as the parameters of an
1766 .Dq Nm atm Cm attach Ar intf
1768 .It Va atm_prefix_ Ns Aq Ar intf
1770 For the ATM physical interface
1772 this variable defines the NSAP prefix for interfaces using a UNI signalling
1776 the prefix will automatically be set via the
1779 Otherwise, the value will be passed as the parameters of an
1780 .Dq Nm atm Cm "set prefix" Ar intf
1782 .It Va atm_macaddr_ Ns Aq Ar intf
1784 For the ATM physical interface
1786 this variable defines the MAC address for interfaces using a UNI signalling
1790 the hardware MAC address contained in the ATM interface card will be used.
1791 Otherwise, the value will be passed as the parameters of an
1792 .Dq Nm atm Cm "set mac" Ar intf
1794 .It Va atm_arpserver_ Ns Aq Ar netif
1796 For the ATM network interface
1798 this variable defines the ATM address for a host which is to provide ATMARP
1800 This variable is only applicable to interfaces using a UNI signalling
1804 this host will become an ATMARP server.
1805 The value will be passed as the parameters of an
1806 .Dq Nm atm Cm "set arpserver" Ar netif
1808 .It Va atm_scsparp_ Ns Aq Ar netif
1812 SCSP/ATMARP service for the network interface
1814 will be initiated using the
1819 This variable is only applicable if
1820 .Va atm_arpserver_ Ns Aq Ar netif
1825 Set to the list of ATM PVCs to be added at system
1827 For each whitespace separated
1830 .Va atm_pvc_ Ns Aq Ar element
1831 variable is assumed to exist.
1832 The value of each of these variables
1833 will be passed as the parameters of an
1834 .Dq Nm atm Cm "add pvc"
1838 Set to the list of permanent ATM ARP entries to be added
1839 at system boot time.
1840 For each whitespace separated
1843 .Va atm_arp_ Ns Aq Ar element
1844 variable is assumed to exist.
1845 The value of each of these variables
1846 will be passed as the parameters of an
1847 .Dq Nm atm Cm "add arp"
1849 .It Va natm_interfaces
1853 interfaces that will also be used for HARP through
1855 If this list is not empty all interfaces in the list will be brought up
1861 For this to work the interface drivers must be either compiled into the
1862 kernel or must reside on the root partition.
1865 The keyboard bell sound.
1872 if the default behavior is desired.
1873 For details, refer to the
1880 no keymap is installed, otherwise the value is used to install
1882 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1885 The keyboard repeat speed.
1892 if the default behavior is desired.
1897 attempt to program the function keys with the value.
1899 be a single string of the form:
1900 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
1903 Can be set to the value of
1906 .Dq Li destructive ,
1909 to set the cursor behavior explicitly or choose the default behavior.
1914 no screen map is installed, otherwise the value is used to install
1915 the screen map file in
1916 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
1921 the default 8x16 font value is used for screen size requests, otherwise
1923 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1929 the default 8x14 font value is used for screen size requests, otherwise
1931 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1937 the default 8x8 font value is used for screen size requests, otherwise
1939 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1945 the default screen blanking interval is used, otherwise it is set
1953 this is the actual screen saver to use
1954 .Li ( blank , snake , daemon ,
1956 .It Va moused_enable
1962 daemon is started for doing cut/paste selection on the console.
1965 This is the protocol type of the mouse connected to this host.
1966 This variable must be set if
1973 is able to detect the appropriate mouse type automatically in many cases.
1974 Set this variable to
1976 to let the daemon detect it, or
1977 select one from the following list if the automatic detection fails.
1979 If the mouse is attached to the PS/2 mouse port, choose
1983 regardless of the brand and model of the mouse.
1985 mouse is attached to the bus mouse port, choose
1989 All other protocols are for serial mice and will not work with
1990 the PS/2 and bus mice.
1991 If this is a USB mouse,
1993 is the only protocol type which will work.
1995 .Bl -tag -width ".Li x10mouseremote" -compact
1997 Microsoft mouse (serial)
1999 Microsoft IntelliMouse (serial)
2001 Mouse systems Corp. mouse (serial)
2003 MM Series mouse (serial)
2005 Logitech mouse (serial)
2009 Logitech MouseMan and TrackMan (serial)
2011 ALPS GlidePoint (serial)
2012 .It Li thinkingmouse
2013 Kensington ThinkingMouse (serial)
2017 MM HitTablet (serial)
2018 .It Li x10mouseremote
2019 X10 MouseRemote (serial)
2021 Interlink VersaPad (serial)
2024 Even if the mouse is not in the above list, it may be compatible
2025 with one in the list.
2026 Refer to the man page for
2028 for compatibility information.
2030 It should also be noted that while this is enabled, any
2031 other client of the mouse (such as an X server) should access
2032 the mouse through the virtual mouse device,
2034 and configure it as a
2036 type mouse, since all
2037 mouse data is converted to this single canonical format when
2040 If the client program does not support the
2046 It is the second preferred type.
2053 this is the actual port the mouse is on.
2056 for a COM1 serial mouse,
2060 for a bus mouse, for example.
2065 is set, these are the additional flags to pass to the
2068 .It Va mousechar_start
2072 the default mouse cursor character range
2073 .Li 0xd0 Ns - Ns Li 0xd3
2075 otherwise the range start is set
2080 Use if the default range is occupied in the language code table.
2081 .It Va allscreens_flags
2085 is run with these options for each of the virtual terminals
2089 will enable the mouse pointer on all virtual terminals
2094 .It Va allscreens_kbdflags
2098 is run with these options for each of the virtual terminals
2104 scrollback (history) buffer to 200 lines.
2111 daemon at system boot time.
2117 .Pa /usr/sbin/cron ) .
2124 these are the flags to pass to
2131 .Pa /usr/sbin/lpd ) .
2138 daemon at system boot time.
2145 these are the flags to pass to the
2148 .It Va mta_start_script
2150 This variable specifies the full path to the script to run to start
2151 a mail transfer agent.
2153 .Pa /etc/rc.sendmail .
2157 .Pa /etc/rc.sendmail
2158 uses are documented in the
2163 Indicates the device (usually a swap partition) to which a crash dump
2164 should be written in the event of a system crash.
2165 The value of this variable is passed as the argument to
2167 To disable crash dumps, set this variable to
2171 When the system reboots after a crash and a crash dump is found on the
2172 device specified by the
2176 will save that crash dump and a copy of the kernel to the directory
2180 The default value is
2189 .It Va savecore_flags
2191 If crash dumps are enabled, these are the flags to pass to the
2194 .It Va enable_quotas
2198 to turn on user disk quotas on system startup via the
2205 to enable user disk quota checking via the
2208 .It Va accounting_enable
2212 to enable system accounting through the
2219 to enable iBCS2 (SCO) binary emulation at system initial boot
2221 .It Va ibcs2_loaders
2229 this specifies a list of additional iBCS2 loaders to enable.
2234 to enable Linux/ELF binary emulation at system initial
2240 to enable OSF/1 (Digital UNIX) binary emulation at system
2247 enable SysVR4 emulation at boot time.
2248 .It Va sysvipc_enable
2252 load System V IPC primitives at boot time.
2253 .It Va clear_tmp_enable
2260 .It Va ldconfig_paths
2262 Set to the list of shared library paths to use with
2266 will always be added first, so it need not appear in this list.
2267 .It Va ldconfig_paths_aout
2269 Set to the list of shared library paths to use with
2274 .It Va ldconfig_insecure
2278 utility normally refuses to use directories
2279 which are writable by anyone except root.
2280 Set this variable to
2282 to disable that security check during system startup.
2283 .It Va kern_securelevel_enable
2287 to set the kernel security level at system startup.
2288 .It Va kern_securelevel
2290 The kernel security level to set at startup.
2291 The allowed range of
2293 ranges from \-1 (the compile time default) to 3 (the
2297 for the list of possible security levels and their effect
2298 on system operation.
2303 to enable Low Watermark Mandatory Access Control (LOMAC) at boot time.
2304 This security model enforces integrity constraints for system processes;
2307 for a complete description of the LOMAC model, as well as its impact
2308 on system operation.
2315 at system boot time.
2318 Path to the SSH server program
2319 .Pa ( /usr/sbin/sshd
2327 at system boot time.
2334 these are the flags to pass to the
2343 daemon at boot time.
2350 these are the flags passed to
2353 .It Va watchdogd_enable
2359 daemon at boot time.
2360 This requires that the kernel have been compiled with
2361 .Cd "options WATCHDOG" .
2366 any configured jails will not be started.
2369 A space separated list of names for jails.
2370 This is purely a configuration aid to help identify and
2371 configure multiple jails.
2372 The names specified in this list will be used to
2373 identify settings common to an instance of a jail.
2374 Assuming that the jail in question was named
2376 you would have the following dependant variables:
2378 jail_vjail_hostname="jail.example.com"
2379 jail_vjail_ip="192.168.1.100"
2380 jail_vjail_rootdir="/var/jails/vjail/root"
2381 jail_vjail_exec="/bin/sh /etc/rc"
2384 The last one is optional.
2388 .It Va jail_set_hostname_allow
2392 do not allow the root user in a jail to set its hostname.
2393 .It Va jail_socket_unixiproute_only
2397 do not allow any protocol,
2399 to be used within a jail.
2400 .It Va jail_sysvipc_allow
2404 allow applications within a jail to use System V IPC.
2405 .It Va unaligned_print
2409 unaligned access warnings will not be printed.
2411 .\" ----- isdn settings ---------------------------------
2422 at system boot time.
2426 .Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
2428 Additional flags to pass to
2434 for certain tunable parameters).
2440 The terminal type of the output device when
2442 operates in full-screen mode.
2443 .It Va isdn_screenflags
2448 The video mode for full-screen mode (only for
2458 The output device for
2460 in full-screen mode (or
2470 enables the ISDN protocol trace utility
2472 at system boot time.
2473 .It Va isdn_traceflags
2476 .Dq Fl f Pa /var/tmp/isdntrace0
2480 .\" -----------------------------------------------------
2488 verbose messages about the actions done by the start script are displayed.
2492 driver must be compiled into the kernel before the
2495 options described here take any effect.
2501 Use this to configure a national keyboard mapping found in the
2502 .Pa /usr/share/misc/keycap.pcvt
2503 file of keyboard mappings.
2504 (See also the manual pages
2510 keycap database and the manual page
2514 for national keyboard mapping configuration.)
2520 Used to set the keyboard key repeat delay value.
2522 in the range 0..3 for delay values of 250, 500, 750 and 1000 msec.
2531 Used to set the keyboard key repetition rate value.
2533 in the range 0..31 for repetition values of 2..30 characters per second.
2534 .It Va pcvt_keyrepeat
2541 to enable automatic keyboard key repeating.
2551 to use 24 lines only (in 25 lines mode) for compatibility
2562 to enable the display and functionality of function key labels (as found
2565 terminals such as the
2576 by default resulting in a value of 25.
2577 Used to set the number of lines on the screen.
2578 For VGA displays, valid
2579 values are 25, 28, 40 and 50 lines.
2583 .It Va pcvt_blanktime
2588 Used to set the screen saver timeout in seconds for values greater than
2595 Used to set the cursor top scanline.
2604 Used to set the cursor bottom scanline.
2605 .It Va pcvt_monohigh
2612 to set intensity to high on monochrome monitors.
2617 for more information on changing VGA palette
2619 .It Va harvest_interrupt
2623 to use hardware interrupts as an entropy source.
2626 for more information.
2627 .It Va harvest_ethernet
2631 to use LAN traffic as an entropy source.
2634 for more information.
2635 .It Va harvest_p_to_p
2639 to use serial line traffic as an entropy source.
2642 for more information.
2647 to disable caching entropy via
2649 Otherwise set to the directory used to store entropy files in.
2654 to disable caching entropy through reboots.
2655 Otherwise set to the filename used to store cached entropy through
2657 This file should be located on the root file system to seed the
2659 device as early as possible in the boot process.
2660 .It Va entropy_save_sz
2662 Size of the entropy cache files saved by
2665 .It Va entropy_save_num
2667 Number of entropy cache files to save by
2681 Configuration file for
2690 .Pa /var/run/dmesg.boot
2692 .It Va rcshutdown_timeout
2694 If set, start a watchdog timer in the background which will terminate
2698 has not completed within the specified time (in seconds).
2701 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
2702 .It Pa /etc/defaults/rc.conf
2704 .It Pa /etc/rc.conf.local
2767 .An Jordan K. Hubbard .