4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
27 .Dd September 28, 2019
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions directly.
46 Instead, it is included by the various generic startup scripts in
48 which conditionalize their
49 internal actions according to the settings found there.
52 .Pa /etc/defaults/rc.conf
53 file specifies the default settings for all the available options,
56 file specifies override settings.
57 Options need only be specified in
59 when the system administrator wishes to override the defaults.
61 .Pa /etc/rc.conf.local
62 is used to override settings in
64 for historical reasons.
66 .Pa /etc/rc.conf.local
67 you can also place smaller configuration files for each
71 directory, which will be included by the
74 For jail configurations you could use the file
75 .Pa /etc/rc.conf.d/jail
76 to store jail specific configuration options.
81 The following list provides a name and short description for each
82 variable that can be set in the
99 These values are case insensitive.
102 postfix in the name of a variable for starting a service can be
105 .Bl -tag -width indent-two
110 enable output of debug messages from rc scripts.
111 This variable can be helpful in diagnosing mistakes when
112 editing or integrating new scripts.
113 Beware that this produces copious output to the terminal and
119 disable informational messages from the rc scripts.
120 Informational messages are displayed when
121 a condition that is not serious enough to warrant a warning or an error occurs.
128 when faststart is used (e.g., at boot time).
133 no swapfile is installed, otherwise the value is used as the full
134 pathname to a file to use for additional swap space.
137 driver is needed for a swapfile and will be loaded if it is not
138 already compiled into the kernel or loaded via
140 .It Ao Ar module Ac Ns Ar _load
144 that kernel module will be loaded.
146 .Ao Ar module Ac Ns Ar _name
147 is defined (see below), the
148 module's name is taken to be
150 .It Ao Ar module Ac Ns Ar _name
152 Defines the name of the module.
157 to handle device added, removed or unknown events from the kernel.
164 these are the flags to pass to the
176 a CPU speed control daemon.
180 Additional flags passed to the
183 .It Va sensorsd_enable
192 a sensors monitoring and logging daemon.
193 .It Va sensorsd_flags
196 Additional flags passed to the
199 .It Va sysvipcd_enable
208 a daemon needed for the userspace implementation of the XSI Interprocess
209 Communication functions.
210 .It Va sysvipcd_flags
213 Additional flags passed to the
216 .It Va hotplugd_enable
225 a devices hot plugging monitoring daemon.
226 .It Va hotplugd_flags
229 Additional flags passed to the
232 .It Va pccard_ifconfig
234 List of arguments to be passed to
236 at boot time or on insertion of the card (e.g.\&
237 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
238 for a fixed address or
241 .It Va pccard_ether_delay
243 Set the delay before starting the DHCP client (configured with
246 .Pa /etc/pccard_ether
251 .It Va removable_interfaces
253 List of removable network interfaces to be supported by
254 .Pa /etc/pccard_ether .
257 List of directories to search for startup script files.
258 .It Va script_name_sep
260 The field separator to use for breaking down the list of startup script files
261 into individual filenames.
262 The default is a space.
263 It is not necessary to change this unless there are startup scripts with names
267 The fully qualified domain name (FQDN) of this host on the network.
268 This should almost certainly be set to something meaningful, even if
269 there is no network connection.
270 If DHCP is used to set the hostname,
271 this variable should be set to an empty string.
274 Enable support for IPv6 networking.
275 Note that this requires that the kernel have been compiled with
276 .Cd "options INET6" .
279 The NIS domain name of this host, or
284 Set the rc script that is called to start the DHCP client.
289 .It Va dhclient_program
294 .Pa /sbin/dhclient ) .
295 .It Va dhclient_flags
297 Additional flags to pass to the
306 in master mode (i.e., configure all available Ethernet interfaces) at startup.
307 .It Va dhcpcd_program
315 Additional flags to pass to the
322 to go to background immediately.
330 If the kernel was not built with
334 kernel module will be loaded.
336 .Va firewall_enable .
341 ruleset definition file.
352 these are the flags to pass to
354 when loading the ruleset.
361 which logs packets from
369 this specifies the path of the log file.
380 these are the flags to pass to
382 .It Va firewall_enable
386 to load firewall rules at startup.
387 If the kernel was not built with
388 .Cd "options IPFIREWALL" ,
391 kernel module will be loaded.
394 .It Va ipv6_firewall_enable
396 The IPv6 equivalent of
397 .Va firewall_enable .
400 to load IPv6 firewall rules at startup.
401 If the kernel was not built with
402 .Cd "options IPV6FIREWALL" ,
405 kernel module will be loaded.
406 .It Va firewall_script
408 The full path to the firewall script to run
410 .Pa /etc/rc.firewall ) .
411 .It Va ipv6_firewall_script
413 The IPv6 equivalent of
414 .Va firewall_script .
417 Names the firewall type from the selection in
418 .Pa /etc/rc.firewall ,
419 or the file which contains the local firewall ruleset.
420 Valid selections from
424 .Bl -tag -width ".Li simple" -compact
426 unrestricted IP access
428 all IP services disabled, except via
431 basic protection for a workstation on a LAN
437 If a filename is specified, the full path must be given.
438 .It Va firewall_trusted_nets
440 List of trusted networks (if
444 .It Va firewall_trusted_interfaces
446 List of trusted network interfaces (if
450 .It Va firewall_allowed_icmp_types
452 List of allowed ICMP types (if
456 .It Va firewall_open_tcp_ports
458 List of TCP ports to open (if
462 .It Va firewall_open_udp_ports
464 List of UDP ports to open (if
468 .It Va ipv6_firewall_type
470 The IPv6 equivalent of
472 .It Va firewall_quiet
476 to disable the display of firewall rules on the console during boot.
477 .It Va ipv6_firewall_quiet
479 The IPv6 equivalent of
481 .It Va firewall_logging
485 to enable firewall event logging.
486 This is equivalent to the
487 .Dv IPFIREWALL_VERBOSE
489 .It Va ipv6_firewall_logging
491 The IPv6 equivalent of
492 .Va firewall_logging .
493 .It Va firewall_flags
499 specifies a filename.
500 .It Va ipv6_firewall_flags
502 The IPv6 equivalent of
516 The full path to the shell script to run to set up the ipfw3
517 firewall rules (default
518 .Pa /etc/ipfw3.rules ) .
521 List of ipfw3 modules to be loaded before executing the above
524 .Dq Li ipfw3 ipfw3_basic ) .
540 sockets must be enabled in the kernel.
541 .It Va natd_interface
543 This is the name of the public interface on which
546 The interface may be given as an interface name or as an IP address.
551 flags should be placed here.
556 flag is automatically added with the above
559 .It Va tcp_extensions
566 disables certain TCP options as described by
572 might help remedy such problems with connections as randomly hanging
573 or other weird behavior.
574 Some network devices are known to be broken with respect to these options.
581 .Va net.inet.tcp.log_in_vain
583 .Va net.inet.udp.log_in_vain ,
588 are set to the given value.
596 will disable probing idle TCP connections to verify that the
597 peer is still up and reachable.
598 .It Va tcp_drop_synfin
605 will cause the kernel to ignore TCP frames that have both
606 the SYN and FIN flags set.
607 This prevents OS fingerprinting, but may break some legitimate applications.
608 This option is only available if the kernel was built with the
611 .It Va icmp_drop_redirect
618 will cause the kernel to ignore ICMP REDIRECT packets.
621 for more information.
622 .It Va icmp_log_redirect
629 will cause the kernel to log ICMP REDIRECT packets.
631 the log messages are not rate-limited, so this option should only be used
632 for troubleshooting networks.
635 for more information.
636 .It Va icmp_bmcastecho
640 to respond to broadcast or multicast ICMP ping packets.
643 for more information.
644 .It Va ip_portrange_first
648 this is the first port in the default portrange.
651 for more information.
652 .It Va ip_portrange_last
656 this is the last port in the default portrange.
659 for more information.
661 .It Va ifconfig_ Ns Aq Ar interface
665 Typically includes IP address.
666 Assuming that the interface in question was
668 it might look something like this:
670 ifconfig_ed0="inet 10.0.0.1 netmask 0xffff0000"
674 .Pa /etc/start_if. Ns Aq Ar interface
675 file is present, it is read and executed by the
677 interpreter before configuring the interface as specified in the
678 .Va ifconfig_ Ns Aq Ar interface
680 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
683 It is possible to bring up an interface with DHCP by adding
686 .Va ifconfig_ Ns Aq Ar interface
688 For instance, to initialize the
690 device via DHCP, it is possible to use something like:
696 .Va vlans_ Ns Aq Ar interface
700 interface will be created for each item in the list with the
704 If a vlan interface's name is a number,
705 then that number is used as the vlan tag and the new vlan interface is
707 .Ar interface . Ns Ar tag .
709 the vlan tag must be specified via a
712 .Va create_args_ Ns Aq Ar interface
715 To create a vlan device named
719 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
722 ifconfig_em0_101="inet 192.0.2.1/24"
725 To create a vlan device named
729 with the vlan tag 102:
732 create_args_myvlan="vlan 102"
736 .Va wlans_ Ns Aq Ar interface
740 interface will be created for each item in the list with the
744 Further wlan cloning arguments may be passed to the
747 command by setting the
748 .Va create_args_ Ns Aq Ar interface
752 devices must be created for each wireless devices as of
758 may be specified with an
759 .Va wlandebug_ Ns Aq Ar interface
761 The contents of this variable will be passed directly to
764 Also, if your interface needs WPA authentication, it is possible to add
767 .Va ifconfig_ Ns Aq Ar interface
770 .Xr wpa_supplicant 8 .
772 .Xr wpa_supplicant.conf 5
773 for configuring authentication information.
777 options in this variable, in addition to the
778 .Pa /etc/start_if. Ns Aq Ar interface
780 For instance, to initialize the
782 device via DHCP, using WPA authentication and 802.11b mode, it is
783 possible to use something like:
786 ifconfig_wlan0="up DHCP WPA mode 11b"
788 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
790 Configuration to establish an additional network address for
792 Assuming that the interface in question was
794 it might look something like this:
796 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
797 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
802 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
803 entry that is found, its contents are passed to
805 Execution stops at the first unsuccessful access, so if
806 something like this is present:
808 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
809 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
810 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
811 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
814 Then note that alias4 would
816 be added since the search would stop with the missing alias3 entry.
817 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _name
821 It is possible to rename interface by doing:
823 ifconfig_ed0_name="net0"
824 ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
833 will disable the configuration of network interfaces.
834 .It Va network_interfaces
836 The list of network interfaces to configure on this host,
839 to configure all network interfaces
842 For example, if the only network devices to be configured are the loopback device
846 driver, this could be set to
849 .Va ifconfig_ Ns Aq Ar interface
850 variable is assumed to exist for each value of
852 .It Va ipv6_network_interfaces
854 This is the IPv6 equivalent of
855 .Va network_interfaces .
856 Instead of setting the ifconfig variables as
857 .Va ifconfig_ Ns Aq Ar interface
858 they should be set as
859 .Va ipv6_ifconfig_ Ns Aq Ar interface .
860 Aliases should be set as
861 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
862 Interfaces that do not have a
863 .Va ipv6_ifconfig_ Ns Aq Ar interface
864 setting will be auto configured by
867 .Va ipv6_gateway_enable
870 Note that the IPv6 networking code does not support the
871 .Pa /etc/start_if. Ns Aq Ar interface
873 .It Va ipv6_prefix_ Ns Aq Ar interface
877 prefixlen 64 is used.
878 .It Va ipv6_default_interface
882 this is the default output interface for scoped addresses.
883 Now this works only for IPv6 link local multicast addresses.
884 .It Va ip6addrctl_enable
886 This variable is to enable configuring the default address selection policy table
890 and the policy table to be installed is specified by the
891 .Va ip6addrctl_policy
893 .It Va ip6addrctl_policy
895 This variable specifies the policy table to be installed,
896 and can be one of the following keywords:
909 installs a pre-defined policy table described in Section 2.1
917 is specified, it attempts to read a file
918 .Pa /etc/ip6addrctl.conf
920 If this file is found,
922 reads and installs it.
923 If not found, a policy is automatically set
926 variable; if the variable is set to
928 the IPv6-preferred one is used.
929 Otherwise IPv4-preferred.
930 .It Va ip6addrctl_verbose
934 print the installed policy table after configuring.
937 .It Va cloned_interfaces
939 Set to the list of clonable network interfaces to create on this host.
941 .Va cloned_interfaces
942 are automatically appended to
943 .Va network_interfaces
945 .It Va gif_interfaces
949 tunnel interfaces to configure on this host.
951 .Va gifconfig_ Ns Aq Ar interface
952 variable is assumed to exist for each value of
954 The value of this variable is used to configure the link layer of the
955 tunnel according to the syntax of the
959 Additionally, this option ensures that each listed interface is created via the
963 before attempting to configure it.
964 .It Va sppp_interfaces
968 interfaces to configure on this host.
970 .Va spppconfig_ Ns Aq Ar interface
971 variable is assumed to exist for each value of
973 Each interface should also be configured by a general
974 .Va ifconfig_ Ns Aq Ar interface
978 for more information about available options.
988 Mode in which to run the
997 See the manual for a full description.
1002 enables network address translation.
1003 Used in conjunction with
1005 allows hosts on private network addresses access to the Internet using
1006 this host as a network address translating router.
1009 The name of the profile to use from
1010 .Pa /etc/ppp/ppp.conf .
1011 Also used for per-profile overrides of
1012 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1013 Where the profile contains any of the characters
1015 they are translated to
1017 for the purposes of the override variable names.
1018 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1020 Set the unit number to be used for this profile.
1021 See the manual description of
1028 The name of the user under which
1035 .It Va rc_conf_files
1037 This option is used to specify a list of files that will override
1039 .Pa /etc/defaults/rc.conf .
1040 The files will be read in the order in which they are specified and should
1041 include the full path to the file.
1042 By default, the files specified are
1045 .Pa /etc/rc.conf.local
1046 .It Va fsck_y_enable
1051 will be run with the
1053 flag if the initial preen of the file systems fails.
1056 List of file system types that are network-based.
1057 This list should generally not be modified by end users.
1059 .Va extra_netfs_types
1061 .It Va extra_netfs_types
1063 If set to something other than
1065 (the default), this variable extends the list of file system types
1066 for which automatic mounting at startup by
1068 should be delayed until the network is initialized.
1070 a whitespace-separated list of network file system descriptor pairs,
1071 each consisting of a file system type as passed to
1073 and a human-readable, one-word description, joined with a colon
1075 Extending the default list in this way is only necessary
1076 when third party file system types are used.
1077 .It Va devfs_config_files
1079 This option is used to specify a list of configuration files containing
1081 rules that will be applied by
1083 in the order in which they are specified and must include the full path
1085 .It Va syslogd_enable
1092 .It Va syslogd_program
1097 .Pa /usr/sbin/syslogd ) .
1098 .It Va syslogd_flags
1104 these are the flags to pass to
1113 .It Va inetd_program
1118 .Pa /usr/sbin/inetd ) .
1125 these are the flags to pass to
1133 daemon at boot time.
1140 these are the flags to pass to it.
1146 will be updated at boot time to reflect the kernel release being run.
1150 will not be updated.
1151 .It Va nfs_client_enable
1155 setup NFS client parameters at boot time.
1156 .It Va nfs_access_cache
1159 .Va nfs_client_enable
1164 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1165 NFS ACCESS results should be cached.
1166 A value of 2-10 seconds will substantially reduce network traffic for
1167 many NFS operations.
1168 The default is 5 seconds.
1169 Note that the attribute cache holds stat information only.
1170 The NFS data cache is independent of the attribute cache and is only
1171 invalidated when the client detects that the server has modified the
1173 This value specifies a maximum timeout.
1174 The NFS client will automatically use a shorter timeout for files which
1175 have been recently modified.
1176 .It Va nfs_neg_cache
1179 .Va nfs_client_enable
1184 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existent
1185 filenames), or to the number of seconds for which negative lookups should
1187 A value of 2-10 seconds will substantially reduce network
1188 traffic for many NFS operations, especially source code builds.
1189 The default is 3 seconds.
1190 .It Va nfs_server_enable
1194 run the NFS server daemons at boot time.
1195 .It Va nfs_server_flags
1198 .Va nfs_server_enable
1201 these are the flags to pass to the
1204 .It Va mountd_enable
1209 .Va nfs_server_enable
1215 It is commonly needed to run CFS without real NFS used.
1222 these are the flags to pass to the
1225 .It Va weak_mountd_authentication
1229 allow services like PCNFSD to make non-privileged mount requests.
1230 .It Va nfs_reserved_port_only
1234 provide NFS services only on a secure port.
1235 .It Va nfs_bufpackets
1237 If set to a number, indicates the number of packets worth of
1238 socket buffer space to reserve on an NFS client.
1239 The kernel default is typically 4.
1240 Using a higher number may be useful on gigabit networks to improve performance.
1241 The minimum value is 2 and the maximum is 64.
1242 .It Va rpc_umntall_enable
1246 (default) and we are also an NFS client, run
1248 at boot time to clear out old mounts on remote servers.
1253 will not be run at boot time.
1254 .It Va rpc_lockd_enable
1258 and also an NFS server, run
1261 .It Va rpc_lockd_flags
1264 .Va rpc_lockd_enable
1267 these are the flags to pass to
1269 .It Va rpc_statd_enable
1273 and also an NFS server, run
1276 .It Va rpc_statd_flags
1279 .Va rpc_statd_enable
1282 these are the flags to pass to
1284 .It Va rpcbind_program
1286 Path to program for rpcbind daemon
1288 .Pa /usr/sbin/rpcbind ) .
1289 .It Va rpcbind_enable
1296 .It Va rpcbind_flags
1302 these are the flags to pass to
1303 .Va rpcbind_program .
1304 .It Va keyserv_enable
1310 daemon on boot for running Secure RPC.
1311 .It Va keyserv_flags
1317 these are the flags to pass to
1320 .It Va pppoed_enable
1326 daemon at boot time to provide PPP over Ethernet services.
1327 .It Va pppoed_provider
1330 listens to requests to this provider and ultimately runs
1334 argument of the same name.
1337 Additional flags to pass to
1339 .It Va pppoed_interface
1341 The network interface to run
1344 This is mandatory when
1354 at system boot time.
1355 .It Va dntpd_program
1360 .Pa /usr/sbin/dntpd ) .
1367 these are the flags to pass to the
1370 .It Va btconfig_enable
1374 configure Bluetooth devices via
1376 at system boot time.
1377 .It Va btconfig_devices
1383 this is the list of Bluetooth devices to configure.
1385 .Va btconfig_devices
1386 is not specified, all devices known to the system will be configured.
1388 .Va btconfig_ Ns Aq Ar device
1389 variable can be set to specify parameters to be passed to
1391 .It Va btconfig_args
1397 this is the list of configuration parameters to pass to all Bluetooth
1403 run the Service Discovery Profile daemon
1405 at system boot time.
1412 these are the flags to pass to the
1415 .It Va bthcid_enable
1419 run the Bluetooth Link Key/PIN Code Manager daemon
1421 at system boot time.
1428 these are the flags to pass to the
1431 .It Va nis_client_enable
1437 service at system boot time.
1438 .It Va nis_client_flags
1441 .Va nis_client_enable
1444 these are the flags to pass to the
1447 .It Va nis_ypset_enable
1453 daemon at system boot time.
1454 .It Va nis_ypset_flags
1457 .Va nis_ypset_enable
1460 these are the flags to pass to the
1463 .It Va nis_server_enable
1469 daemon at system boot time.
1470 .It Va nis_server_flags
1473 .Va nis_server_enable
1476 these are the flags to pass to the
1479 .It Va nis_ypxfrd_enable
1485 daemon at system boot time.
1486 .It Va nis_ypxfrd_flags
1489 .Va nis_ypxfrd_enable
1492 these are the flags to pass to the
1495 .It Va nis_yppasswdd_enable
1501 daemon at system boot time.
1502 .It Va nis_yppasswdd_flags
1505 .Va nis_yppasswdd_enable
1508 these are the flags to pass to the
1511 .It Va rpc_ypupdated_enable
1517 daemon at system boot time.
1518 .It Va defaultrouter
1522 create a default route to this host name or IP address
1523 (use an IP address if this router is also required to get to the
1525 .It Va ipv6_defaultrouter
1527 The IPv6 equivalent of
1529 .It Va static_routes
1531 Set to the list of static routes that are to be added at system boot time.
1534 then for each whitespace separated
1537 .Va route_ Ns Aq Ar element
1538 variable is assumed to exist whose contents will later be passed to a
1541 .It Va change_routes
1543 Set to the list of static routes that are to be changed at system boot time
1544 (such as those added by the kernel).
1547 then for each whitespace separated
1550 .Va change_route_ Ns Aq Ar element
1551 variable is assumed to exist whose contents will later be passed to a
1552 .Dq Nm route Cm change
1554 .It Va ipv6_static_routes
1556 The IPv6 equivalent of
1560 then for each whitespace separated
1563 .Va ipv6_route_ Ns Aq Ar element
1564 variable is assumed to exist whose contents will later be passed to a
1565 .Dq Nm route Cm add Fl inet6
1567 .It Va gateway_enable
1571 configure host to act as an IP router, e.g. to forward packets
1573 .It Va ipv6_gateway_enable
1575 The IPv6 equivalent of
1576 .Va gateway_enable .
1577 .It Va router_enable
1581 run a routing daemon of some sort, based on the settings of
1585 .It Va ipv6_router_enable
1587 The IPv6 equivalent of
1591 run a routing daemon of some sort, based on the settings of
1592 .Va ipv6_router_program
1594 .Va ipv6_router_flags .
1595 .It Va router_program
1601 this is the name of the routing daemon to use
1603 .Pa /sbin/routed ) .
1604 .It Va ipv6_router_program
1606 The IPv6 equivalent of
1609 .Pa /sbin/route6d ) .
1616 these are the flags to pass to the routing daemon.
1617 .It Va ipv6_router_flags
1619 The IPv6 equivalent of
1621 .It Va mrouted_enable
1625 run the multicast routing daemon,
1627 .It Va mroute6d_enable
1629 The IPv6 equivalent of
1630 .Va mrouted_enable .
1633 run the IPv6 multicast routing daemon.
1634 Note that no IPv6 multicast routing daemon is included in the
1638 can be installed from the
1641 .Pa ( net/mcast-tools ) .
1642 .It Va mrouted_flags
1648 these are the flags to pass to the
1651 .It Va mroute6d_flags
1653 The IPv6 equivalent of
1659 these are the flags passed to the IPv6 multicast routing daemon.
1660 .It Va mroute6d_program
1666 this is the path to the IPv6 multicast routing daemon.
1667 .It Va rtadvd_enable
1673 daemon at boot time.
1676 .Va ipv6_gateway_enable
1681 utility sends router advertisement packets to the interfaces specified in
1682 .Va rtadvd_interfaces .
1684 and should only be enabled with great care.
1685 You may want to fine-tune
1687 .It Va rtadvd_interfaces
1693 this is the list of interfaces to use.
1694 .It Va rtsold_enable
1700 daemon at boot time.
1703 daemon is used for automatic discovery of non-link local addresses.
1710 these are the flags to pass to the
1717 enable global proxy ARP.
1718 .It Va forward_sourceroute
1726 source-routed packets are forwarded.
1727 .It Va accept_sourceroute
1731 the system will accept source-routed packets directed at it.
1738 daemon at system boot time.
1745 these are the flags to pass to the
1748 .It Va bootparamd_enable
1754 daemon at system boot time.
1755 .It Va bootparamd_flags
1758 .Va bootparamd_enable
1761 these are the flags to pass to the
1764 .It Va stf_interface_ipv4addr
1768 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling interface).
1769 Specify this entry to enable the 6to4 interface.
1770 .It Va stf_interface_ipv4plen
1772 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1773 An effective value is 0-31.
1774 .It Va stf_interface_ipv6_ifid
1776 IPv6 interface ID for
1780 .It Va stf_interface_ipv6_slaid
1782 IPv6 Site Level Aggregator for
1786 The keyboard bell sound.
1793 if the default behavior is desired.
1794 For details, refer to the
1801 no keymap is installed, otherwise the value is used to install
1803 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1806 The keyboard repeat speed.
1813 if the default behavior is desired.
1818 attempt to program the function keys with the value.
1819 The value should be a single string of the form:
1820 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
1823 Can be set to the value of
1826 .Dq Li destructive ,
1829 to set the cursor behavior explicitly or choose the default behavior.
1834 no screen map is installed, otherwise the value is used to install
1835 the screen map file in
1836 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
1841 the default 8x16 font value is used for screen size requests, otherwise
1843 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1849 the default 8x14 font value is used for screen size requests, otherwise
1851 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1857 the default 8x8 font value is used for screen size requests, otherwise
1859 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1865 the default screen blanking interval is used, otherwise it is set to
1872 this is the actual screen saver to use
1873 .Li ( blank , snake , daemon ,
1875 .It Va moused_nondefault_enable
1879 the mouse device specified on
1880 the command line is not automatically treated as enabled by the
1881 .Pa /etc/rc.d/moused
1883 Having this variable set to
1889 to be enabled as soon as it is plugged in.
1890 .It Va moused_enable
1896 daemon is started for doing cut/paste selection on the console.
1903 this is the protocol type of the mouse connected to this host.
1909 is able to detect the appropriate mouse type automatically in many cases.
1910 Leave this variable at the default
1912 to let the daemon detect it, or
1913 select one from the following list if the automatic detection fails.
1915 If the mouse is attached to the PS/2 mouse port, leave the variable at the
1920 regardless of the brand and model of the mouse.
1921 Likewise, if the mouse is attached to the bus mouse port, leave it at
1925 All other protocols are for serial mice and will not work with
1926 the PS/2 and bus mice.
1927 If this is a USB mouse,
1929 is the only protocol type which will work.
1931 .Bl -tag -width ".Li x10mouseremote" -compact
1933 Microsoft mouse (serial)
1935 Microsoft IntelliMouse (serial)
1937 Mouse systems Corp. mouse (serial)
1939 MM Series mouse (serial)
1941 Logitech mouse (serial)
1945 Logitech MouseMan and TrackMan (serial)
1947 ALPS GlidePoint (serial)
1948 .It Li thinkingmouse
1949 Kensington ThinkingMouse (serial)
1953 MM HitTablet (serial)
1954 .It Li x10mouseremote
1955 X10 MouseRemote (serial)
1957 Interlink VersaPad (serial)
1960 Even if the mouse is not in the above list, it may be compatible
1961 with one in the list.
1962 Refer to the man page for
1964 for compatibility information.
1966 It should also be noted that while this is enabled, any
1967 other client of the mouse (such as an X server) should access
1968 the mouse through the virtual mouse device,
1970 and configure it as a
1972 type mouse, since all
1973 mouse data is converted to this single canonical format when using
1975 If the client program does not support the
1980 It is the second preferred type.
1987 this is the actual port the mouse is on.
1990 for a COM1 serial mouse or
1992 for a PS/2 mouse, for example.
1997 is set, these are the additional flags to pass to the
2000 .It Va mousechar_start
2004 the default mouse cursor character range
2005 .Li 0xd0 Ns - Ns Li 0xd3
2006 is used, otherwise the range start is set to
2010 Use if the default range is occupied in the language code table.
2013 Set the size of the history (scrollback) buffer in lines.
2014 .It Va allscreens_flags
2018 is run with these options for each of the virtual terminals
2022 will enable the mouse pointer on all virtual terminals if
2026 .It Va allscreens_kbdflags
2030 is run with these options for each of the virtual terminals
2036 scrollback (history) buffer to 200 lines.
2043 daemon at system boot time.
2049 .Pa /usr/sbin/cron ) .
2056 these are the flags to pass to
2063 .Pa /usr/sbin/lpd ) .
2070 daemon at system boot time.
2077 these are the flags to pass to the
2086 daemon at system boot time.
2093 settings across reboots.
2094 .It Va mta_start_script
2096 The full path to the script to run to start
2097 a mail transfer agent.
2099 .Pa /etc/rc.sendmail .
2103 .Pa /etc/rc.sendmail
2104 uses are documented in the
2110 .Sq HAMMER ROOT with UFS /boot
2111 setup, the boot loader will not set up the
2114 The system will attempt to fix this on its own.
2115 Set this variable to
2117 to turn this behavior off.
2120 Indicates the device (usually a swap partition) to which a crash dump
2121 should be written in the event of a system crash.
2122 The value of this variable is passed as the argument to
2126 To disable crash dumps, set this variable to
2130 When the system reboots after a crash and a crash dump is found on the
2131 device specified by the
2135 will save that crash dump and a copy of the kernel to the directory
2139 The default value is
2148 .It Va savecore_flags
2150 If crash dumps are enabled, these are the flags to pass to the
2153 .It Va crashinfo_enable
2157 to turn on automatic crash dump summary generation using the utility
2159 .Va crashinfo_program
2161 .It Va crashinfo_program
2163 Program to run to generate a crash dump summary if the variable
2164 .Va crashinfo_enable
2167 The default value is
2168 .Pa /usr/sbin/crashinfo .
2169 .It Va enable_quotas
2173 to turn on user disk quotas on system startup via the
2180 to enable user disk quota checking via the
2183 .It Va accounting_enable
2187 to enable system accounting through the
2190 .\" ----- cleanvar_enable setting--------------------------------
2191 .It Va cleanvar_enable
2199 .Pa /var/spool/uucp/.Temp/*
2201 .\" ----- clear_tmp_enable setting-------------------------------
2202 .It Va clear_tmp_enable
2209 .\" ----- ldconfig_paths setting --------------------------------
2210 .It Va ldconfig_paths
2212 Set to the list of shared library paths to use with
2216 will always be added first, so it need not appear in this list.
2217 .It Va ldconfig_insecure
2221 utility normally refuses to use directories
2222 which are writable by anyone except root.
2223 Set this variable to
2225 to disable that security check during system startup.
2226 .It Va ldconfig_local_dirs
2228 Set to the list of local
2231 The names of all files in the directories listed will be
2232 passed as arguments to
2234 .It Va kern_securelevel
2236 The kernel security level to set at startup.
2237 The allowed range of
2239 ranges from \-1 (the compile time default) to 3 (the most secure).
2242 for the list of possible security levels and their effect on system operation.
2249 at system boot time.
2256 at system boot time.
2259 Path to the SSH server program
2261 .Pa /usr/sbin/sshd ) .
2268 these are the flags to pass to the
2277 at system boot time.
2284 these are the flags to pass to the
2287 .It Va watchdogd_enable
2293 daemon at boot time.
2298 any configured jails will not be started.
2301 A space separated list of names for jails.
2302 This is purely a configuration aid to help identify and
2303 configure multiple jails.
2304 The names specified in this list will be used to
2305 identify settings common to an instance of a jail.
2306 Assuming that the jail in question was named
2308 you would have the following dependent variables:
2310 jail_vjail_hostname="jail.example.com"
2311 jail_vjail_ip="192.168.1.100"
2312 jail_vjail_rootdir="/var/jails/vjail/root"
2317 When set, use as default value for
2318 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2321 .It Va jail_interface
2324 When set, use as default value for
2325 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2331 When set, use as default value for
2332 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2335 .It Va jail_mount_enable
2343 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2346 by default for every jail in
2348 .It Va jail_procfs_enable
2356 .Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2359 by default for every jail in
2361 .It Va jail_devfs_enable
2369 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2372 by default for every jail in
2374 .It Va jail_exec_start
2377 When set, use as default value for
2378 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2381 .It Va jail_exec_stop
2383 When set, use as default value for
2384 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2387 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
2390 Set to the root directory used by jail
2392 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
2395 Set to the fully qualified domain name (FQDN) assigned to jail
2397 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
2400 Set to the IP address assigned to jail
2402 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2407 These are flags to pass to
2409 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2412 When set, sets the interface to use when setting IP address alias.
2413 Note that the alias is created at jail startup and removed at jail shutdown.
2414 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2417 .Pa /etc/fstab. Ns Aq Ar jname
2419 This is the file system information file to use for jail
2421 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2428 mount all file systems from
2429 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2431 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2438 mount the process file system inside jail
2441 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2448 mount the device file system inside jail
2451 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2454 .Dq Li /bin/sh /etc/rc
2456 This is the command executed at jail startup.
2457 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2460 .Dq Li /bin/sh /etc/rc.shutdown
2462 This is the command executed at jail shutdown.
2463 .It Va jail_default_set_hostname_allow
2467 do not allow the root user in a jail to set its hostname.
2468 .It Va jail_default_socket_unixiproute_only
2472 do not allow any sockets,
2473 besides UNIX/IP/route sockets,
2474 to be used within a jail.
2475 .It Va jail_default_sysvipc_allow
2479 allow applications within a jail to use System V IPC.
2480 .It Va jail_default_chflags_allow
2484 allow applications within a jail to alter system file flags.
2485 .It Va jail_default_raw_sockets_allow
2489 allow applications within a jail to user raw sockets.
2494 LVM volumes will be discovered and configured on boot.
2495 .It Va newsyslog_enable
2501 before syslogd starts.
2502 .It Va newsyslog_flags
2505 .Va newsyslog_enable
2508 these are the flags passed to
2510 .It Va resident_enable
2514 make the dynamic binaries listed in
2515 .Pa /etc/resident.conf
2517 .It Va varsym_enable
2522 .Pa /etc/varsym.conf
2523 to set system-wide variables for variant symlinks.
2528 or a whitespace separated list of IRQ numbers which will be used as a source of
2530 .\" -----------------------------------------------------
2535 to disable caching entropy via
2537 Otherwise set to the directory used to store entropy files in.
2542 to disable caching entropy through reboots.
2543 Otherwise set to the filename used to store cached entropy through reboots.
2544 This file should be located on the root file system to seed the
2546 device as early as possible in the boot process.
2547 .It Va entropy_save_sz
2549 Determines the size of the entropy cache files used for entropy cached
2550 through reboots and also entropy cached via
2552 The entropy is fed to the system in blocks of 512 bytes, so this number
2553 should be large enough to fill as many of the entropy pools in the kernel
2555 By default, it is set to 16384, which should be able to seed all 32 entropy
2556 pools in the Fortuna CSPRNG.
2564 .Pa /var/run/dmesg.boot
2566 .It Va rcshutdown_timeout
2568 If set, start a watchdog timer in the background which will terminate
2572 has not completed within the specified time (in seconds).
2573 Notice that in addition to this soft timeout,
2575 also applies a hard timeout for the execution of
2577 This is configured via
2580 .Va kern.init_shutdown_timeout
2581 and defaults to 120 seconds. Setting the value of
2582 .Va rcshutdown_timeout
2583 to more than 120 seconds will have no effect until the
2586 .Va kern.init_shutdown_timeout
2592 the udevd daemon will be started on boot.
2593 .It Va vfs_quota_enable
2597 vfs quota rc.d scripts will be run on boot.
2598 .It Va vfs_quota_sync
2600 List of mount points whose counters are to be synchronized with on-disk
2601 usage during system startup.
2604 .It Va vknetd_enable
2609 will be started on boot.
2612 Additional flags passed to
2614 Usually address/cidrbits is specified here.
2615 When no flags are passed, default option
2618 .It Va vkernel_enable
2622 any configured vkernels will not be started.
2623 .It Va vkernel_kill_timeout
2625 This defines the default number of seconds that we will wait for the
2626 vkernel to shut down on its own.
2627 If after this time it's still alive,
2628 it will be killed with SIGKILL.
2631 Defines the default path to the vkernel binary.
2634 A space separated list of names for vkernels.
2635 This is purely a configuration aid to help identify and
2636 configure multiple vkernels.
2637 The names specified in this list will be used to
2638 identify settings common to a vkernel instance.
2639 Assuming that the vkernel in question was named
2641 you would have the following dependent variables
2642 (filled with reference values in this text):
2644 vkernel_example_bin="/usr/obj/usr/src/sys/VKERNEL64/kernel.debug"
2645 vkernel_example_memsize="64m"
2646 vkernel_example_rootimg_list="/var/vkernel/rootimg.01"
2647 vkernel_example_memimg="/var/vkernel/memimg.000001"
2648 vkernel_example_user="myuser"
2649 vkernel_example_iface_list="auto:bridge0"
2650 vkernel_example_logfile="/dev/null"
2651 vkernel_example_flags="-U"
2652 vkernel_example_kill_timeout="45"
2655 The last six are optional.
2656 They default to an empty string if not set, except for logfile which defaults to
2666 which is the vkernel's default directory for memory images,
2667 with permissions of 1777, i.e. world writable with the sticky bit set
2670 .It Va autofs_enable
2680 daemons at boot time.
2681 .It Va automount_flags
2687 these are the flags to pass to the
2690 By default no flags are passed.
2691 .It Va automountd_flags
2697 these are the flags to pass to the
2700 By default no flags are passed.
2701 .It Va autounmountd_flags
2707 these are the flags to pass to the
2710 By default no flags are passed.
2713 .Bl -tag -width ".Pa /etc/start_if. Ns Aq Ar interface" -compact
2714 .It Pa /etc/defaults/rc.conf
2716 .It Pa /etc/rc.conf.local
2717 .It Pa /etc/start_if. Ns Aq Ar interface
2736 .Xr resident.conf 5 ,
2741 .Xr autounmountd 8 ,
2797 .An Jordan K. Hubbard .