4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
26 .\" $DragonFly: src/share/man/man5/rc.conf.5,v 1.36 2007/06/02 10:07:03 swildner Exp $
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions
47 Instead, it is included by the
48 various generic startup scripts in
50 which conditionalize their
51 internal actions according to the settings found there.
55 file is included from the file
56 .Pa /etc/defaults/rc.conf ,
57 which specifies the default settings for all the available options.
58 Options need only be specified in
60 when the system administrator wishes to override these defaults.
62 .Pa /etc/rc.conf.local
63 is used to override settings in
65 for historical reasons.
70 The following list provides a name and short description for each
71 variable that can be set in the
74 .Bl -tag -width indent-two
79 enable output of debug messages from rc scripts.
80 This variable can be helpful in diagnosing mistakes when
81 editing or integrating new scripts.
82 Beware that this produces copious output to the terminal and
88 disable informational messages from the rc scripts.
89 Informational messages are displayed when
90 a condition that is not serious enough to warrant a warning or
96 no swapfile is installed, otherwise the value is used as the full
97 pathname to a file to use for additional swap space.
102 enable support for Automatic Power Management with
110 to handle APM event from userland.
111 This also enables support for APM.
118 these are the flags to pass to the
124 to monitor the status of batteries present in the system.
125 This also enables support for APM.
132 these are the flags to pass to the
135 .It Va pccard_ifconfig
137 List of arguments to be passed to
140 insertion of the card (e.g.\&
141 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
142 for a fixed address or
145 .It Va pccard_ether_delay
147 Set the delay before starting
150 .Pa /etc/pccard_ether
152 This defaults to 5 seconds to work around a bug in the
154 driver which can lead to system hangs when using some newer
157 .It Va removable_interfaces
159 List of removable network interfaces to be supported by
160 .Pa /etc/pccard_ether .
163 List of directories to search for startup script files.
164 .It Va script_name_sep
166 The field separator to use for breaking down the list of startup script files
167 into individual filenames.
168 The default is a space.
169 It is not necessary to change this unless there are startup scripts with names
173 The fully qualified domain name (FQDN) of this host on the network.
174 This should almost certainly be set to something meaningful, even if
175 there is no network connection.
178 is used to set the hostname via DHCP,
179 this variable should be set to an empty string.
182 Enable support for IPv6 networking.
183 Note that this requires that the kernel have been compiled with
184 .Cd "options INET6" .
187 The NIS domain name of this host, or
190 .It Va dhclient_program
192 Path to the DHCP client program
193 .Pa ( /sbin/dhclient ,
196 .It Va dhclient_flags
198 Additional flags to pass to the DHCP client program.
199 For the ISC DHCP client, see the
201 manpage for a description of the command line options available.
202 .It Va background_dhclient
206 to start the DHCP client in background.
207 This can cause trouble with applications depending on
208 a working network, but it will provide a faster startup
217 .It Va dhcrelay_enable
223 .It Va firewall_enable
227 to load firewall rules at startup.
228 If the kernel was not built with
229 .Cd "options IPFIREWALL" ,
232 kernel module will be loaded.
234 .Va ipfilter_enable .
235 .It Va ipv6_firewall_enable
237 The IPv6 equivalent of
238 .Va firewall_enable .
241 to load IPv6 firewall rules at startup.
242 If the kernel was not built with
243 .Cd "options IPV6FIREWALL" ,
246 kernel module will be loaded.
247 .It Va firewall_script
249 This variable specifies the full path to the firewall script to run.
251 .Pa /etc/rc.firewall .
252 .It Va ipv6_firewall_script
254 The IPv6 equivalent of
255 .Va firewall_script .
258 Names the firewall type from the selection in
259 .Pa /etc/rc.firewall ,
260 or the file which contains the local firewall ruleset.
261 Valid selections from
265 .Bl -tag -width ".Li simple" -compact
267 unrestricted IP access
269 all IP services disabled, except via
272 basic protection for a workstation on a LAN
278 If a filename is specified, the full path
280 .It Va firewall_trusted_nets
281 List of trusted networks (if
285 .It Va firewall_trusted_interfaces
286 List of trusted network interfaces (if
290 .It Va firewall_allowed_icmp_types
291 List of allowed ICMP types (if
295 .It Va firewall_open_tcp_ports
296 List of TCP ports to open (if
300 .It Va firewall_open_udp_ports
301 List of UDP ports to open (if
305 .It Va ipv6_firewall_type
307 The IPv6 equivalent of
309 .It Va firewall_quiet
313 to disable the display of firewall rules on the console during boot.
314 .It Va ipv6_firewall_quiet
316 The IPv6 equivalent of
318 .It Va firewall_logging
322 to enable firewall event logging.
323 This is equivalent to the
324 .Dv IPFIREWALL_VERBOSE
326 .It Va ipv6_firewall_logging
328 The IPv6 equivalent of
329 .Va firewall_logging .
330 .It Va firewall_flags
336 specifies a filename.
337 .It Va ipv6_firewall_flags
339 The IPv6 equivalent of
356 sockets must be enabled in the kernel.
357 .It Va natd_interface
359 This is the name of the public interface on which
362 The interface may be given as an interface name or as an IP address.
367 flags should be placed here.
372 flag is automatically added with the above
375 .\" ----- ipfilter_enable setting --------------------------------
376 .It Va ipfilter_enable
387 Typical usage will require putting
389 ipfilter_enable="YES"
407 can be enabled independently.
411 both require at least one of
421 options IPFILTER_DEFAULT_BLOCK
424 in the kernel configuration file is a good idea, too.
425 .\" ----- ipfilter_program setting ------------------------------
426 .It Va ipfilter_program
432 .\" ----- ipfilter_rules setting --------------------------------
433 .It Va ipfilter_rules
438 This variable contains the name of the filter rule definition file.
439 The file is expected to be readable for the
442 .\" ----- ipv6_ipfilter_rules setting ---------------------------
443 .It Va ipv6_ipfilter_rules
448 This variable contains the IPv6 filter rule definition file.
449 The file is expected to be readable for the
452 .\" ----- ipfilter_flags setting --------------------------------
453 .It Va ipfilter_flags
456 This variable contains flags passed to the
459 .\" ----- ipnat_enable setting ----------------------------------
469 network address translation.
472 for a detailed discussion.
473 .\" ----- ipnat_program setting ---------------------------------
480 .\" ----- ipnat_rules setting -----------------------------------
486 This variable contains the name of the file
487 holding the network address translation definition.
488 This file is expected to be readable for the
491 .\" ----- ipnat_flags setting -----------------------------------
495 This variable contains flags passed to the
498 .\" ----- ipmon_enable setting ----------------------------------
513 Setting this variable needs setting
520 for a detailed discussion.
521 .\" ----- ipmon_program setting ---------------------------------
528 .\" ----- ipmon_flags setting -----------------------------------
534 This variable contains flags passed to the
537 Another typical example would be
538 .Dq Fl D Pa /var/log/ipflog
541 log directly to a file bypassing
544 .Pa /etc/newsyslog.conf
545 in such case like this:
547 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
549 .\" ----- ipfs_enable setting -----------------------------------
559 saving the filter and NAT state tables during shutdown
560 and reloading them during startup again.
561 Setting this variable needs setting
570 for a detailed discussion.
576 because the raised securelevel will prevent
578 from saving the state tables at shutdown time.
579 .\" ----- ipfs_program setting ----------------------------------
586 .\" ----- ipfs_flags setting ------------------------------------
590 This variable contains flags passed to the
593 .\" ----- end of added ipf hook ---------------------------------
594 .It Va tcp_extensions
601 disables certain TCP options as described by
607 might help remedy such problems with connections as randomly hanging
608 or other weird behavior.
609 Some network devices are known
610 to be broken with respect to these options.
617 .Va net.inet.tcp.log_in_vain
619 .Va net.inet.udp.log_in_vain ,
624 are set to the given value.
632 will disable probing idle TCP connections to verify that the
633 peer is still up and reachable.
634 .It Va tcp_drop_synfin
641 will cause the kernel to ignore TCP frames that have both
642 the SYN and FIN flags set.
643 This prevents OS fingerprinting, but may
644 break some legitimate applications.
645 This option is only available if the
646 kernel was built with the
649 .It Va icmp_drop_redirect
656 will cause the kernel to ignore ICMP REDIRECT packets.
659 for more information.
660 .It Va icmp_log_redirect
667 will cause the kernel to log ICMP REDIRECT packets.
669 the log messages are not rate-limited, so this option should only be used
670 for troubleshooting networks.
673 for more information.
674 .It Va icmp_bmcastecho
678 to respond to broadcast or multicast ICMP ping packets.
681 for more information.
682 .It Va ip_portrange_first
686 this is the first port in the default portrange.
689 for more information.
690 .It Va ip_portrange_last
694 this is the last port in the default portrange.
697 for more information.
698 .It Va network_interfaces
700 Set to the list of network interfaces to configure on this host.
701 For example, if the only network devices in the system are the loopback
710 .Va ifconfig_ Ns Aq Ar interface
711 variable is also assumed to exist for each value of
713 It is also possible to add IP alias entries here in cases where
714 multiple IP addresses registered against a single interface
716 Assuming that the interface in question was
721 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
722 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
727 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
729 its contents are passed to
731 Execution stops at the first unsuccessful access, so if
732 something like this is present:
734 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
735 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
736 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
737 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
740 Then note that alias4 would
742 be added since the search would
743 stop with the missing alias3 entry.
746 .Pa /etc/start_if. Ns Aq Ar interface
747 file is present, it is read and executed by the
750 before configuring the interface as specified in the
751 .Va ifconfig_ Ns Aq Ar interface
753 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
756 It is possible to bring up an interface with DHCP by setting the
757 .Va ifconfig_ Ns Aq Ar interface
760 For instance, to initialize the
763 it is possible to use something like:
767 .It Va ipv6_network_interfaces
769 This is the IPv6 equivalent of
770 .Va network_interfaces .
771 Instead of setting the ifconfig variables as
772 .Va ifconfig_ Ns Aq Ar interface
773 they should be set as
774 .Va ipv6_ifconfig_ Ns Aq Ar interface .
775 Aliases should be set as
776 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
777 .Va ipv6_prefix_ Ns Aq Ar interface
779 Interfaces that do not have a
780 .Va ipv6_ifconfig_ Ns Aq Ar interface
781 setting will be auto configured by
784 .Va ipv6_gateway_enable
787 Note that the IPv6 networking code does not support the
788 .Pa /etc/start_if. Ns Aq Ar interface
790 .It Va ipv6_default_interface
794 this is the default output interface for scoped addresses.
795 Now this works only for IPv6 link local multicast addresses.
796 .It Va cloned_interfaces
798 Set to the list of clonable network interfaces to create on this host.
800 .Va cloned_interfaces
801 are automatically appended to
802 .Va network_interfaces
804 .It Va gif_interfaces
808 tunnel interfaces to configure on this host.
810 .Va gifconfig_ Ns Aq Ar interface
811 variable is assumed to exist for each value of
813 The value of this variable is used to configure the link layer of the
814 tunnel according to the syntax of the
818 Additionally, this option ensures that each listed interface is created
823 before attempting to configure it.
824 .It Va sppp_interfaces
828 interfaces to configure on this host.
830 .Va spppconfig_ Ns Aq Ar interface
831 variable is assumed to exist for each value of
833 Each interface should also be configured by a general
834 .Va ifconfig_ Ns Aq Ar interface
838 for more information about available options.
848 Mode in which to run the
857 See the manual for a full description.
862 enables network address translation.
863 Used in conjunction with
865 allows hosts on private network addresses access to the Internet using
866 this host as a network address translating router.
869 The name of the profile to use from
870 .Pa /etc/ppp/ppp.conf .
873 The name of the user under which
883 This option is used to specify a list of files that will override
885 .Pa /etc/defaults/rc.conf .
886 The files will be read in the order in which they are specified and should
887 include the full path to the file.
888 By default, the files specified are
891 .Pa /etc/rc.conf.local
899 flag if the initial preen
900 of the file systems fails.
903 List of file system types that are network-based.
904 This list should generally not be modified by end users.
906 .Va extra_netfs_types
908 .It Va extra_netfs_types
910 If set to something other than
913 this variable extends the list of file system types
914 for which automatic mounting at startup by
916 should be delayed until the network is initialized.
918 a whitespace-separated list of network file system descriptor pairs,
919 each consisting of a file system type as passed to
921 and a human-readable, one-word description,
924 Extending the default list in this way is only necessary
925 when third party file system types are used.
926 .It Va syslogd_enable
933 .It Va syslogd_program
938 .Pa /usr/sbin/syslogd ) .
945 these are the flags to pass to
959 .Pa /usr/sbin/inetd ) .
966 these are the flags to pass to
972 use new functionality provided in the
974 script to facilitate a
978 This variable is experimental.
979 It may be removed or changed in the near future.
992 .Pa /usr/sbin/named ) .
999 these are the flags to pass to
1001 .It Va named_pidfile
1003 This is the default path to the
1006 Change it if you change the location in
1007 .Pa /etc/namedb/named.conf .
1008 .It Va named_chrootdir
1010 The root directory for a name server run in a
1015 will not be run in a
1018 This variable has no effect if
1021 This variable is experimental.
1022 It may be removed or changed in the near future.
1023 .It Va named_chroot_autoupdate
1027 to disable automatic syncing of libraries and
1028 other system files between the root file system and the
1030 This variable has no effect if
1033 This variable is experimental.
1034 It may be removed or changed in the near future.
1035 .It Va named_symlink_enable
1039 to disable symlinking of
1045 environment in which
1048 This variable has no effect if
1051 This variable is experimental.
1052 It may be removed or changed in the near future.
1053 .It Va kerberos5_server_enable
1057 to start a Kerberos 5 authentication server
1059 .It Va kerberos5_server_program
1062 .Va kerberos5_server_enable
1065 this is the path to Kerberos 5 Authentication Server.
1066 .It Va kadmind5_server_enable
1072 the Kerberos 5 Administration Daemon; set to
1075 .It Va kadmind5_server_program
1078 .Va kadmind5_server_enable
1081 this is the path to Kerberos 5 Administration Daemon.
1082 .It Va kpasswdd_server_enable
1088 the Kerberos 5 Password-Changing Daemon; set to
1091 .It Va kpasswdd_server_program
1094 .Va kpasswdd_server_enable
1097 this is the path to Kerberos 5 Password-Changing Daemon.
1104 daemon at boot time.
1111 these are the flags to pass to it.
1118 daemon at boot time.
1125 these are the flags to pass to it.
1128 manpage for more information.
1129 .It Va amd_map_program
1132 the specified program is run to get the list of
1137 maps are stored in NIS, one can set this to
1150 will be updated at boot time to reflect the kernel release
1155 will not be updated.
1156 .It Va nfs_client_enable
1160 run the NFS client daemons at boot time.
1161 .It Va nfs_client_flags
1164 .Va nfs_client_enable
1167 these are the flags to pass to the
1170 .It Va nfs_access_cache
1173 .Va nfs_client_enable
1178 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1180 results should be cached.
1181 A value of 2-10 seconds will substantially reduce network traffic for
1182 many NFS operations. The default is 5 seconds. Note that the attribute
1183 cache holds stat information only. The NFS data cache is independent
1184 of the attribute cache and is only invalidated when the client detects that
1185 the server has modified the underlying file. This value specifies a
1186 maximum timeout. The NFS client will automatically use a shorter timeout
1187 for files which have been recently modified.
1188 .It Va nfs_neg_cache
1191 .Va nfs_client_enable
1196 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existent
1197 filenames), or to the number of seconds for which negative lookups should
1199 A value of 2-10 seconds will substantially reduce network
1200 traffic for many NFS operations, especially source code builds. The
1201 default is 3 seconds.
1202 .It Va nfs_server_enable
1206 run the NFS server daemons at boot time.
1207 .It Va nfs_server_flags
1210 .Va nfs_server_enable
1213 these are the flags to pass to the
1216 .It Va mountd_enable
1221 .Va nfs_server_enable
1227 It is commonly needed to run CFS without real NFS used.
1234 these are the flags to pass to the
1237 .It Va weak_mountd_authentication
1241 allow services like PCNFSD to make non-privileged mount
1243 .It Va nfs_reserved_port_only
1247 provide NFS services only on a secure port.
1248 .It Va nfs_bufpackets
1250 If set to a number, indicates the number of packets worth of
1251 socket buffer space to reserve on an NFS client.
1252 The kernel default is typically 4.
1253 Using a higher number may be
1254 useful on gigabit networks to improve performance.
1255 The minimum value is
1256 2 and the maximum is 64.
1257 .It Va rpc_umntall_enable
1261 (default) and we are also an NFS client, run
1263 at boot time to clear out old mounts on remote servers.
1268 will not be run at boot time.
1269 .It Va rpc_lockd_enable
1273 and also an NFS server, run
1276 .It Va rpc_statd_enable
1280 and also an NFS server, run
1283 .It Va rpcbind_program
1288 .Pa /usr/sbin/rpcbind ) .
1289 .It Va rpcbind_enable
1295 service at boot time.
1296 .It Va rpcbind_flags
1302 these are the flags to pass to the
1305 .It Va keyserv_enable
1311 daemon on boot for running Secure RPC.
1312 .It Va keyserv_flags
1318 these are the flags to pass to
1321 .It Va pppoed_enable
1327 daemon at boot time to provide PPP over Ethernet services.
1328 .It Va pppoed_provider
1331 listens to requests to this provider and ultimately runs
1335 argument of the same name.
1338 Additional flags to pass to
1340 .It Va pppoed_interface
1342 The network interface to run
1345 This is mandatory when
1355 service at boot time.
1356 This command is intended for networks of
1357 machines where a consistent
1359 for all hosts must be established.
1360 This is often useful in large NFS
1361 environments where time stamps on files are expected to be consistent
1369 these are the flags to pass to the
1378 command at boot time.
1384 .Pa /usr/sbin/ntpd ) .
1391 these are the flags to pass to the
1395 by default which sets the time immediately at startup if the
1396 local clock is off by more than 180 seconds. To prevent
1398 from doing this, set
1408 at system boot time.
1409 .It Va dntpd_program
1414 .Pa /usr/sbin/dntpd ) .
1421 these are the flags to pass to the
1424 .It Va nis_client_enable
1430 service at system boot time.
1431 .It Va nis_client_flags
1434 .Va nis_client_enable
1437 these are the flags to pass to the
1440 .It Va nis_ypset_enable
1446 daemon at system boot time.
1447 .It Va nis_ypset_flags
1450 .Va nis_ypset_enable
1453 these are the flags to pass to the
1456 .It Va nis_server_enable
1462 daemon at system boot time.
1463 .It Va nis_server_flags
1466 .Va nis_server_enable
1469 these are the flags to pass to the
1472 .It Va nis_ypxfrd_enable
1478 daemon at system boot time.
1479 .It Va nis_ypxfrd_flags
1482 .Va nis_ypxfrd_enable
1485 these are the flags to pass to the
1488 .It Va nis_yppasswdd_enable
1494 daemon at system boot time.
1495 .It Va nis_yppasswdd_flags
1498 .Va nis_yppasswdd_enable
1501 these are the flags to pass to the
1504 .It Va rpc_ypupdated_enable
1510 daemon at system boot time.
1511 .It Va defaultrouter
1515 create a default route to this host name or IP address
1516 (use an IP address if this router is also required to get to the
1518 .It Va ipv6_defaultrouter
1520 The IPv6 equivalent of
1522 .It Va static_routes
1524 Set to the list of static routes that are to be added at system
1528 then for each whitespace separated
1531 .Va route_ Ns Aq Ar element
1532 variable is assumed to exist
1533 whose contents will later be passed to a
1536 .It Va ipv6_static_routes
1538 The IPv6 equivalent of
1542 then for each whitespace separated
1545 .Va ipv6_route_ Ns Aq Ar element
1546 variable is assumed to exist
1547 whose contents will later be passed to a
1548 .Dq Nm route Cm add Fl inet6
1550 .It Va gateway_enable
1554 configure host to act as an IP router, e.g. to forward packets
1556 .It Va ipv6_gateway_enable
1558 The IPv6 equivalent of
1559 .Va gateway_enable .
1560 .It Va router_enable
1564 run a routing daemon of some sort, based on the
1569 .It Va ipv6_router_enable
1571 The IPv6 equivalent of
1575 run a routing daemon of some sort, based on the
1577 .Va ipv6_router_program
1579 .Va ipv6_router_flags .
1580 .It Va router_program
1586 this is the name of the routing daemon to use.
1587 .It Va ipv6_router_program
1589 The IPv6 equivalent of
1590 .Va router_program .
1597 these are the flags to pass to the routing daemon.
1598 .It Va ipv6_router_flags
1600 The IPv6 equivalent of
1602 .It Va mrouted_enable
1606 run the multicast routing daemon,
1608 .It Va mroute6d_enable
1610 The IPv6 equivalent of
1611 .Va mrouted_enable .
1614 run the IPv6 multicast routing daemon.
1615 Note that no IPv6 multicast routing daemon is included in the
1619 can be installed from the
1622 .It Va mrouted_flags
1628 these are the flags to pass to the
1631 .It Va mroute6d_flags
1633 The IPv6 equivalent of
1639 these are the flags passed to the IPv6 multicast routing daemon.
1640 .It Va mroute6d_program
1646 this is the path to the IPv6 multicast routing daemon.
1647 .It Va rtadvd_enable
1653 daemon at boot time.
1656 .Va ipv6_gateway_enable
1661 utility sends router advertisement packets to the interfaces specified in
1662 .Va rtadvd_interfaces .
1664 and should only be enabled with great care.
1665 You may want to fine-tune
1667 .It Va rtadvd_interfaces
1673 this is the list of interfaces to use.
1674 .It Va ipxgateway_enable
1678 enable the routing of IPX traffic.
1679 .It Va ipxrouted_enable
1685 daemon at system boot time.
1686 .It Va ipxrouted_flags
1689 .Va ipxrouted_enable
1692 these are the flags to pass to the
1699 enable global proxy ARP.
1700 .It Va forward_sourceroute
1708 source-routed packets are forwarded.
1709 .It Va accept_sourceroute
1713 the system will accept source-routed packets directed at it.
1720 daemon at system boot time.
1727 these are the flags to pass to the
1730 .It Va bootparamd_enable
1736 daemon at system boot time.
1737 .It Va bootparamd_flags
1740 .Va bootparamd_enable
1743 these are the flags to pass to the
1746 .It Va stf_interface_ipv4addr
1750 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
1752 Specify this entry to enable the 6to4 interface.
1753 .It Va stf_interface_ipv4plen
1755 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1756 An effective value is 0-31.
1757 .It Va stf_interface_ipv6_ifid
1759 IPv6 interface ID for
1763 .It Va stf_interface_ipv6_slaid
1765 IPv6 Site Level Aggregator for
1767 .It Va ipv6_faith_prefix
1771 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
1776 .It Va ipv6_ipv4mapping
1780 this enables IPv4 mapped IPv6 address communication (like
1781 .Li ::ffff:a.b.c.d ) .
1786 to enable the configuration of ATM interfaces at system boot time.
1787 For all of the ATM variables described below, please refer to the
1789 man page for further details on the available command parameters.
1790 Also refer to the files in
1791 .Pa /usr/share/examples/atm
1792 for more detailed configuration information.
1795 This is a list of physical ATM interface drivers to load. Typical values are
1799 .It Va atm_netif_ Ns Aq Ar intf
1801 For the ATM physical interface
1803 this variable defines the name prefix and count for the ATM network
1804 interfaces to be created.
1805 The value will be passed as the parameters of an
1806 .Dq Nm atm Cm "set netif" Ar intf
1808 .It Va atm_sigmgr_ Ns Aq Ar intf
1810 For the ATM physical interface
1812 this variable defines the ATM signalling manager to be used.
1813 The value will be passed as the parameters of an
1814 .Dq Nm atm Cm attach Ar intf
1816 .It Va atm_prefix_ Ns Aq Ar intf
1818 For the ATM physical interface
1820 this variable defines the NSAP prefix for interfaces using a UNI signalling
1824 the prefix will automatically be set via the
1827 Otherwise, the value will be passed as the parameters of an
1828 .Dq Nm atm Cm "set prefix" Ar intf
1830 .It Va atm_macaddr_ Ns Aq Ar intf
1832 For the ATM physical interface
1834 this variable defines the MAC address for interfaces using a UNI signalling
1838 the hardware MAC address contained in the ATM interface card will be used.
1839 Otherwise, the value will be passed as the parameters of an
1840 .Dq Nm atm Cm "set mac" Ar intf
1842 .It Va atm_arpserver_ Ns Aq Ar netif
1844 For the ATM network interface
1846 this variable defines the ATM address for a host which is to provide ATMARP
1848 This variable is only applicable to interfaces using a UNI signalling
1852 this host will become an ATMARP server.
1853 The value will be passed as the parameters of an
1854 .Dq Nm atm Cm "set arpserver" Ar netif
1856 .It Va atm_scsparp_ Ns Aq Ar netif
1860 SCSP/ATMARP service for the network interface
1862 will be initiated using the
1867 This variable is only applicable if
1868 .Va atm_arpserver_ Ns Aq Ar netif
1873 Set to the list of ATM PVCs to be added at system
1875 For each whitespace separated
1878 .Va atm_pvc_ Ns Aq Ar element
1879 variable is assumed to exist.
1880 The value of each of these variables
1881 will be passed as the parameters of an
1882 .Dq Nm atm Cm "add pvc"
1886 Set to the list of permanent ATM ARP entries to be added
1887 at system boot time.
1888 For each whitespace separated
1891 .Va atm_arp_ Ns Aq Ar element
1892 variable is assumed to exist.
1893 The value of each of these variables
1894 will be passed as the parameters of an
1895 .Dq Nm atm Cm "add arp"
1897 .It Va natm_interfaces
1901 interfaces that will also be used for HARP through
1903 If this list is not empty all interfaces in the list will be brought up
1909 For this to work the interface drivers must be either compiled into the
1910 kernel or must reside on the root partition.
1913 The keyboard bell sound.
1920 if the default behavior is desired.
1921 For details, refer to the
1928 no keymap is installed, otherwise the value is used to install
1930 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1933 The keyboard repeat speed.
1940 if the default behavior is desired.
1945 attempt to program the function keys with the value.
1947 be a single string of the form:
1948 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
1951 Can be set to the value of
1954 .Dq Li destructive ,
1957 to set the cursor behavior explicitly or choose the default behavior.
1962 no screen map is installed, otherwise the value is used to install
1963 the screen map file in
1964 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
1969 the default 8x16 font value is used for screen size requests, otherwise
1971 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1977 the default 8x14 font value is used for screen size requests, otherwise
1979 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1985 the default 8x8 font value is used for screen size requests, otherwise
1987 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1993 the default screen blanking interval is used, otherwise it is set
2001 this is the actual screen saver to use
2002 .Li ( blank , snake , daemon ,
2004 .It Va moused_enable
2010 daemon is started for doing cut/paste selection on the console.
2013 This is the protocol type of the mouse connected to this host.
2014 This variable must be set if
2021 is able to detect the appropriate mouse type automatically in many cases.
2022 Set this variable to
2024 to let the daemon detect it, or
2025 select one from the following list if the automatic detection fails.
2027 If the mouse is attached to the PS/2 mouse port, choose
2031 regardless of the brand and model of the mouse.
2033 mouse is attached to the bus mouse port, choose
2037 All other protocols are for serial mice and will not work with
2038 the PS/2 and bus mice.
2039 If this is a USB mouse,
2041 is the only protocol type which will work.
2043 .Bl -tag -width ".Li x10mouseremote" -compact
2045 Microsoft mouse (serial)
2047 Microsoft IntelliMouse (serial)
2049 Mouse systems Corp. mouse (serial)
2051 MM Series mouse (serial)
2053 Logitech mouse (serial)
2057 Logitech MouseMan and TrackMan (serial)
2059 ALPS GlidePoint (serial)
2060 .It Li thinkingmouse
2061 Kensington ThinkingMouse (serial)
2065 MM HitTablet (serial)
2066 .It Li x10mouseremote
2067 X10 MouseRemote (serial)
2069 Interlink VersaPad (serial)
2072 Even if the mouse is not in the above list, it may be compatible
2073 with one in the list.
2074 Refer to the man page for
2076 for compatibility information.
2078 It should also be noted that while this is enabled, any
2079 other client of the mouse (such as an X server) should access
2080 the mouse through the virtual mouse device,
2082 and configure it as a
2084 type mouse, since all
2085 mouse data is converted to this single canonical format when
2088 If the client program does not support the
2094 It is the second preferred type.
2101 this is the actual port the mouse is on.
2104 for a COM1 serial mouse,
2108 for a bus mouse, for example.
2113 is set, these are the additional flags to pass to the
2116 .It Va mousechar_start
2120 the default mouse cursor character range
2121 .Li 0xd0 Ns - Ns Li 0xd3
2123 otherwise the range start is set
2128 Use if the default range is occupied in the language code table.
2131 Set the size of the history (scrollback) buffer in lines.
2132 .It Va allscreens_flags
2136 is run with these options for each of the virtual terminals
2140 will enable the mouse pointer on all virtual terminals
2145 .It Va allscreens_kbdflags
2149 is run with these options for each of the virtual terminals
2155 scrollback (history) buffer to 200 lines.
2162 daemon at system boot time.
2168 .Pa /usr/sbin/cron ) .
2175 these are the flags to pass to
2182 .Pa /usr/sbin/lpd ) .
2189 daemon at system boot time.
2196 these are the flags to pass to the
2205 settings across reboots.
2206 .It Va mta_start_script
2208 This variable specifies the full path to the script to run to start
2209 a mail transfer agent.
2211 .Pa /etc/rc.sendmail .
2215 .Pa /etc/rc.sendmail
2216 uses are documented in the
2221 Indicates the device (usually a swap partition) to which a crash dump
2222 should be written in the event of a system crash.
2223 The value of this variable is passed as the argument to
2225 To disable crash dumps, set this variable to
2229 When the system reboots after a crash and a crash dump is found on the
2230 device specified by the
2234 will save that crash dump and a copy of the kernel to the directory
2238 The default value is
2247 .It Va savecore_flags
2249 If crash dumps are enabled, these are the flags to pass to the
2252 .It Va enable_quotas
2256 to turn on user disk quotas on system startup via the
2263 to enable user disk quota checking via the
2266 .It Va accounting_enable
2270 to enable system accounting through the
2277 to enable Linux/ELF binary emulation at system initial
2279 .It Va sysvipc_enable
2283 load System V IPC primitives at boot time.
2284 .\" ----- cleanvar_enable setting--------------------------------
2285 .It Va cleanvar_enable
2293 .Pa /var/spool/uucp/.Temp/*
2295 .\" ----- clear_tmp_enable setting-------------------------------
2296 .It Va clear_tmp_enable
2303 .\" ----- ldconfig_paths setting --------------------------------
2304 .It Va ldconfig_paths
2306 Set to the list of shared library paths to use with
2310 will always be added first, so it need not appear in this list.
2311 .It Va ldconfig_insecure
2315 utility normally refuses to use directories
2316 which are writable by anyone except root.
2317 Set this variable to
2319 to disable that security check during system startup.
2320 .It Va kern_securelevel
2322 The kernel security level to set at startup.
2323 The allowed range of
2325 ranges from \-1 (the compile time default) to 3 (the
2329 for the list of possible security levels and their effect
2330 on system operation.
2335 to enable Low Watermark Mandatory Access Control (LOMAC) at boot time.
2336 This security model enforces integrity constraints for system processes;
2339 for a complete description of the LOMAC model, as well as its impact
2340 on system operation.
2347 at system boot time.
2354 at system boot time.
2357 Path to the SSH server program
2358 .Pa ( /usr/sbin/sshd
2366 these are the flags to pass to the
2375 at system boot time.
2382 these are the flags to pass to the
2391 daemon at boot time.
2398 these are the flags passed to
2401 .It Va watchdogd_enable
2407 daemon at boot time.
2408 This requires that the kernel have been compiled with
2409 .Cd "options WATCHDOG" .
2414 any configured jails will not be started.
2417 A space separated list of names for jails.
2418 This is purely a configuration aid to help identify and
2419 configure multiple jails.
2420 The names specified in this list will be used to
2421 identify settings common to an instance of a jail.
2422 Assuming that the jail in question was named
2424 you would have the following dependent variables:
2426 jail_vjail_hostname="jail.example.com"
2427 jail_vjail_ip="192.168.1.100"
2428 jail_vjail_rootdir="/var/jails/vjail/root"
2429 jail_vjail_exec="/bin/sh /etc/rc"
2432 The last one is optional.
2436 .It Va jail_set_hostname_allow
2440 do not allow the root user in a jail to set its hostname.
2441 .It Va jail_socket_unixiproute_only
2445 do not allow any protocol,
2447 to be used within a jail.
2448 .It Va jail_sysvipc_allow
2452 allow applications within a jail to use System V IPC.
2453 .It Va resident_enable
2457 make the dynamic binaries listed in
2458 .Pa /etc/resident.conf
2460 .It Va varsym_enable
2465 .Pa /etc/varsym.conf
2466 to set system-wide variables for variant symlinks.
2471 or a whitespace separated list of IRQ numbers which will be used as a source of
2473 .\" ----- isdn settings ---------------------------------
2484 at system boot time.
2488 .Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
2490 Additional flags to pass to
2496 for certain tunable parameters).
2502 The terminal type of the output device when
2504 operates in full-screen mode.
2505 .It Va isdn_screenflags
2510 The video mode for full-screen mode (only for
2520 The output device for
2522 in full-screen mode (or
2532 enables the ISDN protocol trace utility
2534 at system boot time.
2535 .It Va isdn_traceflags
2538 .Dq Fl f Pa /var/tmp/isdntrace0
2542 .\" -----------------------------------------------------
2547 to disable caching entropy via
2549 Otherwise set to the directory used to store entropy files in.
2554 to disable caching entropy through reboots.
2555 Otherwise set to the filename used to store cached entropy through
2557 This file should be located on the root file system to seed the
2559 device as early as possible in the boot process.
2560 .It Va entropy_save_sz
2562 Size of the entropy cache files saved by
2565 .It Va entropy_save_num
2567 Number of entropy cache files to save by
2581 Configuration file for
2590 .Pa /var/run/dmesg.boot
2592 .It Va rcshutdown_timeout
2594 If set, start a watchdog timer in the background which will terminate
2598 has not completed within the specified time (in seconds).
2601 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
2602 .It Pa /etc/defaults/rc.conf
2604 .It Pa /etc/rc.conf.local
2619 .Xr resident.conf 5 ,
2677 .An Jordan K. Hubbard .