4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
27 .Dd September 29, 2020
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions directly.
46 Instead, it is included by the various generic startup scripts in
48 which conditionalize their
49 internal actions according to the settings found there.
52 .Pa /etc/defaults/rc.conf
53 file specifies the default settings for all the available options,
56 file specifies override settings.
57 Options need only be specified in
59 when the system administrator wishes to override the defaults.
61 .Pa /etc/rc.conf.local
62 is used to override settings in
64 for historical reasons.
66 .Pa /etc/rc.conf.local
67 you can also place smaller configuration files for each
71 directory, which will be included by the
74 For jail configurations you could use the file
75 .Pa /etc/rc.conf.d/jail
76 to store jail specific configuration options.
81 The following list provides a name and short description for each
82 variable that can be set in the
99 These values are case insensitive.
102 postfix in the name of a variable for starting a service can be
105 .Bl -tag -width indent-two
110 enable output of debug messages from rc scripts.
111 This variable can be helpful in diagnosing mistakes when
112 editing or integrating new scripts.
113 Beware that this produces copious output to the terminal and
119 disable informational messages from the rc scripts.
120 Informational messages are displayed when
121 a condition that is not serious enough to warrant a warning or an error occurs.
128 when faststart is used (e.g., at boot time).
133 no swapfile is installed, otherwise the value is used as the full
134 pathname to a file to use for additional swap space.
137 driver is needed for a swapfile and will be loaded if it is not
138 already compiled into the kernel or loaded via
140 .It Ao Ar module Ac Ns Ar _load
144 that kernel module will be loaded.
146 .Ao Ar module Ac Ns Ar _name
147 is defined (see below), the
148 module's name is taken to be
150 .It Ao Ar module Ac Ns Ar _name
152 Defines the name of the module.
157 to handle device added, removed or unknown events from the kernel.
164 these are the flags to pass to the
176 a CPU speed control daemon.
180 Additional flags passed to the
184 If you are running a serial port at 115200 baud we recommend setting
185 the flags to "-l 1500" as lower frequencies will cause characters to
187 .It Va sensorsd_enable
196 a sensors monitoring and logging daemon.
197 .It Va sensorsd_flags
200 Additional flags passed to the
203 .It Va sysvipcd_enable
212 a daemon needed for the userspace implementation of the XSI Interprocess
213 Communication functions.
214 .It Va sysvipcd_flags
217 Additional flags passed to the
220 .It Va hotplugd_enable
229 a devices hot plugging monitoring daemon.
230 .It Va hotplugd_flags
233 Additional flags passed to the
236 .It Va pccard_ifconfig
238 List of arguments to be passed to
240 at boot time or on insertion of the card (e.g.\&
241 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
242 for a fixed address or
245 .It Va pccard_ether_delay
247 Set the delay before starting the DHCP client (configured with
250 .Pa /etc/pccard_ether
255 .It Va removable_interfaces
257 List of removable network interfaces to be supported by
258 .Pa /etc/pccard_ether .
261 List of directories to search for startup script files.
262 .It Va script_name_sep
264 The field separator to use for breaking down the list of startup script files
265 into individual filenames.
266 The default is a space.
267 It is not necessary to change this unless there are startup scripts with names
271 The fully qualified domain name (FQDN) of this host on the network.
272 This should almost certainly be set to something meaningful, even if
273 there is no network connection.
274 If DHCP is used to set the hostname,
275 this variable should be set to an empty string.
278 Enable support for IPv6 networking.
279 Note that this requires that the kernel have been compiled with
280 .Cd "options INET6" .
283 The NIS domain name of this host, or
288 Set the rc script that is called to start the DHCP client.
293 .It Va dhclient_program
298 .Pa /sbin/dhclient ) .
299 .It Va dhclient_flags
301 Additional flags to pass to the
310 in master mode (i.e., configure all available Ethernet interfaces) at startup.
311 .It Va dhcpcd_program
319 Additional flags to pass to the
326 to go to background immediately.
334 If the kernel was not built with
338 kernel module will be loaded.
340 .Va firewall_enable .
345 ruleset definition file.
356 these are the flags to pass to
358 when loading the ruleset.
365 which logs packets from
373 this specifies the path of the log file.
384 these are the flags to pass to
386 .It Va firewall_enable
390 to load firewall rules at startup.
391 If the kernel was not built with
392 .Cd "options IPFIREWALL" ,
395 kernel module will be loaded.
398 .It Va ipv6_firewall_enable
400 The IPv6 equivalent of
401 .Va firewall_enable .
404 to load IPv6 firewall rules at startup.
405 If the kernel was not built with
406 .Cd "options IPV6FIREWALL" ,
409 kernel module will be loaded.
410 .It Va firewall_script
412 The full path to the firewall script to run
414 .Pa /etc/rc.firewall ) .
415 .It Va ipv6_firewall_script
417 The IPv6 equivalent of
418 .Va firewall_script .
421 Names the firewall type from the selection in
422 .Pa /etc/rc.firewall ,
423 or the file which contains the local firewall ruleset.
424 Valid selections from
428 .Bl -tag -width ".Li simple" -compact
430 unrestricted IP access
432 all IP services disabled, except via
435 basic protection for a workstation on a LAN
441 If a filename is specified, the full path must be given.
442 .It Va firewall_trusted_nets
444 List of trusted networks (if
448 .It Va firewall_trusted_interfaces
450 List of trusted network interfaces (if
454 .It Va firewall_allowed_icmp_types
456 List of allowed ICMP types (if
460 .It Va firewall_open_tcp_ports
462 List of TCP ports to open (if
466 .It Va firewall_open_udp_ports
468 List of UDP ports to open (if
472 .It Va ipv6_firewall_type
474 The IPv6 equivalent of
476 .It Va firewall_quiet
480 to disable the display of firewall rules on the console during boot.
481 .It Va ipv6_firewall_quiet
483 The IPv6 equivalent of
485 .It Va firewall_logging
489 to enable firewall event logging.
490 This is equivalent to the
491 .Dv IPFIREWALL_VERBOSE
493 .It Va ipv6_firewall_logging
495 The IPv6 equivalent of
496 .Va firewall_logging .
497 .It Va firewall_flags
503 specifies a filename.
504 .It Va ipv6_firewall_flags
506 The IPv6 equivalent of
520 The full path to the shell script to run to set up the ipfw3
521 firewall rules (default
522 .Pa /etc/ipfw3.rules ) .
525 List of ipfw3 modules to be loaded before executing the above
528 .Dq Li ipfw3 ipfw3_basic ) .
544 sockets must be enabled in the kernel.
545 .It Va natd_interface
547 This is the name of the public interface on which
550 The interface may be given as an interface name or as an IP address.
555 flags should be placed here.
560 flag is automatically added with the above
563 .It Va tcp_extensions
570 disables certain TCP options as described by
576 might help remedy such problems with connections as randomly hanging
577 or other weird behavior.
578 Some network devices are known to be broken with respect to these options.
585 .Va net.inet.tcp.log_in_vain
587 .Va net.inet.udp.log_in_vain ,
592 are set to the given value.
600 will disable probing idle TCP connections to verify that the
601 peer is still up and reachable.
602 .It Va tcp_drop_synfin
609 will cause the kernel to ignore TCP frames that have both
610 the SYN and FIN flags set.
611 This prevents OS fingerprinting, but may break some legitimate applications.
612 This option is only available if the kernel was built with the
615 .It Va icmp_drop_redirect
622 will cause the kernel to ignore ICMP REDIRECT packets.
625 for more information.
626 .It Va icmp_log_redirect
633 will cause the kernel to log ICMP REDIRECT packets.
635 the log messages are not rate-limited, so this option should only be used
636 for troubleshooting networks.
639 for more information.
640 .It Va icmp_bmcastecho
644 to respond to broadcast or multicast ICMP ping packets.
647 for more information.
648 .It Va ip_portrange_first
652 this is the first port in the default portrange.
655 for more information.
656 .It Va ip_portrange_last
660 this is the last port in the default portrange.
663 for more information.
665 .It Va ifconfig_ Ns Aq Ar interface
669 Typically includes IP address.
670 Assuming that the interface in question was
672 it might look something like this:
674 ifconfig_ed0="inet 10.0.0.1 netmask 0xffff0000"
678 .Pa /etc/start_if. Ns Aq Ar interface
679 file is present, it is read and executed by the
681 interpreter before configuring the interface as specified in the
682 .Va ifconfig_ Ns Aq Ar interface
684 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
687 It is possible to bring up an interface with DHCP by adding
690 .Va ifconfig_ Ns Aq Ar interface
692 For instance, to initialize the
694 device via DHCP, it is possible to use something like:
700 .Va vlans_ Ns Aq Ar interface
704 interface will be created for each item in the list with the
708 If a vlan interface's name is a number,
709 then that number is used as the vlan tag and the new vlan interface is
711 .Ar interface . Ns Ar tag .
713 the vlan tag must be specified via a
716 .Va create_args_ Ns Aq Ar interface
719 To create a vlan device named
723 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
726 ifconfig_em0_101="inet 192.0.2.1/24"
729 To create a vlan device named
733 with the vlan tag 102:
736 create_args_myvlan="vlan 102"
740 .Va wlans_ Ns Aq Ar interface
744 interface will be created for each item in the list with the
748 Further wlan cloning arguments may be passed to the
751 command by setting the
752 .Va create_args_ Ns Aq Ar interface
756 devices must be created for each wireless devices as of
762 may be specified with an
763 .Va wlandebug_ Ns Aq Ar interface
765 The contents of this variable will be passed directly to
768 Also, if your interface needs WPA authentication, it is possible to add
771 .Va ifconfig_ Ns Aq Ar interface
774 .Xr wpa_supplicant 8 .
776 .Xr wpa_supplicant.conf 5
777 for configuring authentication information.
779 .Va wpa_supplicant_enable .
783 options in this variable, in addition to the
784 .Pa /etc/start_if. Ns Aq Ar interface
786 For instance, to initialize the
788 device via DHCP, using WPA authentication and 802.11b mode, it is
789 possible to use something like:
792 ifconfig_wlan0="up DHCP WPA mode 11b"
794 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
796 Configuration to establish an additional network address for
798 Assuming that the interface in question was
800 it might look something like this:
802 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
803 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
808 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
809 entry that is found, its contents are passed to
811 Execution stops at the first unsuccessful access, so if
812 something like this is present:
814 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
815 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
816 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
817 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
820 Then note that alias4 would
822 be added since the search would stop with the missing alias3 entry.
823 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _name
827 It is possible to rename interface by doing:
829 ifconfig_ed0_name="net0"
830 ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
839 will disable the configuration of network interfaces.
840 .It Va network_interfaces
842 The list of network interfaces to configure on this host,
845 to configure all network interfaces
848 For example, if the only network devices to be configured are the loopback device
852 driver, this could be set to
855 .Va ifconfig_ Ns Aq Ar interface
856 variable is assumed to exist for each value of
858 .It Va ipv6_network_interfaces
860 This is the IPv6 equivalent of
861 .Va network_interfaces .
862 Instead of setting the ifconfig variables as
863 .Va ifconfig_ Ns Aq Ar interface
864 they should be set as
865 .Va ipv6_ifconfig_ Ns Aq Ar interface .
866 Aliases should be set as
867 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
868 Interfaces that do not have a
869 .Va ipv6_ifconfig_ Ns Aq Ar interface
870 setting will be auto configured by
873 .Va ipv6_gateway_enable
876 Note that the IPv6 networking code does not support the
877 .Pa /etc/start_if. Ns Aq Ar interface
879 .It Va ipv6_prefix_ Ns Aq Ar interface
883 prefixlen 64 is used.
884 .It Va ipv6_default_interface
888 this is the default output interface for scoped addresses.
889 Now this works only for IPv6 link local multicast addresses.
890 .It Va ip6addrctl_enable
892 This variable is to enable configuring the default address selection policy table
896 and the policy table to be installed is specified by the
897 .Va ip6addrctl_policy
899 .It Va ip6addrctl_policy
901 This variable specifies the policy table to be installed,
902 and can be one of the following keywords:
915 installs a pre-defined policy table described in Section 2.1
923 is specified, it attempts to read a file
924 .Pa /etc/ip6addrctl.conf
926 If this file is found,
928 reads and installs it.
929 If not found, a policy is automatically set
932 variable; if the variable is set to
934 the IPv6-preferred one is used.
935 Otherwise IPv4-preferred.
936 .It Va ip6addrctl_verbose
940 print the installed policy table after configuring.
943 .It Va cloned_interfaces
945 Set to the list of clonable network interfaces to create on this host.
947 .Va cloned_interfaces
948 are automatically appended to
949 .Va network_interfaces
951 .It Va gif_interfaces
955 tunnel interfaces to configure on this host.
957 .Va gifconfig_ Ns Aq Ar interface
958 variable is assumed to exist for each value of
960 The value of this variable is used to configure the link layer of the
961 tunnel according to the syntax of the
965 Additionally, this option ensures that each listed interface is created via the
969 before attempting to configure it.
970 .It Va sppp_interfaces
974 interfaces to configure on this host.
976 .Va spppconfig_ Ns Aq Ar interface
977 variable is assumed to exist for each value of
979 Each interface should also be configured by a general
980 .Va ifconfig_ Ns Aq Ar interface
984 for more information about available options.
994 Mode in which to run the
1003 See the manual for a full description.
1008 enables network address translation.
1009 Used in conjunction with
1011 allows hosts on private network addresses access to the Internet using
1012 this host as a network address translating router.
1015 The name of the profile to use from
1016 .Pa /etc/ppp/ppp.conf .
1017 Also used for per-profile overrides of
1018 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1019 Where the profile contains any of the characters
1021 they are translated to
1023 for the purposes of the override variable names.
1024 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1026 Set the unit number to be used for this profile.
1027 See the manual description of
1034 The name of the user under which
1041 .It Va rc_conf_files
1043 This option is used to specify a list of files that will override
1045 .Pa /etc/defaults/rc.conf .
1046 The files will be read in the order in which they are specified and should
1047 include the full path to the file.
1048 By default, the files specified are
1051 .Pa /etc/rc.conf.local
1052 .It Va fsck_y_enable
1057 will be run with the
1059 flag if the initial preen of the file systems fails.
1062 List of file system types that are network-based.
1063 This list should generally not be modified by end users.
1065 .Va extra_netfs_types
1067 .It Va extra_netfs_types
1069 If set to something other than
1071 (the default), this variable extends the list of file system types
1072 for which automatic mounting at startup by
1074 should be delayed until the network is initialized.
1076 a whitespace-separated list of network file system descriptor pairs,
1077 each consisting of a file system type as passed to
1079 and a human-readable, one-word description, joined with a colon
1081 Extending the default list in this way is only necessary
1082 when third party file system types are used.
1083 .It Va devfs_config_files
1085 This option is used to specify a list of configuration files containing
1087 rules that will be applied by
1089 in the order in which they are specified and must include the full path
1091 .It Va tmpfs_var_run
1099 Necessary directories under there will be automatically created.
1108 .It Va syslogd_enable
1115 .It Va syslogd_program
1120 .Pa /usr/sbin/syslogd ) .
1121 .It Va syslogd_flags
1127 these are the flags to pass to
1136 .It Va inetd_program
1141 .Pa /usr/sbin/inetd ) .
1148 these are the flags to pass to
1156 daemon at boot time.
1163 these are the flags to pass to it.
1169 will be updated at boot time to reflect the kernel release being run.
1173 will not be updated.
1174 .It Va nfs_client_enable
1178 setup NFS client parameters at boot time.
1179 .It Va nfs_access_cache
1182 .Va nfs_client_enable
1187 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1188 NFS ACCESS results should be cached.
1189 A value of 2-10 seconds will substantially reduce network traffic for
1190 many NFS operations.
1191 The default is 5 seconds.
1192 Note that the attribute cache holds stat information only.
1193 The NFS data cache is independent of the attribute cache and is only
1194 invalidated when the client detects that the server has modified the
1196 This value specifies a maximum timeout.
1197 The NFS client will automatically use a shorter timeout for files which
1198 have been recently modified.
1199 .It Va nfs_neg_cache
1202 .Va nfs_client_enable
1207 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existent
1208 filenames), or to the number of seconds for which negative lookups should
1210 A value of 2-10 seconds will substantially reduce network
1211 traffic for many NFS operations, especially source code builds.
1212 The default is 3 seconds.
1213 .It Va nfs_server_enable
1217 run the NFS server daemons at boot time.
1218 .It Va nfs_server_flags
1221 .Va nfs_server_enable
1224 these are the flags to pass to the
1227 .It Va mountd_enable
1232 .Va nfs_server_enable
1238 It is commonly needed to run CFS without real NFS used.
1245 these are the flags to pass to the
1248 .It Va weak_mountd_authentication
1252 allow services like PCNFSD to make non-privileged mount requests.
1253 .It Va nfs_reserved_port_only
1257 provide NFS services only on a secure port.
1258 .It Va nfs_bufpackets
1260 If set to a number, indicates the number of packets worth of
1261 socket buffer space to reserve on an NFS client.
1262 The kernel default is typically 4.
1263 Using a higher number may be useful on gigabit networks to improve performance.
1264 The minimum value is 2 and the maximum is 64.
1265 .It Va rpc_umntall_enable
1269 (default) and we are also an NFS client, run
1271 at boot time to clear out old mounts on remote servers.
1276 will not be run at boot time.
1277 .It Va rpc_lockd_enable
1281 and also an NFS server, run
1284 .It Va rpc_lockd_flags
1287 .Va rpc_lockd_enable
1290 these are the flags to pass to
1292 .It Va rpc_statd_enable
1296 and also an NFS server, run
1299 .It Va rpc_statd_flags
1302 .Va rpc_statd_enable
1305 these are the flags to pass to
1307 .It Va rpcbind_program
1309 Path to program for rpcbind daemon
1311 .Pa /usr/sbin/rpcbind ) .
1312 .It Va rpcbind_enable
1319 .It Va rpcbind_flags
1325 these are the flags to pass to
1326 .Va rpcbind_program .
1327 .It Va keyserv_enable
1333 daemon on boot for running Secure RPC.
1334 .It Va keyserv_flags
1340 these are the flags to pass to
1343 .It Va pppoed_enable
1349 daemon at boot time to provide PPP over Ethernet services.
1350 .It Va pppoed_provider
1353 listens to requests to this provider and ultimately runs
1357 argument of the same name.
1360 Additional flags to pass to
1362 .It Va pppoed_interface
1364 The network interface to run
1367 This is mandatory when
1377 at system boot time.
1378 .It Va dntpd_program
1383 .Pa /usr/sbin/dntpd ) .
1390 these are the flags to pass to the
1393 .It Va btconfig_enable
1397 configure Bluetooth devices via
1399 at system boot time.
1400 .It Va btconfig_devices
1406 this is the list of Bluetooth devices to configure.
1408 .Va btconfig_devices
1409 is not specified, all devices known to the system will be configured.
1411 .Va btconfig_ Ns Aq Ar device
1412 variable can be set to specify parameters to be passed to
1414 .It Va btconfig_args
1420 this is the list of configuration parameters to pass to all Bluetooth
1426 run the Service Discovery Profile daemon
1428 at system boot time.
1435 these are the flags to pass to the
1438 .It Va bthcid_enable
1442 run the Bluetooth Link Key/PIN Code Manager daemon
1444 at system boot time.
1451 these are the flags to pass to the
1454 .It Va nis_client_enable
1460 service at system boot time.
1461 .It Va nis_client_flags
1464 .Va nis_client_enable
1467 these are the flags to pass to the
1470 .It Va nis_ypset_enable
1476 daemon at system boot time.
1477 .It Va nis_ypset_flags
1480 .Va nis_ypset_enable
1483 these are the flags to pass to the
1486 .It Va nis_server_enable
1492 daemon at system boot time.
1493 .It Va nis_server_flags
1496 .Va nis_server_enable
1499 these are the flags to pass to the
1502 .It Va nis_ypxfrd_enable
1508 daemon at system boot time.
1509 .It Va nis_ypxfrd_flags
1512 .Va nis_ypxfrd_enable
1515 these are the flags to pass to the
1518 .It Va nis_yppasswdd_enable
1524 daemon at system boot time.
1525 .It Va nis_yppasswdd_flags
1528 .Va nis_yppasswdd_enable
1531 these are the flags to pass to the
1534 .It Va rpc_ypupdated_enable
1540 daemon at system boot time.
1541 .It Va defaultrouter
1545 create a default route to this host name or IP address
1546 (use an IP address if this router is also required to get to the
1548 .It Va ipv6_defaultrouter
1550 The IPv6 equivalent of
1552 .It Va static_routes
1554 Set to the list of static routes that are to be added at system boot time.
1557 then for each whitespace separated
1560 .Va route_ Ns Aq Ar element
1561 variable is assumed to exist whose contents will later be passed to a
1564 .It Va change_routes
1566 Set to the list of static routes that are to be changed at system boot time
1567 (such as those added by the kernel).
1570 then for each whitespace separated
1573 .Va change_route_ Ns Aq Ar element
1574 variable is assumed to exist whose contents will later be passed to a
1575 .Dq Nm route Cm change
1577 .It Va ipv6_static_routes
1579 The IPv6 equivalent of
1583 then for each whitespace separated
1586 .Va ipv6_route_ Ns Aq Ar element
1587 variable is assumed to exist whose contents will later be passed to a
1588 .Dq Nm route Cm add Fl inet6
1590 .It Va gateway_enable
1594 configure host to act as an IP router, e.g. to forward packets
1596 .It Va ipv6_gateway_enable
1598 The IPv6 equivalent of
1599 .Va gateway_enable .
1600 .It Va router_enable
1604 run a routing daemon of some sort, based on the settings of
1608 .It Va ipv6_router_enable
1610 The IPv6 equivalent of
1614 run a routing daemon of some sort, based on the settings of
1615 .Va ipv6_router_program
1617 .Va ipv6_router_flags .
1618 .It Va router_program
1624 this is the name of the routing daemon to use
1626 .Pa /sbin/routed ) .
1627 .It Va ipv6_router_program
1629 The IPv6 equivalent of
1632 .Pa /sbin/route6d ) .
1639 these are the flags to pass to the routing daemon.
1640 .It Va ipv6_router_flags
1642 The IPv6 equivalent of
1644 .It Va rtadvd_enable
1650 daemon at boot time.
1653 .Va ipv6_gateway_enable
1658 utility sends router advertisement packets to the interfaces specified in
1659 .Va rtadvd_interfaces .
1661 and should only be enabled with great care.
1662 You may want to fine-tune
1664 .It Va rtadvd_interfaces
1670 this is the list of interfaces to use.
1671 .It Va rtsold_enable
1677 daemon at boot time.
1680 daemon is used for automatic discovery of non-link local addresses.
1687 these are the flags to pass to the
1694 enable global proxy ARP.
1695 .It Va forward_sourceroute
1703 source-routed packets are forwarded.
1704 .It Va accept_sourceroute
1708 the system will accept source-routed packets directed at it.
1715 daemon at system boot time.
1722 these are the flags to pass to the
1725 .It Va wpa_supplicant_enable
1730 .Xr wpa_supplicant 8
1732 .Dq interface matching mode
1733 at system boot time.
1734 .It Va wpa_supplicant_program
1737 .Xr wpa_supplicant 8 .
1738 .It Va wpa_supplicant_flags
1741 .Va wpa_supplicant_enable
1744 these are the flags to pass to the
1745 .Xr wpa_supplicant 8
1747 .It Va bootparamd_enable
1753 daemon at system boot time.
1754 .It Va bootparamd_flags
1757 .Va bootparamd_enable
1760 these are the flags to pass to the
1763 .It Va stf_interface_ipv4addr
1767 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling interface).
1768 Specify this entry to enable the 6to4 interface.
1769 .It Va stf_interface_ipv4plen
1771 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1772 An effective value is 0-31.
1773 .It Va stf_interface_ipv6_ifid
1775 IPv6 interface ID for
1779 .It Va stf_interface_ipv6_slaid
1781 IPv6 Site Level Aggregator for
1785 The keyboard bell sound.
1792 if the default behavior is desired.
1793 For details, refer to the
1800 no keymap is installed, otherwise the value is used to install
1802 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1805 The keyboard repeat speed.
1812 if the default behavior is desired.
1817 attempt to program the function keys with the value.
1818 The value should be a single string of the form:
1819 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
1822 Can be set to the value of
1825 .Dq Li destructive ,
1828 to set the cursor behavior explicitly or choose the default behavior.
1833 no screen map is installed, otherwise the value is used to install
1834 the screen map file in
1835 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
1840 the default 8x16 font value is used for screen size requests, otherwise
1842 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1848 the default 8x14 font value is used for screen size requests, otherwise
1850 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1856 the default 8x8 font value is used for screen size requests, otherwise
1858 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1864 the default screen blanking interval is used, otherwise it is set to
1871 this is the actual screen saver to use
1872 .Li ( blank , snake , daemon ,
1874 .It Va moused_nondefault_enable
1878 the mouse device specified on
1879 the command line is not automatically treated as enabled by the
1880 .Pa /etc/rc.d/moused
1882 Having this variable set to
1888 to be enabled as soon as it is plugged in.
1889 .It Va moused_enable
1895 daemon is started for doing cut/paste selection on the console.
1902 this is the protocol type of the mouse connected to this host.
1908 is able to detect the appropriate mouse type automatically in many cases.
1909 Leave this variable at the default
1911 to let the daemon detect it, or
1912 select one from the following list if the automatic detection fails.
1914 If the mouse is attached to the PS/2 mouse port, leave the variable at the
1919 regardless of the brand and model of the mouse.
1920 Likewise, if the mouse is attached to the bus mouse port, leave it at
1924 All other protocols are for serial mice and will not work with
1925 the PS/2 and bus mice.
1926 If this is a USB mouse,
1928 is the only protocol type which will work.
1930 .Bl -tag -width ".Li x10mouseremote" -compact
1932 Microsoft mouse (serial)
1934 Microsoft IntelliMouse (serial)
1936 Mouse systems Corp. mouse (serial)
1938 MM Series mouse (serial)
1940 Logitech mouse (serial)
1944 Logitech MouseMan and TrackMan (serial)
1946 ALPS GlidePoint (serial)
1947 .It Li thinkingmouse
1948 Kensington ThinkingMouse (serial)
1952 MM HitTablet (serial)
1953 .It Li x10mouseremote
1954 X10 MouseRemote (serial)
1956 Interlink VersaPad (serial)
1959 Even if the mouse is not in the above list, it may be compatible
1960 with one in the list.
1961 Refer to the man page for
1963 for compatibility information.
1965 It should also be noted that while this is enabled, any
1966 other client of the mouse (such as an X server) should access
1967 the mouse through the virtual mouse device,
1969 and configure it as a
1971 type mouse, since all
1972 mouse data is converted to this single canonical format when using
1974 If the client program does not support the
1979 It is the second preferred type.
1986 this is the actual port the mouse is on.
1989 for a COM1 serial mouse or
1991 for a PS/2 mouse, for example.
1996 is set, these are the additional flags to pass to the
1999 .It Va mousechar_start
2003 the default mouse cursor character range
2004 .Li 0xd0 Ns - Ns Li 0xd3
2005 is used, otherwise the range start is set to
2009 Use if the default range is occupied in the language code table.
2012 Set the size of the history (scrollback) buffer in lines.
2013 .It Va allscreens_flags
2017 is run with these options for each of the virtual terminals
2021 will enable the mouse pointer on all virtual terminals if
2025 .It Va allscreens_kbdflags
2029 is run with these options for each of the virtual terminals
2035 scrollback (history) buffer to 200 lines.
2042 daemon at system boot time.
2048 .Pa /usr/sbin/cron ) .
2055 these are the flags to pass to
2062 .Pa /usr/sbin/lpd ) .
2069 daemon at system boot time.
2076 these are the flags to pass to the
2085 daemon at system boot time.
2092 settings across reboots.
2093 .It Va mta_start_script
2095 The full path to the script to run to start
2096 a mail transfer agent.
2098 .Pa /etc/rc.sendmail .
2102 .Pa /etc/rc.sendmail
2103 uses are documented in the
2109 .Sq HAMMER ROOT with UFS /boot
2110 setup, the boot loader will not set up the
2113 The system will attempt to fix this on its own.
2114 Set this variable to
2116 to turn this behavior off.
2119 Indicates the device (usually a swap partition) to which a crash dump
2120 should be written in the event of a system crash.
2121 The value of this variable is passed as the argument to
2125 To disable crash dumps, set this variable to
2129 When the system reboots after a crash and a crash dump is found on the
2130 device specified by the
2134 will save that crash dump and a copy of the kernel to the directory
2138 The default value is
2147 .It Va savecore_flags
2149 If crash dumps are enabled, these are the flags to pass to the
2152 .It Va crashinfo_enable
2156 to turn on automatic crash dump summary generation using the utility
2158 .Va crashinfo_program
2160 .It Va crashinfo_program
2162 Program to run to generate a crash dump summary if the variable
2163 .Va crashinfo_enable
2166 The default value is
2167 .Pa /usr/sbin/crashinfo .
2168 .It Va enable_quotas
2172 to turn on user disk quotas on system startup via the
2179 to enable user disk quota checking via the
2182 .It Va accounting_enable
2186 to enable system accounting through the
2189 .\" ----- cleanvar_enable setting--------------------------------
2190 .It Va cleanvar_enable
2198 .Pa /var/spool/uucp/.Temp/*
2200 .\" ----- clear_tmp_enable setting-------------------------------
2201 .It Va clear_tmp_enable
2208 .\" ----- ldconfig_paths setting --------------------------------
2209 .It Va ldconfig_paths
2211 Set to the list of shared library paths to use with
2215 will always be added first, so it need not appear in this list.
2216 .It Va ldconfig_insecure
2220 utility normally refuses to use directories
2221 which are writable by anyone except root.
2222 Set this variable to
2224 to disable that security check during system startup.
2225 .It Va ldconfig_local_dirs
2227 Set to the list of local
2230 The names of all files in the directories listed will be
2231 passed as arguments to
2233 .It Va kern_securelevel
2235 The kernel security level to set at startup.
2236 The allowed range of
2238 ranges from \-1 (the compile time default) to 3 (the most secure).
2241 for the list of possible security levels and their effect on system operation.
2248 at system boot time.
2255 at system boot time.
2258 Path to the SSH server program
2260 .Pa /usr/sbin/sshd ) .
2267 these are the flags to pass to the
2276 at system boot time.
2283 these are the flags to pass to the
2286 .It Va watchdogd_enable
2292 daemon at boot time.
2297 any configured jails will not be started.
2300 A space separated list of names for jails.
2301 This is purely a configuration aid to help identify and
2302 configure multiple jails.
2303 The names specified in this list will be used to
2304 identify settings common to an instance of a jail.
2305 Assuming that the jail in question was named
2307 you would have the following dependent variables:
2309 jail_vjail_hostname="jail.example.com"
2310 jail_vjail_ip="192.168.1.100"
2311 jail_vjail_rootdir="/var/jails/vjail/root"
2316 When set, use as default value for
2317 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2320 .It Va jail_interface
2323 When set, use as default value for
2324 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2330 When set, use as default value for
2331 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2334 .It Va jail_mount_enable
2342 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2345 by default for every jail in
2347 .It Va jail_procfs_enable
2355 .Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2358 by default for every jail in
2360 .It Va jail_devfs_enable
2368 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2371 by default for every jail in
2373 .It Va jail_exec_start
2376 When set, use as default value for
2377 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2380 .It Va jail_exec_stop
2382 When set, use as default value for
2383 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2386 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
2389 Set to the root directory used by jail
2391 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
2394 Set to the fully qualified domain name (FQDN) assigned to jail
2396 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
2399 Set to the IP address assigned to jail
2401 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2406 These are flags to pass to
2408 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2411 When set, sets the interface to use when setting IP address alias.
2412 Note that the alias is created at jail startup and removed at jail shutdown.
2413 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2416 .Pa /etc/fstab. Ns Aq Ar jname
2418 This is the file system information file to use for jail
2420 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2427 mount all file systems from
2428 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2430 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2437 mount the process file system inside jail
2440 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2447 mount the device file system inside jail
2450 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2453 .Dq Li /bin/sh /etc/rc
2455 This is the command executed at jail startup.
2456 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2459 .Dq Li /bin/sh /etc/rc.shutdown
2461 This is the command executed at jail shutdown.
2462 .It Va jail_default_set_hostname_allow
2466 do not allow the root user in a jail to set its hostname.
2467 .It Va jail_default_socket_unixiproute_only
2471 do not allow any sockets,
2472 besides UNIX/IP/route sockets,
2473 to be used within a jail.
2474 .It Va jail_default_sysvipc_allow
2478 allow applications within a jail to use System V IPC.
2479 .It Va jail_default_chflags_allow
2483 allow applications within a jail to alter system file flags.
2484 .It Va jail_default_raw_sockets_allow
2488 allow applications within a jail to user raw sockets.
2489 .It Va jail_default_allow_listen_override
2493 allows both wildcard and non-wildcard listen sockets in the jail to
2494 override wildcard listen sockets on the host.
2499 LVM volumes will be discovered and configured on boot.
2500 .It Va newsyslog_enable
2506 before syslogd starts.
2507 .It Va newsyslog_flags
2510 .Va newsyslog_enable
2513 these are the flags passed to
2515 .It Va resident_enable
2519 make the dynamic binaries listed in
2520 .Pa /etc/resident.conf
2522 .It Va varsym_enable
2527 .Pa /etc/varsym.conf
2528 to set system-wide variables for variant symlinks.
2533 or a whitespace separated list of IRQ numbers which will be used as a source of
2535 .\" -----------------------------------------------------
2540 to disable caching entropy via
2542 Otherwise set to the directory used to store entropy files in.
2547 to disable caching entropy through reboots.
2548 Otherwise set to the filename used to store cached entropy through reboots.
2549 This file should be located on the root file system to seed the
2551 device as early as possible in the boot process.
2552 .It Va entropy_save_sz
2554 Determines the size of the entropy cache files used for entropy cached
2555 through reboots and also entropy cached via
2557 The entropy is fed to the system in blocks of 512 bytes, so this number
2558 should be large enough to fill as many of the entropy pools in the kernel
2560 By default, it is set to 16384, which should be able to seed all 32 entropy
2561 pools in the Fortuna CSPRNG.
2569 .Pa /var/run/dmesg.boot
2571 .It Va rcshutdown_timeout
2573 If set, start a watchdog timer in the background which will terminate
2577 has not completed within the specified time (in seconds).
2578 Notice that in addition to this soft timeout,
2580 also applies a hard timeout for the execution of
2582 This is configured via
2585 .Va kern.init_shutdown_timeout
2586 and defaults to 120 seconds. Setting the value of
2587 .Va rcshutdown_timeout
2588 to more than 120 seconds will have no effect until the
2591 .Va kern.init_shutdown_timeout
2597 the udevd daemon will be started on boot.
2598 .It Va vfs_quota_enable
2602 vfs quota rc.d scripts will be run on boot.
2603 .It Va vfs_quota_sync
2605 List of mount points whose counters are to be synchronized with on-disk
2606 usage during system startup.
2609 .It Va vknetd_enable
2614 will be started on boot.
2617 Additional flags passed to
2619 Usually address/cidrbits is specified here.
2620 When no flags are passed, default option
2623 .It Va vkernel_enable
2627 any configured vkernels will not be started.
2628 .It Va vkernel_kill_timeout
2630 This defines the default number of seconds that we will wait for the
2631 vkernel to shut down on its own.
2632 If after this time it's still alive,
2633 it will be killed with SIGKILL.
2636 Defines the default path to the vkernel binary.
2639 A space separated list of names for vkernels.
2640 This is purely a configuration aid to help identify and
2641 configure multiple vkernels.
2642 The names specified in this list will be used to
2643 identify settings common to a vkernel instance.
2644 Assuming that the vkernel in question was named
2646 you would have the following dependent variables
2647 (filled with reference values in this text):
2649 vkernel_example_bin="/usr/obj/usr/src/sys/VKERNEL64/kernel.debug"
2650 vkernel_example_memsize="64m"
2651 vkernel_example_rootimg_list="/var/vkernel/rootimg.01"
2652 vkernel_example_memimg="/var/vkernel/memimg.000001"
2653 vkernel_example_user="myuser"
2654 vkernel_example_iface_list="auto:bridge0"
2655 vkernel_example_logfile="/dev/null"
2656 vkernel_example_flags="-U"
2657 vkernel_example_kill_timeout="45"
2660 The last six are optional.
2661 They default to an empty string if not set, except for logfile which defaults to
2671 which is the vkernel's default directory for memory images,
2672 with permissions of 1777, i.e. world writable with the sticky bit set
2675 .It Va autofs_enable
2685 daemons at boot time.
2686 .It Va automount_flags
2692 these are the flags to pass to the
2695 By default no flags are passed.
2696 .It Va automountd_flags
2702 these are the flags to pass to the
2705 By default no flags are passed.
2706 .It Va autounmountd_flags
2712 these are the flags to pass to the
2715 By default no flags are passed.
2718 .Bl -tag -width ".Pa /etc/start_if. Ns Aq Ar interface" -compact
2719 .It Pa /etc/defaults/rc.conf
2721 .It Pa /etc/rc.conf.local
2722 .It Pa /etc/start_if. Ns Aq Ar interface
2741 .Xr resident.conf 5 ,
2746 .Xr autounmountd 8 ,
2791 .Xr wpa_supplicant 8 ,
2802 .An Jordan K. Hubbard .