4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions directly.
46 Instead, it is included by the various generic startup scripts in
48 which conditionalize their
49 internal actions according to the settings found there.
52 .Pa /etc/defaults/rc.conf
53 file specifies the default settings for all the available options,
56 file specifies override settings.
57 Options need only be specified in
59 when the system administrator wishes to override the defaults.
61 .Pa /etc/rc.conf.local
62 is used to override settings in
64 for historical reasons.
66 .Pa /etc/rc.conf.local
67 you can also place smaller configuration files for each
71 directory, which will be included by the
74 For jail configurations you could use the file
75 .Pa /etc/rc.conf.d/jail
76 to store jail specific configuration options.
81 The following list provides a name and short description for each
82 variable that can be set in the
99 These values are case insensitive.
102 postfix in the name of a variable for starting a service can be
105 .Bl -tag -width indent-two
110 enable output of debug messages from rc scripts.
111 This variable can be helpful in diagnosing mistakes when
112 editing or integrating new scripts.
113 Beware that this produces copious output to the terminal and
119 disable informational messages from the rc scripts.
120 Informational messages are displayed when
121 a condition that is not serious enough to warrant a warning or an error occurs.
128 when faststart is used (e.g., at boot time).
133 no swapfile is installed, otherwise the value is used as the full
134 pathname to a file to use for additional swap space.
137 driver is needed for a swapfile and will be loaded if it is not
138 already compiled into the kernel or loaded via
144 to handle device added, removed or unknown events from the kernel.
151 these are the flags to pass to the
163 a CPU speed control daemon.
164 .It Va sensorsd_enable
173 a sensors monitoring and logging daemon.
174 .It Va sensorsd_flags
177 Additional flags passed to the
180 .It Va sysvipcd_enable
189 a daemon needed for the userspace implementation of the XSI Interprocess
190 Communication functions.
191 .It Va sysvipcd_flags
194 Additional flags passed to the
197 .It Va hotplugd_enable
206 a devices hot plugging monitoring daemon.
207 .It Va hotplugd_flags
210 Additional flags passed to the
213 .It Va pccard_ifconfig
215 List of arguments to be passed to
217 at boot time or on insertion of the card (e.g.\&
218 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
219 for a fixed address or
222 .It Va pccard_ether_delay
224 Set the delay before starting
227 .Pa /etc/pccard_ether
229 This defaults to 5 seconds to work around a bug in the
231 driver which can lead to system hangs when using some newer
234 .It Va removable_interfaces
236 List of removable network interfaces to be supported by
237 .Pa /etc/pccard_ether .
240 List of directories to search for startup script files.
241 .It Va script_name_sep
243 The field separator to use for breaking down the list of startup script files
244 into individual filenames.
245 The default is a space.
246 It is not necessary to change this unless there are startup scripts with names
250 The fully qualified domain name (FQDN) of this host on the network.
251 This should almost certainly be set to something meaningful, even if
252 there is no network connection.
255 is used to set the hostname via DHCP,
256 this variable should be set to an empty string.
259 Enable support for IPv6 networking.
260 Note that this requires that the kernel have been compiled with
261 .Cd "options INET6" .
264 The NIS domain name of this host, or
267 .It Va dhclient_program
269 Path to the DHCP client program
271 .Pa /sbin/dhclient ) .
272 .It Va dhclient_flags
274 Additional flags to pass to the DHCP client program.
282 If the kernel was not built with
286 kernel module will be loaded.
288 .Va firewall_enable .
293 ruleset definition file.
304 these are the flags to pass to
306 when loading the ruleset.
313 which logs packets from
321 this specifies the path of the log file.
332 these are the flags to pass to
334 .It Va firewall_enable
338 to load firewall rules at startup.
339 If the kernel was not built with
340 .Cd "options IPFIREWALL" ,
343 kernel module will be loaded.
346 .It Va ipv6_firewall_enable
348 The IPv6 equivalent of
349 .Va firewall_enable .
352 to load IPv6 firewall rules at startup.
353 If the kernel was not built with
354 .Cd "options IPV6FIREWALL" ,
357 kernel module will be loaded.
358 .It Va firewall_script
360 The full path to the firewall script to run
362 .Pa /etc/rc.firewall ) .
363 .It Va ipv6_firewall_script
365 The IPv6 equivalent of
366 .Va firewall_script .
369 Names the firewall type from the selection in
370 .Pa /etc/rc.firewall ,
371 or the file which contains the local firewall ruleset.
372 Valid selections from
376 .Bl -tag -width ".Li simple" -compact
378 unrestricted IP access
380 all IP services disabled, except via
383 basic protection for a workstation on a LAN
389 If a filename is specified, the full path must be given.
390 .It Va firewall_trusted_nets
392 List of trusted networks (if
396 .It Va firewall_trusted_interfaces
398 List of trusted network interfaces (if
402 .It Va firewall_allowed_icmp_types
404 List of allowed ICMP types (if
408 .It Va firewall_open_tcp_ports
410 List of TCP ports to open (if
414 .It Va firewall_open_udp_ports
416 List of UDP ports to open (if
420 .It Va ipv6_firewall_type
422 The IPv6 equivalent of
424 .It Va firewall_quiet
428 to disable the display of firewall rules on the console during boot.
429 .It Va ipv6_firewall_quiet
431 The IPv6 equivalent of
433 .It Va firewall_logging
437 to enable firewall event logging.
438 This is equivalent to the
439 .Dv IPFIREWALL_VERBOSE
441 .It Va ipv6_firewall_logging
443 The IPv6 equivalent of
444 .Va firewall_logging .
445 .It Va firewall_flags
451 specifies a filename.
452 .It Va ipv6_firewall_flags
454 The IPv6 equivalent of
471 sockets must be enabled in the kernel.
472 .It Va natd_interface
474 This is the name of the public interface on which
477 The interface may be given as an interface name or as an IP address.
482 flags should be placed here.
487 flag is automatically added with the above
490 .It Va tcp_extensions
497 disables certain TCP options as described by
503 might help remedy such problems with connections as randomly hanging
504 or other weird behavior.
505 Some network devices are known to be broken with respect to these options.
512 .Va net.inet.tcp.log_in_vain
514 .Va net.inet.udp.log_in_vain ,
519 are set to the given value.
527 will disable probing idle TCP connections to verify that the
528 peer is still up and reachable.
529 .It Va tcp_drop_synfin
536 will cause the kernel to ignore TCP frames that have both
537 the SYN and FIN flags set.
538 This prevents OS fingerprinting, but may break some legitimate applications.
539 This option is only available if the kernel was built with the
542 .It Va icmp_drop_redirect
549 will cause the kernel to ignore ICMP REDIRECT packets.
552 for more information.
553 .It Va icmp_log_redirect
560 will cause the kernel to log ICMP REDIRECT packets.
562 the log messages are not rate-limited, so this option should only be used
563 for troubleshooting networks.
566 for more information.
567 .It Va icmp_bmcastecho
571 to respond to broadcast or multicast ICMP ping packets.
574 for more information.
575 .It Va ip_portrange_first
579 this is the first port in the default portrange.
582 for more information.
583 .It Va ip_portrange_last
587 this is the last port in the default portrange.
590 for more information.
592 .It Va ifconfig_ Ns Aq Ar interface
596 Typically includes IP address.
597 Assuming that the interface in question was
599 it might look something like this:
601 ifconfig_ed0="inet 10.0.0.1 netmask 0xffff0000"
605 .Pa /etc/start_if. Ns Aq Ar interface
606 file is present, it is read and executed by the
608 interpreter before configuring the interface as specified in the
609 .Va ifconfig_ Ns Aq Ar interface
611 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
614 It is possible to bring up an interface with DHCP by adding
617 .Va ifconfig_ Ns Aq Ar interface
619 For instance, to initialize the
621 device via DHCP, it is possible to use something like:
627 .Va vlans_ Ns Aq Ar interface
631 interface will be created for each item in the list with the
635 If a vlan interface's name is a number,
636 then that number is used as the vlan tag and the new vlan interface is
638 .Ar interface . Ns Ar tag .
640 the vlan tag must be specified via a
643 .Va create_args_ Ns Aq Ar interface
646 To create a vlan device named
650 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
653 ifconfig_em0_101="inet 192.0.2.1/24"
656 To create a vlan device named
660 with the vlan tag 102:
663 create_args_myvlan="vlan 102"
667 .Va wlans_ Ns Aq Ar interface
671 interface will be created for each item in the list with the
675 Further wlan cloning arguments may be passed to the
678 command by setting the
679 .Va create_args_ Ns Aq Ar interface
683 devices must be created for each wireless devices as of
689 may be specified with an
690 .Va wlandebug_ Ns Aq Ar interface
692 The contents of this variable will be passed directly to
695 Also, if your interface needs WPA authentication, it is possible to add
698 .Va ifconfig_ Ns Aq Ar interface
701 .Xr wpa_supplicant 8 .
703 .Xr wpa_supplicant.conf 5
704 for configuring authentication information.
708 options in this variable, in addition to the
709 .Pa /etc/start_if. Ns Aq Ar interface
711 For instance, to initialize the
713 device via DHCP, using WPA authentication and 802.11b mode, it is
714 possible to use something like:
717 ifconfig_wlan0="up DHCP WPA mode 11b"
719 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
721 Configuration to establish an additional network address for
723 Assuming that the interface in question was
725 it might look something like this:
727 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
728 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
733 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
734 entry that is found, its contents are passed to
736 Execution stops at the first unsuccessful access, so if
737 something like this is present:
739 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
740 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
741 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
742 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
745 Then note that alias4 would
747 be added since the search would stop with the missing alias3 entry.
748 .It Va ifconfig_ Ns Ao Ar interface Ac Ns Va _name
752 It is possible to rename interface by doing:
754 ifconfig_ed0_name="net0"
755 ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
757 .It Va network_interfaces
759 The list of network interfaces to configure on this host,
762 to configure all network interfaces
765 For example, if the only network devices to be configured are the loopback device
769 driver, this could be set to
772 .Va ifconfig_ Ns Aq Ar interface
773 variable is assumed to exist for each value of
775 .It Va ipv6_network_interfaces
777 This is the IPv6 equivalent of
778 .Va network_interfaces .
779 Instead of setting the ifconfig variables as
780 .Va ifconfig_ Ns Aq Ar interface
781 they should be set as
782 .Va ipv6_ifconfig_ Ns Aq Ar interface .
783 Aliases should be set as
784 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
785 Interfaces that do not have a
786 .Va ipv6_ifconfig_ Ns Aq Ar interface
787 setting will be auto configured by
790 .Va ipv6_gateway_enable
793 Note that the IPv6 networking code does not support the
794 .Pa /etc/start_if. Ns Aq Ar interface
796 .It Va ipv6_prefix_ Ns Aq Ar interface
800 prefixlen 64 is used.
801 .It Va ipv6_default_interface
805 this is the default output interface for scoped addresses.
806 Now this works only for IPv6 link local multicast addresses.
807 .It Va cloned_interfaces
809 Set to the list of clonable network interfaces to create on this host.
811 .Va cloned_interfaces
812 are automatically appended to
813 .Va network_interfaces
815 .It Va gif_interfaces
819 tunnel interfaces to configure on this host.
821 .Va gifconfig_ Ns Aq Ar interface
822 variable is assumed to exist for each value of
824 The value of this variable is used to configure the link layer of the
825 tunnel according to the syntax of the
829 Additionally, this option ensures that each listed interface is created via the
833 before attempting to configure it.
834 .It Va sppp_interfaces
838 interfaces to configure on this host.
840 .Va spppconfig_ Ns Aq Ar interface
841 variable is assumed to exist for each value of
843 Each interface should also be configured by a general
844 .Va ifconfig_ Ns Aq Ar interface
848 for more information about available options.
858 Mode in which to run the
867 See the manual for a full description.
872 enables network address translation.
873 Used in conjunction with
875 allows hosts on private network addresses access to the Internet using
876 this host as a network address translating router.
879 The name of the profile to use from
880 .Pa /etc/ppp/ppp.conf .
881 Also used for per-profile overrides of
882 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
883 Where the profile contains any of the characters
885 they are translated to
887 for the purposes of the override variable names.
888 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
890 Set the unit number to be used for this profile.
891 See the manual description of
898 The name of the user under which
907 This option is used to specify a list of files that will override
909 .Pa /etc/defaults/rc.conf .
910 The files will be read in the order in which they are specified and should
911 include the full path to the file.
912 By default, the files specified are
915 .Pa /etc/rc.conf.local
923 flag if the initial preen of the file systems fails.
926 List of file system types that are network-based.
927 This list should generally not be modified by end users.
929 .Va extra_netfs_types
931 .It Va extra_netfs_types
933 If set to something other than
935 (the default), this variable extends the list of file system types
936 for which automatic mounting at startup by
938 should be delayed until the network is initialized.
940 a whitespace-separated list of network file system descriptor pairs,
941 each consisting of a file system type as passed to
943 and a human-readable, one-word description, joined with a colon
945 Extending the default list in this way is only necessary
946 when third party file system types are used.
947 .It Va devfs_config_files
949 This option is used to specify a list of configuration files containing
951 rules that will be applied by
953 in the order in which they are specified and must include the full path
955 .It Va syslogd_enable
962 .It Va syslogd_program
967 .Pa /usr/sbin/syslogd ) .
974 these are the flags to pass to
988 .Pa /usr/sbin/inetd ) .
995 these are the flags to pass to
1003 daemon at boot time.
1010 these are the flags to pass to it.
1017 daemon at boot time.
1024 these are the flags to pass to it.
1027 manpage for more information.
1028 .It Va amd_map_program
1030 If set, the specified program is run to get the list of
1035 maps are stored in NIS, one can set this to run
1047 will be updated at boot time to reflect the kernel release being run.
1051 will not be updated.
1052 .It Va nfs_client_enable
1056 setup NFS client parameters at boot time.
1057 .It Va nfs_access_cache
1060 .Va nfs_client_enable
1065 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1066 NFS ACCESS results should be cached.
1067 A value of 2-10 seconds will substantially reduce network traffic for
1068 many NFS operations.
1069 The default is 5 seconds.
1070 Note that the attribute cache holds stat information only.
1071 The NFS data cache is independent of the attribute cache and is only
1072 invalidated when the client detects that the server has modified the
1074 This value specifies a maximum timeout.
1075 The NFS client will automatically use a shorter timeout for files which
1076 have been recently modified.
1077 .It Va nfs_neg_cache
1080 .Va nfs_client_enable
1085 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existent
1086 filenames), or to the number of seconds for which negative lookups should
1088 A value of 2-10 seconds will substantially reduce network
1089 traffic for many NFS operations, especially source code builds.
1090 The default is 3 seconds.
1091 .It Va nfs_server_enable
1095 run the NFS server daemons at boot time.
1096 .It Va nfs_server_flags
1099 .Va nfs_server_enable
1102 these are the flags to pass to the
1105 .It Va mountd_enable
1110 .Va nfs_server_enable
1116 It is commonly needed to run CFS without real NFS used.
1123 these are the flags to pass to the
1126 .It Va weak_mountd_authentication
1130 allow services like PCNFSD to make non-privileged mount requests.
1131 .It Va nfs_reserved_port_only
1135 provide NFS services only on a secure port.
1136 .It Va nfs_bufpackets
1138 If set to a number, indicates the number of packets worth of
1139 socket buffer space to reserve on an NFS client.
1140 The kernel default is typically 4.
1141 Using a higher number may be useful on gigabit networks to improve performance.
1142 The minimum value is 2 and the maximum is 64.
1143 .It Va rpc_umntall_enable
1147 (default) and we are also an NFS client, run
1149 at boot time to clear out old mounts on remote servers.
1154 will not be run at boot time.
1155 .It Va rpc_lockd_enable
1159 and also an NFS server, run
1162 .It Va rpc_lockd_flags
1165 .Va rpc_lockd_enable
1168 these are the flags to pass to
1170 .It Va rpc_statd_enable
1174 and also an NFS server, run
1177 .It Va rpc_statd_flags
1180 .Va rpc_statd_enable
1183 these are the flags to pass to
1185 .It Va rpcbind_program
1187 Path to program for rpcbind daemon
1189 .Pa /usr/sbin/rpcbind ) .
1190 .It Va rpcbind_enable
1197 .It Va rpcbind_flags
1203 these are the flags to pass to
1204 .Va rpcbind_program .
1205 .It Va keyserv_enable
1211 daemon on boot for running Secure RPC.
1212 .It Va keyserv_flags
1218 these are the flags to pass to
1221 .It Va pppoed_enable
1227 daemon at boot time to provide PPP over Ethernet services.
1228 .It Va pppoed_provider
1231 listens to requests to this provider and ultimately runs
1235 argument of the same name.
1238 Additional flags to pass to
1240 .It Va pppoed_interface
1242 The network interface to run
1245 This is mandatory when
1255 service at boot time.
1256 This command is intended for networks of machines where a consistent
1258 for all hosts must be established.
1259 This is often useful in large NFS environments where time stamps on
1260 files are expected to be consistent network-wide.
1267 these are the flags to pass to the
1276 at system boot time.
1277 .It Va dntpd_program
1282 .Pa /usr/sbin/dntpd ) .
1289 these are the flags to pass to the
1292 .It Va btconfig_enable
1296 configure Bluetooth devices via
1298 at system boot time.
1299 .It Va btconfig_devices
1305 this is the list of Bluetooth devices to configure.
1307 .Va btconfig_devices
1308 is not specified, all devices known to the system will be configured.
1310 .Va btconfig_ Ns Aq Ar device
1311 variable can be set to specify parameters to be passed to
1313 .It Va btconfig_args
1319 this is the list of configuration parameters to pass to all Bluetooth
1325 run the Service Discovery Profile daemon
1327 at system boot time.
1334 these are the flags to pass to the
1337 .It Va bthcid_enable
1341 run the Bluetooth Link Key/PIN Code Manager daemon
1343 at system boot time.
1350 these are the flags to pass to the
1353 .It Va nis_client_enable
1359 service at system boot time.
1360 .It Va nis_client_flags
1363 .Va nis_client_enable
1366 these are the flags to pass to the
1369 .It Va nis_ypset_enable
1375 daemon at system boot time.
1376 .It Va nis_ypset_flags
1379 .Va nis_ypset_enable
1382 these are the flags to pass to the
1385 .It Va nis_server_enable
1391 daemon at system boot time.
1392 .It Va nis_server_flags
1395 .Va nis_server_enable
1398 these are the flags to pass to the
1401 .It Va nis_ypxfrd_enable
1407 daemon at system boot time.
1408 .It Va nis_ypxfrd_flags
1411 .Va nis_ypxfrd_enable
1414 these are the flags to pass to the
1417 .It Va nis_yppasswdd_enable
1423 daemon at system boot time.
1424 .It Va nis_yppasswdd_flags
1427 .Va nis_yppasswdd_enable
1430 these are the flags to pass to the
1433 .It Va rpc_ypupdated_enable
1439 daemon at system boot time.
1440 .It Va defaultrouter
1444 create a default route to this host name or IP address
1445 (use an IP address if this router is also required to get to the
1447 .It Va ipv6_defaultrouter
1449 The IPv6 equivalent of
1451 .It Va static_routes
1453 Set to the list of static routes that are to be added at system boot time.
1456 then for each whitespace separated
1459 .Va route_ Ns Aq Ar element
1460 variable is assumed to exist whose contents will later be passed to a
1463 .It Va change_routes
1465 Set to the list of static routes that are to be changed at system boot time
1466 (such as those added by the kernel).
1469 then for each whitespace separated
1472 .Va change_route_ Ns Aq Ar element
1473 variable is assumed to exist whose contents will later be passed to a
1474 .Dq Nm route Cm change
1476 .It Va ipv6_static_routes
1478 The IPv6 equivalent of
1482 then for each whitespace separated
1485 .Va ipv6_route_ Ns Aq Ar element
1486 variable is assumed to exist whose contents will later be passed to a
1487 .Dq Nm route Cm add Fl inet6
1489 .It Va gateway_enable
1493 configure host to act as an IP router, e.g. to forward packets
1495 .It Va ipv6_gateway_enable
1497 The IPv6 equivalent of
1498 .Va gateway_enable .
1499 .It Va router_enable
1503 run a routing daemon of some sort, based on the settings of
1507 .It Va ipv6_router_enable
1509 The IPv6 equivalent of
1513 run a routing daemon of some sort, based on the settings of
1514 .Va ipv6_router_program
1516 .Va ipv6_router_flags .
1517 .It Va router_program
1523 this is the name of the routing daemon to use
1525 .Pa /sbin/routed ) .
1526 .It Va ipv6_router_program
1528 The IPv6 equivalent of
1531 .Pa /sbin/route6d ) .
1538 these are the flags to pass to the routing daemon.
1539 .It Va ipv6_router_flags
1541 The IPv6 equivalent of
1543 .It Va mrouted_enable
1547 run the multicast routing daemon,
1549 .It Va mroute6d_enable
1551 The IPv6 equivalent of
1552 .Va mrouted_enable .
1555 run the IPv6 multicast routing daemon.
1556 Note that no IPv6 multicast routing daemon is included in the
1560 can be installed from the
1563 .Pa ( net/mcast-tools ) .
1564 .It Va mrouted_flags
1570 these are the flags to pass to the
1573 .It Va mroute6d_flags
1575 The IPv6 equivalent of
1581 these are the flags passed to the IPv6 multicast routing daemon.
1582 .It Va mroute6d_program
1588 this is the path to the IPv6 multicast routing daemon.
1589 .It Va rtadvd_enable
1595 daemon at boot time.
1598 .Va ipv6_gateway_enable
1603 utility sends router advertisement packets to the interfaces specified in
1604 .Va rtadvd_interfaces .
1606 and should only be enabled with great care.
1607 You may want to fine-tune
1609 .It Va rtadvd_interfaces
1615 this is the list of interfaces to use.
1616 .It Va rtsold_enable
1622 daemon at boot time.
1625 daemon is used for automatic discovery of non-link local addresses.
1632 these are the flags to pass to the
1639 enable global proxy ARP.
1640 .It Va forward_sourceroute
1648 source-routed packets are forwarded.
1649 .It Va accept_sourceroute
1653 the system will accept source-routed packets directed at it.
1660 daemon at system boot time.
1667 these are the flags to pass to the
1670 .It Va bootparamd_enable
1676 daemon at system boot time.
1677 .It Va bootparamd_flags
1680 .Va bootparamd_enable
1683 these are the flags to pass to the
1686 .It Va stf_interface_ipv4addr
1690 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling interface).
1691 Specify this entry to enable the 6to4 interface.
1692 .It Va stf_interface_ipv4plen
1694 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1695 An effective value is 0-31.
1696 .It Va stf_interface_ipv6_ifid
1698 IPv6 interface ID for
1702 .It Va stf_interface_ipv6_slaid
1704 IPv6 Site Level Aggregator for
1706 .It Va ipv6_faith_prefix
1710 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP translator.
1716 The keyboard bell sound.
1723 if the default behavior is desired.
1724 For details, refer to the
1731 no keymap is installed, otherwise the value is used to install
1733 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1736 The keyboard repeat speed.
1743 if the default behavior is desired.
1748 attempt to program the function keys with the value.
1749 The value should be a single string of the form:
1750 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
1753 Can be set to the value of
1756 .Dq Li destructive ,
1759 to set the cursor behavior explicitly or choose the default behavior.
1764 no screen map is installed, otherwise the value is used to install
1765 the screen map file in
1766 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
1771 the default 8x16 font value is used for screen size requests, otherwise
1773 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1779 the default 8x14 font value is used for screen size requests, otherwise
1781 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1787 the default 8x8 font value is used for screen size requests, otherwise
1789 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1795 the default screen blanking interval is used, otherwise it is set to
1802 this is the actual screen saver to use
1803 .Li ( blank , snake , daemon ,
1805 .It Va moused_nondefault_enable
1809 the mouse device specified on
1810 the command line is not automatically treated as enabled by the
1811 .Pa /etc/rc.d/moused
1813 Having this variable set to
1819 to be enabled as soon as it is plugged in.
1820 .It Va moused_enable
1826 daemon is started for doing cut/paste selection on the console.
1829 This is the protocol type of the mouse connected to this host.
1830 This variable must be set if
1837 is able to detect the appropriate mouse type automatically in many cases.
1838 Set this variable to
1840 to let the daemon detect it, or
1841 select one from the following list if the automatic detection fails.
1843 If the mouse is attached to the PS/2 mouse port, choose
1847 regardless of the brand and model of the mouse.
1848 Likewise, if the mouse is attached to the bus mouse port, choose
1852 All other protocols are for serial mice and will not work with
1853 the PS/2 and bus mice.
1854 If this is a USB mouse,
1856 is the only protocol type which will work.
1858 .Bl -tag -width ".Li x10mouseremote" -compact
1860 Microsoft mouse (serial)
1862 Microsoft IntelliMouse (serial)
1864 Mouse systems Corp. mouse (serial)
1866 MM Series mouse (serial)
1868 Logitech mouse (serial)
1872 Logitech MouseMan and TrackMan (serial)
1874 ALPS GlidePoint (serial)
1875 .It Li thinkingmouse
1876 Kensington ThinkingMouse (serial)
1880 MM HitTablet (serial)
1881 .It Li x10mouseremote
1882 X10 MouseRemote (serial)
1884 Interlink VersaPad (serial)
1887 Even if the mouse is not in the above list, it may be compatible
1888 with one in the list.
1889 Refer to the man page for
1891 for compatibility information.
1893 It should also be noted that while this is enabled, any
1894 other client of the mouse (such as an X server) should access
1895 the mouse through the virtual mouse device,
1897 and configure it as a
1899 type mouse, since all
1900 mouse data is converted to this single canonical format when using
1902 If the client program does not support the
1907 It is the second preferred type.
1914 this is the actual port the mouse is on.
1917 for a COM1 serial mouse or
1919 for a PS/2 mouse, for example.
1924 is set, these are the additional flags to pass to the
1927 .It Va mousechar_start
1931 the default mouse cursor character range
1932 .Li 0xd0 Ns - Ns Li 0xd3
1933 is used, otherwise the range start is set to
1937 Use if the default range is occupied in the language code table.
1940 Set the size of the history (scrollback) buffer in lines.
1941 .It Va allscreens_flags
1945 is run with these options for each of the virtual terminals
1949 will enable the mouse pointer on all virtual terminals if
1953 .It Va allscreens_kbdflags
1957 is run with these options for each of the virtual terminals
1963 scrollback (history) buffer to 200 lines.
1970 daemon at system boot time.
1976 .Pa /usr/sbin/cron ) .
1983 these are the flags to pass to
1990 .Pa /usr/sbin/lpd ) .
1997 daemon at system boot time.
2004 these are the flags to pass to the
2013 daemon at system boot time.
2020 settings across reboots.
2021 .It Va mta_start_script
2023 The full path to the script to run to start
2024 a mail transfer agent.
2026 .Pa /etc/rc.sendmail .
2030 .Pa /etc/rc.sendmail
2031 uses are documented in the
2037 .Sq HAMMER ROOT with UFS /boot
2038 setup, the boot loader will not set up the
2041 The system will attempt to fix this on its own.
2042 Set this variable to
2044 to turn this behavior off.
2047 Indicates the device (usually a swap partition) to which a crash dump
2048 should be written in the event of a system crash.
2049 The value of this variable is passed as the argument to
2053 To disable crash dumps, set this variable to
2057 When the system reboots after a crash and a crash dump is found on the
2058 device specified by the
2062 will save that crash dump and a copy of the kernel to the directory
2066 The default value is
2075 .It Va savecore_flags
2077 If crash dumps are enabled, these are the flags to pass to the
2080 .It Va crashinfo_enable
2084 to turn on automatic crash dump summary generation using the utility
2086 .Va crashinfo_program
2088 .It Va crashinfo_program
2090 Program to run to generate a crash dump summary if the variable
2091 .Va crashinfo_enable
2094 The default value is
2095 .Pa /usr/sbin/crashinfo .
2096 .It Va enable_quotas
2100 to turn on user disk quotas on system startup via the
2107 to enable user disk quota checking via the
2110 .It Va accounting_enable
2114 to enable system accounting through the
2121 to enable Linux/ELF binary emulation at system initial boot time.
2122 .\" ----- cleanvar_enable setting--------------------------------
2123 .It Va cleanvar_enable
2131 .Pa /var/spool/uucp/.Temp/*
2133 .\" ----- clear_tmp_enable setting-------------------------------
2134 .It Va clear_tmp_enable
2141 .\" ----- ldconfig_paths setting --------------------------------
2142 .It Va ldconfig_paths
2144 Set to the list of shared library paths to use with
2148 will always be added first, so it need not appear in this list.
2149 .It Va ldconfig_insecure
2153 utility normally refuses to use directories
2154 which are writable by anyone except root.
2155 Set this variable to
2157 to disable that security check during system startup.
2158 .It Va ldconfig_local_dirs
2160 Set to the list of local
2163 The names of all files in the directories listed will be
2164 passed as arguments to
2166 .It Va kern_securelevel
2168 The kernel security level to set at startup.
2169 The allowed range of
2171 ranges from \-1 (the compile time default) to 3 (the most secure).
2174 for the list of possible security levels and their effect on system operation.
2181 at system boot time.
2188 at system boot time.
2191 Path to the SSH server program
2193 .Pa /usr/sbin/sshd ) .
2200 these are the flags to pass to the
2209 at system boot time.
2216 these are the flags to pass to the
2219 .It Va watchdogd_enable
2225 daemon at boot time.
2226 This requires that the kernel have been compiled with
2227 .Cd "options WATCHDOG" .
2232 any configured jails will not be started.
2235 A space separated list of names for jails.
2236 This is purely a configuration aid to help identify and
2237 configure multiple jails.
2238 The names specified in this list will be used to
2239 identify settings common to an instance of a jail.
2240 Assuming that the jail in question was named
2242 you would have the following dependent variables:
2244 jail_vjail_hostname="jail.example.com"
2245 jail_vjail_ip="192.168.1.100"
2246 jail_vjail_rootdir="/var/jails/vjail/root"
2251 When set, use as default value for
2252 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2255 .It Va jail_interface
2258 When set, use as default value for
2259 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2265 When set, use as default value for
2266 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2269 .It Va jail_mount_enable
2277 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2280 by default for every jail in
2282 .It Va jail_procfs_enable
2290 .Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2293 by default for every jail in
2295 .It Va jail_devfs_enable
2303 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2306 by default for every jail in
2308 .It Va jail_exec_start
2311 When set, use as default value for
2312 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2315 .It Va jail_exec_stop
2317 When set, use as default value for
2318 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2321 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
2324 Set to the root directory used by jail
2326 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
2329 Set to the fully qualified domain name (FQDN) assigned to jail
2331 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
2334 Set to the IP address assigned to jail
2336 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2341 These are flags to pass to
2343 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2346 When set, sets the interface to use when setting IP address alias.
2347 Note that the alias is created at jail startup and removed at jail shutdown.
2348 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2351 .Pa /etc/fstab. Ns Aq Ar jname
2353 This is the file system information file to use for jail
2355 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2362 mount all file systems from
2363 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2365 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2372 mount the process file system inside jail
2375 .It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
2382 mount the device file system inside jail
2385 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2388 .Dq Li /bin/sh /etc/rc
2390 This is the command executed at jail startup.
2391 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2394 .Dq Li /bin/sh /etc/rc.shutdown
2396 This is the command executed at jail shutdown.
2397 .It Va jail_set_hostname_allow
2401 do not allow the root user in a jail to set its hostname.
2402 .It Va jail_socket_unixiproute_only
2406 do not allow any sockets,
2407 besides UNIX/IP/route sockets,
2408 to be used within a jail.
2409 .It Va jail_sysvipc_allow
2413 allow applications within a jail to use System V IPC.
2418 LVM volumes will be discovered and configured on boot.
2419 .It Va newsyslog_enable
2425 before syslogd starts.
2426 .It Va newsyslog_flags
2429 .Va newsyslog_enable
2432 these are the flags passed to
2434 .It Va resident_enable
2438 make the dynamic binaries listed in
2439 .Pa /etc/resident.conf
2441 .It Va varsym_enable
2446 .Pa /etc/varsym.conf
2447 to set system-wide variables for variant symlinks.
2452 or a whitespace separated list of IRQ numbers which will be used as a source of
2454 .\" -----------------------------------------------------
2459 to disable caching entropy via
2461 Otherwise set to the directory used to store entropy files in.
2466 to disable caching entropy through reboots.
2467 Otherwise set to the filename used to store cached entropy through reboots.
2468 This file should be located on the root file system to seed the
2470 device as early as possible in the boot process.
2471 .It Va entropy_save_sz
2473 Determines the size of the entropy cache files used for entropy cached
2474 through reboots and also entropy cached via
2476 The entropy is fed to the system in blocks of 512 bytes, so this number
2477 should be large enough to fill as many of the entropy pools in the kernel
2479 By default, it is set to 16384, which should be able to seed all 32 entropy
2480 pools in the Fortuna CSPRNG.
2492 Configuration file for
2501 .Pa /var/run/dmesg.boot
2503 .It Va rcshutdown_timeout
2505 If set, start a watchdog timer in the background which will terminate
2509 has not completed within the specified time (in seconds).
2510 Notice that in addition to this soft timeout,
2512 also applies a hard timeout for the execution of
2514 This is configured via
2517 .Va kern.init_shutdown_timeout
2518 and defaults to 120 seconds. Setting the value of
2519 .Va rcshutdown_timeout
2520 to more than 120 seconds will have no effect until the
2523 .Va kern.init_shutdown_timeout
2529 the udevd daemon will be started on boot.
2530 .It Va vfs_quota_enable
2534 vfs quota rc.d scripts will be run on boot.
2535 .It Va vfs_quota_sync
2537 List of mount points whose counters are to be synchronized with on-disk
2538 usage during system startup. See also
2540 .It Va vknetd_enable
2545 will be started on boot.
2548 Additional flags passed to
2550 Usually address/cidrbits is specified here.
2551 When no flags are passed, default option
2554 .It Va vkernel_enable
2558 any configured vkernels will not be started.
2559 .It Va vkernel_kill_timeout
2561 This defines the default number of seconds that we will wait for the
2562 vkernel to shut down on it's own. If after this time it's still alive,
2563 it will be killed with SIGKILL.
2566 Defines the default path to the vkernel binary.
2569 A space separated list of names for vkernels.
2570 This is purely a configuration aid to help identify and
2571 configure multiple vkernels.
2572 The names specified in this list will be used to
2573 identify settings common to a vkernel instance.
2574 Assuming that the vkernel in question was named
2576 you would have the following dependent variables
2577 (filled with reference values in this text):
2579 vkernel_example_bin="/usr/obj/usr/src/sys/VKERNEL64/kernel.debug"
2580 vkernel_example_memsize="64m"
2581 vkernel_example_rootimg_list="/var/vkernel/rootimg.01"
2582 vkernel_example_iface_list="auto:bridge0"
2583 vkernel_example_logfile="/dev/null"
2584 vkernel_example_flags="-U"
2585 vkernel_example_kill_timeout="45"
2588 The last five are optional.
2589 They default to an empty string if not set, except for logfile which defaults to
2594 .Bl -tag -width ".Pa /etc/start_if. Ns Aq Ar interface" -compact
2595 .It Pa /etc/defaults/rc.conf
2597 .It Pa /etc/rc.conf.local
2598 .It Pa /etc/start_if. Ns Aq Ar interface
2616 .Xr resident.conf 5 ,
2675 .An Jordan K. Hubbard .
projects / dragonfly.git / blob