4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
26 .\" $DragonFly: src/share/man/man5/rc.conf.5,v 1.39 2007/06/02 23:53:26 swildner Exp $
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions
47 Instead, it is included by the
48 various generic startup scripts in
50 which conditionalize their
51 internal actions according to the settings found there.
55 file is included from the file
56 .Pa /etc/defaults/rc.conf ,
57 which specifies the default settings for all the available options.
58 Options need only be specified in
60 when the system administrator wishes to override these defaults.
62 .Pa /etc/rc.conf.local
63 is used to override settings in
65 for historical reasons.
70 The following list provides a name and short description for each
71 variable that can be set in the
74 .Bl -tag -width indent-two
79 enable output of debug messages from rc scripts.
80 This variable can be helpful in diagnosing mistakes when
81 editing or integrating new scripts.
82 Beware that this produces copious output to the terminal and
88 disable informational messages from the rc scripts.
89 Informational messages are displayed when
90 a condition that is not serious enough to warrant a warning or
96 no swapfile is installed, otherwise the value is used as the full
97 pathname to a file to use for additional swap space.
102 enable support for Automatic Power Management with
110 to handle APM event from userland.
111 This also enables support for APM.
118 these are the flags to pass to the
124 to monitor the status of batteries present in the system.
125 This also enables support for APM.
132 these are the flags to pass to the
135 .It Va pccard_ifconfig
137 List of arguments to be passed to
140 insertion of the card (e.g.\&
141 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
142 for a fixed address or
145 .It Va pccard_ether_delay
147 Set the delay before starting
150 .Pa /etc/pccard_ether
152 This defaults to 5 seconds to work around a bug in the
154 driver which can lead to system hangs when using some newer
157 .It Va removable_interfaces
159 List of removable network interfaces to be supported by
160 .Pa /etc/pccard_ether .
163 List of directories to search for startup script files.
164 .It Va script_name_sep
166 The field separator to use for breaking down the list of startup script files
167 into individual filenames.
168 The default is a space.
169 It is not necessary to change this unless there are startup scripts with names
173 The fully qualified domain name (FQDN) of this host on the network.
174 This should almost certainly be set to something meaningful, even if
175 there is no network connection.
178 is used to set the hostname via DHCP,
179 this variable should be set to an empty string.
182 Enable support for IPv6 networking.
183 Note that this requires that the kernel have been compiled with
184 .Cd "options INET6" .
187 The NIS domain name of this host, or
190 .It Va dhclient_program
192 Path to the DHCP client program
193 .Pa ( /sbin/dhclient ,
196 .It Va dhclient_flags
198 Additional flags to pass to the DHCP client program.
199 For the ISC DHCP client, see the
201 manpage for a description of the command line options available.
202 .It Va background_dhclient
206 to start the DHCP client in background.
207 This can cause trouble with applications depending on
208 a working network, but it will provide a faster startup
217 .It Va dhcrelay_enable
230 If the kernel was not built with
234 kernel module will be loaded.
238 .Va ipfilter_enable .
243 ruleset definition file.
254 these are the flags to pass to
256 when loading the ruleset.
263 which logs packets from
271 this specifies the path of the log file.
282 these are the flags to pass to
284 .It Va firewall_enable
288 to load firewall rules at startup.
289 If the kernel was not built with
290 .Cd "options IPFIREWALL" ,
293 kernel module will be loaded.
297 .Va ipfilter_enable .
298 .It Va ipv6_firewall_enable
300 The IPv6 equivalent of
301 .Va firewall_enable .
304 to load IPv6 firewall rules at startup.
305 If the kernel was not built with
306 .Cd "options IPV6FIREWALL" ,
309 kernel module will be loaded.
310 .It Va firewall_script
312 This variable specifies the full path to the firewall script to run.
314 .Pa /etc/rc.firewall .
315 .It Va ipv6_firewall_script
317 The IPv6 equivalent of
318 .Va firewall_script .
321 Names the firewall type from the selection in
322 .Pa /etc/rc.firewall ,
323 or the file which contains the local firewall ruleset.
324 Valid selections from
328 .Bl -tag -width ".Li simple" -compact
330 unrestricted IP access
332 all IP services disabled, except via
335 basic protection for a workstation on a LAN
341 If a filename is specified, the full path
343 .It Va firewall_trusted_nets
345 List of trusted networks (if
349 .It Va firewall_trusted_interfaces
351 List of trusted network interfaces (if
355 .It Va firewall_allowed_icmp_types
357 List of allowed ICMP types (if
361 .It Va firewall_open_tcp_ports
363 List of TCP ports to open (if
367 .It Va firewall_open_udp_ports
369 List of UDP ports to open (if
373 .It Va ipv6_firewall_type
375 The IPv6 equivalent of
377 .It Va firewall_quiet
381 to disable the display of firewall rules on the console during boot.
382 .It Va ipv6_firewall_quiet
384 The IPv6 equivalent of
386 .It Va firewall_logging
390 to enable firewall event logging.
391 This is equivalent to the
392 .Dv IPFIREWALL_VERBOSE
394 .It Va ipv6_firewall_logging
396 The IPv6 equivalent of
397 .Va firewall_logging .
398 .It Va firewall_flags
404 specifies a filename.
405 .It Va ipv6_firewall_flags
407 The IPv6 equivalent of
424 sockets must be enabled in the kernel.
425 .It Va natd_interface
427 This is the name of the public interface on which
430 The interface may be given as an interface name or as an IP address.
435 flags should be placed here.
440 flag is automatically added with the above
443 .\" ----- ipfilter_enable setting --------------------------------
444 .It Va ipfilter_enable
455 Typical usage will require putting
457 ipfilter_enable="YES"
475 can be enabled independently.
479 both require at least one of
489 options IPFILTER_DEFAULT_BLOCK
492 in the kernel configuration file is a good idea, too.
496 .Va firewall_enable .
497 .\" ----- ipfilter_program setting ------------------------------
498 .It Va ipfilter_program
504 .\" ----- ipfilter_rules setting --------------------------------
505 .It Va ipfilter_rules
510 This variable contains the name of the filter rule definition file.
511 The file is expected to be readable for the
514 .\" ----- ipv6_ipfilter_rules setting ---------------------------
515 .It Va ipv6_ipfilter_rules
520 This variable contains the IPv6 filter rule definition file.
521 The file is expected to be readable for the
524 .\" ----- ipfilter_flags setting --------------------------------
525 .It Va ipfilter_flags
528 This variable contains flags passed to the
531 .\" ----- ipnat_enable setting ----------------------------------
541 network address translation.
544 for a detailed discussion.
545 .\" ----- ipnat_program setting ---------------------------------
552 .\" ----- ipnat_rules setting -----------------------------------
558 This variable contains the name of the file
559 holding the network address translation definition.
560 This file is expected to be readable for the
563 .\" ----- ipnat_flags setting -----------------------------------
567 This variable contains flags passed to the
570 .\" ----- ipmon_enable setting ----------------------------------
585 Setting this variable needs setting
592 for a detailed discussion.
593 .\" ----- ipmon_program setting ---------------------------------
600 .\" ----- ipmon_flags setting -----------------------------------
606 This variable contains flags passed to the
609 Another typical example would be
610 .Dq Fl D Pa /var/log/ipflog
613 log directly to a file bypassing
616 .Pa /etc/newsyslog.conf
617 in such case like this:
619 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
621 .\" ----- ipfs_enable setting -----------------------------------
631 saving the filter and NAT state tables during shutdown
632 and reloading them during startup again.
633 Setting this variable needs setting
642 for a detailed discussion.
648 because the raised securelevel will prevent
650 from saving the state tables at shutdown time.
651 .\" ----- ipfs_program setting ----------------------------------
658 .\" ----- ipfs_flags setting ------------------------------------
662 This variable contains flags passed to the
665 .\" ----- end of added ipf hook ---------------------------------
666 .It Va tcp_extensions
673 disables certain TCP options as described by
679 might help remedy such problems with connections as randomly hanging
680 or other weird behavior.
681 Some network devices are known
682 to be broken with respect to these options.
689 .Va net.inet.tcp.log_in_vain
691 .Va net.inet.udp.log_in_vain ,
696 are set to the given value.
704 will disable probing idle TCP connections to verify that the
705 peer is still up and reachable.
706 .It Va tcp_drop_synfin
713 will cause the kernel to ignore TCP frames that have both
714 the SYN and FIN flags set.
715 This prevents OS fingerprinting, but may
716 break some legitimate applications.
717 This option is only available if the
718 kernel was built with the
721 .It Va icmp_drop_redirect
728 will cause the kernel to ignore ICMP REDIRECT packets.
731 for more information.
732 .It Va icmp_log_redirect
739 will cause the kernel to log ICMP REDIRECT packets.
741 the log messages are not rate-limited, so this option should only be used
742 for troubleshooting networks.
745 for more information.
746 .It Va icmp_bmcastecho
750 to respond to broadcast or multicast ICMP ping packets.
753 for more information.
754 .It Va ip_portrange_first
758 this is the first port in the default portrange.
761 for more information.
762 .It Va ip_portrange_last
766 this is the last port in the default portrange.
769 for more information.
770 .It Va network_interfaces
772 Set to the list of network interfaces to configure on this host.
773 For example, if the only network devices in the system are the loopback
782 .Va ifconfig_ Ns Aq Ar interface
783 variable is also assumed to exist for each value of
785 It is also possible to add IP alias entries here in cases where
786 multiple IP addresses registered against a single interface
788 Assuming that the interface in question was
793 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
794 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
799 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
801 its contents are passed to
803 Execution stops at the first unsuccessful access, so if
804 something like this is present:
806 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
807 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
808 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
809 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
812 Then note that alias4 would
814 be added since the search would
815 stop with the missing alias3 entry.
818 .Pa /etc/start_if. Ns Aq Ar interface
819 file is present, it is read and executed by the
822 before configuring the interface as specified in the
823 .Va ifconfig_ Ns Aq Ar interface
825 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
828 It is possible to bring up an interface with DHCP by setting the
829 .Va ifconfig_ Ns Aq Ar interface
832 For instance, to initialize the
835 it is possible to use something like:
839 .It Va ipv6_network_interfaces
841 This is the IPv6 equivalent of
842 .Va network_interfaces .
843 Instead of setting the ifconfig variables as
844 .Va ifconfig_ Ns Aq Ar interface
845 they should be set as
846 .Va ipv6_ifconfig_ Ns Aq Ar interface .
847 Aliases should be set as
848 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
849 .Va ipv6_prefix_ Ns Aq Ar interface
851 Interfaces that do not have a
852 .Va ipv6_ifconfig_ Ns Aq Ar interface
853 setting will be auto configured by
856 .Va ipv6_gateway_enable
859 Note that the IPv6 networking code does not support the
860 .Pa /etc/start_if. Ns Aq Ar interface
862 .It Va ipv6_default_interface
866 this is the default output interface for scoped addresses.
867 Now this works only for IPv6 link local multicast addresses.
868 .It Va cloned_interfaces
870 Set to the list of clonable network interfaces to create on this host.
872 .Va cloned_interfaces
873 are automatically appended to
874 .Va network_interfaces
876 .It Va gif_interfaces
880 tunnel interfaces to configure on this host.
882 .Va gifconfig_ Ns Aq Ar interface
883 variable is assumed to exist for each value of
885 The value of this variable is used to configure the link layer of the
886 tunnel according to the syntax of the
890 Additionally, this option ensures that each listed interface is created
895 before attempting to configure it.
896 .It Va sppp_interfaces
900 interfaces to configure on this host.
902 .Va spppconfig_ Ns Aq Ar interface
903 variable is assumed to exist for each value of
905 Each interface should also be configured by a general
906 .Va ifconfig_ Ns Aq Ar interface
910 for more information about available options.
920 Mode in which to run the
929 See the manual for a full description.
934 enables network address translation.
935 Used in conjunction with
937 allows hosts on private network addresses access to the Internet using
938 this host as a network address translating router.
941 The name of the profile to use from
942 .Pa /etc/ppp/ppp.conf .
945 The name of the user under which
955 This option is used to specify a list of files that will override
957 .Pa /etc/defaults/rc.conf .
958 The files will be read in the order in which they are specified and should
959 include the full path to the file.
960 By default, the files specified are
963 .Pa /etc/rc.conf.local
971 flag if the initial preen
972 of the file systems fails.
975 List of file system types that are network-based.
976 This list should generally not be modified by end users.
978 .Va extra_netfs_types
980 .It Va extra_netfs_types
982 If set to something other than
985 this variable extends the list of file system types
986 for which automatic mounting at startup by
988 should be delayed until the network is initialized.
990 a whitespace-separated list of network file system descriptor pairs,
991 each consisting of a file system type as passed to
993 and a human-readable, one-word description,
996 Extending the default list in this way is only necessary
997 when third party file system types are used.
998 .It Va syslogd_enable
1005 .It Va syslogd_program
1010 .Pa /usr/sbin/syslogd ) .
1011 .It Va syslogd_flags
1017 these are the flags to pass to
1026 .It Va inetd_program
1031 .Pa /usr/sbin/inetd ) .
1038 these are the flags to pass to
1047 .It Va named_program
1052 .Pa /usr/sbin/named ) .
1059 these are the flags to pass to
1061 .It Va named_pidfile
1063 This is the default path to the
1066 Change it if you change the location in
1067 .Pa /etc/namedb/named.conf .
1068 .It Va named_chrootdir
1070 The root directory for a name server run in a
1075 will not be run in a
1078 .It Va kerberos5_server_enable
1082 to start a Kerberos 5 authentication server
1084 .It Va kerberos5_server_program
1087 .Va kerberos5_server_enable
1090 this is the path to Kerberos 5 Authentication Server.
1091 .It Va kadmind5_server_enable
1097 the Kerberos 5 Administration Daemon; set to
1100 .It Va kadmind5_server_program
1103 .Va kadmind5_server_enable
1106 this is the path to Kerberos 5 Administration Daemon.
1107 .It Va kpasswdd_server_enable
1113 the Kerberos 5 Password-Changing Daemon; set to
1116 .It Va kpasswdd_server_program
1119 .Va kpasswdd_server_enable
1122 this is the path to Kerberos 5 Password-Changing Daemon.
1129 daemon at boot time.
1136 these are the flags to pass to it.
1143 daemon at boot time.
1150 these are the flags to pass to it.
1153 manpage for more information.
1154 .It Va amd_map_program
1157 the specified program is run to get the list of
1162 maps are stored in NIS, one can set this to
1175 will be updated at boot time to reflect the kernel release
1180 will not be updated.
1181 .It Va nfs_client_enable
1185 run the NFS client daemons at boot time.
1186 .It Va nfs_client_flags
1189 .Va nfs_client_enable
1192 these are the flags to pass to the
1195 .It Va nfs_access_cache
1198 .Va nfs_client_enable
1203 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1205 results should be cached.
1206 A value of 2-10 seconds will substantially reduce network traffic for
1207 many NFS operations. The default is 5 seconds. Note that the attribute
1208 cache holds stat information only. The NFS data cache is independent
1209 of the attribute cache and is only invalidated when the client detects that
1210 the server has modified the underlying file. This value specifies a
1211 maximum timeout. The NFS client will automatically use a shorter timeout
1212 for files which have been recently modified.
1213 .It Va nfs_neg_cache
1216 .Va nfs_client_enable
1221 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existent
1222 filenames), or to the number of seconds for which negative lookups should
1224 A value of 2-10 seconds will substantially reduce network
1225 traffic for many NFS operations, especially source code builds. The
1226 default is 3 seconds.
1227 .It Va nfs_server_enable
1231 run the NFS server daemons at boot time.
1232 .It Va nfs_server_flags
1235 .Va nfs_server_enable
1238 these are the flags to pass to the
1241 .It Va mountd_enable
1246 .Va nfs_server_enable
1252 It is commonly needed to run CFS without real NFS used.
1259 these are the flags to pass to the
1262 .It Va weak_mountd_authentication
1266 allow services like PCNFSD to make non-privileged mount
1268 .It Va nfs_reserved_port_only
1272 provide NFS services only on a secure port.
1273 .It Va nfs_bufpackets
1275 If set to a number, indicates the number of packets worth of
1276 socket buffer space to reserve on an NFS client.
1277 The kernel default is typically 4.
1278 Using a higher number may be
1279 useful on gigabit networks to improve performance.
1280 The minimum value is
1281 2 and the maximum is 64.
1282 .It Va rpc_umntall_enable
1286 (default) and we are also an NFS client, run
1288 at boot time to clear out old mounts on remote servers.
1293 will not be run at boot time.
1294 .It Va rpc_lockd_enable
1298 and also an NFS server, run
1301 .It Va rpc_statd_enable
1305 and also an NFS server, run
1308 .It Va rpcbind_program
1313 .Pa /usr/sbin/rpcbind ) .
1314 .It Va rpcbind_enable
1320 service at boot time.
1321 .It Va rpcbind_flags
1327 these are the flags to pass to the
1330 .It Va keyserv_enable
1336 daemon on boot for running Secure RPC.
1337 .It Va keyserv_flags
1343 these are the flags to pass to
1346 .It Va pppoed_enable
1352 daemon at boot time to provide PPP over Ethernet services.
1353 .It Va pppoed_provider
1356 listens to requests to this provider and ultimately runs
1360 argument of the same name.
1363 Additional flags to pass to
1365 .It Va pppoed_interface
1367 The network interface to run
1370 This is mandatory when
1380 service at boot time.
1381 This command is intended for networks of
1382 machines where a consistent
1384 for all hosts must be established.
1385 This is often useful in large NFS
1386 environments where time stamps on files are expected to be consistent
1394 these are the flags to pass to the
1403 command at boot time.
1409 .Pa /usr/sbin/ntpd ) .
1416 these are the flags to pass to the
1420 by default which sets the time immediately at startup if the
1421 local clock is off by more than 180 seconds. To prevent
1423 from doing this, set
1433 at system boot time.
1434 .It Va dntpd_program
1439 .Pa /usr/sbin/dntpd ) .
1446 these are the flags to pass to the
1449 .It Va nis_client_enable
1455 service at system boot time.
1456 .It Va nis_client_flags
1459 .Va nis_client_enable
1462 these are the flags to pass to the
1465 .It Va nis_ypset_enable
1471 daemon at system boot time.
1472 .It Va nis_ypset_flags
1475 .Va nis_ypset_enable
1478 these are the flags to pass to the
1481 .It Va nis_server_enable
1487 daemon at system boot time.
1488 .It Va nis_server_flags
1491 .Va nis_server_enable
1494 these are the flags to pass to the
1497 .It Va nis_ypxfrd_enable
1503 daemon at system boot time.
1504 .It Va nis_ypxfrd_flags
1507 .Va nis_ypxfrd_enable
1510 these are the flags to pass to the
1513 .It Va nis_yppasswdd_enable
1519 daemon at system boot time.
1520 .It Va nis_yppasswdd_flags
1523 .Va nis_yppasswdd_enable
1526 these are the flags to pass to the
1529 .It Va rpc_ypupdated_enable
1535 daemon at system boot time.
1536 .It Va defaultrouter
1540 create a default route to this host name or IP address
1541 (use an IP address if this router is also required to get to the
1543 .It Va ipv6_defaultrouter
1545 The IPv6 equivalent of
1547 .It Va static_routes
1549 Set to the list of static routes that are to be added at system
1553 then for each whitespace separated
1556 .Va route_ Ns Aq Ar element
1557 variable is assumed to exist
1558 whose contents will later be passed to a
1561 .It Va ipv6_static_routes
1563 The IPv6 equivalent of
1567 then for each whitespace separated
1570 .Va ipv6_route_ Ns Aq Ar element
1571 variable is assumed to exist
1572 whose contents will later be passed to a
1573 .Dq Nm route Cm add Fl inet6
1575 .It Va gateway_enable
1579 configure host to act as an IP router, e.g. to forward packets
1581 .It Va ipv6_gateway_enable
1583 The IPv6 equivalent of
1584 .Va gateway_enable .
1585 .It Va router_enable
1589 run a routing daemon of some sort, based on the
1594 .It Va ipv6_router_enable
1596 The IPv6 equivalent of
1600 run a routing daemon of some sort, based on the
1602 .Va ipv6_router_program
1604 .Va ipv6_router_flags .
1605 .It Va router_program
1611 this is the name of the routing daemon to use.
1612 .It Va ipv6_router_program
1614 The IPv6 equivalent of
1615 .Va router_program .
1622 these are the flags to pass to the routing daemon.
1623 .It Va ipv6_router_flags
1625 The IPv6 equivalent of
1627 .It Va mrouted_enable
1631 run the multicast routing daemon,
1633 .It Va mroute6d_enable
1635 The IPv6 equivalent of
1636 .Va mrouted_enable .
1639 run the IPv6 multicast routing daemon.
1640 Note that no IPv6 multicast routing daemon is included in the
1644 can be installed from the
1647 .It Va mrouted_flags
1653 these are the flags to pass to the
1656 .It Va mroute6d_flags
1658 The IPv6 equivalent of
1664 these are the flags passed to the IPv6 multicast routing daemon.
1665 .It Va mroute6d_program
1671 this is the path to the IPv6 multicast routing daemon.
1672 .It Va rtadvd_enable
1678 daemon at boot time.
1681 .Va ipv6_gateway_enable
1686 utility sends router advertisement packets to the interfaces specified in
1687 .Va rtadvd_interfaces .
1689 and should only be enabled with great care.
1690 You may want to fine-tune
1692 .It Va rtadvd_interfaces
1698 this is the list of interfaces to use.
1699 .It Va ipxgateway_enable
1703 enable the routing of IPX traffic.
1704 .It Va ipxrouted_enable
1710 daemon at system boot time.
1711 .It Va ipxrouted_flags
1714 .Va ipxrouted_enable
1717 these are the flags to pass to the
1724 enable global proxy ARP.
1725 .It Va forward_sourceroute
1733 source-routed packets are forwarded.
1734 .It Va accept_sourceroute
1738 the system will accept source-routed packets directed at it.
1745 daemon at system boot time.
1752 these are the flags to pass to the
1755 .It Va bootparamd_enable
1761 daemon at system boot time.
1762 .It Va bootparamd_flags
1765 .Va bootparamd_enable
1768 these are the flags to pass to the
1771 .It Va stf_interface_ipv4addr
1775 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
1777 Specify this entry to enable the 6to4 interface.
1778 .It Va stf_interface_ipv4plen
1780 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1781 An effective value is 0-31.
1782 .It Va stf_interface_ipv6_ifid
1784 IPv6 interface ID for
1788 .It Va stf_interface_ipv6_slaid
1790 IPv6 Site Level Aggregator for
1792 .It Va ipv6_faith_prefix
1796 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
1801 .It Va ipv6_ipv4mapping
1805 this enables IPv4 mapped IPv6 address communication (like
1806 .Li ::ffff:a.b.c.d ) .
1811 to enable the configuration of ATM interfaces at system boot time.
1812 For all of the ATM variables described below, please refer to the
1814 man page for further details on the available command parameters.
1815 Also refer to the files in
1816 .Pa /usr/share/examples/atm
1817 for more detailed configuration information.
1820 This is a list of physical ATM interface drivers to load. Typical values are
1824 .It Va atm_netif_ Ns Aq Ar intf
1826 For the ATM physical interface
1828 this variable defines the name prefix and count for the ATM network
1829 interfaces to be created.
1830 The value will be passed as the parameters of an
1831 .Dq Nm atm Cm "set netif" Ar intf
1833 .It Va atm_sigmgr_ Ns Aq Ar intf
1835 For the ATM physical interface
1837 this variable defines the ATM signalling manager to be used.
1838 The value will be passed as the parameters of an
1839 .Dq Nm atm Cm attach Ar intf
1841 .It Va atm_prefix_ Ns Aq Ar intf
1843 For the ATM physical interface
1845 this variable defines the NSAP prefix for interfaces using a UNI signalling
1849 the prefix will automatically be set via the
1852 Otherwise, the value will be passed as the parameters of an
1853 .Dq Nm atm Cm "set prefix" Ar intf
1855 .It Va atm_macaddr_ Ns Aq Ar intf
1857 For the ATM physical interface
1859 this variable defines the MAC address for interfaces using a UNI signalling
1863 the hardware MAC address contained in the ATM interface card will be used.
1864 Otherwise, the value will be passed as the parameters of an
1865 .Dq Nm atm Cm "set mac" Ar intf
1867 .It Va atm_arpserver_ Ns Aq Ar netif
1869 For the ATM network interface
1871 this variable defines the ATM address for a host which is to provide ATMARP
1873 This variable is only applicable to interfaces using a UNI signalling
1877 this host will become an ATMARP server.
1878 The value will be passed as the parameters of an
1879 .Dq Nm atm Cm "set arpserver" Ar netif
1881 .It Va atm_scsparp_ Ns Aq Ar netif
1885 SCSP/ATMARP service for the network interface
1887 will be initiated using the
1892 This variable is only applicable if
1893 .Va atm_arpserver_ Ns Aq Ar netif
1898 Set to the list of ATM PVCs to be added at system
1900 For each whitespace separated
1903 .Va atm_pvc_ Ns Aq Ar element
1904 variable is assumed to exist.
1905 The value of each of these variables
1906 will be passed as the parameters of an
1907 .Dq Nm atm Cm "add pvc"
1911 Set to the list of permanent ATM ARP entries to be added
1912 at system boot time.
1913 For each whitespace separated
1916 .Va atm_arp_ Ns Aq Ar element
1917 variable is assumed to exist.
1918 The value of each of these variables
1919 will be passed as the parameters of an
1920 .Dq Nm atm Cm "add arp"
1922 .It Va natm_interfaces
1926 interfaces that will also be used for HARP through
1928 If this list is not empty all interfaces in the list will be brought up
1934 For this to work the interface drivers must be either compiled into the
1935 kernel or must reside on the root partition.
1938 The keyboard bell sound.
1945 if the default behavior is desired.
1946 For details, refer to the
1953 no keymap is installed, otherwise the value is used to install
1955 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1958 The keyboard repeat speed.
1965 if the default behavior is desired.
1970 attempt to program the function keys with the value.
1972 be a single string of the form:
1973 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
1976 Can be set to the value of
1979 .Dq Li destructive ,
1982 to set the cursor behavior explicitly or choose the default behavior.
1987 no screen map is installed, otherwise the value is used to install
1988 the screen map file in
1989 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
1994 the default 8x16 font value is used for screen size requests, otherwise
1996 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2002 the default 8x14 font value is used for screen size requests, otherwise
2004 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2010 the default 8x8 font value is used for screen size requests, otherwise
2012 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2018 the default screen blanking interval is used, otherwise it is set
2026 this is the actual screen saver to use
2027 .Li ( blank , snake , daemon ,
2029 .It Va moused_enable
2035 daemon is started for doing cut/paste selection on the console.
2038 This is the protocol type of the mouse connected to this host.
2039 This variable must be set if
2046 is able to detect the appropriate mouse type automatically in many cases.
2047 Set this variable to
2049 to let the daemon detect it, or
2050 select one from the following list if the automatic detection fails.
2052 If the mouse is attached to the PS/2 mouse port, choose
2056 regardless of the brand and model of the mouse.
2058 mouse is attached to the bus mouse port, choose
2062 All other protocols are for serial mice and will not work with
2063 the PS/2 and bus mice.
2064 If this is a USB mouse,
2066 is the only protocol type which will work.
2068 .Bl -tag -width ".Li x10mouseremote" -compact
2070 Microsoft mouse (serial)
2072 Microsoft IntelliMouse (serial)
2074 Mouse systems Corp. mouse (serial)
2076 MM Series mouse (serial)
2078 Logitech mouse (serial)
2082 Logitech MouseMan and TrackMan (serial)
2084 ALPS GlidePoint (serial)
2085 .It Li thinkingmouse
2086 Kensington ThinkingMouse (serial)
2090 MM HitTablet (serial)
2091 .It Li x10mouseremote
2092 X10 MouseRemote (serial)
2094 Interlink VersaPad (serial)
2097 Even if the mouse is not in the above list, it may be compatible
2098 with one in the list.
2099 Refer to the man page for
2101 for compatibility information.
2103 It should also be noted that while this is enabled, any
2104 other client of the mouse (such as an X server) should access
2105 the mouse through the virtual mouse device,
2107 and configure it as a
2109 type mouse, since all
2110 mouse data is converted to this single canonical format when
2113 If the client program does not support the
2119 It is the second preferred type.
2126 this is the actual port the mouse is on.
2129 for a COM1 serial mouse,
2133 for a bus mouse, for example.
2138 is set, these are the additional flags to pass to the
2141 .It Va mousechar_start
2145 the default mouse cursor character range
2146 .Li 0xd0 Ns - Ns Li 0xd3
2148 otherwise the range start is set
2153 Use if the default range is occupied in the language code table.
2156 Set the size of the history (scrollback) buffer in lines.
2157 .It Va allscreens_flags
2161 is run with these options for each of the virtual terminals
2165 will enable the mouse pointer on all virtual terminals
2170 .It Va allscreens_kbdflags
2174 is run with these options for each of the virtual terminals
2180 scrollback (history) buffer to 200 lines.
2187 daemon at system boot time.
2193 .Pa /usr/sbin/cron ) .
2200 these are the flags to pass to
2207 .Pa /usr/sbin/lpd ) .
2214 daemon at system boot time.
2221 these are the flags to pass to the
2230 settings across reboots.
2231 .It Va mta_start_script
2233 This variable specifies the full path to the script to run to start
2234 a mail transfer agent.
2236 .Pa /etc/rc.sendmail .
2240 .Pa /etc/rc.sendmail
2241 uses are documented in the
2246 Indicates the device (usually a swap partition) to which a crash dump
2247 should be written in the event of a system crash.
2248 The value of this variable is passed as the argument to
2250 To disable crash dumps, set this variable to
2254 When the system reboots after a crash and a crash dump is found on the
2255 device specified by the
2259 will save that crash dump and a copy of the kernel to the directory
2263 The default value is
2272 .It Va savecore_flags
2274 If crash dumps are enabled, these are the flags to pass to the
2277 .It Va enable_quotas
2281 to turn on user disk quotas on system startup via the
2288 to enable user disk quota checking via the
2291 .It Va accounting_enable
2295 to enable system accounting through the
2302 to enable Linux/ELF binary emulation at system initial
2304 .It Va sysvipc_enable
2308 load System V IPC primitives at boot time.
2309 .\" ----- cleanvar_enable setting--------------------------------
2310 .It Va cleanvar_enable
2318 .Pa /var/spool/uucp/.Temp/*
2320 .\" ----- clear_tmp_enable setting-------------------------------
2321 .It Va clear_tmp_enable
2328 .\" ----- ldconfig_paths setting --------------------------------
2329 .It Va ldconfig_paths
2331 Set to the list of shared library paths to use with
2335 will always be added first, so it need not appear in this list.
2336 .It Va ldconfig_insecure
2340 utility normally refuses to use directories
2341 which are writable by anyone except root.
2342 Set this variable to
2344 to disable that security check during system startup.
2345 .It Va kern_securelevel
2347 The kernel security level to set at startup.
2348 The allowed range of
2350 ranges from \-1 (the compile time default) to 3 (the
2354 for the list of possible security levels and their effect
2355 on system operation.
2360 to enable Low Watermark Mandatory Access Control (LOMAC) at boot time.
2361 This security model enforces integrity constraints for system processes;
2364 for a complete description of the LOMAC model, as well as its impact
2365 on system operation.
2372 at system boot time.
2379 at system boot time.
2382 Path to the SSH server program
2383 .Pa ( /usr/sbin/sshd
2391 these are the flags to pass to the
2400 at system boot time.
2407 these are the flags to pass to the
2416 daemon at boot time.
2423 these are the flags passed to
2426 .It Va watchdogd_enable
2432 daemon at boot time.
2433 This requires that the kernel have been compiled with
2434 .Cd "options WATCHDOG" .
2439 any configured jails will not be started.
2442 A space separated list of names for jails.
2443 This is purely a configuration aid to help identify and
2444 configure multiple jails.
2445 The names specified in this list will be used to
2446 identify settings common to an instance of a jail.
2447 Assuming that the jail in question was named
2449 you would have the following dependent variables:
2451 jail_vjail_hostname="jail.example.com"
2452 jail_vjail_ip="192.168.1.100"
2453 jail_vjail_rootdir="/var/jails/vjail/root"
2454 jail_vjail_exec="/bin/sh /etc/rc"
2457 The last one is optional.
2461 .It Va jail_set_hostname_allow
2465 do not allow the root user in a jail to set its hostname.
2466 .It Va jail_socket_unixiproute_only
2470 do not allow any protocol,
2472 to be used within a jail.
2473 .It Va jail_sysvipc_allow
2477 allow applications within a jail to use System V IPC.
2478 .It Va resident_enable
2482 make the dynamic binaries listed in
2483 .Pa /etc/resident.conf
2485 .It Va varsym_enable
2490 .Pa /etc/varsym.conf
2491 to set system-wide variables for variant symlinks.
2496 or a whitespace separated list of IRQ numbers which will be used as a source of
2498 .\" ----- isdn settings ---------------------------------
2509 at system boot time.
2513 .Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
2515 Additional flags to pass to
2521 for certain tunable parameters).
2527 The terminal type of the output device when
2529 operates in full-screen mode.
2530 .It Va isdn_screenflags
2535 The video mode for full-screen mode (only for
2545 The output device for
2547 in full-screen mode (or
2557 enables the ISDN protocol trace utility
2559 at system boot time.
2560 .It Va isdn_traceflags
2563 .Dq Fl f Pa /var/tmp/isdntrace0
2567 .\" -----------------------------------------------------
2572 to disable caching entropy via
2574 Otherwise set to the directory used to store entropy files in.
2579 to disable caching entropy through reboots.
2580 Otherwise set to the filename used to store cached entropy through
2582 This file should be located on the root file system to seed the
2584 device as early as possible in the boot process.
2585 .It Va entropy_save_sz
2587 Size of the entropy cache files saved by
2590 .It Va entropy_save_num
2592 Number of entropy cache files to save by
2606 Configuration file for
2615 .Pa /var/run/dmesg.boot
2617 .It Va rcshutdown_timeout
2619 If set, start a watchdog timer in the background which will terminate
2623 has not completed within the specified time (in seconds).
2626 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
2627 .It Pa /etc/defaults/rc.conf
2629 .It Pa /etc/rc.conf.local
2647 .Xr resident.conf 5 ,
2707 .An Jordan K. Hubbard .
projects / dragonfly.git / blob