4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
26 .\" $DragonFly: src/share/man/man5/rc.conf.5,v 1.46 2007/10/02 12:57:00 hasso Exp $
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions directly.
46 Instead, it is included by the various generic startup scripts in
48 which conditionalize their
49 internal actions according to the settings found there.
53 file is included from the file
54 .Pa /etc/defaults/rc.conf ,
55 which specifies the default settings for all the available options.
56 Options need only be specified in
58 when the system administrator wishes to override these defaults.
60 .Pa /etc/rc.conf.local
61 is used to override settings in
63 for historical reasons.
68 The following list provides a name and short description for each
69 variable that can be set in the
72 .Bl -tag -width indent-two
77 enable output of debug messages from rc scripts.
78 This variable can be helpful in diagnosing mistakes when
79 editing or integrating new scripts.
80 Beware that this produces copious output to the terminal and
86 disable informational messages from the rc scripts.
87 Informational messages are displayed when
88 a condition that is not serious enough to warrant a warning or an error occurs.
93 no swapfile is installed, otherwise the value is used as the full
94 pathname to a file to use for additional swap space.
99 enable support for Automatic Power Management with the
106 to handle APM event from userland.
107 This also enables support for APM.
114 these are the flags to pass to the
120 to monitor the status of batteries present in the system.
121 This also enables support for APM.
128 these are the flags to pass to the
131 .It Va sensorsd_enable
140 a sensors monitoring and logging daemon.
141 .It Va sensorsd_flags
144 This variable contains additional flags passed to the
147 .It Va pccard_ifconfig
149 List of arguments to be passed to
151 at boot time or on insertion of the card (e.g.\&
152 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
153 for a fixed address or
156 .It Va pccard_ether_delay
158 Set the delay before starting
161 .Pa /etc/pccard_ether
163 This defaults to 5 seconds to work around a bug in the
165 driver which can lead to system hangs when using some newer
168 .It Va removable_interfaces
170 List of removable network interfaces to be supported by
171 .Pa /etc/pccard_ether .
174 List of directories to search for startup script files.
175 .It Va script_name_sep
177 The field separator to use for breaking down the list of startup script files
178 into individual filenames.
179 The default is a space.
180 It is not necessary to change this unless there are startup scripts with names
182 .It Va hostapd_enable
191 The fully qualified domain name (FQDN) of this host on the network.
192 This should almost certainly be set to something meaningful, even if
193 there is no network connection.
196 is used to set the hostname via DHCP,
197 this variable should be set to an empty string.
200 Enable support for IPv6 networking.
201 Note that this requires that the kernel have been compiled with
202 .Cd "options INET6" .
205 The NIS domain name of this host, or
208 .It Va dhclient_program
210 Path to the DHCP client program
211 .Pa ( /sbin/dhclient ,
212 the ISC DHCP client, is the default).
213 .It Va dhclient_flags
215 Additional flags to pass to the DHCP client program.
216 For the ISC DHCP client, see the
218 manpage for a description of the command line options available.
219 .\".It Va background_dhclient
223 .\"to start the DHCP client in background.
224 .\"This can cause trouble with applications depending on
225 .\"a working network, but it will provide a faster startup in many cases.
233 .It Va dhcrelay_enable
246 If the kernel was not built with
250 kernel module will be loaded.
254 .Va ipfilter_enable .
259 ruleset definition file.
270 these are the flags to pass to
272 when loading the ruleset.
279 which logs packets from
287 this specifies the path of the log file.
298 these are the flags to pass to
300 .It Va firewall_enable
304 to load firewall rules at startup.
305 If the kernel was not built with
306 .Cd "options IPFIREWALL" ,
309 kernel module will be loaded.
313 .Va ipfilter_enable .
314 .It Va ipv6_firewall_enable
316 The IPv6 equivalent of
317 .Va firewall_enable .
320 to load IPv6 firewall rules at startup.
321 If the kernel was not built with
322 .Cd "options IPV6FIREWALL" ,
325 kernel module will be loaded.
326 .It Va firewall_script
328 This variable specifies the full path to the firewall script to run.
330 .Pa /etc/rc.firewall .
331 .It Va ipv6_firewall_script
333 The IPv6 equivalent of
334 .Va firewall_script .
337 Names the firewall type from the selection in
338 .Pa /etc/rc.firewall ,
339 or the file which contains the local firewall ruleset.
340 Valid selections from
344 .Bl -tag -width ".Li simple" -compact
346 unrestricted IP access
348 all IP services disabled, except via
351 basic protection for a workstation on a LAN
357 If a filename is specified, the full path must be given.
358 .It Va firewall_trusted_nets
360 List of trusted networks (if
364 .It Va firewall_trusted_interfaces
366 List of trusted network interfaces (if
370 .It Va firewall_allowed_icmp_types
372 List of allowed ICMP types (if
376 .It Va firewall_open_tcp_ports
378 List of TCP ports to open (if
382 .It Va firewall_open_udp_ports
384 List of UDP ports to open (if
388 .It Va ipv6_firewall_type
390 The IPv6 equivalent of
392 .It Va firewall_quiet
396 to disable the display of firewall rules on the console during boot.
397 .It Va ipv6_firewall_quiet
399 The IPv6 equivalent of
401 .It Va firewall_logging
405 to enable firewall event logging.
406 This is equivalent to the
407 .Dv IPFIREWALL_VERBOSE
409 .It Va ipv6_firewall_logging
411 The IPv6 equivalent of
412 .Va firewall_logging .
413 .It Va firewall_flags
419 specifies a filename.
420 .It Va ipv6_firewall_flags
422 The IPv6 equivalent of
439 sockets must be enabled in the kernel.
440 .It Va natd_interface
442 This is the name of the public interface on which
445 The interface may be given as an interface name or as an IP address.
450 flags should be placed here.
455 flag is automatically added with the above
458 .\" ----- ipfilter_enable setting --------------------------------
459 .It Va ipfilter_enable
470 Typical usage will require putting
472 ipfilter_enable="YES"
490 can be enabled independently.
494 both require at least one of
504 options IPFILTER_DEFAULT_BLOCK
507 in the kernel configuration file is a good idea, too.
511 .Va firewall_enable .
512 .\" ----- ipfilter_program setting ------------------------------
513 .It Va ipfilter_program
519 .\" ----- ipfilter_rules setting --------------------------------
520 .It Va ipfilter_rules
525 This variable contains the name of the filter rule definition file.
526 The file is expected to be readable for the
529 .\" ----- ipv6_ipfilter_rules setting ---------------------------
530 .It Va ipv6_ipfilter_rules
535 This variable contains the IPv6 filter rule definition file.
536 The file is expected to be readable for the
539 .\" ----- ipfilter_flags setting --------------------------------
540 .It Va ipfilter_flags
543 This variable contains flags passed to the
546 .\" ----- ipnat_enable setting ----------------------------------
556 network address translation.
559 for a detailed discussion.
560 .\" ----- ipnat_program setting ---------------------------------
567 .\" ----- ipnat_rules setting -----------------------------------
573 This variable contains the name of the file
574 holding the network address translation definition.
575 This file is expected to be readable for the
578 .\" ----- ipnat_flags setting -----------------------------------
582 This variable contains flags passed to the
585 .\" ----- ipmon_enable setting ----------------------------------
600 Setting this variable needs setting
607 for a detailed discussion.
608 .\" ----- ipmon_program setting ---------------------------------
615 .\" ----- ipmon_flags setting -----------------------------------
621 This variable contains flags passed to the
624 Another typical example would be
625 .Dq Fl D Pa /var/log/ipflog
628 log directly to a file bypassing
631 .Pa /etc/newsyslog.conf
632 in such case like this:
634 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
636 .\" ----- ipfs_enable setting -----------------------------------
646 saving the filter and NAT state tables during shutdown
647 and reloading them during startup again.
648 Setting this variable needs setting
657 for a detailed discussion.
662 cannot be used because the raised securelevel will prevent
664 from saving the state tables at shutdown time.
665 .\" ----- ipfs_program setting ----------------------------------
672 .\" ----- ipfs_flags setting ------------------------------------
676 This variable contains flags passed to the
679 .\" ----- end of added ipf hook ---------------------------------
680 .It Va tcp_extensions
687 disables certain TCP options as described by
693 might help remedy such problems with connections as randomly hanging
694 or other weird behavior.
695 Some network devices are known to be broken with respect to these options.
702 .Va net.inet.tcp.log_in_vain
704 .Va net.inet.udp.log_in_vain ,
709 are set to the given value.
717 will disable probing idle TCP connections to verify that the
718 peer is still up and reachable.
719 .It Va tcp_drop_synfin
726 will cause the kernel to ignore TCP frames that have both
727 the SYN and FIN flags set.
728 This prevents OS fingerprinting, but may break some legitimate applications.
729 This option is only available if the kernel was built with the
732 .It Va icmp_drop_redirect
739 will cause the kernel to ignore ICMP REDIRECT packets.
742 for more information.
743 .It Va icmp_log_redirect
750 will cause the kernel to log ICMP REDIRECT packets.
752 the log messages are not rate-limited, so this option should only be used
753 for troubleshooting networks.
756 for more information.
757 .It Va icmp_bmcastecho
761 to respond to broadcast or multicast ICMP ping packets.
764 for more information.
765 .It Va ip_portrange_first
769 this is the first port in the default portrange.
772 for more information.
773 .It Va ip_portrange_last
777 this is the last port in the default portrange.
780 for more information.
781 .It Va network_interfaces
783 Set to the list of network interfaces to configure on this host.
784 For example, if the only network devices in the system are the loopback device
788 driver, this could be set to
791 .Va ifconfig_ Ns Aq Ar interface
792 variable is also assumed to exist for each value of
794 It is also possible to add IP alias entries here in cases where
795 multiple IP addresses registered against a single interface are desired.
796 Assuming that the interface in question was
798 it might look something like this:
800 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
801 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
806 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
807 entry that is found, its contents are passed to
809 Execution stops at the first unsuccessful access, so if
810 something like this is present:
812 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
813 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
814 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
815 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
818 Then note that alias4 would
820 be added since the search would stop with the missing alias3 entry.
823 .Pa /etc/start_if. Ns Aq Ar interface
824 file is present, it is read and executed by the
826 interpreter before configuring the interface as specified in the
827 .Va ifconfig_ Ns Aq Ar interface
829 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
832 It is possible to bring up an interface with DHCP by adding
835 .Va ifconfig_ Ns Aq Ar interface
837 For instance, to initialize the
839 device via DHCP, it is possible to use something like:
844 Also, if your interface needs WPA authentication, it is possible to add
847 .Va ifconfig_ Ns Aq Ar interface
852 options in this variable, in addition to the
853 .Pa /etc/start_if. Ns Aq Ar interface
855 For instance, to initialize the
857 device via DHCP, using WPA authentication and 802.11b mode, it is
858 possible to use something like:
860 ifconfig_wi0="up DHCP WPA mode 11b"
863 It is also possible to rename interface by doing:
865 ifconfig_ed0_name="net0"
866 ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
868 .It Va ipv6_network_interfaces
870 This is the IPv6 equivalent of
871 .Va network_interfaces .
872 Instead of setting the ifconfig variables as
873 .Va ifconfig_ Ns Aq Ar interface
874 they should be set as
875 .Va ipv6_ifconfig_ Ns Aq Ar interface .
876 Aliases should be set as
877 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
878 .Va ipv6_prefix_ Ns Aq Ar interface
880 Interfaces that do not have a
881 .Va ipv6_ifconfig_ Ns Aq Ar interface
882 setting will be auto configured by
885 .Va ipv6_gateway_enable
888 Note that the IPv6 networking code does not support the
889 .Pa /etc/start_if. Ns Aq Ar interface
891 .It Va ipv6_default_interface
895 this is the default output interface for scoped addresses.
896 Now this works only for IPv6 link local multicast addresses.
897 .It Va cloned_interfaces
899 Set to the list of clonable network interfaces to create on this host.
901 .Va cloned_interfaces
902 are automatically appended to
903 .Va network_interfaces
905 .It Va gif_interfaces
909 tunnel interfaces to configure on this host.
911 .Va gifconfig_ Ns Aq Ar interface
912 variable is assumed to exist for each value of
914 The value of this variable is used to configure the link layer of the
915 tunnel according to the syntax of the
919 Additionally, this option ensures that each listed interface is created via the
923 before attempting to configure it.
924 .It Va sppp_interfaces
928 interfaces to configure on this host.
930 .Va spppconfig_ Ns Aq Ar interface
931 variable is assumed to exist for each value of
933 Each interface should also be configured by a general
934 .Va ifconfig_ Ns Aq Ar interface
938 for more information about available options.
948 Mode in which to run the
957 See the manual for a full description.
962 enables network address translation.
963 Used in conjunction with
965 allows hosts on private network addresses access to the Internet using
966 this host as a network address translating router.
969 The name of the profile to use from
970 .Pa /etc/ppp/ppp.conf .
973 The name of the user under which
982 This option is used to specify a list of files that will override
984 .Pa /etc/defaults/rc.conf .
985 The files will be read in the order in which they are specified and should
986 include the full path to the file.
987 By default, the files specified are
990 .Pa /etc/rc.conf.local
998 flag if the initial preen of the file systems fails.
1001 List of file system types that are network-based.
1002 This list should generally not be modified by end users.
1004 .Va extra_netfs_types
1006 .It Va extra_netfs_types
1008 If set to something other than
1010 (the default), this variable extends the list of file system types
1011 for which automatic mounting at startup by
1013 should be delayed until the network is initialized.
1015 a whitespace-separated list of network file system descriptor pairs,
1016 each consisting of a file system type as passed to
1018 and a human-readable, one-word description, joined with a colon
1020 Extending the default list in this way is only necessary
1021 when third party file system types are used.
1022 .It Va syslogd_enable
1029 .It Va syslogd_program
1034 .Pa /usr/sbin/syslogd ) .
1035 .It Va syslogd_flags
1041 these are the flags to pass to
1050 .It Va inetd_program
1055 .Pa /usr/sbin/inetd ) .
1062 these are the flags to pass to
1071 .It Va named_program
1076 .Pa /usr/sbin/named ) .
1083 these are the flags to pass to
1085 .It Va named_pidfile
1087 This is the default path to the
1090 Change it if you change the location in
1091 .Pa /etc/namedb/named.conf .
1092 .It Va named_chrootdir
1094 The root directory for a name server run in a
1099 will not be run in a
1102 .It Va kerberos5_server_enable
1106 to start a Kerberos 5 authentication server at boot time.
1107 .It Va kerberos5_server_program
1110 .Va kerberos5_server_enable
1113 this is the path to Kerberos 5 Authentication Server.
1114 .It Va kadmind5_server_enable
1120 the Kerberos 5 Administration Daemon; set to
1123 .It Va kadmind5_server_program
1126 .Va kadmind5_server_enable
1129 this is the path to Kerberos 5 Administration Daemon.
1130 .It Va kpasswdd_server_enable
1136 the Kerberos 5 Password-Changing Daemon; set to
1139 .It Va kpasswdd_server_program
1142 .Va kpasswdd_server_enable
1145 this is the path to Kerberos 5 Password-Changing Daemon.
1152 daemon at boot time.
1159 these are the flags to pass to it.
1166 daemon at boot time.
1173 these are the flags to pass to it.
1176 manpage for more information.
1177 .It Va amd_map_program
1179 If set, the specified program is run to get the list of
1184 maps are stored in NIS, one can set this to run
1196 will be updated at boot time to reflect the kernel release being run.
1200 will not be updated.
1201 .It Va nfs_client_enable
1205 run the NFS client daemons at boot time.
1206 .It Va nfs_client_flags
1209 .Va nfs_client_enable
1212 these are the flags to pass to the
1215 .It Va nfs_access_cache
1218 .Va nfs_client_enable
1223 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1224 NFS ACCESS results should be cached.
1225 A value of 2-10 seconds will substantially reduce network traffic for
1226 many NFS operations.
1227 The default is 5 seconds.
1228 Note that the attribute cache holds stat information only.
1229 The NFS data cache is independent of the attribute cache and is only
1230 invalidated when the client detects that the server has modified the
1232 This value specifies a maximum timeout.
1233 The NFS client will automatically use a shorter timeout for files which
1234 have been recently modified.
1235 .It Va nfs_neg_cache
1238 .Va nfs_client_enable
1243 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existent
1244 filenames), or to the number of seconds for which negative lookups should
1246 A value of 2-10 seconds will substantially reduce network
1247 traffic for many NFS operations, especially source code builds.
1248 The default is 3 seconds.
1249 .It Va nfs_server_enable
1253 run the NFS server daemons at boot time.
1254 .It Va nfs_server_flags
1257 .Va nfs_server_enable
1260 these are the flags to pass to the
1263 .It Va mountd_enable
1268 .Va nfs_server_enable
1274 It is commonly needed to run CFS without real NFS used.
1281 these are the flags to pass to the
1284 .It Va weak_mountd_authentication
1288 allow services like PCNFSD to make non-privileged mount requests.
1289 .It Va nfs_reserved_port_only
1293 provide NFS services only on a secure port.
1294 .It Va nfs_bufpackets
1296 If set to a number, indicates the number of packets worth of
1297 socket buffer space to reserve on an NFS client.
1298 The kernel default is typically 4.
1299 Using a higher number may be useful on gigabit networks to improve performance.
1300 The minimum value is 2 and the maximum is 64.
1301 .It Va rpc_umntall_enable
1305 (default) and we are also an NFS client, run
1307 at boot time to clear out old mounts on remote servers.
1312 will not be run at boot time.
1313 .It Va rpc_lockd_enable
1317 and also an NFS server, run
1320 .It Va rpc_statd_enable
1324 and also an NFS server, run
1327 .It Va rpcbind_program
1332 .Pa /usr/sbin/rpcbind ) .
1333 .It Va rpcbind_enable
1339 service at boot time.
1340 .It Va rpcbind_flags
1346 these are the flags to pass to the
1349 .It Va keyserv_enable
1355 daemon on boot for running Secure RPC.
1356 .It Va keyserv_flags
1362 these are the flags to pass to
1365 .It Va pppoed_enable
1371 daemon at boot time to provide PPP over Ethernet services.
1372 .It Va pppoed_provider
1375 listens to requests to this provider and ultimately runs
1379 argument of the same name.
1382 Additional flags to pass to
1384 .It Va pppoed_interface
1386 The network interface to run
1389 This is mandatory when
1399 service at boot time.
1400 This command is intended for networks of machines where a consistent
1402 for all hosts must be established.
1403 This is often useful in large NFS environments where time stamps on
1404 files are expected to be consistent network-wide.
1411 these are the flags to pass to the
1420 command at boot time.
1426 .Pa /usr/sbin/ntpd ) .
1433 these are the flags to pass to the
1438 by default which sets the time immediately at startup if the
1439 local clock is off by more than 180 seconds.
1442 from doing this, set
1452 at system boot time.
1453 .It Va dntpd_program
1458 .Pa /usr/sbin/dntpd ) .
1465 these are the flags to pass to the
1468 .It Va nis_client_enable
1474 service at system boot time.
1475 .It Va nis_client_flags
1478 .Va nis_client_enable
1481 these are the flags to pass to the
1484 .It Va nis_ypset_enable
1490 daemon at system boot time.
1491 .It Va nis_ypset_flags
1494 .Va nis_ypset_enable
1497 these are the flags to pass to the
1500 .It Va nis_server_enable
1506 daemon at system boot time.
1507 .It Va nis_server_flags
1510 .Va nis_server_enable
1513 these are the flags to pass to the
1516 .It Va nis_ypxfrd_enable
1522 daemon at system boot time.
1523 .It Va nis_ypxfrd_flags
1526 .Va nis_ypxfrd_enable
1529 these are the flags to pass to the
1532 .It Va nis_yppasswdd_enable
1538 daemon at system boot time.
1539 .It Va nis_yppasswdd_flags
1542 .Va nis_yppasswdd_enable
1545 these are the flags to pass to the
1548 .It Va rpc_ypupdated_enable
1554 daemon at system boot time.
1555 .It Va defaultrouter
1559 create a default route to this host name or IP address
1560 (use an IP address if this router is also required to get to the
1562 .It Va ipv6_defaultrouter
1564 The IPv6 equivalent of
1566 .It Va static_routes
1568 Set to the list of static routes that are to be added at system boot time.
1571 then for each whitespace separated
1574 .Va route_ Ns Aq Ar element
1575 variable is assumed to exist whose contents will later be passed to a
1578 .It Va ipv6_static_routes
1580 The IPv6 equivalent of
1584 then for each whitespace separated
1587 .Va ipv6_route_ Ns Aq Ar element
1588 variable is assumed to exist whose contents will later be passed to a
1589 .Dq Nm route Cm add Fl inet6
1591 .It Va gateway_enable
1595 configure host to act as an IP router, e.g. to forward packets
1597 .It Va ipv6_gateway_enable
1599 The IPv6 equivalent of
1600 .Va gateway_enable .
1601 .It Va router_enable
1605 run a routing daemon of some sort, based on the settings of
1609 .It Va ipv6_router_enable
1611 The IPv6 equivalent of
1615 run a routing daemon of some sort, based on the settings of
1616 .Va ipv6_router_program
1618 .Va ipv6_router_flags .
1619 .It Va router_program
1625 this is the name of the routing daemon to use.
1626 .It Va ipv6_router_program
1628 The IPv6 equivalent of
1629 .Va router_program .
1636 these are the flags to pass to the routing daemon.
1637 .It Va ipv6_router_flags
1639 The IPv6 equivalent of
1641 .It Va mrouted_enable
1645 run the multicast routing daemon,
1647 .It Va mroute6d_enable
1649 The IPv6 equivalent of
1650 .Va mrouted_enable .
1653 run the IPv6 multicast routing daemon.
1654 Note that no IPv6 multicast routing daemon is included in the
1658 can be installed from the
1661 .It Va mrouted_flags
1667 these are the flags to pass to the
1670 .It Va mroute6d_flags
1672 The IPv6 equivalent of
1678 these are the flags passed to the IPv6 multicast routing daemon.
1679 .It Va mroute6d_program
1685 this is the path to the IPv6 multicast routing daemon.
1686 .It Va rtadvd_enable
1692 daemon at boot time.
1695 .Va ipv6_gateway_enable
1700 utility sends router advertisement packets to the interfaces specified in
1701 .Va rtadvd_interfaces .
1703 and should only be enabled with great care.
1704 You may want to fine-tune
1706 .It Va rtadvd_interfaces
1712 this is the list of interfaces to use.
1713 .It Va rtsold_enable
1719 daemon at boot time.
1722 daemon is used for automatic discovery of non-link local addresses.
1729 these are the flags to pass to the
1732 .It Va ipxgateway_enable
1736 enable the routing of IPX traffic.
1737 .It Va ipxrouted_enable
1743 daemon at system boot time.
1744 .It Va ipxrouted_flags
1747 .Va ipxrouted_enable
1750 these are the flags to pass to the
1757 enable global proxy ARP.
1758 .It Va forward_sourceroute
1766 source-routed packets are forwarded.
1767 .It Va accept_sourceroute
1771 the system will accept source-routed packets directed at it.
1778 daemon at system boot time.
1785 these are the flags to pass to the
1788 .It Va bootparamd_enable
1794 daemon at system boot time.
1795 .It Va bootparamd_flags
1798 .Va bootparamd_enable
1801 these are the flags to pass to the
1804 .It Va stf_interface_ipv4addr
1808 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling interface).
1809 Specify this entry to enable the 6to4 interface.
1810 .It Va stf_interface_ipv4plen
1812 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1813 An effective value is 0-31.
1814 .It Va stf_interface_ipv6_ifid
1816 IPv6 interface ID for
1820 .It Va stf_interface_ipv6_slaid
1822 IPv6 Site Level Aggregator for
1824 .It Va ipv6_faith_prefix
1828 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP translator.
1832 .It Va ipv6_ipv4mapping
1836 this enables IPv4 mapped IPv6 address communication (like
1837 .Li ::ffff:a.b.c.d ) .
1842 to enable the configuration of ATM interfaces at system boot time.
1843 For all of the ATM variables described below, please refer to the
1845 man page for further details on the available command parameters.
1846 Also refer to the files in
1847 .Pa /usr/share/examples/atm
1848 for more detailed configuration information.
1849 .It Va atm_netif_ Ns Aq Ar intf
1851 For the ATM physical interface
1853 this variable defines the name prefix and count for the ATM network
1854 interfaces to be created.
1855 The value will be passed as the parameters of an
1856 .Dq Nm atm Cm "set netif" Ar intf
1858 .It Va atm_sigmgr_ Ns Aq Ar intf
1860 For the ATM physical interface
1862 this variable defines the ATM signalling manager to be used.
1863 The value will be passed as the parameters of an
1864 .Dq Nm atm Cm attach Ar intf
1866 .It Va atm_prefix_ Ns Aq Ar intf
1868 For the ATM physical interface
1870 this variable defines the NSAP prefix for interfaces using a UNI signalling
1874 the prefix will automatically be set via the
1877 Otherwise, the value will be passed as the parameters of an
1878 .Dq Nm atm Cm "set prefix" Ar intf
1880 .It Va atm_macaddr_ Ns Aq Ar intf
1882 For the ATM physical interface
1884 this variable defines the MAC address for interfaces using a UNI signalling
1888 the hardware MAC address contained in the ATM interface card will be used.
1889 Otherwise, the value will be passed as the parameters of an
1890 .Dq Nm atm Cm "set mac" Ar intf
1892 .It Va atm_arpserver_ Ns Aq Ar netif
1894 For the ATM network interface
1896 this variable defines the ATM address for a host which is to provide ATMARP
1898 This variable is only applicable to interfaces using a UNI signalling manager.
1901 this host will become an ATMARP server.
1902 The value will be passed as the parameters of an
1903 .Dq Nm atm Cm "set arpserver" Ar netif
1905 .It Va atm_scsparp_ Ns Aq Ar netif
1909 SCSP/ATMARP service for the network interface
1911 will be initiated using the
1916 This variable is only applicable if
1917 .Va atm_arpserver_ Ns Aq Ar netif
1922 Set to the list of permanent ATM ARP entries to be added at system boot time.
1923 For each whitespace separated
1926 .Va atm_arp_ Ns Aq Ar element
1927 variable is assumed to exist.
1928 The value of each of these variables will be passed as the parameters of an
1929 .Dq Nm atm Cm "add arp"
1933 The keyboard bell sound.
1940 if the default behavior is desired.
1941 For details, refer to the
1948 no keymap is installed, otherwise the value is used to install
1950 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1953 The keyboard repeat speed.
1960 if the default behavior is desired.
1965 attempt to program the function keys with the value.
1966 The value should be a single string of the form:
1967 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
1970 Can be set to the value of
1973 .Dq Li destructive ,
1976 to set the cursor behavior explicitly or choose the default behavior.
1981 no screen map is installed, otherwise the value is used to install
1982 the screen map file in
1983 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
1988 the default 8x16 font value is used for screen size requests, otherwise
1990 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1996 the default 8x14 font value is used for screen size requests, otherwise
1998 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2004 the default 8x8 font value is used for screen size requests, otherwise
2006 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2012 the default screen blanking interval is used, otherwise it is set to
2019 this is the actual screen saver to use
2020 .Li ( blank , snake , daemon ,
2022 .It Va moused_enable
2028 daemon is started for doing cut/paste selection on the console.
2031 This is the protocol type of the mouse connected to this host.
2032 This variable must be set if
2039 is able to detect the appropriate mouse type automatically in many cases.
2040 Set this variable to
2042 to let the daemon detect it, or
2043 select one from the following list if the automatic detection fails.
2045 If the mouse is attached to the PS/2 mouse port, choose
2049 regardless of the brand and model of the mouse.
2050 Likewise, if the mouse is attached to the bus mouse port, choose
2054 All other protocols are for serial mice and will not work with
2055 the PS/2 and bus mice.
2056 If this is a USB mouse,
2058 is the only protocol type which will work.
2060 .Bl -tag -width ".Li x10mouseremote" -compact
2062 Microsoft mouse (serial)
2064 Microsoft IntelliMouse (serial)
2066 Mouse systems Corp. mouse (serial)
2068 MM Series mouse (serial)
2070 Logitech mouse (serial)
2074 Logitech MouseMan and TrackMan (serial)
2076 ALPS GlidePoint (serial)
2077 .It Li thinkingmouse
2078 Kensington ThinkingMouse (serial)
2082 MM HitTablet (serial)
2083 .It Li x10mouseremote
2084 X10 MouseRemote (serial)
2086 Interlink VersaPad (serial)
2089 Even if the mouse is not in the above list, it may be compatible
2090 with one in the list.
2091 Refer to the man page for
2093 for compatibility information.
2095 It should also be noted that while this is enabled, any
2096 other client of the mouse (such as an X server) should access
2097 the mouse through the virtual mouse device,
2099 and configure it as a
2101 type mouse, since all
2102 mouse data is converted to this single canonical format when using
2104 If the client program does not support the
2109 It is the second preferred type.
2116 this is the actual port the mouse is on.
2119 for a COM1 serial mouse,
2123 for a bus mouse, for example.
2128 is set, these are the additional flags to pass to the
2131 .It Va mousechar_start
2135 the default mouse cursor character range
2136 .Li 0xd0 Ns - Ns Li 0xd3
2137 is used, otherwise the range start is set to
2141 Use if the default range is occupied in the language code table.
2144 Set the size of the history (scrollback) buffer in lines.
2145 .It Va allscreens_flags
2149 is run with these options for each of the virtual terminals
2153 will enable the mouse pointer on all virtual terminals if
2157 .It Va allscreens_kbdflags
2161 is run with these options for each of the virtual terminals
2167 scrollback (history) buffer to 200 lines.
2174 daemon at system boot time.
2180 .Pa /usr/sbin/cron ) .
2187 these are the flags to pass to
2194 .Pa /usr/sbin/lpd ) .
2201 daemon at system boot time.
2208 these are the flags to pass to the
2217 settings across reboots.
2218 .It Va mta_start_script
2220 This variable specifies the full path to the script to run to start
2221 a mail transfer agent.
2223 .Pa /etc/rc.sendmail .
2227 .Pa /etc/rc.sendmail
2228 uses are documented in the
2233 Indicates the device (usually a swap partition) to which a crash dump
2234 should be written in the event of a system crash.
2235 The value of this variable is passed as the argument to
2237 To disable crash dumps, set this variable to
2241 When the system reboots after a crash and a crash dump is found on the
2242 device specified by the
2246 will save that crash dump and a copy of the kernel to the directory
2250 The default value is
2259 .It Va savecore_flags
2261 If crash dumps are enabled, these are the flags to pass to the
2264 .It Va enable_quotas
2268 to turn on user disk quotas on system startup via the
2275 to enable user disk quota checking via the
2278 .It Va accounting_enable
2282 to enable system accounting through the
2289 to enable Linux/ELF binary emulation at system initial boot time.
2290 .It Va sysvipc_enable
2294 load System V IPC primitives at boot time.
2295 .\" ----- cleanvar_enable setting--------------------------------
2296 .It Va cleanvar_enable
2304 .Pa /var/spool/uucp/.Temp/*
2306 .\" ----- clear_tmp_enable setting-------------------------------
2307 .It Va clear_tmp_enable
2314 .\" ----- ldconfig_paths setting --------------------------------
2315 .It Va ldconfig_paths
2317 Set to the list of shared library paths to use with
2321 will always be added first, so it need not appear in this list.
2322 .It Va ldconfig_insecure
2326 utility normally refuses to use directories
2327 which are writable by anyone except root.
2328 Set this variable to
2330 to disable that security check during system startup.
2331 .It Va kern_securelevel
2333 The kernel security level to set at startup.
2334 The allowed range of
2336 ranges from \-1 (the compile time default) to 3 (the most secure).
2339 for the list of possible security levels and their effect on system operation.
2346 at system boot time.
2353 at system boot time.
2356 Path to the SSH server program
2357 .Pa ( /usr/sbin/sshd
2365 these are the flags to pass to the
2374 at system boot time.
2381 these are the flags to pass to the
2390 daemon at boot time.
2397 these are the flags passed to
2400 .It Va watchdogd_enable
2406 daemon at boot time.
2407 This requires that the kernel have been compiled with
2408 .Cd "options WATCHDOG" .
2413 any configured jails will not be started.
2416 A space separated list of names for jails.
2417 This is purely a configuration aid to help identify and
2418 configure multiple jails.
2419 The names specified in this list will be used to
2420 identify settings common to an instance of a jail.
2421 Assuming that the jail in question was named
2423 you would have the following dependent variables:
2425 jail_vjail_hostname="jail.example.com"
2426 jail_vjail_ip="192.168.1.100"
2427 jail_vjail_rootdir="/var/jails/vjail/root"
2433 When set, use as default value for
2434 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2437 .It Va jail_interface
2440 When set, use as default value for
2441 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2447 When set, use as default value for
2448 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2451 .It Va jail_mount_enable
2459 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2462 by default for every jail in
2464 .It Va jail_fdesc_enable
2472 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2475 by default for every jail in
2477 .It Va jail_procfs_enable
2485 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2488 by default for every jail in
2490 .It Va jail_exec_start
2493 When set, use as default value for
2494 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2497 .It Va jail_exec_stop
2499 When set, use as default value for
2500 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2503 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
2506 Set to the root directory used by jail
2508 .It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
2511 Set to the fully qualified domain name (FQDN) assigned to jail
2513 .It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
2516 Set to the IP address assigned to jail
2518 .It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
2523 These are flags to pass to
2525 .It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
2528 When set, sets the interface to use when setting IP address alias.
2529 Note that the alias is created at jail startup and removed at jail shutdown.
2530 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2533 .Pa /etc/fstab. Ns Aq Ar jname
2535 This is the file system information file to use for jail
2537 .It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
2544 mount all file systems from
2545 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
2547 .It Va jail_ Ns Ao Ar jname Ac Ns Va _fdesc_enable
2554 mount the file-descriptor file system inside jail
2557 .It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
2564 mount the process file system inside jail
2567 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
2570 .Dq Li /bin/sh /etc/rc
2572 This is the command executed at jail startup.
2573 .It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
2576 .Dq Li /bin/sh /etc/rc.shutdown
2578 This is the command executed at jail shutdown.
2579 .It Va jail_set_hostname_allow
2583 do not allow the root user in a jail to set its hostname.
2584 .It Va jail_socket_unixiproute_only
2588 do not allow any sockets,
2589 besides UNIX/IP/route sockets,
2590 to be used within a jail.
2591 .It Va jail_sysvipc_allow
2595 allow applications within a jail to use System V IPC.
2596 .It Va resident_enable
2600 make the dynamic binaries listed in
2601 .Pa /etc/resident.conf
2603 .It Va varsym_enable
2608 .Pa /etc/varsym.conf
2609 to set system-wide variables for variant symlinks.
2614 or a whitespace separated list of IRQ numbers which will be used as a source of
2616 .\" ----- isdn settings ---------------------------------
2626 daemon at system boot time.
2630 .Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
2632 Additional flags to pass to
2638 for certain tunable parameters).
2644 The terminal type of the output device when
2646 operates in full-screen mode.
2647 .It Va isdn_screenflags
2652 The video mode for full-screen mode (only for
2662 The output device for
2664 in full-screen mode (or
2674 enables the ISDN protocol trace utility
2676 at system boot time.
2677 .It Va isdn_traceflags
2680 .Dq Fl f Pa /var/tmp/isdntrace0
2684 .\" -----------------------------------------------------
2689 to disable caching entropy via
2691 Otherwise set to the directory used to store entropy files in.
2696 to disable caching entropy through reboots.
2697 Otherwise set to the filename used to store cached entropy through reboots.
2698 This file should be located on the root file system to seed the
2700 device as early as possible in the boot process.
2701 .It Va entropy_save_sz
2703 Size of the entropy cache files saved by
2706 .It Va entropy_save_num
2708 Number of entropy cache files to save by
2722 Configuration file for
2731 .Pa /var/run/dmesg.boot
2733 .It Va rcshutdown_timeout
2735 If set, start a watchdog timer in the background which will terminate
2739 has not completed within the specified time (in seconds).
2742 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
2743 .It Pa /etc/defaults/rc.conf
2745 .It Pa /etc/rc.conf.local
2763 .Xr resident.conf 5 ,
2826 .An Jordan K. Hubbard .