4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $
26 .\" $DragonFly: src/share/man/man5/rc.conf.5,v 1.20 2006/05/22 06:26:29 swildner Exp $
32 .Nd system configuration information
36 contains descriptive information about the local host name, configuration
37 details for any potential network interfaces and which services should be
38 started up at system initial boot time.
39 In new installations, the
41 file is generally initialized by the installer.
45 is not to run commands or perform system startup actions
47 Instead, it is included by the
48 various generic startup scripts in
50 which conditionalize their
51 internal actions according to the settings found there.
55 file is included from the file
56 .Pa /etc/defaults/rc.conf ,
57 which specifies the default settings for all the available options.
58 Options need only be specified in
60 when the system administrator wishes to override these defaults.
62 .Pa /etc/rc.conf.local
63 is used to override settings in
65 for historical reasons.
70 The following list provides a name and short description for each
71 variable that can be set in the
74 .Bl -tag -width indent-two
79 enable output of debug messages from rc scripts.
80 This variable can be helpful in diagnosing mistakes when
81 editing or integrating new scripts.
82 Beware that this produces copious output to the terminal and
88 disable informational messages from the rc scripts.
89 Informational messages are displayed when
90 a condition that is not serious enough to warrant a warning or
96 no swapfile is installed, otherwise the value is used as the full
97 pathname to a file to use for additional swap space.
102 enable support for Automatic Power Management with
110 to handle APM event from userland.
111 This also enables support for APM.
118 these are the flags to pass to the
124 to monitor the status of batteries present in the system.
125 This also enables support for APM.
132 these are the flags to pass to the
139 to handle device added, removed or unknown events from the kernel.
140 .It Va pccard_ifconfig
142 List of arguments to be passed to
145 insertion of the card (e.g.\&
146 .Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
147 for a fixed address or
150 .It Va pccard_ether_delay
152 Set the delay before starting
155 .Pa /etc/pccard_ether
157 This defaults to 5 seconds to work around a bug in the
159 driver which can lead to system hangs when using some newer
162 .It Va removable_interfaces
164 List of removable network interfaces to be supported by
165 .Pa /etc/pccard_ether .
168 List of directories to search for startup script files.
169 .It Va script_name_sep
171 The field separator to use for breaking down the list of startup script files
172 into individual filenames.
173 The default is a space.
174 It is not necessary to change this unless there are startup scripts with names
178 The fully qualified domain name (FQDN) of this host on the network.
179 This should almost certainly be set to something meaningful, even if
180 there is no network connection.
183 is used to set the hostname via DHCP,
184 this variable should be set to an empty string.
187 Enable support for IPv6 networking.
188 Note that this requires that the kernel have been compiled with
189 .Cd "options INET6" .
192 The NIS domain name of this host, or
195 .It Va dhclient_program
197 Path to the DHCP client program
198 .Pa ( /sbin/dhclient ,
201 .It Va dhclient_flags
203 Additional flags to pass to the DHCP client program.
204 For the ISC DHCP client, see the
206 manpage for a description of the command line options available.
207 .It Va background_dhclient
211 to start the dhcp client in background.
212 This can cause trouble with applications depending on
213 a working network, but it will provide a faster startup
215 .It Va firewall_enable
219 to load firewall rules at startup.
220 If the kernel was not built with
221 .Cd "options IPFIREWALL" ,
224 kernel module will be loaded.
226 .Va ipfilter_enable .
227 .It Va ipv6_firewall_enable
229 The IPv6 equivalent of
230 .Va firewall_enable .
233 to load IPv6 firewall rules at startup.
234 If the kernel was not built with
235 .Cd "options IPV6FIREWALL" ,
238 kernel module will be loaded.
239 .It Va firewall_script
241 This variable specifies the full path to the firewall script to run.
243 .Pa /etc/rc.firewall .
244 .It Va ipv6_firewall_script
246 The IPv6 equivalent of
247 .Va firewall_script .
250 Names the firewall type from the selection in
251 .Pa /etc/rc.firewall ,
252 or the file which contains the local firewall ruleset.
253 Valid selections from
257 .Bl -tag -width ".Li simple" -compact
259 unrestricted IP access
261 all IP services disabled, except via
264 basic protection for a workstation
266 basic protection for a LAN.
269 If a filename is specified, the full path
271 .It Va ipv6_firewall_type
273 The IPv6 equivalent of
275 .It Va firewall_quiet
279 to disable the display of firewall rules on the console during boot.
280 .It Va ipv6_firewall_quiet
282 The IPv6 equivalent of
284 .It Va firewall_logging
288 to enable firewall event logging.
289 This is equivalent to the
290 .Dv IPFIREWALL_VERBOSE
292 .It Va ipv6_firewall_logging
294 The IPv6 equivalent of
295 .Va firewall_logging .
296 .It Va firewall_flags
302 specifies a filename.
303 .It Va ipv6_firewall_flags
305 The IPv6 equivalent of
322 sockets must be enabled in the kernel.
323 .It Va natd_interface
325 This is the name of the public interface on which
328 The interface may be given as an interface name or as an IP address.
333 flags should be placed here.
338 flag is automatically added with the above
341 .\" ----- ipfilter_enable setting --------------------------------
342 .It Va ipfilter_enable
353 Typical usage will require putting
355 ipfilter_enable="YES"
373 can be enabled independently.
377 both require at least one of
387 options IPFILTER_DEFAULT_BLOCK
390 in the kernel configuration file is a good idea, too.
391 .\" ----- ipfilter_program setting ------------------------------
392 .It Va ipfilter_program
398 .\" ----- ipfilter_rules setting --------------------------------
399 .It Va ipfilter_rules
404 This variable contains the name of the filter rule definition file.
405 The file is expected to be readable for the
408 .\" ----- ipv6_ipfilter_rules setting ---------------------------
409 .It Va ipv6_ipfilter_rules
414 This variable contains the IPv6 filter rule definition file.
415 The file is expected to be readable for the
418 .\" ----- ipfilter_flags setting --------------------------------
419 .It Va ipfilter_flags
422 This variable contains flags passed to the
425 .\" ----- ipnat_enable setting ----------------------------------
435 network address translation.
438 for a detailed discussion.
439 .\" ----- ipnat_program setting ---------------------------------
446 .\" ----- ipnat_rules setting -----------------------------------
452 This variable contains the name of the file
453 holding the network address translation definition.
454 This file is expected to be readable for the
457 .\" ----- ipnat_flags setting -----------------------------------
461 This variable contains flags passed to the
464 .\" ----- ipmon_enable setting ----------------------------------
479 Setting this variable needs setting
486 for a detailed discussion.
487 .\" ----- ipmon_program setting ---------------------------------
494 .\" ----- ipmon_flags setting -----------------------------------
500 This variable contains flags passed to the
503 Another typical example would be
504 .Dq Fl D Pa /var/log/ipflog
507 log directly to a file bypassing
510 .Pa /etc/newsyslog.conf
511 in such case like this:
513 /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
515 .\" ----- ipfs_enable setting -----------------------------------
525 saving the filter and NAT state tables during shutdown
526 and reloading them during startup again.
527 Setting this variable needs setting
536 for a detailed discussion.
542 because the raised securelevel will prevent
544 from saving the state tables at shutdown time.
545 .\" ----- ipfs_program setting ----------------------------------
552 .\" ----- ipfs_flags setting ------------------------------------
556 This variable contains flags passed to the
559 .\" ----- end of added ipf hook ---------------------------------
560 .It Va tcp_extensions
567 disables certain TCP options as described by
573 might help remedy such problems with connections as randomly hanging
574 or other weird behavior.
575 Some network devices are known
576 to be broken with respect to these options.
583 .Va net.inet.tcp.log_in_vain
585 .Va net.inet.udp.log_in_vain ,
590 are set to the given value.
598 will disable probing idle TCP connections to verify that the
599 peer is still up and reachable.
600 .It Va tcp_drop_synfin
607 will cause the kernel to ignore TCP frames that have both
608 the SYN and FIN flags set.
609 This prevents OS fingerprinting, but may
610 break some legitimate applications.
611 This option is only available if the
612 kernel was built with the
615 .It Va icmp_drop_redirect
622 will cause the kernel to ignore ICMP REDIRECT packets.
625 for more information.
626 .It Va icmp_log_redirect
633 will cause the kernel to log ICMP REDIRECT packets.
635 the log messages are not rate-limited, so this option should only be used
636 for troubleshooting networks.
639 for more information.
640 .It Va icmp_bmcastecho
644 to respond to broadcast or multicast ICMP ping packets.
647 for more information.
648 .It Va ip_portrange_first
652 this is the first port in the default portrange.
655 for more information.
656 .It Va ip_portrange_last
660 this is the last port in the default portrange.
663 for more information.
664 .It Va network_interfaces
666 Set to the list of network interfaces to configure on this host.
667 For example, if the only network devices in the system are the loopback
676 .Va ifconfig_ Ns Aq Ar interface
677 variable is also assumed to exist for each value of
679 It is also possible to add IP alias entries here in cases where
680 multiple IP addresses registered against a single interface
682 Assuming that the interface in question was
687 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
688 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
693 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
695 its contents are passed to
697 Execution stops at the first unsuccessful access, so if
698 something like this is present:
700 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
701 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
702 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
703 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
706 Then note that alias4 would
708 be added since the search would
709 stop with the missing alias3 entry.
712 .Pa /etc/start_if. Ns Aq Ar interface
713 file is present, it is read and executed by the
716 before configuring the interface as specified in the
717 .Va ifconfig_ Ns Aq Ar interface
719 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
722 It is possible to bring up an interface with DHCP by setting the
723 .Va ifconfig_ Ns Aq Ar interface
726 For instance, to initialize the
729 it is possible to use something like:
733 .It Va ipv6_network_interfaces
735 This is the IPv6 equivalent of
736 .Va network_interfaces .
737 Instead of setting the ifconfig variables as
738 .Va ifconfig_ Ns Aq Ar interface
739 they should be set as
740 .Va ipv6_ifconfig_ Ns Aq Ar interface .
741 Aliases should be set as
742 .Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
743 .Va ipv6_prefix_ Ns Aq Ar interface
745 Interfaces that do not have a
746 .Va ipv6_ifconfig_ Ns Aq Ar interface
747 setting will be auto configured by
750 .Va ipv6_gateway_enable
753 Note that the IPv6 networking code does not support the
754 .Pa /etc/start_if. Ns Aq Ar interface
756 .It Va ipv6_default_interface
760 this is the default output interface for scoped addresses.
761 Now this works only for IPv6 link local multicast addresses.
762 .It Va cloned_interfaces
764 Set to the list of clonable network interfaces to create on this host.
766 .Va cloned_interfaces
767 are automatically appended to
768 .Va network_interfaces
770 .It Va gif_interfaces
774 tunnel interfaces to configure on this host.
776 .Va gifconfig_ Ns Aq Ar interface
777 variable is assumed to exist for each value of
779 The value of this variable is used to configure the link layer of the
780 tunnel according to the syntax of the
784 Additionally, this option ensures that each listed interface is created
789 before attempting to configure it.
790 .It Va sppp_interfaces
794 interfaces to configure on this host.
796 .Va spppconfig_ Ns Aq Ar interface
797 variable is assumed to exist for each value of
799 Each interface should also be configured by a general
800 .Va ifconfig_ Ns Aq Ar interface
804 for more information about available options.
814 Mode in which to run the
823 See the manual for a full description.
828 enables network address translation.
829 Used in conjunction with
831 allows hosts on private network addresses access to the Internet using
832 this host as a network address translating router.
835 The name of the profile to use from
836 .Pa /etc/ppp/ppp.conf .
839 The name of the user under which
849 This option is used to specify a list of files that will override
851 .Pa /etc/defaults/rc.conf .
852 The files will be read in the order in which they are specified and should
853 include the full path to the file.
854 By default, the files specified are
857 .Pa /etc/rc.conf.local
865 flag if the initial preen
866 of the file systems fails.
869 List of file system types that are network-based.
870 This list should generally not be modified by end users.
872 .Va extra_netfs_types
874 .It Va extra_netfs_types
876 If set to something other than
879 this variable extends the list of file system types
880 for which automatic mounting at startup by
882 should be delayed until the network is initialized.
884 a whitespace-separated list of network file system descriptor pairs,
885 each consisting of a file system type as passed to
887 and a human-readable, one-word description,
890 Extending the default list in this way is only necessary
891 when third party file system types are used.
892 .It Va syslogd_enable
899 .It Va syslogd_program
904 .Pa /usr/sbin/syslogd ) .
911 these are the flags to pass to
925 .Pa /usr/sbin/inetd ) .
932 these are the flags to pass to
938 use new functionality provided in the
940 script to facilitate a
944 This variable is experimental.
945 It may be removed or changed in the near future.
958 .Pa /usr/sbin/named ) .
965 these are the flags to pass to
969 This is the default path to the
972 Change it if you change the location in
973 .Pa /etc/namedb/named.conf .
974 .It Va named_chrootdir
976 The root directory for a name server run in a
984 This variable has no effect if
987 This variable is experimental.
988 It may be removed or changed in the near future.
989 .It Va named_chroot_autoupdate
993 to disable automatic syncing of libraries and
994 other system files between the root file system and the
996 This variable has no effect if
999 This variable is experimental.
1000 It may be removed or changed in the near future.
1001 .It Va named_symlink_enable
1005 to disable symlinking of
1011 environment in which
1014 This variable has no effect if
1017 This variable is experimental.
1018 It may be removed or changed in the near future.
1019 .It Va kerberos5_server_enable
1023 to start a Kerberos 5 authentication server
1025 .It Va kerberos5_server
1028 .Va kerberos5_server_enable
1031 this is the path to Kerberos 5 Authentication Server.
1032 .It Va kadmind5_server_enable
1038 the Kerberos 5 Administration Daemon; set to
1041 .It Va kadmind5_server
1044 .Va kadmind5_server_enable
1047 this is the path to Kerberos 5 Administration Daemon.
1048 .It Va kpasswdd_server_enable
1054 the Kerberos 5 Password-Changing Daemon; set to
1057 .It Va kpasswdd_server
1060 .Va kpasswdd_server_enable
1063 this is the path to Kerberos 5 Password-Changing Daemon.
1070 daemon at boot time.
1077 these are the flags to pass to it.
1084 daemon at boot time.
1091 these are the flags to pass to it.
1094 manpage for more information.
1095 .It Va amd_map_program
1098 the specified program is run to get the list of
1103 maps are stored in NIS, one can set this to
1116 will be updated at boot time to reflect the kernel release
1121 will not be updated.
1122 .It Va nfs_client_enable
1126 run the NFS client daemons at boot time.
1127 .It Va nfs_access_cache
1130 .Va nfs_client_enable
1135 to disable NFS ACCESS RPC caching, or to the number of seconds for which
1137 results should be cached.
1138 A value of 2-10 seconds will substantially reduce network traffic for
1139 many NFS operations. The default is 5 seconds. Note that the attribute
1140 cache holds stat information only. The NFS data cache is independant
1141 of the attribute cache and is only invalidated when the client detects that
1142 the server has modified the underlying file. This value specifies a
1143 maximum timeout. The NFS client will automatically use a shorter timeout
1144 for files which have been recently modified.
1145 .It Va nfs_neg_cache
1148 .Va nfs_client_enable
1153 to disable the caching of NEGATIVE LOOKUPS (lookups of non-existant
1154 filenames), or to the number of seconds for which negative lookups should
1156 A value of 2-10 seconds will substantially reduce network
1157 traffic for many NFS operations, especially source code builds. The
1158 default is 3 seconds.
1159 .It Va nfs_server_enable
1163 run the NFS server daemons at boot time.
1164 .It Va nfs_server_flags
1167 .Va nfs_server_enable
1170 these are the flags to pass to the
1173 .It Va mountd_enable
1178 .Va nfs_server_enable
1184 It is commonly needed to run CFS without real NFS used.
1191 these are the flags to pass to the
1194 .It Va weak_mountd_authentication
1198 allow services like PCNFSD to make non-privileged mount
1200 .It Va nfs_reserved_port_only
1204 provide NFS services only on a secure port.
1205 .It Va nfs_bufpackets
1207 If set to a number, indicates the number of packets worth of
1208 socket buffer space to reserve on an NFS client.
1209 The kernel default is typically 4.
1210 Using a higher number may be
1211 useful on gigabit networks to improve performance.
1212 The minimum value is
1213 2 and the maximum is 64.
1214 .It Va rpc_umntall_enable
1218 (default) and we are also an NFS client, run
1220 at boot time to clear out old mounts on remote servers.
1225 will not be run at boot time.
1226 .It Va rpc_lockd_enable
1230 and also an NFS server, run
1233 .It Va rpc_statd_enable
1237 and also an NFS server, run
1240 .It Va rpcbind_program
1245 .Pa /usr/sbin/rpcbind ) .
1246 .It Va rpcbind_enable
1252 service at boot time.
1253 .It Va rpcbind_flags
1259 these are the flags to pass to the
1262 .It Va keyserv_enable
1268 daemon on boot for running Secure RPC.
1269 .It Va keyserv_flags
1275 these are the flags to pass to
1278 .It Va pppoed_enable
1284 daemon at boot time to provide PPP over Ethernet services.
1285 .It Va pppoed_ Ns Ar provider
1288 listens to requests to this
1294 argument of the same name.
1297 Additional flags to pass to
1299 .It Va pppoed_interface
1301 The network interface to run
1304 This is mandatory when
1314 service at boot time.
1315 This command is intended for networks of
1316 machines where a consistent
1318 for all hosts must be established.
1319 This is often useful in large NFS
1320 environments where time stamps on files are expected to be consistent
1328 these are the flags to pass to the
1337 command at boot time.
1343 .Pa /usr/sbin/ntpd ) .
1350 these are the flags to pass to the
1354 by default which sets the time immediately at startup if the
1355 local clock is off by more than 180 seconds. To prevent
1357 from doing this, set
1361 .It Va nis_client_enable
1367 service at system boot time.
1368 .It Va nis_client_flags
1371 .Va nis_client_enable
1374 these are the flags to pass to the
1377 .It Va nis_ypset_enable
1383 daemon at system boot time.
1384 .It Va nis_ypset_flags
1387 .Va nis_ypset_enable
1390 these are the flags to pass to the
1393 .It Va nis_server_enable
1399 daemon at system boot time.
1400 .It Va nis_server_flags
1403 .Va nis_server_enable
1406 these are the flags to pass to the
1409 .It Va nis_ypxfrd_enable
1415 daemon at system boot time.
1416 .It Va nis_ypxfrd_flags
1419 .Va nis_ypxfrd_enable
1422 these are the flags to pass to the
1425 .It Va nis_yppasswdd_enable
1431 daemon at system boot time.
1432 .It Va nis_yppasswdd_flags
1435 .Va nis_yppasswdd_enable
1438 these are the flags to pass to the
1441 .It Va rpc_ypupdated_enable
1447 daemon at system boot time.
1448 .It Va defaultrouter
1452 create a default route to this host name or IP address
1453 (use an IP address if this router is also required to get to the
1455 .It Va ipv6_defaultrouter
1457 The IPv6 equivalent of
1459 .It Va static_routes
1461 Set to the list of static routes that are to be added at system
1465 then for each whitespace separated
1468 .Va route_ Ns Aq Ar element
1469 variable is assumed to exist
1470 whose contents will later be passed to a
1473 .It Va ipv6_static_routes
1475 The IPv6 equivalent of
1479 then for each whitespace separated
1482 .Va ipv6_route_ Ns Aq Ar element
1483 variable is assumed to exist
1484 whose contents will later be passed to a
1485 .Dq Nm route Cm add Fl inet6
1487 .It Va gateway_enable
1491 configure host to act as an IP router, e.g. to forward packets
1493 .It Va ipv6_gateway_enable
1495 The IPv6 equivalent of
1496 .Va gateway_enable .
1497 .It Va router_enable
1501 run a routing daemon of some sort, based on the
1506 .It Va ipv6_router_enable
1508 The IPv6 equivalent of
1512 run a routing daemon of some sort, based on the
1516 .Va ipv6_router_flags .
1523 this is the name of the routing daemon to use.
1526 The IPv6 equivalent of
1534 these are the flags to pass to the routing daemon.
1535 .It Va ipv6_router_flags
1537 The IPv6 equivalent of
1539 .It Va mrouted_enable
1543 run the multicast routing daemon,
1545 .It Va mroute6d_enable
1547 The IPv6 equivalent of
1548 .Va mrouted_enable .
1551 run the IPv6 multicast routing daemon.
1552 Note that no IPv6 multicast routing daemon is included in the
1556 can be installed from the
1559 .It Va mrouted_flags
1565 these are the flags to pass to the
1568 .It Va mroute6d_flags
1570 The IPv6 equivalent of
1576 these are the flags passed to the IPv6 multicast routing daemon.
1577 .It Va mroute6d_program
1583 this is the path to the IPv6 multicast routing daemon.
1584 .It Va rtadvd_enable
1590 daemon at boot time.
1593 .Va ipv6_gateway_enable
1598 utility sends router advertisement packets to the interfaces specified in
1599 .Va rtadvd_interfaces .
1601 and should only be enabled with great care.
1602 You may want to fine-tune
1604 .It Va rtadvd_interfaces
1610 this is the list of interfaces to use.
1611 .It Va ipxgateway_enable
1615 enable the routing of IPX traffic.
1616 .It Va ipxrouted_enable
1622 daemon at system boot time.
1623 .It Va ipxrouted_flags
1626 .Va ipxrouted_enable
1629 these are the flags to pass to the
1636 enable global proxy ARP.
1637 .It Va forward_sourceroute
1645 source-routed packets are forwarded.
1646 .It Va accept_sourceroute
1650 the system will accept source-routed packets directed at it.
1657 daemon at system boot time.
1664 these are the flags to pass to the
1667 .It Va bootparamd_enable
1673 daemon at system boot time.
1674 .It Va bootparamd_flags
1677 .Va bootparamd_enable
1680 these are the flags to pass to the
1683 .It Va stf_interface_ipv4addr
1687 this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
1689 Specify this entry to enable the 6to4 interface.
1690 .It Va stf_interface_ipv4plen
1692 Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1693 An effective value is 0-31.
1694 .It Va stf_interface_ipv6_ifid
1696 IPv6 interface ID for
1700 .It Va stf_interface_ipv6_slaid
1702 IPv6 Site Level Aggregator for
1704 .It Va ipv6_faith_prefix
1708 this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
1713 .It Va ipv6_ipv4mapping
1717 this enables IPv4 mapped IPv6 address communication (like
1718 .Li ::ffff:a.b.c.d ) .
1723 to enable the configuration of ATM interfaces at system boot time.
1724 For all of the ATM variables described below, please refer to the
1726 man page for further details on the available command parameters.
1727 Also refer to the files in
1728 .Pa /usr/share/examples/atm
1729 for more detailed configuration information.
1732 This is a list of physical ATM interface drivers to load. Typical values are
1736 .It Va atm_netif_ Ns Aq Ar intf
1738 For the ATM physical interface
1740 this variable defines the name prefix and count for the ATM network
1741 interfaces to be created.
1742 The value will be passed as the parameters of an
1743 .Dq Nm atm Cm "set netif" Ar intf
1745 .It Va atm_sigmgr_ Ns Aq Ar intf
1747 For the ATM physical interface
1749 this variable defines the ATM signalling manager to be used.
1750 The value will be passed as the parameters of an
1751 .Dq Nm atm Cm attach Ar intf
1753 .It Va atm_prefix_ Ns Aq Ar intf
1755 For the ATM physical interface
1757 this variable defines the NSAP prefix for interfaces using a UNI signalling
1761 the prefix will automatically be set via the
1764 Otherwise, the value will be passed as the parameters of an
1765 .Dq Nm atm Cm "set prefix" Ar intf
1767 .It Va atm_macaddr_ Ns Aq Ar intf
1769 For the ATM physical interface
1771 this variable defines the MAC address for interfaces using a UNI signalling
1775 the hardware MAC address contained in the ATM interface card will be used.
1776 Otherwise, the value will be passed as the parameters of an
1777 .Dq Nm atm Cm "set mac" Ar intf
1779 .It Va atm_arpserver_ Ns Aq Ar netif
1781 For the ATM network interface
1783 this variable defines the ATM address for a host which is to provide ATMARP
1785 This variable is only applicable to interfaces using a UNI signalling
1789 this host will become an ATMARP server.
1790 The value will be passed as the parameters of an
1791 .Dq Nm atm Cm "set arpserver" Ar netif
1793 .It Va atm_scsparp_ Ns Aq Ar netif
1797 SCSP/ATMARP service for the network interface
1799 will be initiated using the
1804 This variable is only applicable if
1805 .Va atm_arpserver_ Ns Aq Ar netif
1810 Set to the list of ATM PVCs to be added at system
1812 For each whitespace separated
1815 .Va atm_pvc_ Ns Aq Ar element
1816 variable is assumed to exist.
1817 The value of each of these variables
1818 will be passed as the parameters of an
1819 .Dq Nm atm Cm "add pvc"
1823 Set to the list of permanent ATM ARP entries to be added
1824 at system boot time.
1825 For each whitespace separated
1828 .Va atm_arp_ Ns Aq Ar element
1829 variable is assumed to exist.
1830 The value of each of these variables
1831 will be passed as the parameters of an
1832 .Dq Nm atm Cm "add arp"
1834 .It Va natm_interfaces
1838 interfaces that will also be used for HARP through
1840 If this list is not empty all interfaces in the list will be brought up
1846 For this to work the interface drivers must be either compiled into the
1847 kernel or must reside on the root partition.
1850 The keyboard bell sound.
1857 if the default behavior is desired.
1858 For details, refer to the
1865 no keymap is installed, otherwise the value is used to install
1867 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
1870 The keyboard repeat speed.
1877 if the default behavior is desired.
1882 attempt to program the function keys with the value.
1884 be a single string of the form:
1885 .Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
1888 Can be set to the value of
1891 .Dq Li destructive ,
1894 to set the cursor behavior explicitly or choose the default behavior.
1899 no screen map is installed, otherwise the value is used to install
1900 the screen map file in
1901 .Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
1906 the default 8x16 font value is used for screen size requests, otherwise
1908 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1914 the default 8x14 font value is used for screen size requests, otherwise
1916 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1922 the default 8x8 font value is used for screen size requests, otherwise
1924 .Pa /usr/share/syscons/fonts/ Ns Aq Ar value
1930 the default screen blanking interval is used, otherwise it is set
1938 this is the actual screen saver to use
1939 .Li ( blank , snake , daemon ,
1941 .It Va moused_enable
1947 daemon is started for doing cut/paste selection on the console.
1950 This is the protocol type of the mouse connected to this host.
1951 This variable must be set if
1958 is able to detect the appropriate mouse type automatically in many cases.
1959 Set this variable to
1961 to let the daemon detect it, or
1962 select one from the following list if the automatic detection fails.
1964 If the mouse is attached to the PS/2 mouse port, choose
1968 regardless of the brand and model of the mouse.
1970 mouse is attached to the bus mouse port, choose
1974 All other protocols are for serial mice and will not work with
1975 the PS/2 and bus mice.
1976 If this is a USB mouse,
1978 is the only protocol type which will work.
1980 .Bl -tag -width ".Li x10mouseremote" -compact
1982 Microsoft mouse (serial)
1984 Microsoft IntelliMouse (serial)
1986 Mouse systems Corp. mouse (serial)
1988 MM Series mouse (serial)
1990 Logitech mouse (serial)
1994 Logitech MouseMan and TrackMan (serial)
1996 ALPS GlidePoint (serial)
1997 .It Li thinkingmouse
1998 Kensington ThinkingMouse (serial)
2002 MM HitTablet (serial)
2003 .It Li x10mouseremote
2004 X10 MouseRemote (serial)
2006 Interlink VersaPad (serial)
2009 Even if the mouse is not in the above list, it may be compatible
2010 with one in the list.
2011 Refer to the man page for
2013 for compatibility information.
2015 It should also be noted that while this is enabled, any
2016 other client of the mouse (such as an X server) should access
2017 the mouse through the virtual mouse device,
2019 and configure it as a
2021 type mouse, since all
2022 mouse data is converted to this single canonical format when
2025 If the client program does not support the
2031 It is the second preferred type.
2038 this is the actual port the mouse is on.
2041 for a COM1 serial mouse,
2045 for a bus mouse, for example.
2050 is set, these are the additional flags to pass to the
2053 .It Va mousechar_start
2057 the default mouse cursor character range
2058 .Li 0xd0 Ns - Ns Li 0xd3
2060 otherwise the range start is set
2065 Use if the default range is occupied in the language code table.
2066 .It Va allscreens_flags
2070 is run with these options for each of the virtual terminals
2074 will enable the mouse pointer on all virtual terminals
2079 .It Va allscreens_kbdflags
2083 is run with these options for each of the virtual terminals
2089 scrollback (history) buffer to 200 lines.
2096 daemon at system boot time.
2102 .Pa /usr/sbin/cron ) .
2109 these are the flags to pass to
2116 .Pa /usr/sbin/lpd ) .
2123 daemon at system boot time.
2130 these are the flags to pass to the
2133 .It Va mta_start_script
2135 This variable specifies the full path to the script to run to start
2136 a mail transfer agent.
2138 .Pa /etc/rc.sendmail .
2142 .Pa /etc/rc.sendmail
2143 uses are documented in the
2148 Indicates the device (usually a swap partition) to which a crash dump
2149 should be written in the event of a system crash.
2150 The value of this variable is passed as the argument to
2152 To disable crash dumps, set this variable to
2156 When the system reboots after a crash and a crash dump is found on the
2157 device specified by the
2161 will save that crash dump and a copy of the kernel to the directory
2165 The default value is
2174 .It Va savecore_flags
2176 If crash dumps are enabled, these are the flags to pass to the
2179 .It Va enable_quotas
2183 to turn on user disk quotas on system startup via the
2190 to enable user disk quota checking via the
2193 .It Va accounting_enable
2197 to enable system accounting through the
2204 to enable Linux/ELF binary emulation at system initial
2210 to enable OSF/1 (Digital UNIX) binary emulation at system
2213 .It Va sysvipc_enable
2217 load System V IPC primitives at boot time.
2218 .\" ----- cleanvar_enable setting--------------------------------
2219 .It Va cleanvar_enable
2227 .Pa /var/spool/uucp/.Temp/*
2229 .\" ----- clear_tmp_enable setting-------------------------------
2230 .It Va clear_tmp_enable
2237 .\" ----- ldconfig_paths setting --------------------------------
2238 .It Va ldconfig_paths
2240 Set to the list of shared library paths to use with
2244 will always be added first, so it need not appear in this list.
2245 .\" ----- ldconfig_paths_aout setting ---------------------------
2246 .It Va ldconfig_paths_aout
2248 Set to the list of shared library paths to use with
2253 .It Va ldconfig_insecure
2257 utility normally refuses to use directories
2258 which are writable by anyone except root.
2259 Set this variable to
2261 to disable that security check during system startup.
2262 .It Va kern_securelevel_enable
2266 to set the kernel security level at system startup.
2267 .It Va kern_securelevel
2269 The kernel security level to set at startup.
2270 The allowed range of
2272 ranges from \-1 (the compile time default) to 3 (the
2276 for the list of possible security levels and their effect
2277 on system operation.
2282 to enable Low Watermark Mandatory Access Control (LOMAC) at boot time.
2283 This security model enforces integrity constraints for system processes;
2286 for a complete description of the LOMAC model, as well as its impact
2287 on system operation.
2294 at system boot time.
2297 Path to the SSH server program
2298 .Pa ( /usr/sbin/sshd
2306 at system boot time.
2313 these are the flags to pass to the
2322 daemon at boot time.
2329 these are the flags passed to
2332 .It Va watchdogd_enable
2338 daemon at boot time.
2339 This requires that the kernel have been compiled with
2340 .Cd "options WATCHDOG" .
2345 any configured jails will not be started.
2348 A space separated list of names for jails.
2349 This is purely a configuration aid to help identify and
2350 configure multiple jails.
2351 The names specified in this list will be used to
2352 identify settings common to an instance of a jail.
2353 Assuming that the jail in question was named
2355 you would have the following dependant variables:
2357 jail_vjail_hostname="jail.example.com"
2358 jail_vjail_ip="192.168.1.100"
2359 jail_vjail_rootdir="/var/jails/vjail/root"
2360 jail_vjail_exec="/bin/sh /etc/rc"
2363 The last one is optional.
2367 .It Va jail_set_hostname_allow
2371 do not allow the root user in a jail to set its hostname.
2372 .It Va jail_socket_unixiproute_only
2376 do not allow any protocol,
2378 to be used within a jail.
2379 .It Va jail_sysvipc_allow
2383 allow applications within a jail to use System V IPC.
2384 .It Va unaligned_print
2388 unaligned access warnings will not be printed.
2390 .\" ----- isdn settings ---------------------------------
2401 at system boot time.
2405 .Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
2407 Additional flags to pass to
2413 for certain tunable parameters).
2419 The terminal type of the output device when
2421 operates in full-screen mode.
2422 .It Va isdn_screenflags
2427 The video mode for full-screen mode (only for
2437 The output device for
2439 in full-screen mode (or
2449 enables the ISDN protocol trace utility
2451 at system boot time.
2452 .It Va isdn_traceflags
2455 .Dq Fl f Pa /var/tmp/isdntrace0
2459 .\" -----------------------------------------------------
2460 .It Va harvest_interrupt
2464 to use hardware interrupts as an entropy source.
2467 for more information.
2468 .It Va harvest_ethernet
2472 to use LAN traffic as an entropy source.
2475 for more information.
2476 .It Va harvest_p_to_p
2480 to use serial line traffic as an entropy source.
2483 for more information.
2488 to disable caching entropy via
2490 Otherwise set to the directory used to store entropy files in.
2495 to disable caching entropy through reboots.
2496 Otherwise set to the filename used to store cached entropy through
2498 This file should be located on the root file system to seed the
2500 device as early as possible in the boot process.
2501 .It Va entropy_save_sz
2503 Size of the entropy cache files saved by
2506 .It Va entropy_save_num
2508 Number of entropy cache files to save by
2522 Configuration file for
2531 .Pa /var/run/dmesg.boot
2533 .It Va rcshutdown_timeout
2535 If set, start a watchdog timer in the background which will terminate
2539 has not completed within the specified time (in seconds).
2542 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
2543 .It Pa /etc/defaults/rc.conf
2545 .It Pa /etc/rc.conf.local
2608 .An Jordan K. Hubbard .