diff --git a/lib/libc/rpc/rtime.3 b/lib/libc/rpc/rtime.3
index 028d2beade14..e657ca50aa18 100644
--- a/lib/libc/rpc/rtime.3
+++ b/lib/libc/rpc/rtime.3
@@ -1,50 +1,48 @@
.\" @(#)rtime.3n 2.1 88/08/08 4.0 RPCSRC; from 1.5 88/02/08 SMI
.\" $FreeBSD$
.\"
-.Dd November 22, 1987
+.Dd May 13, 2021
.Dt RTIME 3
.Os
.Sh NAME
.Nm rtime
.Nd "get remote time"
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/types.h
.In sys/time.h
.In netinet/in.h
.Ft int
.Fo rtime
.Fa "struct sockaddr_in *addrp"
.Fa "struct timeval *timep"
.Fa "struct timeval *timeout"
.Fc
.Sh DESCRIPTION
The
.Fn rtime
function
consults the Internet Time Server at the address pointed to by
.Fa addrp
and returns the remote time in the
.Vt timeval
struct pointed to by
.Fa timep .
Normally, the
.Tn UDP
protocol is used when consulting the Time Server.
The
.Fa timeout
argument specifies how long the
routine should wait before giving
up when waiting for a reply.
If
.Fa timeout
is specified as
.Dv NULL ,
however, the routine will instead use
.Tn TCP
and block until a reply is received from the time server.
.Sh RETURN VALUES
.Rv -std rtime
-.Sh SEE ALSO
-.Xr timed 8
diff --git a/lib/libc/sys/adjtime.2 b/lib/libc/sys/adjtime.2
index 03a93a8ae842..18f6f368d140 100644
--- a/lib/libc/sys/adjtime.2
+++ b/lib/libc/sys/adjtime.2
@@ -1,111 +1,109 @@
.\" Copyright (c) 1980, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" @(#)adjtime.2 8.1 (Berkeley) 6/4/93
.\" $FreeBSD$
.\"
-.Dd June 4, 1993
+.Dd May 13, 2021
.Dt ADJTIME 2
.Os
.Sh NAME
.Nm adjtime
.Nd "correct the time to allow synchronization of the system clock"
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/time.h
.Ft int
.Fn adjtime "const struct timeval *delta" "struct timeval *olddelta"
.Sh DESCRIPTION
The
.Fn adjtime
system call
makes small adjustments to the system time, as returned by
.Xr gettimeofday 2 ,
advancing or retarding it
by the time specified by the timeval
.Fa delta .
If
.Fa delta
is negative, the clock is
slowed down by incrementing it more slowly than normal until
the correction is complete.
If
.Fa delta
is positive, a larger increment than normal
is used.
The skew used to perform the correction is generally a fraction of one percent.
Thus, the time is always
a monotonically increasing function.
A time correction from an earlier call to
.Fn adjtime
may not be finished when
.Fn adjtime
is called again.
If
.Fa olddelta
is not a null pointer,
the structure pointed to will contain, upon return, the
number of microseconds still to be corrected
from the earlier call.
.Pp
This call may be used by time servers that synchronize the clocks
of computers in a local area network.
Such time servers would slow down the clocks of some machines
and speed up the clocks of others to bring them to the average network time.
.Pp
The
.Fn adjtime
system call
is restricted to the super-user.
.Sh RETURN VALUES
.Rv -std adjtime
.Sh ERRORS
The
.Fn adjtime
system call will fail if:
.Bl -tag -width Er
.It Bq Er EFAULT
An argument points outside the process's allocated address space.
.It Bq Er EPERM
The process's effective user ID is not that of the super-user.
.El
.Sh SEE ALSO
.Xr date 1 ,
-.Xr gettimeofday 2 ,
-.Xr timed 8 ,
-.Xr timedc 8
+.Xr gettimeofday 2
.Rs
.%T "TSP: The Time Synchronization Protocol for UNIX 4.3BSD"
.%A R. Gusella
.%A S. Zatti
.Re
.Sh HISTORY
The
.Fn adjtime
system call appeared in
.Bx 4.3 .
diff --git a/lib/libc/sys/clock_gettime.2 b/lib/libc/sys/clock_gettime.2
index 12be3c321a75..134339c24a3e 100644
--- a/lib/libc/sys/clock_gettime.2
+++ b/lib/libc/sys/clock_gettime.2
@@ -1,197 +1,196 @@
.\" $OpenBSD: clock_gettime.2,v 1.4 1997/05/08 20:21:16 kstailey Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd July 30, 2021
.Dt CLOCK_GETTIME 2
.Os
.Sh NAME
.Nm clock_gettime ,
.Nm clock_settime ,
.Nm clock_getres
.Nd get/set/calibrate date and time
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In time.h
.Ft int
.Fn clock_gettime "clockid_t clock_id" "struct timespec *tp"
.Ft int
.Fn clock_settime "clockid_t clock_id" "const struct timespec *tp"
.Ft int
.Fn clock_getres "clockid_t clock_id" "struct timespec *tp"
.Sh DESCRIPTION
The
.Fn clock_gettime
and
.Fn clock_settime
system calls allow the calling process to retrieve or set the value
used by a clock which is specified by
.Fa clock_id .
.Pp
The
.Fa clock_id
argument can be a value obtained from
.Xr clock_getcpuclockid 3
or
.Xr pthread_getcpuclockid 3
as well as the following values:
.Pp
.Bl -tag -width indent -compact
.It Dv CLOCK_REALTIME
.It Dv CLOCK_REALTIME_PRECISE
.It Dv CLOCK_REALTIME_FAST
.It Dv CLOCK_REALTIME_COARSE
Increments as a wall clock should.
.It Dv CLOCK_MONOTONIC
.It Dv CLOCK_MONOTONIC_PRECISE
.It Dv CLOCK_MONOTONIC_FAST
.It Dv CLOCK_MONOTONIC_COARSE
Increments in SI seconds.
.It Dv CLOCK_UPTIME
.It Dv CLOCK_UPTIME_PRECISE
.It Dv CLOCK_UPTIME_FAST
.It Dv CLOCK_BOOTTIME
Starts at zero when the kernel boots and increments
monotonically in SI seconds while the machine is running.
.It Dv CLOCK_VIRTUAL
Increments only when
the CPU is running in user mode on behalf of the calling process.
.It Dv CLOCK_PROF
Increments when the CPU is running in user or kernel mode.
.It Dv CLOCK_SECOND
Returns the current second without performing a full time counter
query, using an in-kernel cached value of the current second.
.It Dv CLOCK_PROCESS_CPUTIME_ID
Returns the execution time of the calling process.
.It Dv CLOCK_THREAD_CPUTIME_ID
Returns the execution time of the calling thread.
.El
.Pp
The clock IDs
.Fa CLOCK_REALTIME_FAST ,
.Fa CLOCK_MONOTONIC_FAST ,
.Fa CLOCK_UPTIME_FAST
are analogs of corresponding IDs without _FAST suffix but do not perform
a full time counter query, so their accuracy is one timer tick.
Similarly,
.Fa CLOCK_REALTIME_PRECISE ,
.Fa CLOCK_MONOTONIC_PRECISE ,
.Fa CLOCK_UPTIME_PRECISE
are used to get the most exact value as possible, at the expense of
execution time.
The clock IDs
.Fa CLOCK_REALTIME_COARSE ,
.Fa CLOCK_MONOTONIC_COARSE
are aliases of corresponding IDs with _FAST suffix for compatibility with other
systems.
Finally,
.Dv CLOCK_BOOTTIME
is an alias for
.Dv CLOCK_UPTIME
for compatibility with other systems.
.Pp
The structure pointed to by
.Fa tp
is defined in
.In sys/timespec.h
as:
.Bd -literal
struct timespec {
time_t tv_sec; /* seconds */
long tv_nsec; /* and nanoseconds */
};
.Ed
.Pp
Only the super-user may set the time of day, using only
.Fa CLOCK_REALTIME .
If the system securelevel is greater than 1 (see
.Xr init 8 ) ,
the time may only be advanced.
This limitation is imposed to prevent a malicious super-user
from setting arbitrary time stamps on files.
The system time can still be adjusted backwards using the
.Xr adjtime 2
system call even when the system is secure.
.Pp
The resolution (granularity) of a clock is returned by the
.Fn clock_getres
system call.
This value is placed in a (non-NULL)
.Fa *tp .
.Sh RETURN VALUES
.Rv -std
.Sh ERRORS
The following error codes may be set in
.Va errno :
.Bl -tag -width Er
.It Bq Er EINVAL
The
.Fa clock_id
or
.Fa timespec
argument
was not a valid value.
.It Bq Er EPERM
A user other than the super-user attempted to set the time.
.El
.Sh SEE ALSO
.Xr date 1 ,
.Xr adjtime 2 ,
.Xr clock_getcpuclockid 3 ,
.Xr ctime 3 ,
-.Xr pthread_getcpuclockid 3 ,
-.Xr timed 8
+.Xr pthread_getcpuclockid 3
.Sh STANDARDS
The
.Fn clock_gettime ,
.Fn clock_settime ,
and
.Fn clock_getres
system calls conform to
.St -p1003.1b-93 .
The clock IDs
.Fa CLOCK_REALTIME_FAST ,
.Fa CLOCK_REALTIME_PRECISE ,
.Fa CLOCK_MONOTONIC_FAST ,
.Fa CLOCK_MONOTONIC_PRECISE ,
.Fa CLOCK_UPTIME ,
.Fa CLOCK_UPTIME_FAST ,
.Fa CLOCK_UPTIME_PRECISE ,
.Fa CLOCK_SECOND
are FreeBSD extensions to the POSIX interface.
.Sh HISTORY
The
.Fn clock_gettime ,
.Fn clock_settime ,
and
.Fn clock_getres
system calls first appeared in
.Fx 3.0 .
diff --git a/lib/libc/sys/gettimeofday.2 b/lib/libc/sys/gettimeofday.2
index 29f713653063..08e3979149e7 100644
--- a/lib/libc/sys/gettimeofday.2
+++ b/lib/libc/sys/gettimeofday.2
@@ -1,132 +1,131 @@
.\" Copyright (c) 1980, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" @(#)gettimeofday.2 8.2 (Berkeley) 5/26/95
.\" $FreeBSD$
.\"
-.Dd October 27, 2018
+.Dd May 13, 2021
.Dt GETTIMEOFDAY 2
.Os
.Sh NAME
.Nm gettimeofday ,
.Nm settimeofday
.Nd get/set date and time
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/time.h
.Ft int
.Fn gettimeofday "struct timeval *tp" "struct timezone *tzp"
.Ft int
.Fn settimeofday "const struct timeval *tp" "const struct timezone *tzp"
.Sh DESCRIPTION
The system's notion of the current Greenwich time and the current time
zone is obtained with the
.Fn gettimeofday
system call, and set with the
.Fn settimeofday
system call.
The time is expressed in seconds and microseconds
since midnight (0 hour), January 1, 1970.
The resolution of the system
clock is hardware dependent, and the time may be updated continuously or
in
.Dq ticks .
If
.Fa tp
or
.Fa tzp
is NULL, the associated time
information will not be returned or set.
.Pp
The structures pointed to by
.Fa tp
and
.Fa tzp
are defined in
.In sys/time.h
as:
.Bd -literal
struct timeval {
time_t tv_sec; /* seconds */
suseconds_t tv_usec; /* and microseconds */
};
struct timezone {
int tz_minuteswest; /* minutes west of Greenwich */
int tz_dsttime; /* type of dst correction */
};
.Ed
.Pp
The
.Vt timezone
structure indicates the local time zone
(measured in minutes of time westward from Greenwich),
and a flag that, if nonzero, indicates that
Daylight Saving time applies locally during
the appropriate part of the year.
The kernel generally does not track these values and they
are usually returned as zero.
Use
.Xr localtime 3
to find the offset for the currently active timezone.
.Pp
Only the super-user may set the time of day or time zone.
If the system is running at securelevel >= 2 (see
.Xr init 8 ) ,
the time may only be advanced or retarded by a maximum of one second.
This limitation is imposed to prevent a malicious super-user
from setting arbitrary time stamps on files.
The system time can be adjusted backwards without restriction using the
.Xr adjtime 2
system call even when the system is secure.
.Sh RETURN VALUES
.Rv -std
.Sh ERRORS
The following error codes may be set in
.Va errno :
.Bl -tag -width Er
.It Bq Er EINVAL
The supplied
.Fa timeval
value is invalid.
.It Bq Er EPERM
A user other than the super-user attempted to set the time.
.El
.Sh SEE ALSO
.Xr date 1 ,
.Xr adjtime 2 ,
.Xr clock_gettime 2 ,
.Xr ctime 3 ,
.Xr timeradd 3 ,
-.Xr clocks 7 ,
-.Xr timed 8
+.Xr clocks 7
.Sh HISTORY
The
.Fn gettimeofday
system call appeared in
.Bx 4.2 .
diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf
index ddcf7b29b917..46a81508f844 100644
--- a/libexec/rc/rc.conf
+++ b/libexec/rc/rc.conf
@@ -1,786 +1,784 @@
#!/bin/sh
# This is rc.conf - a file full of useful variables that you can set
# to change the default startup behavior of your system. You should
# not edit this file! Put any overrides into one of the ${rc_conf_files}
# instead and you will be able to update these defaults later without
# spamming your local configuration information.
#
# The ${rc_conf_files} files should only contain values which override
# values set in this file. This eases the upgrade path when defaults
# are changed and new features are added.
#
# All arguments must be in double or single quotes.
#
# For a more detailed explanation of all the rc.conf variables, please
# refer to the rc.conf(5) manual page.
#
# $FreeBSD$
##############################################################
### Important initial Boot-time options ####################
##############################################################
# Set default value of _localbase if not previously set
: ${_localbase:="/usr/local"}
# rc_debug can't be set here without interferring with rc.subr's setting it
# when the kenv variable rc.debug is set.
#rc_debug="NO" # Set to YES to enable debugging output from rc.d
rc_info="NO" # Enables display of informational messages at boot.
rc_startmsgs="YES" # Show "Starting foo:" messages at boot
rcshutdown_timeout="90" # Seconds to wait before terminating rc.shutdown
early_late_divider="FILESYSTEMS" # Script that separates early/late
# stages of the boot process. Make sure you know
# the ramifications if you change this.
# See rc.conf(5) for more details.
always_force_depends="NO" # Set to check that indicated dependencies are
# running during boot (can increase boot time).
apm_enable="NO" # Set to YES to enable APM BIOS functions (or NO).
apmd_enable="NO" # Run apmd to handle APM event from userland.
apmd_flags="" # Flags to apmd (if enabled).
ddb_enable="NO" # Set to YES to load ddb scripts at boot.
ddb_config="/etc/ddb.conf" # ddb(8) config file.
devd_enable="YES" # Run devd, to trigger programs on device tree changes.
devd_flags="" # Additional flags for devd(8).
devmatch_enable="YES" # Demand load kernel modules based on device ids.
devmatch_blocklist="" # List of modules (w/o .ko) to exclude from devmatch.
#kld_list="" # Kernel modules to load after local disks are mounted
kldxref_enable="YES" # Build linker.hints files with kldxref(8).
kldxref_clobber="NO" # Overwrite old linker.hints at boot.
kldxref_module_path="" # Override kern.module_path. A ';'-delimited list.
powerd_enable="NO" # Run powerd to lower our power usage.
powerd_flags="" # Flags to powerd (if enabled).
tmpmfs="AUTO" # Set to YES to always create an mfs /tmp, NO to never
tmpsize="20m" # Size of mfs /tmp if created
tmpmfs_flags="-S" # Extra mdmfs options for the mfs /tmp
varmfs="AUTO" # Set to YES to always create an mfs /var, NO to never
varsize="32m" # Size of mfs /var if created
varmfs_flags="-S" # Extra mount options for the mfs /var
mfs_type="auto" # "md", "tmpfs", "auto" to prefer tmpfs with md as fallback
populate_var="AUTO" # Set to YES to always (re)populate /var, NO to never
cleanvar_enable="YES" # Clean the /var directory
var_run_enable="NO" # Save/restore /var/run structure at shutdown/reboot
var_run_autosave="NO" # Only restore /var/run structure at shutdown/reboot
# The user is expected to issue service var_run save to
# manually save the /var/run mtree
var_run_mtree="/var/db/mtree/BSD.var-run.mtree"
# Where to save /var/run mtree
local_startup="${_localbase}/etc/rc.d" # startup script dirs.
script_name_sep=" " # Change if your startup scripts' names contain spaces
rc_conf_files="/etc/rc.conf /etc/rc.conf.local"
# ZFS support
zfs_enable="NO" # Set to YES to automatically mount ZFS file systems
zfskeys_enable="NO" # Set YES to autoload ZFS encryption keys
zfs_bootonce_activate="NO" # Set YES to make successful bootonce BE permanent
zpool_reguid="" # Set to zpools for which the GUID should be replaced
# upon first boot.
# ZFSD support
zfsd_enable="NO" # Set to YES to automatically start the ZFS fault
# management daemon.
gptboot_enable="YES" # GPT boot success/failure reporting.
# Experimental - test before enabling
gbde_autoattach_all="NO" # YES automatically mounts gbde devices from fstab
gbde_devices="NO" # Devices to automatically attach (list, or AUTO)
gbde_attach_attempts="3" # Number of times to attempt attaching gbde devices
gbde_lockdir="/etc" # Where to look for gbde lockfiles
# GELI disk encryption configuration.
geli_devices="" # List of devices to automatically attach in addition to
# GELI devices listed in /etc/fstab.
geli_groups="" # List of groups containing devices to automatically
# attach with the same keyfiles and passphrase
geli_tries="" # Number of times to attempt attaching geli device.
# If empty, kern.geom.eli.tries will be used.
geli_default_flags="" # Default flags for geli(8).
geli_autodetach="YES" # Automatically detach on last close.
# Providers are marked as such when all file systems are
# mounted.
# Example use.
#geli_devices="da1 mirror/home"
#geli_da1_flags="-p -k /etc/geli/da1.keys"
#geli_da1_autodetach="NO"
#geli_mirror_home_flags="-k /etc/geli/home.keys"
#geli_groups="storage backup"
#geli_storage_flags="-k /etc/geli/storage.keys"
#geli_storage_devices="ada0 ada1"
#geli_backup_flags="-j /etc/geli/backup.passfile -k /etc/geli/backup.keys"
#geli_backup_devices="ada2 ada3"
root_rw_mount="YES" # Set to NO to inhibit remounting root read-write.
root_hold_delay="30" # Time to wait for root mount hold release.
fsck_flags="-p" # May be changed to -f (or -f -y) to force a full fsck
fsck_y_enable="NO" # Set to YES to do fsck -y if the initial preen fails.
fsck_y_flags="-T ffs:-R -T ufs:-R" # Additional flags for fsck -y
background_fsck="YES" # Attempt to run fsck in the background where possible.
background_fsck_delay="60" # Time to wait (seconds) before starting the fsck.
growfs_enable="NO" # Set to YES to attempt to grow the root filesystem on boot
netfs_types="nfs:NFS smbfs:SMB" # Net filesystems.
extra_netfs_types="NO" # List of network extra filesystem types for delayed
# mount at startup (or NO).
##############################################################
### Network configuration sub-section ######################
##############################################################
### Basic network and firewall/security options: ###
hostname="" # Set this!
hostid_enable="YES" # Set host UUID.
hostid_file="/etc/hostid" # File with hostuuid.
nisdomainname="NO" # Set to NIS domain if using NIS (or NO).
dhclient_program="/sbin/dhclient" # Path to dhcp client program.
dhclient_flags="" # Extra flags to pass to dhcp client.
#dhclient_flags_em0="" # Extra dhclient flags for em0 only
background_dhclient="NO" # Start dhcp client in the background.
#background_dhclient_em0="YES" # Start dhcp client on em0 in the background.
synchronous_dhclient="NO" # Start dhclient directly on configured
# interfaces during startup.
defaultroute_delay="30" # Time to wait for a default route on a DHCP interface.
defaultroute_carrier_delay="5" # Time to wait for carrier while waiting for a default route.
netif_enable="YES" # Set to YES to initialize network interfaces
netif_ipexpand_max="2048" # Maximum number of IP addrs in a range spec.
wpa_supplicant_program="/usr/sbin/wpa_supplicant"
wpa_supplicant_flags="-s" # Extra flags to pass to wpa_supplicant
wpa_supplicant_conf_file="/etc/wpa_supplicant.conf"
#
firewall_enable="NO" # Set to YES to enable firewall functionality
firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO" # Set to YES to suppress rule display
firewall_logging="NO" # Set to YES to enable events logging
firewall_logif="NO" # Set to YES to create logging-pseudo interface
firewall_flags="" # Flags passed to ipfw when type is a file
firewall_coscripts="" # List of executables/scripts to run after
# firewall starts/stops
firewall_client_net="192.0.2.0/24" # IPv4 Network address for "client"
# firewall.
#firewall_client_net_ipv6="2001:db8:2:1::/64" # IPv6 network prefix for
# "client" firewall.
firewall_simple_iif="em1" # Inside network interface for "simple"
# firewall.
firewall_simple_inet="192.0.2.16/28" # Inside network address for "simple"
# firewall.
firewall_simple_oif="em0" # Outside network interface for "simple"
# firewall.
firewall_simple_onet="192.0.2.0/28" # Outside network address for "simple"
# firewall.
#firewall_simple_iif_ipv6="em1" # Inside IPv6 network interface for "simple"
# firewall.
#firewall_simple_inet_ipv6="2001:db8:2:800::/56" # Inside IPv6 network prefix
# for "simple" firewall.
#firewall_simple_oif_ipv6="em0" # Outside IPv6 network interface for "simple"
# firewall.
#firewall_simple_onet_ipv6="2001:db8:2:0::/56" # Outside IPv6 network prefix
# for "simple" firewall.
firewall_myservices="" # List of ports/protocols on which this host
# offers services for "workstation" firewall.
firewall_allowservices="" # List of IPs which have access to
# $firewall_myservices for "workstation"
# firewall.
firewall_trusted="" # List of IPs which have full access to this
# host for "workstation" firewall.
firewall_logdeny="NO" # Set to YES to log default denied incoming
# packets for "workstation" firewall.
firewall_nologports="135-139,445 1026,1027 1433,1434" # List of TCP/UDP ports
# for which denied incoming packets are not
# logged for "workstation" firewall.
firewall_nat_enable="NO" # Enable kernel NAT (if firewall_enable == YES)
firewall_nat_interface="" # Public interface or IPaddress to use
firewall_nat_flags="" # Additional configuration parameters
firewall_nat64_enable="NO" # Enable kernel NAT64 module.
firewall_nptv6_enable="NO" # Enable kernel NPTv6 module.
firewall_pmod_enable="NO" # Enable kernel protocols modification module.
dummynet_enable="NO" # Load the dummynet(4) module
ipfw_netflow_enable="NO" # Enable netflow logging via ng_netflow
ip_portrange_first="NO" # Set first dynamically allocated port
ip_portrange_last="NO" # Set last dynamically allocated port
ike_enable="NO" # Enable IKE daemon (usually racoon or isakmpd)
ike_program="${_localbase}/sbin/isakmpd" # Path to IKE daemon
ike_flags="" # Additional flags for IKE daemon
ipsec_enable="NO" # Set to YES to run setkey on ipsec_file
ipsec_file="/etc/ipsec.conf" # Name of config file for setkey
natd_program="/sbin/natd" # path to natd, if you want a different one.
natd_enable="NO" # Enable natd (if firewall_enable == YES).
natd_interface="" # Public interface or IPaddress to use.
natd_flags="" # Additional flags for natd.
ipfilter_enable="NO" # Set to YES to enable ipfilter functionality
ipfilter_program="/sbin/ipf" # where the ipfilter program lives
ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see
# /usr/src/contrib/ipfilter/rules for examples
ipfilter_flags="" # additional flags for ipfilter
ippool_enable="NO" # Set to YES to enable ip filter pools
ippool_program="/sbin/ippool" # where the ippool program lives
ippool_rules="/etc/ippool.tables" # rules definition file for ippool
ippool_flags="" # additional flags for ippool
ipnat_enable="NO" # Set to YES to enable ipnat functionality
ipnat_program="/sbin/ipnat" # where the ipnat program lives
ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
ipnat_flags="" # additional flags for ipnat
ipmon_enable="NO" # Set to YES for ipmon; needs ipfilter or ipnat
ipmon_program="/sbin/ipmon" # where the ipfilter monitor program lives
ipmon_flags="-Ds" # typically "-Ds" or "-D /var/log/ipflog"
ipfs_enable="NO" # Set to YES to enable saving and restoring
# of state tables at shutdown and boot
ipfs_program="/sbin/ipfs" # where the ipfs program lives
ipfs_flags="" # additional flags for ipfs
pf_enable="NO" # Set to YES to enable packet filter (pf)
pf_rules="/etc/pf.conf" # rules definition file for pf (nonexistent
# by default)
pf_program="/sbin/pfctl" # where the pfctl program lives
pf_flags="" # additional flags for pfctl
pf_fallback_rules_enable="NO" # fallback if loading ruleset fails
pf_fallback_rules="block drop log all" # rules to load on pf ruleset failure
#pf_fallback_rules="block drop log all
#pass quick on em4" # multi-rule
pf_fallback_rules_file="/etc/pf-fallback.conf" # rules file on ruleset failure
pflog_enable="NO" # Set to YES to enable packet filter logging
pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
pflog_program="/sbin/pflogd" # where the pflogd program lives
pflog_flags="" # additional flags for pflogd
ftpproxy_enable="NO" # Set to YES to enable ftp-proxy(8) for pf
ftpproxy_flags="" # additional flags for ftp-proxy(8)
pfsync_enable="NO" # Expose pf state to other hosts for syncing
pfsync_syncdev="" # Interface for pfsync to work through
pfsync_syncpeer="" # IP address of pfsync peer host
pfsync_ifconfig="" # Additional options to ifconfig(8) for pfsync
tcp_extensions="YES" # Set to NO to turn off RFC1323 extensions.
log_in_vain="0" # >=1 to log connects to ports w/o listeners.
tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO).
tcp_drop_synfin="NO" # Set to YES to drop TCP packets with SYN+FIN
# NOTE: this violates the TCP specification
icmp_drop_redirect="auto" # Set to YES to ignore ICMP REDIRECT packets
icmp_log_redirect="NO" # Set to YES to log ICMP REDIRECT packets
network_interfaces="auto" # List of network interfaces (or "auto").
cloned_interfaces="" # List of cloned network interfaces to create.
#cloned_interfaces="gif0 gif1 gif2 gif3" # Pre-cloning GENERIC config.
#ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.
#ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry.
#ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" # Sample IPv6 addr entry
#ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" # Sample IPv6 alias
#ifconfig_em0_name="net0" # Change interface name from em0 to net0.
#vlans_em0="101 vlan0" # vlan(4) interfaces for em0 device
#create_args_vlan0="vlan 102" # vlan tag for vlan0 device
#wlans_ath0="wlan0" # wlan(4) interfaces for ath0 device
#wlandebug_wlan0="scan+auth+assoc" # Set debug flags with wlandebug(8)
#ipv4_addrs_em0="192.168.0.1/24 192.168.1.1-5/28" # example IPv4 address entry.
#
#autobridge_interfaces="bridge0" # List of bridges to check
#autobridge_bridge0="tap* vlan0" # Interface glob to automatically add to the bridge
#
# If you have any sppp(4) interfaces above, you might also want to set
# the following parameters. Refer to spppcontrol(8) for their meaning.
sppp_interfaces="" # List of sppp interfaces.
#sppp_interfaces="...0" # example: sppp over ...
#spppconfig_...0="authproto=chap myauthname=foo myauthsecret='top secret' hisauthname=some-gw hisauthsecret='another secret'"
# User ppp configuration.
ppp_enable="NO" # Start user-ppp (or NO).
ppp_program="/usr/sbin/ppp" # Path to user-ppp program.
ppp_mode="auto" # Choice of "auto", "ddial", "direct" or "dedicated".
# For details see man page for ppp(8). Default is auto.
ppp_nat="YES" # Use PPP's internal network address translation or NO.
ppp_profile="papchap" # Which profile to use from /etc/ppp/ppp.conf.
ppp_user="root" # Which user to run ppp as
# Start multiple instances of ppp at boot time
#ppp_profile="profile1 profile2 profile3" # Which profiles to use
#ppp_profile1_mode="ddial" # Override ppp mode for profile1
#ppp_profile2_nat="NO" # Override nat mode for profile2
# profile3 uses default ppp_mode and ppp_nat
### Network daemon (miscellaneous) ###
hostapd_program="/usr/sbin/hostapd"
hostapd_enable="NO" # Run hostap daemon.
syslogd_enable="YES" # Run syslog daemon (or NO).
syslogd_program="/usr/sbin/syslogd" # path to syslogd, if you want a different one.
syslogd_flags="-s" # Flags to syslogd (if enabled).
syslogd_oomprotect="YES" # Don't kill syslogd when swap space is exhausted.
altlog_proglist="" # List of chrooted applicatioins in /var
inetd_enable="NO" # Run the network daemon dispatcher (YES/NO).
inetd_program="/usr/sbin/inetd" # path to inetd, if you want a different one.
inetd_flags="-wW -C 60" # Optional flags to inetd
iscsid_enable="NO" # iSCSI initiator daemon.
iscsictl_enable="NO" # iSCSI initiator autostart.
iscsictl_flags="-Aa" # Optional flags to iscsictl.
hastd_enable="NO" # Run the HAST daemon (YES/NO).
hastd_program="/sbin/hastd" # path to hastd, if you want a different one.
hastd_flags="" # Optional flags to hastd.
ctld_enable="NO" # CAM Target Layer / iSCSI target daemon.
local_unbound_enable="NO" # Local caching resolver
local_unbound_tls="NO" # Use DNS over TLS
blacklistd_enable="NO" # Run blacklistd daemon (YES/NO).
blacklistd_flags="" # Optional flags for blacklistd(8).
resolv_enable="YES" # Enable resolv / resolvconf
#
# kerberos. Do not run the admin daemons on slave servers
#
kdc_enable="NO" # Run a kerberos 5 KDC (or NO).
kdc_program="/usr/libexec/kdc" # path to kerberos 5 KDC
kdc_flags="" # Additional flags to the kerberos 5 KDC
kadmind_enable="NO" # Run kadmind (or NO)
kadmind_program="/usr/libexec/kadmind" # path to kadmind
kpasswdd_enable="NO" # Run kpasswdd (or NO)
kpasswdd_program="/usr/libexec/kpasswdd" # path to kpasswdd
kfd_enable="NO" # Run kfd (or NO)
kfd_program="/usr/libexec/kfd" # path to kerberos 5 kfd daemon
kfd_flags=""
ipropd_master_enable="NO" # Run Heimdal incremental propagation daemon
# (master daemon).
ipropd_master_program="/usr/libexec/ipropd-master"
ipropd_master_flags="" # Flags to ipropd-master.
ipropd_master_keytab="/etc/krb5.keytab" # keytab for ipropd-master.
ipropd_master_slaves="" # slave node names used for /var/heimdal/slaves.
ipropd_slave_enable="NO" # Run Heimdal incremental propagation daemon
# (slave daemon).
ipropd_slave_program="/usr/libexec/ipropd-slave"
ipropd_slave_flags="" # Flags to ipropd-slave.
ipropd_slave_keytab="/etc/krb5.keytab" # keytab for ipropd-slave.
ipropd_slave_master="" # master node name.
gssd_enable="NO" # Run the gssd daemon (or NO).
gssd_program="/usr/sbin/gssd" # Path to gssd.
gssd_flags="" # Flags for gssd.
rwhod_enable="NO" # Run the rwho daemon (or NO).
rwhod_flags="" # Flags for rwhod
rarpd_enable="NO" # Run rarpd (or NO).
rarpd_flags="-a" # Flags to rarpd.
bootparamd_enable="NO" # Run bootparamd (or NO).
bootparamd_flags="" # Flags to bootparamd
pppoed_enable="NO" # Run the PPP over Ethernet daemon.
pppoed_provider="*" # Provider and ppp(8) config file entry.
pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled).
pppoed_interface="em0" # The interface that pppoed runs on.
sshd_enable="NO" # Enable sshd
sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one.
sshd_flags="" # Additional flags for sshd.
ftpd_enable="NO" # Enable stand-alone ftpd.
ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one.
ftpd_flags="" # Additional flags to stand-alone ftpd.
### Network daemon (NFS): All need rpcbind_enable="YES" ###
autofs_enable="NO" # Run autofs daemons.
automount_flags="" # Flags to automount(8) (if autofs enabled).
automountd_flags="" # Flags to automountd(8) (if autofs enabled).
autounmountd_flags="" # Flags to autounmountd(8) (if autofs enabled).
nfs_client_enable="NO" # This host is an NFS client (or NO).
nfs_access_cache="60" # Client cache timeout in seconds
nfs_server_enable="NO" # This host is an NFS server (or NO).
nfs_server_flags="-u -t" # Flags to nfsd (if enabled).
nfs_server_managegids="NO" # The NFS server maps gids for AUTH_SYS (or NO).
nfs_server_maxio="131072" # Maximum I/O size for the nfsd.
mountd_enable="NO" # Run mountd (or NO).
mountd_flags="-r -S" # Flags to mountd (if NFS server enabled).
weak_mountd_authentication="NO" # Allow non-root mount requests to be served.
nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO).
nfs_bufpackets="" # bufspace (in packets) for client
rpc_lockd_enable="NO" # Run NFS rpc.lockd needed for client/server.
rpc_lockd_flags="" # Flags to rpc.lockd (if enabled).
rpc_statd_enable="NO" # Run NFS rpc.statd needed for client/server.
rpc_statd_flags="" # Flags to rpc.statd (if enabled).
rpcbind_enable="NO" # Run the portmapper service (YES/NO).
rpcbind_program="/usr/sbin/rpcbind" # path to rpcbind, if you want a different one.
rpcbind_flags="" # Flags to rpcbind (if enabled).
rpc_ypupdated_enable="NO" # Run if NIS master and SecureRPC (or NO).
keyserv_enable="NO" # Run the SecureRPC keyserver (or NO).
keyserv_flags="" # Flags to keyserv (if enabled).
nfsv4_server_enable="NO" # Enable support for NFSv4
nfsv4_server_only="NO" # Set NFS server to NFSv4 only
nfscbd_enable="NO" # NFSv4 client side callback daemon
nfscbd_flags="" # Flags for nfscbd
nfsuserd_enable="NO" # NFSv4 user/group name mapping daemon
nfsuserd_flags="" # Flags for nfsuserd
tlsclntd_enable="NO" # Run rpc.tlsclntd needed for NFS-over-TLS mount
tlsclntd_flags="" # Flags for rpc.tlsclntd
tlsservd_enable="NO" # Run rpc.tlsservd needed for NFS-over-TLS nfsd
tlsservd_flags="" # Flags for rpc.tlsservd
### Network Time Services options: ###
-timed_enable="NO" # Run the time daemon (or NO).
-timed_flags="" # Flags to timed (if enabled).
ntpdate_enable="NO" # Run ntpdate to sync time on boot (or NO).
ntpdate_program="/usr/sbin/ntpdate" # path to ntpdate, if you want a different one.
ntpdate_flags="-b" # Flags to ntpdate (if enabled).
ntpdate_config="/etc/ntp.conf" # ntpdate(8) configuration file
ntpdate_hosts="" # Whitespace-separated list of ntpdate(8) servers.
ntpd_enable="NO" # Run ntpd Network Time Protocol (or NO).
ntpd_program="/usr/sbin/ntpd" # path to ntpd, if you want a different one.
ntpd_config="/etc/ntp.conf" # ntpd(8) configuration file
ntpd_sync_on_start="NO" # Sync time on ntpd startup, even if offset is high
ntpd_flags="" # Additional flags to ntpd
ntp_src_leapfile="/etc/ntp/leap-seconds"
# Initial source for ntpd leapfile
ntp_db_leapfile="/var/db/ntpd.leap-seconds.list"
# Working copy (updated weekly) leapfile
ntp_leapfile_sources="https://www.ietf.org/timezones/data/leap-seconds.list"
# Source from which to fetch leapfile
ntp_leapfile_fetch_opts="-mq" # Options to use for ntp leapfile fetch,
# e.g. --no-verify-peer
ntp_leapfile_expiry_days=30 # Check for new leapfile 30 days prior to
# expiry.
ntp_leapfile_fetch_verbose="NO" # Be verbose during NTP leapfile fetch
# Network Information Services (NIS) options: All need rpcbind_enable="YES" ###
nis_client_enable="NO" # We're an NIS client (or NO).
nis_client_flags="" # Flags to ypbind (if enabled).
nis_ypset_enable="NO" # Run ypset at boot time (or NO).
nis_ypset_flags="" # Flags to ypset (if enabled).
nis_server_enable="NO" # We're an NIS server (or NO).
nis_server_flags="" # Flags to ypserv (if enabled).
nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO).
nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled).
nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or NO).
nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled).
nis_ypldap_enable="NO" # Run ypldap at boot time (or NO).
nis_ypldap_flags="" # Flags to ypldap (if enabled).
### SNMP daemon ###
# Be sure to understand the security implications of running SNMP v1/v2
# in your network.
bsnmpd_enable="NO" # Run the SNMP daemon (or NO).
bsnmpd_flags="" # Flags for bsnmpd.
### Network routing options: ###
defaultrouter="NO" # Set to default gateway (or NO).
static_arp_pairs="" # Set to static ARP list (or leave empty).
static_ndp_pairs="" # Set to static NDP list (or leave empty).
static_routes="" # Set to static route list (or leave empty).
gateway_enable="NO" # Set to YES if this host will be a gateway.
routed_enable="NO" # Set to YES to enable a routing daemon.
routed_program="/sbin/routed" # Name of routing daemon to use if enabled.
routed_flags="-q" # Flags for routing daemon.
arpproxy_all="NO" # replaces obsolete kernel option ARP_PROXYALL.
forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES")
accept_sourceroute="NO" # accept source routed packets to us
### Bluetooth ###
hcsecd_enable="NO" # Enable hcsecd(8) (or NO)
hcsecd_config="/etc/bluetooth/hcsecd.conf" # hcsecd(8) configuration file
sdpd_enable="NO" # Enable sdpd(8) (or NO)
sdpd_control="/var/run/sdp" # sdpd(8) control socket
sdpd_groupname="nobody" # set spdp(8) user/group to run as after
sdpd_username="nobody" # it initializes
bthidd_enable="NO" # Enable bthidd(8) (or NO)
bthidd_config="/etc/bluetooth/bthidd.conf" # bthidd(8) configuration file
bthidd_hids="/var/db/bthidd.hids" # bthidd(8) known HID devices file
bthidd_evdev_support="AUTO" # AUTO depends on EVDEV_SUPPORT kernel option
rfcomm_pppd_server_enable="NO" # Enable rfcomm_pppd(8) in server mode (or NO)
rfcomm_pppd_server_profile="one two" # Profile to use from /etc/ppp/ppp.conf
#
#rfcomm_pppd_server_one_bdaddr="" # Override local bdaddr for 'one'
rfcomm_pppd_server_one_channel="1" # Override local channel for 'one'
#rfcomm_pppd_server_one_register_sp="NO" # Override SP and DUN register
#rfcomm_pppd_server_one_register_dun="NO" # for 'one'
#
#rfcomm_pppd_server_two_bdaddr="" # Override local bdaddr for 'two'
rfcomm_pppd_server_two_channel="3" # Override local channel for 'two'
#rfcomm_pppd_server_two_register_sp="NO" # Override SP and DUN register
#rfcomm_pppd_server_two_register_dun="NO" # for 'two'
ubthidhci_enable="NO" # Switch an USB BT controller present on
#ubthidhci_busnum="3" # bus 3 and addr 2 from HID mode to HCI mode.
#ubthidhci_addr="2" # Check usbconfig list to find the correct
# numbers for your system.
### Network link/usability verification options
netwait_enable="NO" # Enable rc.d/netwait (or NO)
#netwait_ip="" # Wait for ping response from any IP in this list.
netwait_timeout="60" # Total number of seconds to perform pings.
#netwait_if="" # Wait for active link on each intf in this list.
netwait_if_timeout="30" # Total number of seconds to monitor link state.
### Miscellaneous network options: ###
icmp_bmcastecho="NO" # respond to broadcast ping packets
### IPv6 options: ###
ipv6_network_interfaces="auto" # List of IPv6 network interfaces
# (or "auto" or "none").
ipv6_activate_all_interfaces="NO" # If NO, interfaces which have no
# corresponding $ifconfig_IF_ipv6 is
# marked as IFDISABLED for security
# reason.
ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO).
#ipv6_defaultrouter="2002:c058:6301::" # Use this for 6to4 (RFC 3068)
ipv6_static_routes="" # Set to static route list (or leave empty).
#ipv6_static_routes="xxx" # An example to set fec0:0000:0000:0006::/64
# route toward loopback interface.
#ipv6_route_xxx="fec0:0000:0000:0006:: -prefixlen 64 ::1"
ipv6_gateway_enable="NO" # Set to YES if this host will be a gateway.
ipv6_cpe_wanif="NO" # Set to the upstream interface name if this
# node will work as a router to forward IPv6
# packets not explicitly addressed to itself.
ipv6_privacy="NO" # Use privacy address on RA-receiving IFs
# (RFC 4941)
route6d_enable="NO" # Set to YES to enable an IPv6 routing daemon.
route6d_program="/usr/sbin/route6d" # Name of IPv6 routing daemon.
route6d_flags="" # Flags to IPv6 routing daemon.
#route6d_flags="-l" # Example for route6d with only IPv6 site local
# addrs.
#route6d_flags="-q" # If you want to run a routing daemon on an end
# node, you should stop advertisement.
#ipv6_network_interfaces="em0 em1" # Examples for router
# or static configuration for end node.
# Choose correct prefix value.
#ipv6_prefix_em0="fec0:0000:0000:0001 fec0:0000:0000:0002" # Examples for rtr.
#ipv6_prefix_em1="fec0:0000:0000:0003 fec0:0000:0000:0004" # Examples for rtr.
ipv6_default_interface="NO" # Default output interface for scoped addrs.
# This works only with
# ipv6_gateway_enable="NO".
rtsol_flags="-i" # Flags to IPv6 router solicitation.
rtsold_enable="NO" # Set to YES to enable an IPv6 router
# solicitation daemon.
rtsold_flags="-a -i" # Flags to an IPv6 router solicitation
# daemon.
rtadvd_enable="NO" # Set to YES to enable an IPv6 router
# advertisement daemon. If set to YES,
# this router becomes a possible candidate
# IPv6 default router for local subnets.
rtadvd_interfaces="" # Interfaces rtadvd sends RA packets.
stf_interface_ipv4addr="" # Local IPv4 addr for 6to4 IPv6 over IPv4
# tunneling interface. Specify this entry
# to enable 6to4 interface.
stf_interface_ipv4plen="0" # Prefix length for 6to4 IPv4 addr,
# to limit peer addr range. Effective value
# is 0-31.
stf_interface_ipv6_ifid="0:0:0:1" # IPv6 interface id for stf0.
# If you like, you can set "AUTO" for this.
stf_interface_ipv6_slaid="0000" # IPv6 Site Level Aggregator for stf0
ipv6_ipv4mapping="NO" # Set to "YES" to enable IPv4 mapped IPv6 addr
# communication. (like ::ffff:a.b.c.d)
ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter,
# see /usr/src/contrib/ipfilter/rules
# for examples
ip6addrctl_enable="YES" # Set to YES to enable default address selection
ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration messages
ip6addrctl_policy="AUTO" # A pre-defined address selection policy
# (ipv4_prefer, ipv6_prefer, or AUTO)
##############################################################
### System console options #################################
##############################################################
keyboard="" # keyboard device to use (default /dev/kbd0).
keymap="NO" # keymap in /usr/share/{syscons,vt}/keymaps/* (or NO).
keyrate="NO" # keyboard rate to: slow, normal, fast (or NO).
keybell="NO" # See kbdcontrol(1) for options. Use "off" to disable.
keychange="NO" # function keys default values (or NO).
cursor="NO" # cursor type {normal|blink|destructive} (or NO).
scrnmap="NO" # screen map in /usr/share/syscons/scrnmaps/* (or NO).
font8x16="NO" # font 8x16 from /usr/share/{syscons,vt}/fonts/* (or NO).
font8x14="NO" # font 8x14 from /usr/share/{syscons,vt}/fonts/* (or NO).
font8x8="NO" # font 8x8 from /usr/share/{syscons,vt}/fonts/* (or NO).
blanktime="300" # blank time (in seconds) or "NO" to turn it off.
saver="NO" # screen saver: Uses /boot/kernel/${saver}_saver.ko
moused_nondefault_enable="YES" # Treat non-default mice as enabled unless
# specifically overridden in rc.conf(5).
moused_enable="NO" # Run the mouse daemon.
moused_type="auto" # See man page for rc.conf(5) for available settings.
moused_port="/dev/psm0" # Set to your mouse port.
moused_flags="" # Any additional flags to moused.
mousechar_start="NO" # if 0xd0-0xd3 default range is occupied in your
# language code table, specify alternative range
# start like mousechar_start=3, see vidcontrol(1)
allscreens_flags="" # Set this vidcontrol mode for all virtual screens
allscreens_kbdflags="" # Set this kbdcontrol mode for all virtual screens
##############################################################
### Mail Transfer Agent (MTA) options ######################
##############################################################
mta_start_script="/etc/rc.sendmail"
# Script to start your chosen MTA, called by /etc/rc.
# Settings for /etc/rc.sendmail and /etc/rc.d/sendmail:
sendmail_enable="NO" # Run the sendmail inbound daemon (YES/NO).
sendmail_pidfile="/var/run/sendmail.pid" # sendmail pid file
sendmail_procname="/usr/sbin/sendmail" # sendmail process name
sendmail_flags="-L sm-mta -bd -q30m" # Flags to sendmail (as a server)
sendmail_cert_create="YES" # Create a server certificate if none (YES/NO)
#sendmail_cert_cn="CN" # CN of the generate certificate
sendmail_submit_enable="YES" # Start a localhost-only MTA for mail submission
sendmail_submit_flags="-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost"
# Flags for localhost-only MTA
sendmail_outbound_enable="YES" # Dequeue stuck mail (YES/NO).
sendmail_outbound_flags="-L sm-queue -q30m" # Flags to sendmail (outbound only)
sendmail_msp_queue_enable="YES" # Dequeue stuck clientmqueue mail (YES/NO).
sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m"
# Flags for sendmail_msp_queue daemon.
sendmail_rebuild_aliases="NO" # Run newaliases if necessary (YES/NO).
##############################################################
### Miscellaneous administrative options ###################
##############################################################
auditd_enable="NO" # Run the audit daemon.
auditd_program="/usr/sbin/auditd" # Path to the audit daemon.
auditd_flags="" # Which options to pass to the audit daemon.
auditdistd_enable="NO" # Run the audit daemon.
auditdistd_program="/usr/sbin/auditdistd" # Path to the auditdistd daemon.
auditdistd_flags="" # Which options to pass to the auditdistd daemon.
cron_enable="YES" # Run the periodic job daemon.
cron_program="/usr/sbin/cron" # Which cron executable to run (if enabled).
cron_dst="YES" # Handle DST transitions intelligently (YES/NO)
cron_flags="" # Which options to pass to the cron daemon.
cfumass_enable="NO" # Create default LUN for cfumass(4).
cfumass_dir="/var/cfumass" # File to LUN's contents.
cfumass_image="/var/tmp/cfumass.img" # LUN's backing file path.
lpd_enable="NO" # Run the line printer daemon.
lpd_program="/usr/sbin/lpd" # path to lpd, if you want a different one.
lpd_flags="" # Flags to lpd (if enabled).
nscd_enable="NO" # Run the nsswitch caching daemon.
chkprintcap_enable="NO" # Run chkprintcap(8) before running lpd.
chkprintcap_flags="-d" # Create missing directories by default.
dumpdev="NO" # Device to crashdump to (device name, AUTO, or NO).
dumpon_flags="" # Options to pass to dumpon(8), followed by dumpdev.
dumpdir="/var/crash" # Directory where crash dumps are to be stored
savecore_enable="YES" # Extract core from dump devices if any
savecore_flags="-m 10" # Used if dumpdev is enabled above, and present.
# By default, only the 10 most recent kernel dumps
# are saved.
service_delete_empty="NO" # Have 'service delete' remove empty rc.conf.d files.
crashinfo_enable="YES" # Automatically generate crash dump summary.
crashinfo_program="/usr/sbin/crashinfo" # Script to generate crash dump summary.
quota_enable="NO" # turn on quotas on startup (or NO).
check_quotas="YES" # Check quotas on startup (or NO).
quotaon_flags="-a" # Turn quotas on for all file systems (if enabled)
quotaoff_flags="-a" # Turn quotas off for all file systems at shutdown
quotacheck_flags="-a" # Check all file system quotas (if enabled)
accounting_enable="NO" # Turn on process accounting (or NO).
firstboot_sentinel="/firstboot" # Scripts with "firstboot" keyword are run if
# this file exists. Should be on a R/W filesystem so
# the file can be deleted after the boot completes.
sysvipc_enable="NO" # Load System V IPC primitives at startup (or NO).
linux_enable="NO" # Linux binary compatibility loaded at startup (or NO).
linux_mounts_enable="YES" # If linux_enable is set to YES, mount Linux-specific
# filesystems at startup.
clear_tmp_enable="NO" # Clear /tmp at startup.
clear_tmp_X="YES" # Clear and recreate X11-related directories in /tmp
ldconfig_insecure="NO" # Set to YES to disable ldconfig security checks
ldconfig_paths="/usr/lib/compat ${_localbase}/lib ${_localbase}/lib/compat/pkg"
# shared library search paths
ldconfig32_paths="/usr/lib32 /usr/lib32/compat"
# 32-bit compatibility shared library search paths
ldconfigsoft_paths="/usr/libsoft /usr/libsoft/compat ${_localbase}/libsoft"
# soft float compatibility shared library search paths
# Note: temporarily with extra stuff for transition
ldconfig_local_dirs="${_localbase}/libdata/ldconfig"
# Local directories with ldconfig configuration files.
ldconfig_local32_dirs="${_localbase}/libdata/ldconfig32"
# Local directories with 32-bit compatibility ldconfig
# configuration files.
ldconfig_localsoft_dirs="${_localbase}/libdata/ldconfigsoft"
# Local directories with soft float compatibility ldconfig
# configuration files.
kern_securelevel_enable="NO" # kernel security level (see security(7))
kern_securelevel="-1" # range: -1..3 ; `-1' is the most insecure
# Note that setting securelevel to 0 will result
# in the system booting with securelevel set to 1, as
# init(8) will raise the level when rc(8) completes.
update_motd="YES" # update version info in /etc/motd (or NO)
entropy_boot_file="/boot/entropy" # Set to NO to disable very early
# (used at early boot time) entropy caching through reboots.
entropy_file="/entropy" # Set to NO to disable late (used when going multi-user)
# entropy through reboots.
# /var/db/entropy-file is preferred if / is not avail.
entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron.
entropy_save_sz="4096" # Size of the entropy cache files.
entropy_save_num="8" # Number of entropy cache files to save.
harvest_mask="511" # Entropy device harvests all but the very invasive sources.
# (See 'sysctl kern.random.harvest' and random(4))
osrelease_enable="YES" # Update /var/run/os-release on boot (or NO).
osrelease_file="/var/run/os-release" # File to update for os-release.
osrelease_perms="444" # Default permission for os-release file.
dmesg_enable="YES" # Save dmesg(8) to /var/run/dmesg.boot
watchdogd_enable="NO" # Start the software watchdog daemon
watchdogd_flags="" # Flags to watchdogd (if enabled)
watchdogd_timeout="" # watchdogd timeout, overrides -t in watchdogd_flags
watchdogd_shutdown_timeout="" # Timeout to use after watchdogd is stopped.
# Has effect only for system shutdown.
# Overrides -x in watchdogd_flags.
devfs_rulesets="/etc/defaults/devfs.rules /etc/devfs.rules" # Files containing
# devfs(8) rules.
devfs_system_ruleset="" # The name (NOT number) of a ruleset to apply to /dev
devfs_set_rulesets="" # A list of /mount/dev=ruleset_name settings to
# apply (must be mounted already, i.e. fstab(5))
devfs_load_rulesets="YES" # Enable to always load the default rulesets
performance_cx_lowest="NONE" # Online CPU idle state
performance_cpu_freq="NONE" # Online CPU frequency
economy_cx_lowest="Cmax" # Offline CPU idle state
economy_cpu_freq="NONE" # Offline CPU frequency
virecover_enable="YES" # Perform housekeeping for the vi(1) editor
ugidfw_enable="NO" # Load mac_bsdextended(4) rules on boot
bsdextended_script="/etc/rc.bsdextended" # Default mac_bsdextended(4)
# ruleset file.
newsyslog_enable="YES" # Run newsyslog at startup.
newsyslog_flags="-CN" # Newsyslog flags to create marked files
mixer_enable="YES" # Run the sound mixer.
opensm_enable="NO" # Opensm(8) for infiniband devices defaults to off
# rctl(8) requires kernel options RACCT and RCTL
rctl_enable="YES" # Load rctl(8) rules on boot
rctl_rules="/etc/rctl.conf" # rctl(8) ruleset. See rctl.conf(5).
iovctl_files="" # Config files for iovctl(8)
##############################################################
### Jail Configuration (see rc.conf(5) manual page) ##########
##############################################################
jail_enable="NO" # Set to NO to disable starting of any jails
jail_conf="/etc/jail.conf" # Configuration file for jail(8)
jail_confwarn="YES" # Prevent warning about obsolete per-jail configuration
jail_parallel_start="NO" # Start jails in the background
jail_list="" # Space separated list of names of jails
jail_reverse_stop="NO" # Stop jails in reverse order
##############################################################
### Define source_rc_confs, the mechanism used by /etc/rc.* ##
### scripts to source rc_conf_files overrides safely. ##
##############################################################
if [ -z "${source_rc_confs_defined}" ]; then
source_rc_confs_defined=yes
source_rc_confs() {
local i sourced_files
for i in ${rc_conf_files}; do
case ${sourced_files} in
*:$i:*)
;;
*)
sourced_files="${sourced_files}:$i:"
if [ -r $i ]; then
. $i
fi
;;
esac
done
# Re-do process to pick up [possibly] redefined $rc_conf_files
for i in ${rc_conf_files}; do
case ${sourced_files} in
*:$i:*)
;;
*)
sourced_files="${sourced_files}:$i:"
if [ -r $i ]; then
. $i
fi
;;
esac
done
}
fi
# Allow vendors to override FreeBSD defaults in /etc/default/rc.conf
# without the need to carefully manage /etc/rc.conf.
if [ -r /etc/defaults/vendor.conf ]; then
. /etc/defaults/vendor.conf
fi
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index dda8f41201e4..31c92d536b7c 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -1,4846 +1,4822 @@
.\" Copyright (c) 1995
.\" Jordan K. Hubbard
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd July 7, 2022
.Dt RC.CONF 5
.Os
.Sh NAME
.Nm rc.conf
.Nd system configuration information
.Sh DESCRIPTION
The file
.Nm
contains descriptive information about the local host name, configuration
details for any potential network interfaces and which services should be
started up at system initial boot time.
In new installations, the
.Nm
file is generally initialized by the system installation utility.
.Pp
The purpose of
.Nm
is not to run commands or perform system startup actions
directly.
Instead, it is included by the
various generic startup scripts in
.Pa /etc
which conditionalize their
internal actions according to the settings found there.
.Pp
The
.Pa /etc/rc.conf
file is included from the file
.Pa /etc/defaults/rc.conf ,
which specifies the default settings for all the available options.
Options need only be specified in
.Pa /etc/rc.conf
when the system administrator wishes to override these defaults.
The file
.Pa /etc/defaults/vendor.conf
allows vendors to override
.Fx
defaults.
The file
.Pa /etc/rc.conf.local
is used to override settings in
.Pa /etc/rc.conf
for historical reasons.
.Pp
The sysrc(8) command provides a scripting interface to modify system
config files.
.Pp
In addition to
.Pa /etc/rc.conf.local
you can also place smaller configuration files for each
.Xr rc 8
script in the
.Pa /etc/rc.conf.d
directory or
.Ao Ar dir Ac Ns Pa /rc.conf.d
directories specified in
.Va local_startup ,
which will be included by the
.Va load_rc_config
function.
For jail configurations you could use the file
.Pa /etc/rc.conf.d/jail
to store jail-specific configuration options.
If
.Va local_startup
contains
.Pa /usr/local/etc/rc.d
and
.Pa /opt/conf ,
.Pa /usr/local/etc/rc.conf.d/jail
and
.Pa /opt/conf/rc.conf.d/jail
will be loaded.
If
.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
is a directory,
all of files in the directory will be loaded.
Also see the
.Va rc_conf_files
variable below.
.Pp
Options are set with
.Dq Ar name Ns Li = Ns Ar value
assignments that use
.Xr sh 1
syntax.
The following list provides a name and short description for each
variable that can be set in the
.Nm
file:
.Bl -tag -width indent-two
.It Va rc_debug
.Pq Vt bool
If set to
.Dq Li YES ,
enable output of debug messages from rc scripts.
This variable can be helpful in diagnosing mistakes when
editing or integrating new scripts.
Beware that this produces copious output to the terminal and
.Xr syslog 3 .
.It Va rc_info
.Pq Vt bool
If set to
.Dq Li NO ,
disable informational messages from the rc scripts.
Informational messages are displayed when
a condition that is not serious enough to warrant a warning or
an error occurs.
.It Va rc_startmsgs
.Pq Vt bool
If set to
.Dq Li YES ,
show
.Dq Starting foo:
when faststart is used (e.g., at boot time).
.It Va early_late_divider
.Pq Vt str
The name of the script that should be used as the
delimiter between the
.Dq early
and
.Dq late
stages of the boot process.
The early stage should contain all the services needed to
get the disks (local or remote) mounted so that the late
stage can include scripts contained in the directories
listed in the
.Va local_startup
variable (see below).
Thus, the two likely candidates for this value are
.Pa mountcritlocal
for the typical system, and
.Pa mountcritremote
if the system needs remote file
systems mounted to get access to the
.Va local_startup
directories; for example when
.Pa /usr/local
is NFS mounted.
For
.Pa rc.conf
within a
.Xr jail 8
.Pa NETWORKING
is likely to be an appropriate value.
Extreme care should be taken when changing this value,
and before changing it one should ensure that there are
adequate provisions to recover from a failed boot
(such as physical contact with the machine,
or reliable remote console access).
.It Va always_force_depends
.Pq Vt bool
Various
.Pa rc.d
scripts use the force_depend function to check whether required
services are already running, and to start them if necessary.
By default during boot time this check is bypassed if the
required service is enabled in
.Pa /etc/rc.conf[.local] .
Setting this option will bypass that check at boot time and
always test whether or not the service is actually running.
Enabling this option is likely to increase your boot time if
services are enabled that utilize the force_depend check.
.It Ao Ar name Ac Ns Va _chroot
.Pq Vt str
.Xr chroot 8
to this directory before running the service.
.It Ao Ar name Ac Ns Va _fib
.Pq Vt int
The
.Xr setfib 1
value to run the service under.
.It Ao Ar name Ac Ns Va _group
.Pq Vt str
Run the chrooted service under this system group.
Unlike the
.Ao Ar name Ac Ns Va _user
setting, this setting has no effect if the service is not chrooted.
.It Ao Ar name Ac Ns Va _limits
.Pq Vt str
Resource limits to apply to the service using
.Xr limits 1 .
By default, resource limits are based on the login class defined in
.Ao Ar name Ac Ns Va _login_class .
.It Ao Ar name Ac Ns Va _login_class
.Pq Vt str
Login class to be used with
.Ao Ar name Ac Ns Va _limits .
Defaults to
.Dq Li daemon .
.It Ao Ar name Ac Ns Va _nice
.Pq Vt int
The
.Xr nice 1
value to run the service under.
.It Ao Ar name Ac Ns Va _oomprotect
.Pq Vt str
Use
.Xr protect 1
to prevent the service from being killed when swap space
is exhausted.
Use
.Dq Li YES
to protect only the service itself, and
.Dq Li ALL
to protect the service and all its child processes.
.Pp
Please note that rc scripts which redefine
.Dl ${argument}_cmd
.Pq see Xr rc.subr 8
such as PostgreSQL will not inherit the OOM killer protection.
.Pp
This variable has no effect on services running within a
.Xr jail 8 .
.It Ao Ar name Ac Ns Va _user
.Pq Vt str
Run the service under this user account.
.It Va apm_enable
.Pq Vt bool
If set to
.Dq Li YES ,
enable support for Automatic Power Management with
the
.Xr apm 8
command.
.It Va apmd_enable
.Pq Vt bool
Run
.Xr apmd 8
to handle APM event from userland.
This also enables support for APM.
.It Va apmd_flags
.Pq Vt str
If
.Va apmd_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr apmd 8
daemon.
.It Va devd_enable
.Pq Vt bool
Run
.Xr devd 8
to handle device added, removed or unknown events from the kernel.
.It Va ddb_enable
.Pq Vt bool
Run
.Xr ddb 8
to install
.Xr ddb 4
scripts at boot time.
.It Va ddb_config
.Pq Vt str
Configuration file for
.Xr ddb 8 .
Default
.Pa /etc/ddb.conf .
.It Va devmatch_enable
.Pq Vt bool
If set to
.Dq Li NO ,
disable auto-loading of kernel modules with
.Xr devmatch 8 .
.It Va devmatch_blocklist
.Pq Vt str
A whitespace-separated list of kernel modules to be ignored by
.Xr devmatch 8 .
.It Va devmatch_blacklist
.Pq Vt str
This variable is deprecated.
Use
.Va devmatch_blocklist
instead.
A whitespace-separated list of kernel modules to be ignored by
.Xr devmatch 8 .
.It Va kld_list
.Pq Vt str
A whitespace-separated list of kernel modules to load right after
the local disks are mounted, without any
.Pa .ko
extension or path.
Loading modules at this point in the boot process is
much faster than doing it via
.Pa /boot/loader.conf
for those modules not necessary for mounting local disks.
.It Va kldxref_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
Set to
.Dq Li YES
to automatically rebuild
.Pa linker.hints
files with
.Xr kldxref 8
at boot time.
.It Va kldxref_clobber
.Pq Vt bool
Set to
.Dq Li NO
by default.
If
.Va kldxref_enable
is true,
setting to
.Dq Li YES
will overwrite existing
.Pa linker.hints
files at boot time.
Otherwise,
only missing
.Pa linker.hints
files are generated.
.It Va kldxref_module_path
.Pq Vt str
Empty by default.
A semi-colon
.Pq Ql \&;
delimited list of paths containing
.Xr kld 4
modules.
If empty,
the contents of the
.Va kern.module_path
.Xr sysctl 8
are used.
.It Va powerd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
enable the system power control facility with the
.Xr powerd 8
daemon.
.It Va powerd_flags
.Pq Vt str
If
.Va powerd_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr powerd 8
daemon.
.It Va tmpmfs
Controls the creation of a
.Pa /tmp
memory file system.
Always happens if set to
.Dq Li YES
and never happens if set to
.Dq Li NO .
If set to anything else, a memory file system is created if
.Pa /tmp
is not writable.
.It Va tmpsize
Controls the size of a created
.Pa /tmp
memory file system.
.It Va tmpmfs_flags
Extra options passed to the
.Xr mdmfs 8
utility when the memory file system for
.Pa /tmp
is created.
The default is
.Dq Li "-S" ,
which inhibits the use of softupdates on
.Pa /tmp
so that file system space is freed without delay
after file truncation or deletion.
See
.Xr mdmfs 8
for other options you can use in
.Va tmpmfs_flags .
.It Va varmfs
Controls the creation of a
.Pa /var
memory file system.
Always happens if set to
.Dq Li YES
and never happens if set to
.Dq Li NO .
If set to anything else, a memory file system is created if
.Pa /var
is not writable.
.It Va varsize
Controls the size of a created
.Pa /var
memory file system.
.It Va varmfs_flags
Extra options passed to the
.Xr mdmfs 8
utility when the memory file system for
.Pa /var
is created.
The default is
.Dq Li "-S" ,
which inhibits the use of softupdates on
.Pa /var
so that file system space is freed without delay
after file truncation or deletion.
See
.Xr mdmfs 8
for other options you can use in
.Va varmfs_flags .
.It Va populate_var
Controls the automatic population of the
.Pa /var
file system.
Always happens if set to
.Dq Li YES
and never happens if set to
.Dq Li NO .
If set to anything else, a memory file system is created if
.Pa /var
is not writable.
Note that this process requires access to certain commands in
.Pa /usr
before
.Pa /usr
is mounted on normal systems.
.It Va cleanvar_enable
.Pq Vt bool
Clean the
.Pa /var
directory.
.It Va var_run_enable
.Pq Vt bool
Set to "YES" to enable saving of the
.Pa /var/run
directory strcucture into an mtree file at shutdown and the reload of the
.Pa /var/run
directory structure at boot.
.It Va var_run_autosave
.Pq Vt bool
In some cases it may be undesirable to save
.Pa /var/run
at shutdown.
When set to "NO"
.Pa /var/run
is loaded at reboot but not saved at shutdown. Typically in this scenario
a
.Pa service
.Pa var_run
.Pa save
would be performed to save a copy of the
.Pa /var/run
directory structure once, to be reload during all subsequent reboots.
.It Va var_run_mtree
.Pq Vt str
Where to save the
.Pa /var/run
mtree. The default location is
.Pa /var/db/mtree/BSD.var-run.mtree .
.It Va local_startup
.Pq Vt str
List of directories to search for startup script files.
.It Va script_name_sep
.Pq Vt str
The field separator to use for breaking down the list of startup script files
into individual filenames.
The default is a space.
It is not necessary to change this unless there are startup scripts with names
containing spaces.
.It Va hostapd_enable
.Pq Vt bool
Set to
.Dq Li YES
to start
.Xr hostapd 8
at system boot time.
.It Va hostname
.Pq Vt str
The fully qualified domain name (FQDN) of this host on the network.
This should almost certainly be set to something meaningful, even if
there is no network connection.
If
.Xr dhclient 8
is used to set the hostname via DHCP,
this variable should be set to an empty string.
Within a
.Xr jail 8
the hostname is generally already set and this variable may be absent.
If this value remains unset when the system is done booting
your console login will display the default hostname of
.Dq Amnesiac .
.It Va nisdomainname
.Pq Vt str
The NIS domain name of this host, or
.Dq Li NO
if NIS is not used.
.It Va dhclient_program
.Pq Vt str
Path to the DHCP client program
.Pa ( /sbin/dhclient ,
the
.Ox
DHCP client,
is the default).
.It Va dhclient_flags
.Pq Vt str
Additional flags to pass to the DHCP client program.
For the
.Ox
DHCP client, see the
.Xr dhclient 8
manpage for a description of the command line options available.
.It Va dhclient_flags_ Ns Aq Ar iface
Additional flags to pass to the DHCP client program running on
.Ar iface
only.
When specified, this variable overrides
.Va dhclient_flags .
.It Va background_dhclient
.Pq Vt bool
Set to
.Dq Li YES
to start the DHCP client in background.
This can cause trouble with applications depending on
a working network, but it will provide a faster startup
in many cases.
.It Va background_dhclient_ Ns Aq Ar iface
When specified, this variable overrides the
.Va background_dhclient
variable for interface
.Ar iface
only.
.It Va synchronous_dhclient
.Pq Vt bool
Set to
.Dq Li YES
to start
.Xr dhclient 8
synchronously at startup.
This behavior can be overridden on a per-interface basis by replacing
the
.Dq Li DHCP
keyword in the
.Va ifconfig_ Ns Aq Ar interface
variable with
.Dq Li SYNCDHCP
or
.Dq Li NOSYNCDHCP .
.It Va defaultroute_delay
.Pq Vt int
When set to a positive value, wait up to this long after configuring
DHCP interfaces at startup to give the interfaces time to receive a lease.
.It Va firewall_enable
.Pq Vt bool
Set to
.Dq Li YES
to load firewall rules at startup.
If the kernel was not built with
.Cd "options IPFIREWALL" ,
the
.Pa ipfw.ko
kernel module will be loaded.
See also
.Va ipfilter_enable .
.It Va firewall_script
.Pq Vt str
This variable specifies the full path to the firewall script to run.
The default is
.Pa /etc/rc.firewall .
.It Va firewall_type
.Pq Vt str
Names the firewall type from the selection in
.Pa /etc/rc.firewall ,
or the file which contains the local firewall ruleset.
Valid selections from
.Pa /etc/rc.firewall
are:
.Pp
.Bl -tag -width ".Li simple" -compact
.It Li open
unrestricted IP access
.It Li closed
all IP services disabled, except via
.Dq Li lo0
.It Li client
basic protection for a workstation
.It Li simple
basic protection for a LAN.
.El
.Pp
If a filename is specified, the full path
must be given.
.It Va firewall_quiet
.Pq Vt bool
Set to
.Dq Li YES
to disable the display of firewall rules on the console during boot.
.It Va firewall_logging
.Pq Vt bool
Set to
.Dq Li YES
to enable firewall event logging.
This is equivalent to the
.Dv IPFIREWALL_VERBOSE
kernel option.
.It Va firewall_logif
.Pq Vt bool
Set to
.Dq Li YES
to create pseudo interface
.Li ipfw0
for logging.
For more details, see
.Xr ipfw 8
manual page.
.It Va firewall_flags
.Pq Vt str
Flags passed to
.Xr ipfw 8
if
.Va firewall_type
specifies a filename.
.It Va firewall_coscripts
.Pq Vt str
List of executables and/or rc scripts to run after firewall starts/stops.
Default is empty.
.\" ----- firewall_nat_enable setting --------------------------------
.It Va firewall_nat_enable
.Pq Vt bool
The
.Xr ipfw 8
equivalent of
.Va natd_enable .
Setting this to
.Dq Li YES
will automatically load the
.Xr ipfw 8
NAT kernel module if
.Va firewall_enable
is also set to
.Dq Li YES .
.It Va firewall_nat_interface
.Pq Vt str
The
.Xr ipfw 8
equivalent of
.Va natd_interface .
This is the name of the public interface or IP address on which
kernel NAT should run.
.It Va firewall_nat_flags
.Pq Vt str
Additional configuration parameters for kernel NAT should be placed here.
.It Va firewall_nat64_enable
.Pq Vt bool
Setting this to
.Dq Li YES
will automatically load the
.Xr ipfw 8
NAT64 kernel module if
.Va firewall_enable
is also set to
.Dq Li YES .
.It Va firewall_nptv6_enable
.Pq Vt bool
Setting this to
.Dq Li YES
will automatically load the
.Xr ipfw 8
NPTv6 kernel module if
.Va firewall_enable
is also set to
.Dq Li YES .
.It Va firewall_pmod_enable
.Pq Vt bool
Setting this to
.Dq Li YES
will automatically load the
.Xr ipfw 8
pmod kernel module if
.Va firewall_enable
is also set to
.Dq Li YES .
.It Va dummynet_enable
.Pq Vt bool
Setting this to
.Dq Li YES
will automatically load the
.Xr dummynet 4
module if
.Va firewall_enable
is also set to
.Dq Li YES .
.\" -------------------------------------------------------------------
.It Va ipfw_netflow_enable
.Pq Vt bool
Setting this to
.Dq Li YES
will enable netflow logging via
.Xr ng_netflow 4
.Pp
By default a ipfw rule is inserted and all packets are duplicated with
the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
port using protocol version 5.
.It Va ipfw_netflow_hook
.Pq Vt int
netflow hook name, must be numerical
(default
.Pa 9995 ) .
.It Va ipfw_netflow_rule
.Pq Vt int
ipfw rule number
(default
.Pa 1000 ) .
.It Va ipfw_netflow_ip
.Pq Vt str
Destination server ip for receiving netflow data
(default
.Pa 127.0.0.1 ) .
.It Va ipfw_netflow_port
.Pq Vt int
Destination server port for receiving netflow data
(default
.Pa 9995 ) .
.It Va ipfw_netflow_version
.Pq Vt int
Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
.It Va ipfw_netflow_fib
.Pq Vt int
Only match packet in FIB
.Pa ipfw_netflow_fib
(default is undefined meaning all FIBs).
.It Va natd_program
.Pq Vt str
Path to
.Xr natd 8 .
.It Va natd_enable
.Pq Vt bool
Set to
.Dq Li YES
to enable
.Xr natd 8 .
.Va firewall_enable
must also be set to
.Dq Li YES ,
and
.Xr divert 4
sockets must be enabled in the kernel.
If the kernel was not built with
.Cd "options IPDIVERT" ,
the
.Pa ipdivert.ko
kernel module will be loaded.
.It Va natd_interface
.Pq Vt str
This is the name of the public interface on which
.Xr natd 8
should run.
The interface may be given as an interface name or as an IP address.
.It Va natd_flags
.Pq Vt str
Additional
.Xr natd 8
flags should be placed here.
The
.Fl n
or
.Fl a
flag is automatically added with the above
.Va natd_interface
as an argument.
.\" ----- ipfilter_enable setting --------------------------------
.It Va ipfilter_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
Setting this to
.Dq Li YES
enables
.Xr ipf 8
packet filtering.
.Pp
Typical usage will require putting
.Bd -literal
ipfilter_enable="YES"
ipnat_enable="YES"
ipmon_enable="YES"
ipfs_enable="YES"
.Ed
.Pp
into
.Pa /etc/rc.conf
and editing
.Pa /etc/ipf.rules
and
.Pa /etc/ipnat.rules
appropriately.
.Pp
Note that
.Va ipfilter_enable
and
.Va ipnat_enable
can be enabled independently.
.Va ipmon_enable
and
.Va ipfs_enable
both require at least one of
.Va ipfilter_enable
and
.Va ipnat_enable
to be enabled.
.Pp
Having
.Bd -literal
options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK
.Ed
.Pp
in the kernel configuration file is a good idea, too.
.\" ----- ipfilter_program setting ------------------------------
.It Va ipfilter_program
.Pq Vt str
Path to
.Xr ipf 8
(default
.Pa /sbin/ipf ) .
.\" ----- ipfilter_rules setting --------------------------------
.It Va ipfilter_rules
.Pq Vt str
Set to
.Pa /etc/ipf.rules
by default.
This variable contains the name of the filter rule definition file.
The file is expected to be readable for the
.Xr ipf 8
command to execute.
.\" ----- ipv6_ipfilter_rules setting ---------------------------
.It Va ipv6_ipfilter_rules
.Pq Vt str
Set to
.Pa /etc/ipf6.rules
by default.
This variable contains the IPv6 filter rule definition file.
The file is expected to be readable for the
.Xr ipf 8
command to execute.
.\" ----- ipfilter_flags setting --------------------------------
.It Va ipfilter_flags
.Pq Vt str
Empty by default.
This variable contains flags passed to the
.Xr ipf 8
program.
.\" ----- ipnat_enable setting ----------------------------------
.It Va ipnat_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
Set it to
.Dq Li YES
to enable
.Xr ipnat 8
network address translation.
See
.Va ipfilter_enable
for a detailed discussion.
.\" ----- ipnat_program setting ---------------------------------
.It Va ipnat_program
.Pq Vt str
Path to
.Xr ipnat 8
(default
.Pa /sbin/ipnat ) .
.\" ----- ipnat_rules setting -----------------------------------
.It Va ipnat_rules
.Pq Vt str
Set to
.Pa /etc/ipnat.rules
by default.
This variable contains the name of the file
holding the network address translation definition.
This file is expected to be readable for the
.Xr ipnat 8
command to execute.
.\" ----- ipnat_flags setting -----------------------------------
.It Va ipnat_flags
.Pq Vt str
Empty by default.
This variable contains flags passed to the
.Xr ipnat 8
program.
.\" ----- ipmon_enable setting ----------------------------------
.It Va ipmon_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
Set it to
.Dq Li YES
to enable
.Xr ipmon 8
monitoring (logging
.Xr ipf 8
and
.Xr ipnat 8
events).
Setting this variable needs setting
.Va ipfilter_enable
or
.Va ipnat_enable
too.
See
.Va ipfilter_enable
for a detailed discussion.
.\" ----- ipmon_program setting ---------------------------------
.It Va ipmon_program
.Pq Vt str
Path to
.Xr ipmon 8
(default
.Pa /sbin/ipmon ) .
.\" ----- ipmon_flags setting -----------------------------------
.It Va ipmon_flags
.Pq Vt str
Set to
.Dq Li -Ds
by default.
This variable contains flags passed to the
.Xr ipmon 8
program.
Another typical example would be
.Dq Fl D Pa /var/log/ipflog
to have
.Xr ipmon 8
log directly to a file bypassing
.Xr syslogd 8 .
Make sure to adjust
.Pa /etc/newsyslog.conf
in such case like this:
.Bd -literal
/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
.Ed
.\" ----- ipfs_enable setting -----------------------------------
.It Va ipfs_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
Set it to
.Dq Li YES
to enable
.Xr ipfs 8
saving the filter and NAT state tables during shutdown
and reloading them during startup again.
Setting this variable needs setting
.Va ipfilter_enable
or
.Va ipnat_enable
to
.Dq Li YES
too.
See
.Va ipfilter_enable
for a detailed discussion.
Note that if
.Va kern_securelevel
is set to 3,
.Va ipfs_enable
cannot be used
because the raised securelevel will prevent
.Xr ipfs 8
from saving the state tables at shutdown time.
.\" ----- ipfs_program setting ----------------------------------
.It Va ipfs_program
.Pq Vt str
Path to
.Xr ipfs 8
(default
.Pa /sbin/ipfs ) .
.\" ----- ipfs_flags setting ------------------------------------
.It Va ipfs_flags
.Pq Vt str
Empty by default.
This variable contains flags passed to the
.Xr ipfs 8
program.
.\" ----- end of added ipf hook ---------------------------------
.It Va pf_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
Setting this to
.Dq Li YES
enables
.Xr pf 4
packet filtering.
.Pp
Typical usage will require putting
.Pp
.Dl pf_enable="YES"
.Pp
into
.Pa /etc/rc.conf
and editing
.Pa /etc/pf.conf
appropriately.
Adding
.Pp
.Dl "device pf"
.Pp
builds support for
.Xr pf 4
into the kernel, otherwise the
kernel module will be loaded.
.It Va pf_rules
.Pq Vt str
Path to
.Xr pf 4
ruleset configuration file
(default
.Pa /etc/pf.conf ) .
.It Va pf_program
.Pq Vt str
Path to
.Xr pfctl 8
(default
.Pa /sbin/pfctl ) .
.It Va pf_flags
.Pq Vt str
If
.Va pf_enable
is set to
.Dq Li YES ,
these flags are passed to the
.Xr pfctl 8
program when loading the ruleset.
.It Va pf_fallback_rules_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
Setting this to
.Dq Li YES
enables loading
.Va pf_fallback_rules_file
or
.Va pf_fallback_rules
in case of a problem when loading the ruleset in
.Va pf_rules .
.It Va pf_fallback_rules_file
.Pq Vt str
Path to a pf ruleset to load in case of failure when loading the
ruleset in
.Va pf_rules
(default
.Pa /etc/pf-fallback.conf ) .
.It Va pf_fallback_rules
.Pq Vt str
A pf ruleset to load in case of failure when loading the ruleset in
.Va pf_rules
and
.Va pf_fallback_rules_file
is not found.
Multiple rules can be set as follows:
.Bd -literal
pf_fallback_rules="\\
block drop log all\\
pass in quick on em0"
.Pp
.Ed
The default fallback rule is
.Dq block drop log all
.It Va pflog_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
Setting this to
.Dq Li YES
enables
.Xr pflogd 8
which logs packets from the
.Xr pf 4
packet filter.
.It Va pflog_logfile
.Pq Vt str
If
.Va pflog_enable
is set to
.Dq Li YES
this controls where
.Xr pflogd 8
stores the logfile
(default
.Pa /var/log/pflog ) .
Check
.Pa /etc/newsyslog.conf
to adjust logfile rotation for this.
.It Va pflog_program
.Pq Vt str
Path to
.Xr pflogd 8
(default
.Pa /sbin/pflogd ) .
.It Va pflog_flags
.Pq Vt str
Empty by default.
This variable contains additional flags passed to the
.Xr pflogd 8
program.
.It Va pflog_instances
.Pq Vt str
If logging to more than one
.Xr pflog 4
interface is desired,
.Va pflog_instances
is set to the list of
.Xr pflogd 8
instances that should be started at system boot time.
If
.Va pflog_instances
is set, for each whitespace-separated
.Ar element
in the list,
.Ao Ar element Ac Ns Va _dev
and
.Ao Ar element Ac Ns Va _logfile
elements are assumed to exist.
.Ao Ar element Ac Ns Va _dev
must contain the
.Xr pflog 4
interface to be watched by the named
.Xr pflogd 8
instance.
.Ao Ar element Ac Ns Va _logfile
must contain the name of the logfile that will be used by the
.Xr pflogd 8
instance.
.It Va ftpproxy_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
Setting this to
.Dq Li YES
enables
.Xr ftp-proxy 8
which supports the
.Xr pf 4
packet filter in translating ftp connections.
.It Va ftpproxy_flags
.Pq Vt str
Empty by default.
This variable contains additional flags passed to the
.Xr ftp-proxy 8
program.
.It Va ftpproxy_instances
.Pq Vt str
Empty by default.
If multiple instances of
.Xr ftp-proxy 8
are desired at boot time,
.Va ftpproxy_instances
should contain a whitespace-separated list of instance names.
For each
.Ar element
in the list, a variable named
.Ao Ar element Ac Ns Va _flags
should be defined, containing the command-line flags to be passed to the
.Xr ftp-proxy 8
instance.
.It Va pfsync_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
Setting this to
.Dq Li YES
enables exposing
.Xr pf 4
state changes to other hosts over the network by means of
.Xr pfsync 4 .
The
.Va pfsync_syncdev
variable
must also be set then.
.It Va pfsync_syncdev
.Pq Vt str
Empty by default.
This variable specifies the name of the network interface
.Xr pfsync 4
should operate through.
It must be set accordingly if
.Va pfsync_enable
is set to
.Dq Li YES .
.It Va pfsync_syncpeer
.Pq Vt str
Empty by default.
This variable is optional.
By default, state change messages are sent out on the synchronisation
interface using IP multicast packets.
The protocol is IP protocol 240, PFSYNC, and the multicast group used is
224.0.0.240.
When a peer address is specified using the
.Va pfsync_syncpeer
option, the peer address is used as a destination for the pfsync
traffic, and the traffic can then be protected using
.Xr ipsec 4 .
See the
.Xr pfsync 4
manpage for more details about using
.Xr ipsec 4
with
.Xr pfsync 4
interfaces.
.It Va pfsync_ifconfig
.Pq Vt str
Empty by default.
This variable can contain additional options to be passed to the
.Xr ifconfig 8
command used to set up
.Xr pfsync 4 .
.It Va tcp_extensions
.Pq Vt bool
Set to
.Dq Li YES
by default.
Setting this to
.Dq Li NO
disables certain TCP options as described by
.Rs
.%T "RFC 1323"
.Re
Setting this to
.Dq Li NO
might help remedy such problems with connections as randomly hanging
or other weird behavior.
Some network devices are known
to be broken with respect to these options.
.It Va log_in_vain
.Pq Vt int
Set to 0 by default.
The
.Xr sysctl 8
variables,
.Va net.inet.tcp.log_in_vain
and
.Va net.inet.udp.log_in_vain ,
as described in
.Xr tcp 4
and
.Xr udp 4 ,
are set to the given value.
.It Va tcp_keepalive
.Pq Vt bool
Set to
.Dq Li YES
by default.
Setting to
.Dq Li NO
will disable probing idle TCP connections to verify that the
peer is still up and reachable.
.It Va tcp_drop_synfin
.Pq Vt bool
Set to
.Dq Li NO
by default.
Setting to
.Dq Li YES
will cause the kernel to ignore TCP frames that have both
the SYN and FIN flags set.
This prevents OS fingerprinting, but may
break some legitimate applications.
.It Va icmp_drop_redirect
.Pq Vt bool
Set to
.Dq Li AUTO
by default.
This setting will be identical to
.Dq Li YES ,
if a dynamicrouting daemon is enabled, because redirect processing may
cause performance issues for large routing tables.
If no such service is enabled, this setting behaves like a
.Dq Li NO .
Setting to
.Dq Li YES
will cause the kernel to ignore ICMP REDIRECT packets.
Setting to
.Dq Li NO
will cause the kernel to process ICMP REDIRECT packets.
Refer to
.Xr icmp 4
for more information.
.It Va icmp_log_redirect
.Pq Vt bool
Set to
.Dq Li NO
by default.
Setting to
.Dq Li YES
will cause the kernel to log ICMP REDIRECT packets.
Note that
the log messages are not rate-limited, so this option should only be used
for troubleshooting networks.
Refer to
.Xr icmp 4
for more information.
.It Va icmp_bmcastecho
.Pq Vt bool
Set to
.Dq Li YES
to respond to broadcast or multicast ICMP ping packets.
Refer to
.Xr icmp 4
for more information.
.It Va ip_portrange_first
.Pq Vt int
If not set to
.Dq Li NO ,
this is the first port in the default portrange.
Refer to
.Xr ip 4
for more information.
.It Va ip_portrange_last
.Pq Vt int
If not set to
.Dq Li NO ,
this is the last port in the default portrange.
Refer to
.Xr ip 4
for more information.
.It Va network_interfaces
.Pq Vt str
Set to the list of network interfaces to configure on this host or
.Dq Li AUTO
(the default) for all current interfaces.
Setting the
.Va network_interfaces
variable to anything other than the default is deprecated.
Interfaces that the administrator wishes to store configuration for,
but not start at boot should be configured with the
.Dq Li NOAUTO
keyword in their
.Va ifconfig_ Ns Aq Ar interface
variables as described below.
.Pp
An
.Va ifconfig_ Ns Aq Ar interface
variable is also assumed to exist for each value of
.Ar interface .
When an interface name contains any of the characters
.Dq Li .-/+
they are translated to
.Dq Li _
before lookup.
The variable can contain arguments to
.Xr ifconfig 8 ,
as well as special case-insensitive keywords described below.
Such keywords are removed before passing the value to
.Xr ifconfig 8
while the order of the other arguments is preserved.
.Pp
It is possible to add IP alias entries using
.Xr ifconfig 8
syntax with the address family keyword such as
.Li inet .
Assuming that the interface in question was
.Li em0 ,
it might look something like this:
.Bd -literal
ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff"
ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff"
.Ed
.Pp
It also possible to configure multiple IP addresses in Classless
Inter-Domain Routing
.Pq CIDR
address notation,
whose each address component can be a range like
.Li inet 192.0.2.5-23/24
or
.Li inet6 2001:db8:1-f::1/64 .
This notation allows address and prefix length part only,
not the other address modifiers.
Note that the maximum number of the generated addresses from a range
specification is limited to an integer value specified in
.Va netif_ipexpand_max
in
.Nm
because a small typo can unexpectedly generate a large number of addresses.
The default value is
.Li 2048 .
It can be increased by adding the following line into
.Nm :
.Bd -literal
netif_ipexpand_max="4096"
.Ed
.Pp
In the case of
.Li 192.0.2.5-23/24 ,
the address 192.0.2.5 will be configured with the
netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
the non-conflicting netmask /32 as explained in the
.Xr ifconfig 8
alias section.
Note that this special netmask handling is only for
.Li inet ,
not for the other address families such as
.Li inet6 .
.Pp
With the interface in question being
.Li em0 ,
an example could look like:
.Bd -literal
ifconfig_em0_alias2="inet 192.0.2.129/27"
ifconfig_em0_alias3="inet 192.0.2.1-5/28"
.Ed
.Pp
and so on.
.Pp
Note that deprecated
.Va ipv4_addrs_ Ns Aq Ar interface
variable was supported for IPv4 CIDR address notation.
The
.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
variable replaces it, though
.Va ipv4_addrs_ Ns Aq Ar interface
is still supported for backward compatibility.
.Pp
For each
.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
entry with an address family keyword,
its contents are passed to
.Xr ifconfig 8 .
Execution stops at the first unsuccessful access, so if
something like this is present:
.Bd -literal
ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff"
ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff"
ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff"
ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff"
.Ed
.Pp
Then note that alias4 would
.Em not
be added since the search would
stop with the missing
.Dq Li alias3
entry.
Because of this difficult to manage behavior,
there is
.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
variable, which has the same functionality as
.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
and can have all of entries in a variable like the following:
.Bd -literal
ifconfig_em0_aliases="\\
inet 127.0.0.251 netmask 0xffffffff \\
inet 127.0.0.252 netmask 0xffffffff \\
inet 127.0.0.253 netmask 0xffffffff \\
inet 127.0.0.254 netmask 0xffffffff"
.Ed
.Pp
It also supports CIDR notation.
.Pp
If the
.Pa /etc/start_if . Ns Aq Ar interface
file is present, it is read and executed by the
.Xr sh 1
interpreter
before configuring the interface as specified in the
.Va ifconfig_ Ns Aq Ar interface
and
.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
variables.
.Pp
If a
.Va vlans_ Ns Aq Ar interface
variable is set,
a
.Xr vlan 4
interface will be created for each item in the list with the
.Ar vlandev
argument set to
.Ar interface .
If a vlan interface's name is a number,
then that number is used as the vlan tag and the new vlan interface is
named
.Ar interface . Ns Ar tag .
Otherwise,
the vlan tag must be specified via a
.Va vlan
parameter in the
.Va create_args_ Ns Aq Ar interface
variable.
.Pp
To create a vlan device named
.Li em0.101
on
.Li em0
with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
.Bd -literal
vlans_em0="101"
ifconfig_em0_101="inet 192.0.2.1/24"
.Ed
.Pp
To create a vlan device named
.Li myvlan
on
.Li em0
with the vlan tag 102:
.Bd -literal
vlans_em0="myvlan"
create_args_myvlan="vlan 102"
.Ed
.Pp
If a
.Va wlans_ Ns Aq Ar interface
variable is set,
an
.Xr wlan 4
interface will be created for each item in the list with the
.Ar wlandev
argument set to
.Ar interface .
Further wlan cloning arguments may be passed to the
.Xr ifconfig 8
.Cm create
command by setting the
.Va create_args_ Ns Aq Ar interface
variable.
One or more
.Xr wlan 4
devices must be created for each wireless devices as of
.Fx 8.0 .
Debugging flags for
.Xr wlan 4
devices as set by
.Xr wlandebug 8
may be specified with an
.Va wlandebug_ Ns Aq Ar interface
variable.
The contents of this variable will be passed directly to
.Xr wlandebug 8 .
.Pp
If the
.Va ifconfig_ Ns Aq Ar interface
contains the keyword
.Dq Li NOAUTO
then the interface will not be configured
at boot or by
.Pa /etc/pccard_ether
when
.Va network_interfaces
is set to
.Dq Li AUTO .
.Pp
It is possible to bring up an interface with DHCP by adding
.Dq Li DHCP
to the
.Va ifconfig_ Ns Aq Ar interface
variable.
For instance, to initialize the
.Li em0
device via DHCP,
it is possible to use something like:
.Bd -literal
ifconfig_em0="DHCP"
.Ed
.Pp
If you want to configure your wireless interface with
.Xr wpa_supplicant 8
for use with WPA, EAP/LEAP or WEP, you need to add
.Dq Li WPA
to the
.Va ifconfig_ Ns Aq Ar interface
variable.
.Pp
On the other hand, if you want to configure your wireless interface with
.Xr hostapd 8 ,
you need to add
.Dq Li HOSTAP
to the
.Va ifconfig_ Ns Aq Ar interface
variable.
.Xr hostapd 8
will use the settings from
.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
.Pp
Finally, you can add
.Xr ifconfig 8
options in this variable, in addition to the
.Pa /etc/start_if . Ns Aq Ar interface
file.
For instance, to configure an
.Xr ath 4
wireless device in station mode with an address obtained
via DHCP, using WPA authentication and 802.11b mode, it is
possible to use something like:
.Bd -literal
wlans_ath0="wlan0"
ifconfig_wlan0="DHCP WPA mode 11b"
.Ed
.Pp
In addition to the
.Va ifconfig_ Ns Aq Ar interface
form, a fallback variable
.Va ifconfig_DEFAULT
may be configured.
It will be used for all interfaces with no
.Va ifconfig_ Ns Aq Ar interface
variable.
This is intended to replace the no longer supported
.Va pccard_ifconfig
variable.
.Pp
It is also possible to rename an interface by doing:
.Bd -literal
ifconfig_em0_name="net0"
ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
.Ed
.It Va ipv6_enable
.Pq Vt bool
This variable is deprecated.
Use
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
and
.Va ipv6_activate_all_interfaces
if necessary.
.Pp
If the variable is
.Dq Li YES ,
.Dq Li inet6 accept_rtadv
is added to all of
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
and the
.Va ipv6_activate_all_interfaces
is defined as
.Dq Li YES .
.It Va ipv6_prefer
.Pq Vt bool
This variable is deprecated.
Use
.Va ip6addrctl_policy
instead.
.Pp
If the variable is
.Dq Li YES ,
the default address selection policy table set by
.Xr ip6addrctl 8
will be IPv6-preferred.
.Pp
If the variable is
.Dq Li NO ,
the default address selection policy table set by
.Xr ip6addrctl 8
will be IPv4-preferred.
.It Va ipv6_activate_all_interfaces
.Pq Vt bool
This controls initial configuration on IPv6-capable
interfaces with no corresponding
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
variable.
Note that it is not always necessary to set this variable to
.Dq YES
to use IPv6 functionality on
.Fx .
In most cases, just configuring
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
variables works.
.Pp
If the variable is
.Dq Li NO ,
all interfaces which do not have a corresponding
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
variable will be marked as
.Dq Li IFDISABLED
at creation.
This means that all of IPv6 functionality on that interface
is completely disabled to enforce a security policy.
If the variable is set to
.Dq YES ,
the flag will be cleared on all of the interfaces.
.Pp
In most cases, just defining an
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
for an IPv6-capable interface should be sufficient.
However, if an interface is added dynamically
.Pq by some tunneling protocols such as PPP, for example ,
it is often difficult to define the variable in advance.
In such a case, configuring the
.Dq Li IFDISABLED
flag can be disabled by setting this variable to
.Dq YES .
.Pp
For more details of the
.Dq Li IFDISABLED
flag and keywords
.Dq Li inet6 ifdisabled ,
see
.Xr ifconfig 8 .
.Pp
Default is
.Dq Li NO .
.It Va ipv6_privacy
.Pq Vt bool
If the variable is
.Dq Li YES
privacy addresses will be generated for each IPv6
interface as described in RFC 4941.
.It Va ipv6_network_interfaces
.Pq Vt str
This is the IPv6 equivalent of
.Va network_interfaces .
Normally manual configuration of this variable is not needed.
.It Va ipv6_cpe_wanif
.Pq Vt str
If the variable is set to an interface name,
the
.Xr ifconfig 8
options
.Dq inet6 -no_radr accept_rtadv
will be added to the specified interface automatically before evaluating
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
and two
.Xr sysctl 8
variables
.Va net.inet6.ip6.rfc6204w3
and
.Va net.inet6.ip6.no_radr
will be set to 1.
.Pp
This means the specified interface will accept ICMPv6 Router
Advertisement messages on that link and add the discovered
routers into the Default Router List.
While the other interfaces can still accept RA messages if the
.Dq inet6 accept_rtadv
option is specified, adding
routes into the Default Router List will be disabled by
.Dq inet6 no_radr
option by default.
See
.Xr ifconfig 8
for more details.
.Pp
Note that ICMPv6 Router Advertisement messages will be
accepted even when
.Va net.inet6.ip6.forwarding
is 1
.Pq packet forwarding is enabled
when
.Va net.inet6.ip6.rfc6204w3
is set to 1.
.Pp
Default is
.Dq Li NO .
.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr
.Pq Vt str
This assigns arbitrary description to an interface.
The
.Xr sysctl 8
variable
.Va net.ifdescr_maxlen
limits its length.
This static setting may be overridden by commands
started with dynamic interface configuration utilities
like
.Xr dhclient 8
hooks.
The description can be seen with
.Xr ifconfig 8
command and it may be exported with
.Xr bsnmpd 1
daemon using its MIB-2 module.
.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
.Pq Vt str
IPv6 functionality on an interface should be configured by
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
instead of setting ifconfig parameters in
.Va ifconfig_ Ns Aq Ar interface .
If this variable is empty, all of IPv6 configurations on the
specified interface by other variables such as
.Va ipv6_prefix_ Ns Ao Ar interface Ac
will be ignored.
.Pp
Aliases should be set by
.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
with
.Dq Li inet6
keyword.
For example:
.Bd -literal
ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64"
.Ed
.Pp
Interfaces that have an
.Dq Li inet6 accept_rtadv
keyword in
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
setting will be automatically configured by SLAAC
.Pq StateLess Address AutoConfiguration
described in
.Rs
.%T "RFC 4862"
.Re
.Pp
Note that a link-local address will be automatically configured in
addition to the configured global-scope addresses because the IPv6
specifications require it on each link.
The address is calculated from the MAC address by using an algorithm
defined in
.Rs
.%T "RFC 4862"
.%O "Section 5.3"
.Re
.Pp
If only a link-local address is needed on the interface,
the following configuration can be used:
.Bd -literal
ifconfig_em0_ipv6="inet6 auto_linklocal"
.Ed
.Pp
A link-local address can also be configured manually.
This is useful for the default router address of an IPv6 router
so that it does not change when the network interface
card is replaced.
For example:
.Bd -literal
ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64"
.Ed
.It Va ipv6_prefix_ Ns Aq Ar interface
.Pq Vt str
If one or more prefixes are defined in
.Va ipv6_prefix_ Ns Aq Ar interface
addresses based on each prefix and the EUI-64 interface index will be
configured on that interface.
Note that this variable will be ignored when
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
is empty.
.Pp
For example, the following configuration
.Bd -literal
ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"
.Ed
.Pp
is equivalent to the following:
.Bd -literal
ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
.Ed
.Pp
These Subnet-Router anycast addresses will be added only when
.Va ipv6_gateway_enable
is YES.
.It Va ipv6_default_interface
.Pq Vt str
If not set to
.Dq Li NO ,
this is the default output interface for scoped addresses.
This works only with ipv6_gateway_enable="NO".
.It Va ip6addrctl_enable
.Pq Vt bool
This variable is to enable configuring default address selection policy table
.Pq RFC 3484 .
The table can be specified in another variable
.Va ip6addrctl_policy .
For
.Va ip6addrctl_policy
the following keywords can be specified:
.Dq Li ipv4_prefer ,
.Dq Li ipv6_prefer ,
or
.Dq Li AUTO .
.Pp
If
.Dq Li ipv4_prefer
or
.Dq Li ipv6_prefer
is specified,
.Xr ip6addrctl 8
installs a pre-defined policy table described in Section 10.3
.Pq IPv4-preferred
or 2.1
.Pq IPv6-preferred
of RFC 3484.
.Pp
If
.Dq Li AUTO
is specified, it attempts to read a file
.Pa /etc/ip6addrctl.conf
first.
If this file is found,
.Xr ip6addrctl 8
reads and installs it.
If not found, a policy is automatically set
according to
.Va ipv6_activate_all_interfaces
variable; if the variable is set to
.Dq Li YES
the IPv6-preferred one is used.
Otherwise IPv4-preferred.
.Pp
The default value of
.Va ip6addrctl_enable
and
.Va ip6addrctl_policy
are
.Dq Li YES
and
.Dq Li AUTO ,
respectively.
.It Va cloned_interfaces
.Pq Vt str
Set to the list of clonable network interfaces to create on this host.
Further cloning arguments may be passed to the
.Xr ifconfig 8
.Cm create
command for each interface by setting the
.Va create_args_ Ns Aq Ar interface
variable.
If an interface name is specified with
.Dq :sticky
keyword,
the interface will not be destroyed even when
.Pa rc.d/netif
script is invoked with
.Dq stop
argument.
This is useful when reconfiguring the interface without destroying it.
Entries in
.Va cloned_interfaces
are automatically appended to
.Va network_interfaces
for configuration.
.It Va cloned_interfaces_sticky
.Pq Vt bool
This variable is to globally enable functionality of
.Dq :sticky
keyword in
.Va cloned_interfaces
for all interfaces.
The default value is
.Dq NO .
Even if this variable is specified to
.Dq YES ,
.Dq :nosticky
keyword can be used to override it on per interface basis.
.It Va gif_interfaces
Set to the list of
.Xr gif 4
tunnel interfaces to configure on this host.
A
.Va gifconfig_ Ns Aq Ar interface
variable is assumed to exist for each value of
.Ar interface .
The value of this variable is used to configure the link layer of the
tunnel using the
.Cm tunnel
option to
.Xr ifconfig 8 .
Additionally, this option ensures that each listed interface is created
via the
.Cm create
option to
.Xr ifconfig 8
before attempting to configure it.
.Pp
For example, configure two
.Xr gif 4
interfaces with:
.Bd -literal
gif_interfaces="gif0 gif1"
gifconfig_gif0="100.64.0.1 100.64.0.2"
ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252"
gifconfig_gif1="inet6 2a00::1 2a01::1"
ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252"
.Ed
.It Va sppp_interfaces
.Pq Vt str
Set to the list of
.Xr sppp 4
interfaces to configure on this host.
A
.Va spppconfig_ Ns Aq Ar interface
variable is assumed to exist for each value of
.Ar interface .
Each interface should also be configured by a general
.Va ifconfig_ Ns Aq Ar interface
setting.
Refer to
.Xr spppcontrol 8
for more information about available options.
.It Va ppp_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr ppp 8
daemon.
.It Va ppp_profile
.Pq Vt str
The name of the profile to use from
.Pa /etc/ppp/ppp.conf .
Also used for per-profile overrides of
.Va ppp_mode
and
.Va ppp_nat ,
and
.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
When the profile name contains any of the characters
.Dq Li .-/+
they are translated to
.Dq Li _
for the proposes of the override variable names.
.It Va ppp_mode
.Pq Vt str
Mode in which to run the
.Xr ppp 8
daemon.
.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
.Pq Vt str
Overrides the global
.Va ppp_mode
for
.Ar profile .
Accepted modes are
.Dq Li auto ,
.Dq Li ddial ,
.Dq Li direct
and
.Dq Li dedicated .
See the manual for a full description.
.It Va ppp_nat
.Pq Vt bool
If set to
.Dq Li YES ,
enables network address translation.
Used in conjunction with
.Va gateway_enable
allows hosts on private network addresses access to the Internet using
this host as a network address translating router.
Default is
.Dq Li YES .
.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
.Pq Vt str
Overrides the global
.Va ppp_nat
for
.Ar profile .
.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
.Pq Vt int
Set the unit number to be used for this profile.
See the manual description of
.Fl unit Ns Ar N
for details.
.It Va ppp_user
.Pq Vt str
The name of the user under which
.Xr ppp 8
should be started.
By
default,
.Xr ppp 8
is started as
.Dq Li root .
.It Va rc_conf_files
.Pq Vt str
This option is used to specify a list of files that will override
the settings in
.Pa /etc/defaults/rc.conf .
The files will be read in the order in which they are specified and should
include the full path to the file.
By default, the files specified are
.Pa /etc/rc.conf
and
.Pa /etc/rc.conf.local
.It Va zfs_enable
.Pq Vt bool
If set to
.Dq Li YES ,
.Pa /etc/rc.d/zfs
will attempt to automatically mount ZFS file systems and initialize ZFS volumes
(ZVOLs).
.It Va zpool_reguid
.Pq Vt str
A space-separated list of ZFS pool names for which new pool GUIDs should be
assigned upon first boot.
This is useful when using a ZFS pool copied from a template, such as a virtual
machine image.
.It Va gptboot_enable
.Pq Vt bool
If set to
.Dq Li YES ,
.Pa /etc/rc.d/gptboot
will log if the system successfully (or not) booted from a GPT partition,
which had the
.Ar bootonce
attribute set using
.Xr gpart 8
utility.
.It Va gbde_autoattach_all
.Pq Vt bool
If set to
.Dq Li YES ,
.Pa /etc/rc.d/gbde
will attempt to automatically initialize your .bde devices in
.Pa /etc/fstab .
.It Va gbde_devices
.Pq Vt str
List the devices that the script should try to attach,
or
.Dq Li AUTO .
.It Va gbde_lockdir
.Pq Vt str
The directory where the
.Xr gbde 4
lockfiles are located.
The default lockfile directory is
.Pa /etc .
.Pp
The lockfile for each individual
.Xr gbde 4
device can be overridden by setting the variable
.Va gbde_lock_ Ns Aq Ar device ,
where
.Ar device
is the encrypted device without the
.Dq Pa /dev/
and
.Dq Pa .bde
parts.
.It Va gbde_attach_attempts
.Pq Vt int
Number of times to attempt attaching to a
.Xr gbde 4
device, i.e., how many times the user is asked for the pass-phrase.
Default is 3.
.It Va geli_devices
.Pq Vt str
List of devices to automatically attach on boot.
Note that .eli devices from
.Pa /etc/fstab
are automatically appended to this list.
.It Va geli_groups
.Pq Vt str
List of groups containing devices to automatically attach on boot with the same
keyfiles and passphrase.
This must be accompanied with a corresponding
.Va geli_ Ns Ao Ar group Ac Ns Va _devices
variable.
.It Va geli_tries
.Pq Vt int
Number of times user is asked for the pass-phrase.
If empty, it will be taken from
.Va kern.geom.eli.tries
sysctl variable.
.It Va geli_default_flags
.Pq Vt str
Default flags to use by
.Xr geli 8
when configuring disk encryption.
Flags can be configured for every device separately by defining the
.Va geli_ Ns Ao Ar device Ac Ns Va _flags
variable, and for every group separately by defining the
.Va geli_ Ns Ao Ar group Ac Ns Va _flags
variable.
.It Va geli_autodetach
.Pq Vt str
Specifies if GELI devices should be marked for detach on last close after
file systems are mounted.
Default is
.Dq Li YES .
This can be changed for every device separately by defining the
.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
variable.
.It Va root_rw_mount
.Pq Vt bool
Set to
.Dq Li YES
by default.
After the file systems are checked at boot time, the root file system
is remounted as read-write if this is set to
.Dq Li YES .
Diskless systems that mount their root file system from a read-only remote
NFS share should set this to
.Dq Li NO
in their
.Pa rc.conf .
.It Va fsck_y_enable
.Pq Vt bool
If set to
.Dq Li YES ,
.Xr fsck 8
will be run with the
.Fl y
flag if the initial preen
of the file systems fails.
.It Va background_fsck
.Pq Vt bool
If set to
.Dq Li NO ,
the system will not attempt to run
.Xr fsck 8
in the background where possible.
.It Va background_fsck_delay
.Pq Vt int
The amount of time in seconds to sleep before starting a background
.Xr fsck 8 .
It defaults to sixty seconds to allow large applications such as
the X server to start before disk I/O bandwidth is monopolized by
.Xr fsck 8 .
If set to a negative number, the background file system check will be
delayed indefinitely to allow the administrator to run it at a more
convenient time.
For example it may be run from
.Xr cron 8
by adding a line like
.Pp
.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
.Pp
to
.Pa /etc/crontab .
.It Va netfs_types
.Pq Vt str
List of file system types that are network-based.
This list should generally not be modified by end users.
Use
.Va extra_netfs_types
instead.
.It Va extra_netfs_types
.Pq Vt str
If set to something other than
.Dq Li NO
(the default),
this variable extends the list of file system types
for which automatic mounting at startup by
.Xr rc 8
should be delayed until the network is initialized.
It should contain
a whitespace-separated list of network file system descriptor pairs,
each consisting of a file system type as passed to
.Xr mount 8
and a human-readable, one-word description,
joined with a colon
.Pq Ql \&: .
Extending the default list in this way is only necessary
when third party file system types are used.
.It Va syslogd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr syslogd 8
daemon.
.It Va syslogd_program
.Pq Vt str
Path to
.Xr syslogd 8
(default
.Pa /usr/sbin/syslogd ) .
.It Va syslogd_flags
.Pq Vt str
If
.Va syslogd_enable
is set to
.Dq Li YES ,
these are the flags to pass to
.Xr syslogd 8 .
.It Va inetd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr inetd 8
daemon.
.It Va inetd_program
.Pq Vt str
Path to
.Xr inetd 8
(default
.Pa /usr/sbin/inetd ) .
.It Va inetd_flags
.Pq Vt str
If
.Va inetd_enable
is set to
.Dq Li YES ,
these are the flags to pass to
.Xr inetd 8 .
.It Va hastd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr hastd 8
daemon.
.It Va hastd_program
.Pq Vt str
Path to
.Xr hastd 8
(default
.Pa /sbin/hastd ) .
.It Va hastd_flags
.Pq Vt str
If
.Va hastd_enable
is set to
.Dq Li YES ,
these are the flags to pass to
.Xr hastd 8 .
.It Va local_unbound_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr unbound 8
daemon as a local caching resolver.
.It Va kdc_enable
.Pq Vt bool
Set to
.Dq Li YES
to start a Kerberos 5 authentication server
at boot time.
.It Va kdc_program
.Pq Vt str
If
.Va kdc_enable
is set to
.Dq Li YES
this is the path to Kerberos 5 Authentication Server.
.It Va kdc_flags
.Pq Vt str
Empty by default.
This variable contains additional flags to be passed to the Kerberos 5
authentication server.
.It Va kadmind_enable
.Pq Vt bool
Set to
.Dq Li YES
to start
.Xr kadmind 8 ,
the Kerberos 5 Administration Daemon; set to
.Dq Li NO
on a slave server.
.It Va kadmind_program
.Pq Vt str
If
.Va kadmind_enable
is set to
.Dq Li YES
this is the path to Kerberos 5 Administration Daemon.
.It Va kpasswdd_enable
.Pq Vt bool
Set to
.Dq Li YES
to start
.Xr kpasswdd 8 ,
the Kerberos 5 Password-Changing Daemon; set to
.Dq Li NO
on a slave server.
.It Va kpasswdd_program
.Pq Vt str
If
.Va kpasswdd_enable
is set to
.Dq Li YES
this is the path to Kerberos 5 Password-Changing Daemon.
.It Va kfd_enable
.Pq Vt bool
Set to
.Dq Li YES
to start
.Xr kfd 8 ,
the Kerberos 5 ticket forwarding daemon, at the boot time.
.It Va kfd_program
.Pq Vt str
Path to
.Xr kfd 8
(default
.Pa /usr/libexec/kfd ) .
.It Va rwhod_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr rwhod 8
daemon at boot time.
.It Va rwhod_flags
.Pq Vt str
If
.Va rwhod_enable
is set to
.Dq Li YES ,
these are the flags to pass to it.
.It Va update_motd
.Pq Vt bool
If set to
.Dq Li YES ,
.Pa /etc/motd
will be updated at boot time to reflect the kernel release
being run.
If set to
.Dq Li NO ,
.Pa /etc/motd
will not be updated.
.It Va nfs_client_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the NFS client daemons at boot time.
.It Va nfs_access_cache
.Pq Vt int
If
.Va nfs_client_enable
is set to
.Dq Li YES ,
this can be set to
.Dq Li 0
to disable NFS ACCESS RPC caching, or to the number of seconds for which
NFS ACCESS
results should be cached.
A value of 2-10 seconds will substantially reduce network
traffic for many NFS operations.
.It Va nfs_server_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the NFS server daemons at boot time.
.It Va nfs_server_flags
.Pq Vt str
If
.Va nfs_server_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr nfsd 8
daemon.
.It Va nfsv4_server_enable
.Pq Vt bool
If
.Va nfs_server_enable
is set to
.Dq Li YES
and
.Va nfsv4_server_enable
is set to
.Dq Li YES ,
enable the server for NFSv4 as well as NFSv2 and NFSv3.
.It Va nfsv4_server_only
.Pq Vt bool
If
.Va nfs_server_enable
is set to
.Dq Li YES
and
.Va nfsv4_server_only
is set to
.Dq Li YES ,
enable the NFS server for NFSv4 only.
.It Va nfs_server_maxio
.Pq Vt int
value to set vfs.nfsd.srvmaxio to, which is the
maximum I/O size for the NFS server.
.It Va tlsclntd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr rpc.tlsclntd 8
daemon, which is needed for NFS-over-TLS NFS mounts.
.It Va tlsservd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr rpc.tlsservd 8
daemon, which is needed for the
.Xr nfsd 8
to support NFS-over-TLS NFS mounts.
.It Va nfsuserd_enable
.Pq Vt bool
If
.Va nfsuserd_enable
is set to
.Dq Li YES ,
run the nfsuserd daemon, which is needed for NFSv4 in order
to map between user/group names vs uid/gid numbers.
If
.Va nfsv4_server_enable
is set to
.Dq Li YES ,
this will be forced enabled.
.It Va nfsuserd_flags
.Pq Vt str
If
.Va nfsuserd_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr nfsuserd 8
daemon.
.It Va nfscbd_enable
.Pq Vt bool
If
.Va nfscbd_enable
is set to
.Dq Li YES ,
run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
.It Va nfscbd_flags
.Pq Vt str
If
.Va nfscbd_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr nfscbd 8
daemon.
.It Va mountd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
and no
.Va nfs_server_enable
is set, start
.Xr mountd 8 ,
but not
.Xr nfsd 8
daemon.
It is commonly needed to run CFS without real NFS used.
.It Va mountd_flags
.Pq Vt str
If
.Va mountd_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr mountd 8
daemon.
.It Va weak_mountd_authentication
.Pq Vt bool
If set to
.Dq Li YES ,
allow services like PCNFSD to make non-privileged mount
requests.
.It Va nfs_reserved_port_only
.Pq Vt bool
If set to
.Dq Li YES ,
provide NFS services only on a secure port.
.It Va nfs_bufpackets
.Pq Vt int
If set to a number, indicates the number of packets worth of
socket buffer space to reserve on an NFS client.
The kernel default is typically 4.
Using a higher number may be
useful on gigabit networks to improve performance.
The minimum value is
2 and the maximum is 64.
.It Va rpc_lockd_enable
.Pq Vt bool
If set to
.Dq Li YES
and also an NFS server or client, run
.Xr rpc.lockd 8
at boot time.
.It Va rpc_lockd_flags
.Pq Vt str
If
.Va rpc_lockd_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr rpc.lockd 8
daemon.
.It Va rpc_statd_enable
.Pq Vt bool
If set to
.Dq Li YES
and also an NFS server or client, run
.Xr rpc.statd 8
at boot time.
.It Va rpc_statd_flags
.Pq Vt str
If
.Va rpc_statd_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr rpc.statd 8
daemon.
.It Va rpcbind_program
.Pq Vt str
Path to
.Xr rpcbind 8
(default
.Pa /usr/sbin/rpcbind ) .
.It Va rpcbind_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr rpcbind 8
service at boot time.
.It Va rpcbind_flags
.Pq Vt str
If
.Va rpcbind_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr rpcbind 8
daemon.
.It Va keyserv_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr keyserv 8
daemon on boot for running Secure RPC.
.It Va keyserv_flags
.Pq Vt str
If
.Va keyserv_enable
is set to
.Dq Li YES ,
these are the flags to pass to
.Xr keyserv 8
daemon.
.It Va pppoed_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr pppoed 8
daemon at boot time to provide PPP over Ethernet services.
.It Va pppoed_ Ns Aq Ar provider
.Pq Vt str
.Xr pppoed 8
listens to requests to this
.Ar provider
and ultimately runs
.Xr ppp 8
with a
.Ar system
argument of the same name.
.It Va pppoed_flags
.Pq Vt str
Additional flags to pass to
.Xr pppoed 8 .
.It Va pppoed_interface
.Pq Vt str
The network interface to run
.Xr pppoed 8
on.
This is mandatory when
.Va pppoed_enable
is set to
.Dq Li YES .
-.It Va timed_enable
-.Pq Vt bool
-If set to
-.Dq Li YES ,
-run the
-.Xr timed 8
-service at boot time.
-This command is intended for networks of
-machines where a consistent
-.Dq "network time"
-for all hosts must be established.
-This is often useful in large NFS
-environments where time stamps on files are expected to be consistent
-network-wide.
-.It Va timed_flags
-.Pq Vt str
-If
-.Va timed_enable
-is set to
-.Dq Li YES ,
-these are the flags to pass to the
-.Xr timed 8
-service.
.It Va ntpdate_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run
.Xr ntpdate 8
at system startup.
This command is intended to
synchronize the system clock only
.Em once
from some standard reference.
.Pp
Note that the use of the
.Va ntpd_sync_on_start
variable is a preferred alternative to the
.Xr ntpdate 8
utility as
.Xr ntpdate 8
is to be retired from the NTP distribution.
.It Va ntpdate_config
.Pq Vt str
Configuration file for
.Xr ntpdate 8 .
Default
.Pa /etc/ntp.conf .
.It Va ntpdate_hosts
.Pq Vt str
A whitespace-separated list of NTP servers to synchronize with at startup.
The default is to use the servers listed in
.Va ntpdate_config ,
if that file exists.
.It Va ntpdate_program
.Pq Vt str
Path to
.Xr ntpdate 8
(default
.Pa /usr/sbin/ntpdate ) .
.It Va ntpdate_flags
.Pq Vt str
If
.Va ntpdate_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr ntpdate 8
command (typically a hostname).
.It Va ntpd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr ntpd 8
command at boot time.
.It Va ntpd_program
.Pq Vt str
Path to
.Xr ntpd 8
(default
.Pa /usr/sbin/ntpd ) .
.It Va ntpd_config
.Pq Vt str
Path to
.Xr ntpd 8
configuration file.
Default
.Pa /etc/ntp.conf .
.It Va ntpd_flags
.Pq Vt str
If
.Va ntpd_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr ntpd 8
daemon.
.It Va ntpd_sync_on_start
.Pq Vt bool
If set to
.Dq Li YES ,
.Xr ntpd 8
is run with the
.Fl g
flag, which syncs the system's clock on startup.
See
.Xr ntpd 8
for more information regarding the
.Fl g
option.
This is a preferred alternative to using
.Xr ntpdate 8
or specifying the
.Va ntpdate_enable
variable.
.It Va nis_client_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr ypbind 8
service at system boot time.
.It Va nis_client_flags
.Pq Vt str
If
.Va nis_client_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr ypbind 8
service.
.It Va nis_ypldap_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr ypldap 8
daemon at system boot time.
.It Va nis_ypldap_flags
.Pq Vt str
If
.Va nis.ypldap_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr ypldap 8
daemon.
.It Va nis_ypset_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr ypset 8
daemon at system boot time.
.It Va nis_ypset_flags
.Pq Vt str
If
.Va nis_ypset_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr ypset 8
daemon.
.It Va nis_server_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr ypserv 8
daemon at system boot time.
.It Va nis_server_flags
.Pq Vt str
If
.Va nis_server_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr ypserv 8
daemon.
.It Va nis_ypxfrd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr rpc.ypxfrd 8
daemon at system boot time.
.It Va nis_ypxfrd_flags
.Pq Vt str
If
.Va nis_ypxfrd_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr rpc.ypxfrd 8
daemon.
.It Va nis_yppasswdd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr rpc.yppasswdd 8
daemon at system boot time.
.It Va nis_yppasswdd_flags
.Pq Vt str
If
.Va nis_yppasswdd_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr rpc.yppasswdd 8
daemon.
.It Va rpc_ypupdated_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Nm rpc.ypupdated
daemon at system boot time.
.It Va bsnmpd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr bsnmpd 1
daemon at system boot time.
Be sure to understand the security implications of running SNMP daemon
on your host.
.It Va bsnmpd_flags
.Pq Vt str
If
.Va bsnmpd_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr bsnmpd 1
daemon.
.It Va defaultrouter
.Pq Vt str
If not set to
.Dq Li NO ,
create a default route to this host name or IP address
(use an IP address if this router is also required to get to the
name server!).
.It Va ipv6_defaultrouter
.Pq Vt str
The IPv6 equivalent of
.Va defaultrouter .
.It Va static_arp_pairs
.Pq Vt str
Set to the list of static ARP pairs that are to be added at system
boot time.
For each whitespace separated
.Ar element
in the value, a
.Va static_arp_ Ns Aq Ar element
variable is assumed to exist whose contents will later be passed to a
.Dq Nm arp Cm -S
operation.
For example
.Bd -literal
static_arp_pairs="gw"
static_arp_gw="192.168.1.1 00:01:02:03:04:05"
.Ed
.It Va static_ndp_pairs
.Pq Vt str
Set to the list of static NDP pairs that are to be added at system
boot time.
For each whitespace separated
.Ar element
in the value, a
.Va static_ndp_ Ns Aq Ar element
variable is assumed to exist whose contents will later be passed to a
.Dq Nm ndp Cm -s
operation.
For example
.Bd -literal
static_ndp_pairs="gw"
static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
.Ed
.It Va static_routes
.Pq Vt str
Set to the list of static routes that are to be added at system
boot time.
If not set to
.Dq Li NO
then for each whitespace separated
.Ar element
in the value, a
.Va route_ Ns Aq Ar element
variable is assumed to exist
whose contents will later be passed to a
.Dq Nm route Cm add
operation.
For example:
.Bd -literal
static_routes="ext mcast:gif0 gif0local:gif0"
route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
route_mcast="-net 224.0.0.0/4 -iface gif0"
route_gif0local="-host 169.254.1.1 -iface lo0"
.Ed
.Pp
When an
.Ar element
is in the form of
.Li name:ifname ,
the route is specific to the interface
.Li ifname .
.It Va ipv6_static_routes
.Pq Vt str
The IPv6 equivalent of
.Va static_routes .
If not set to
.Dq Li NO
then for each whitespace separated
.Ar element
in the value, a
.Va ipv6_route_ Ns Aq Ar element
variable is assumed to exist
whose contents will later be passed to a
.Dq Nm route Cm add Fl inet6
operation.
.It Va gateway_enable
.Pq Vt bool
If set to
.Dq Li YES ,
configure host to act as an IP router, e.g.\& to forward packets
between interfaces.
.It Va ipv6_gateway_enable
.Pq Vt bool
The IPv6 equivalent of
.Va gateway_enable .
.It Va routed_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run a routing daemon of some sort, based on the
settings of
.Va routed_program
and
.Va routed_flags .
.It Va route6d_enable
.Pq Vt bool
The IPv6 equivalent of
.Va routed_enable .
If set to
.Dq Li YES ,
run a routing daemon of some sort, based on the
settings of
.Va route6d_program
and
.Va route6d_flags .
.It Va routed_program
.Pq Vt str
If
.Va routed_enable
is set to
.Dq Li YES ,
this is the name of the routing daemon to use.
.It Va route6d_program
.Pq Vt str
The IPv6 equivalent of
.Va routed_program .
.It Va routed_flags
.Pq Vt str
If
.Va routed_enable
is set to
.Dq Li YES ,
these are the flags to pass to the routing daemon.
.It Va route6d_flags
.Pq Vt str
The IPv6 equivalent of
.Va routed_flags .
.It Va rtadvd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr rtadvd 8
daemon at boot time.
The
.Xr rtadvd 8
utility sends ICMPv6 Router Advertisement messages to
the interfaces specified in
.Va rtadvd_interfaces .
This should only be enabled with great care.
You may want to fine-tune
.Xr rtadvd.conf 5 .
.It Va rtadvd_interfaces
.Pq Vt str
If
.Va rtadvd_enable
is set to
.Dq Li YES
this is the list of interfaces to use.
.It Va arpproxy_all
.Pq Vt bool
If set to
.Dq Li YES ,
enable global proxy ARP.
.It Va forward_sourceroute
.Pq Vt bool
If set to
.Dq Li YES
and
.Va gateway_enable
is also set to
.Dq Li YES ,
source-routed packets are forwarded.
.It Va accept_sourceroute
.Pq Vt bool
If set to
.Dq Li YES ,
the system will accept source-routed packets directed at it.
.It Va rarpd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr rarpd 8
daemon at system boot time.
.It Va rarpd_flags
.Pq Vt str
If
.Va rarpd_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr rarpd 8
daemon.
.It Va bootparamd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr bootparamd 8
daemon at system boot time.
.It Va bootparamd_flags
.Pq Vt str
If
.Va bootparamd_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr bootparamd 8
daemon.
.It Va stf_interface_ipv4addr
.Pq Vt str
If not set to
.Dq Li NO ,
this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
interface).
Specify this entry to enable the 6to4 interface.
.It Va stf_interface_ipv4plen
.Pq Vt int
Prefix length for 6to4 IPv4 addresses, to limit peer address range.
An effective value is 0-31.
.It Va stf_interface_ipv6_ifid
.Pq Vt str
IPv6 interface ID for
.Xr stf 4 .
This can be set to
.Dq Li AUTO .
.It Va stf_interface_ipv6_slaid
.Pq Vt str
IPv6 Site Level Aggregator for
.Xr stf 4 .
.It Va ipv6_ipv4mapping
.Pq Vt bool
If set to
.Dq Li YES
this enables IPv4 mapped IPv6 address communication (like
.Li ::ffff:a.b.c.d ) .
.It Va rtsold_enable
.Pq Vt bool
Set to
.Dq Li YES
to enable the
.Xr rtsold 8
daemon to send ICMPv6 Router Solicitation messages.
.It Va rtsold_flags
.Pq Vt str
If
.Va rtsold_enable
is set to
.Dq Li YES ,
these are the flags to pass to
.Xr rtsold 8 .
.It Va rtsol_flags
.Pq Vt str
For interfaces configured with the
.Dq Li inet6 accept_rtadv
keyword, these are the flags to pass to
.Xr rtsol 8 .
.Pp
Note that
.Va rtsold_enable
is mutually exclusive to
.Va rtsol_flags ;
.Va rtsold_enable
takes precedence.
.It Va keybell
.Pq Vt str
The keyboard bell sound.
Set to
.Dq Li normal ,
.Dq Li visual ,
.Dq Li off ,
or
.Dq Li NO
if the default behavior is desired.
For details, refer to the
.Xr kbdcontrol 1
manpage.
.It Va keyboard
.Pq Vt str
If set to a non-null string, the virtual console's keyboard input is
set to this device.
.It Va keymap
.Pq Vt str
If set to
.Dq Li NO ,
no keymap is installed, otherwise the value is used to install
the keymap file found in
.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
(if using
.Xr syscons 4 ) or
.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
(if using
.Xr vt 4 ) .
.It Va keyrate
.Pq Vt str
The keyboard repeat speed.
Set to
.Dq Li slow ,
.Dq Li normal ,
.Dq Li fast ,
or
.Dq Li NO
if the default behavior is desired.
.It Va keychange
.Pq Vt str
If not set to
.Dq Li NO ,
attempt to program the function keys with the value.
The value should
be a single string of the form:
.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
.It Va cursor
.Pq Vt str
Can be set to the value of
.Dq Li normal ,
.Dq Li blink ,
.Dq Li destructive ,
or
.Dq Li NO
to set the cursor behavior explicitly or choose the default behavior.
.It Va scrnmap
.Pq Vt str
If set to
.Dq Li NO ,
no screen map is installed, otherwise the value is used to install
the screen map file in
.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
This parameter is ignored when using
.Xr vt 4
as the console driver.
.It Va font8x16
.Pq Vt str
If set to
.Dq Li NO ,
the default 8x16 font value is used for screen size requests, otherwise
the value in
.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
or
.Pa /usr/share/vt/fonts/ Ns Aq Ar value
is used (depending on the console driver being used).
.It Va font8x14
.Pq Vt str
If set to
.Dq Li NO ,
the default 8x14 font value is used for screen size requests, otherwise
the value in
.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
or
.Pa /usr/share/vt/fonts/ Ns Aq Ar value
is used (depending on the console driver being used).
.It Va font8x8
.Pq Vt str
If set to
.Dq Li NO ,
the default 8x8 font value is used for screen size requests, otherwise
the value in
.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
or
.Pa /usr/share/vt/fonts/ Ns Aq Ar value
is used (depending on the console driver being used).
.It Va blanktime
.Pq Vt int
If set to
.Dq Li NO ,
the default screen blanking interval is used, otherwise it is set
to
.Ar value
seconds.
.It Va saver
.Pq Vt str
If not set to
.Dq Li NO ,
this is the actual screen saver to use
.Li ( blank , snake , daemon ,
etc).
.It Va moused_nondefault_enable
.Pq Vt str
If set to
.Dq Li NO ,
the mouse device specified on
the command line is not automatically treated as enabled by the
.Pa /etc/rc.d/moused
script.
Having this variable set to
.Dq Li YES
allows a
.Xr usb 4
mouse,
for example,
to be enabled as soon as it is plugged in.
.It Va moused_enable
.Pq Vt str
If set to
.Dq Li YES ,
the
.Xr moused 8
daemon is started for doing cut/paste selection on the console.
.It Va moused_type
.Pq Vt str
This is the protocol type of the mouse connected to this host.
This variable must be set if
.Va moused_enable
is set to
.Dq Li YES .
The
.Xr moused 8
daemon
is able to detect the appropriate mouse type automatically in many cases.
Set this variable to
.Dq Li auto
to let the daemon detect it, or
select one from the following list if the automatic detection fails.
.Pp
If the mouse is attached to the PS/2 mouse port, choose
.Dq Li auto
or
.Dq Li ps/2 ,
regardless of the brand and model of the mouse.
Likewise, if the
mouse is attached to the bus mouse port, choose
.Dq Li auto
or
.Dq Li busmouse .
All other protocols are for serial mice and will not work with
the PS/2 and bus mice.
If this is a USB mouse,
.Dq Li auto
is the only protocol type which will work.
.Pp
.Bl -tag -width ".Li x10mouseremote" -compact
.It Li microsoft
Microsoft mouse (serial)
.It Li intellimouse
Microsoft IntelliMouse (serial)
.It Li mousesystems
Mouse systems Corp.\& mouse (serial)
.It Li mmseries
MM Series mouse (serial)
.It Li logitech
Logitech mouse (serial)
.It Li busmouse
A bus mouse
.It Li mouseman
Logitech MouseMan and TrackMan (serial)
.It Li glidepoint
ALPS GlidePoint (serial)
.It Li thinkingmouse
Kensington ThinkingMouse (serial)
.It Li ps/2
PS/2 mouse
.It Li mmhittab
MM HitTablet (serial)
.It Li x10mouseremote
X10 MouseRemote (serial)
.It Li versapad
Interlink VersaPad (serial)
.El
.Pp
Even if the mouse is not in the above list, it may be compatible
with one in the list.
Refer to the manual page for
.Xr moused 8
for compatibility information.
.Pp
It should also be noted that while this is enabled, any
other client of the mouse (such as an X server) should access
the mouse through the virtual mouse device,
.Pa /dev/sysmouse ,
and configure it as a
.Dq Li sysmouse
type mouse, since all
mouse data is converted to this single canonical format when
using
.Xr moused 8 .
If the client program does not support the
.Dq Li sysmouse
type,
specify the
.Dq Li mousesystems
type.
It is the second preferred type.
.It Va moused_port
.Pq Vt str
If
.Va moused_enable
is set to
.Dq Li YES ,
this is the actual port the mouse is on.
It might be
.Pa /dev/cuau0
for a COM1 serial mouse, or
.Pa /dev/psm0
for a PS/2 mouse, for example.
.It Va moused_flags
.Pq Vt str
If
.Va moused_flags
is set, its value is used as an additional set of flags to pass to the
.Xr moused 8
daemon.
.It Va "moused_" Ns Ar XXX Ns Va "_flags"
When
.Va moused_nondefault_enable
is enabled, and a
.Xr moused 8
daemon is started for a non-default port, the
.Va "moused_" Ns Ar XXX Ns Va "_flags"
set of options has precedence over and replaces the default
.Va moused_flags
(where
.Ar XXX
is the name of the non-default port, i.e.,\&
.Ar ums0 ) .
By setting
.Va "moused_" Ns Ar XXX Ns Va "_flags"
it is possible to set up a different set of default flags for each
.Xr moused 8
instance.
For example, you can use
.Dq Li "-3"
for the default
.Va moused_flags
to make your laptop's touchpad more comfortable to use,
but an empty set of options for
.Va moused_ums0_flags
when your
.Xr usb 4
mouse has three or more buttons.
.It Va mousechar_start
.Pq Vt int
If set to
.Dq Li NO ,
the default mouse cursor character range
.Li 0xd0 Ns - Ns Li 0xd3
is used,
otherwise the range start is set
to
.Ar value
character, see
.Xr vidcontrol 1 .
Use if the default range is occupied in the language code table.
.It Va allscreens_flags
.Pq Vt str
If set,
.Xr vidcontrol 1
is run with these options for each of the virtual terminals
.Pq Pa /dev/ttyv* .
For example,
.Dq Fl m Cm on
will enable the mouse pointer on all virtual terminals
if
.Va moused_enable
is set to
.Dq Li YES .
.It Va allscreens_kbdflags
.Pq Vt str
If set,
.Xr kbdcontrol 1
is run with these options for each of the virtual terminals
.Pq Pa /dev/ttyv* .
For example,
.Dq Fl h Li 200
will set the
.Xr syscons 4
or
.Xr vt 4
scrollback (history) buffer to 200 lines.
.It Va cron_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr cron 8
daemon at system boot time.
.It Va cron_program
.Pq Vt str
Path to
.Xr cron 8
(default
.Pa /usr/sbin/cron ) .
.It Va cron_flags
.Pq Vt str
If
.Va cron_enable
is set to
.Dq Li YES ,
these are the flags to pass to
.Xr cron 8 .
.It Va cron_dst
.Pq Vt bool
If set to
.Dq Li YES ,
enable the special handling of transitions to and from the
Daylight Saving Time in
.Xr cron 8
(equivalent to using the flag
.Fl s ) .
.It Va lpd_program
.Pq Vt str
Path to
.Xr lpd 8
(default
.Pa /usr/sbin/lpd ) .
.It Va lpd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr lpd 8
daemon at system boot time.
.It Va lpd_flags
.Pq Vt str
If
.Va lpd_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr lpd 8
daemon.
.It Va chkprintcap_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run the
.Xr chkprintcap 8
command before starting the
.Xr lpd 8
daemon.
.It Va chkprintcap_flags
.Pq Vt str
If
.Va lpd_enable
and
.Va chkprintcap_enable
are set to
.Dq Li YES ,
these are the flags to pass to the
.Xr chkprintcap 8
program.
The default is
.Dq Li -d ,
which causes missing directories to be created.
.It Va mta_start_script
.Pq Vt str
This variable specifies the full path to the script to run to start
a mail transfer agent.
The default is
.Pa /etc/rc.sendmail .
The
.Va sendmail_*
variables which
.Pa /etc/rc.sendmail
uses are documented in the
.Xr rc.sendmail 8
manual page.
.It Va dumpdev
.Pq Vt str
Indicates the device (usually a swap partition) to which a crash dump
should be written in the event of a system crash.
If the value of this variable is
.Dq Li AUTO ,
the first suitable swap device listed in
.Pa /etc/fstab
will be used as dump device.
Otherwise, the value of this variable is passed as the argument to
.Xr dumpon 8
and
.Xr savecore 8 .
To disable crash dumps, set this variable to
.Dq Li NO .
.It Va dumpon_flags
.Pq Vt str
Flags to pass to
.Xr dumpon 8
when configuring
.Va dumpdev
as the system dump device.
.It Va dumpdir
.Pq Vt str
When the system reboots after a crash and a crash dump is found on the
device specified by the
.Va dumpdev
variable,
.Xr savecore 8
will save that crash dump and a copy of the kernel to the directory
specified by the
.Va dumpdir
variable.
The default value is
.Pa /var/crash .
Set to
.Dq Li NO
to not run
.Xr savecore 8
at boot time when
.Va dumpdir
is set.
.It Va savecore_enable
.Pq Vt bool
If set to
.Dq Li NO ,
disable automatic extraction of the crash dump from the
.Va dumpdev .
.It Va savecore_flags
.Pq Vt str
If crash dumps are enabled, these are the flags to pass to the
.Xr savecore 8
utility.
.It Va quota_enable
.Pq Vt bool
Set to
.Dq Li YES
to turn on user and group disk quotas on system startup via the
.Xr quotaon 8
command for all file systems marked as having quotas enabled in
.Pa /etc/fstab .
The kernel must be built with
.Cd "options QUOTA"
for disk quotas to function.
.It Va check_quotas
.Pq Vt bool
Set to
.Dq Li YES
to enable user and group disk quota checking via the
.Xr quotacheck 8
command.
.It Va quotacheck_flags
.Pq Vt str
If
.Va quota_enable
is set to
.Dq Li YES ,
and
.Va check_quotas
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr quotacheck 8
utility.
The default is
.Dq Li "-a" ,
which checks quotas for all file systems with quotas enabled in
.Pa /etc/fstab .
.It Va quotaon_flags
.Pq Vt str
If
.Va quota_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr quotaon 8
utility.
The default is
.Dq Li "-a" ,
which enables quotas for all file systems with quotas enabled in
.Pa /etc/fstab .
.It Va quotaoff_flags
.Pq Vt str
If
.Va quota_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr quotaoff 8
utility when shutting down the quota system.
The default is
.Dq Li "-a" ,
which disables quotas for all file systems with quotas enabled in
.Pa /etc/fstab .
.It Va accounting_enable
.Pq Vt bool
Set to
.Dq Li YES
to enable system accounting through the
.Xr accton 8
facility.
.It Va firstboot_sentinel
.Pq Vt str
This variable specifies the full path to a
.Dq first boot
sentinel file.
If a file exists with this path,
.Pa rc.d
scripts with the
.Dq firstboot
keyword will be run on startup and the sentinel file will be deleted
after the boot process completes.
The sentinel file must be located on a writable file system which is
mounted no later than
.Va early_late_divider
to function properly.
The default is
.Pa /firstboot .
.It Va linux_enable
.Pq Vt bool
Set to
.Dq Li YES
to enable Linux/ELF binary emulation at system initial
boot time.
.It Va sysvipc_enable
.Pq Vt bool
If set to
.Dq Li YES ,
load System V IPC primitives at boot time.
.It Va clear_tmp_enable
.Pq Vt bool
Set to
.Dq Li YES
to have
.Pa /tmp
cleaned at startup.
.It Va clear_tmp_X
.Pq Vt bool
Set to
.Dq Li NO
to disable removing of X11 lock files,
and the removal and (secure) recreation
of the various socket directories for X11
related programs.
.It Va ldconfig_paths
.Pq Vt str
Set to the list of shared library paths to use with
.Xr ldconfig 8 .
NOTE:
.Pa /lib
and
.Pa /usr/lib
will always be added first, so they need not appear in this list.
.It Va ldconfig32_paths
.Pq Vt str
Set to the list of 32-bit compatibility shared library paths to
use with
.Xr ldconfig 8 .
.It Va ldconfig_insecure
.Pq Vt bool
The
.Xr ldconfig 8
utility normally refuses to use directories
which are writable by anyone except root.
Set this variable to
.Dq Li YES
to disable that security check during system startup.
.It Va ldconfig_local_dirs
.Pq Vt str
Set to the list of local
.Xr ldconfig 8
directories.
The names of all files in the directories listed will be
passed as arguments to
.Xr ldconfig 8 .
.It Va ldconfig_local32_dirs
.Pq Vt str
Set to the list of local 32-bit compatibility
.Xr ldconfig 8
directories.
The names of all files in the directories listed will be
passed as arguments to
.Dq Nm ldconfig Fl 32 .
.It Va kern_securelevel_enable
.Pq Vt bool
Set to
.Dq Li YES
to set the kernel security level at system startup.
.It Va kern_securelevel
.Pq Vt int
The kernel security level to set at startup.
The allowed range of
.Ar value
ranges from \-1 (the compile time default) to 3 (the
most secure).
See
.Xr security 7
for the list of possible security levels and their effect
on system operation.
.It Va sshd_program
.Pq Vt str
Path to the SSH server program
.Pa ( /usr/sbin/sshd
is the default).
.It Va sshd_enable
.Pq Vt bool
Set to
.Dq Li YES
to start
.Xr sshd 8
at system boot time.
.It Va sshd_flags
.Pq Vt str
If
.Va sshd_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr sshd 8
daemon.
.It Va ftpd_program
.Pq Vt str
Path to the FTP server program
.Pa ( /usr/libexec/ftpd
is the default).
.It Va ftpd_enable
.Pq Vt bool
Set to
.Dq Li YES
to start
.Xr ftpd 8
as a stand-alone daemon at system boot time.
.It Va ftpd_flags
.Pq Vt str
If
.Va ftpd_enable
is set to
.Dq Li YES ,
these are the additional flags to pass to the
.Xr ftpd 8
daemon.
.It Va watchdogd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
start the
.Xr watchdogd 8
daemon at boot time.
This requires that the kernel have been compiled with a
.Xr watchdog 4
compatible device.
.It Va watchdogd_flags
.Pq Vt str
If
.Va watchdogd_enable
is set to
.Dq Li YES ,
these are the flags passed to the
.Xr watchdogd 8
daemon.
.It Va watchdogd_timeout
.Pq Vt int
If
.Va watchdogd_enable
is set to
.Dq Li YES ,
this is a timeout that will be used by the
.Xr watchdogd 8
daemon.
If this option is set, it overrides
.Fl t
in
.Va watchdogd_flags .
.It Va watchdogd_shutdown_timeout
.Pq Vt int
If
.Va watchdogd_enable
is set to
.Dq Li YES ,
this is a timeout that will be set by the
.Xr watchdogd 8
daemon when it exits during the system shutdown.
This timeout will not be set when returning to the single-user mode
or when the watchdogd service is stopped individually using the
.Xr service 8
command or the rc.d script.
Note that the timeout will be applied if
.Xr watchdogd 8
is stopped outside of
.Xr rc 8
framework.
If this option is set, it overrides
.Fl x
in
.Va watchdogd_flags .
.It Va devfs_rulesets
.Pq Vt str
List of files containing sets of rules for
.Xr devfs 8 .
.It Va devfs_system_ruleset
.Pq Vt str
Rule name(s) to apply to the system
.Pa /dev
itself.
.It Va devfs_set_rulesets
.Pq Vt str
Pairs of already-mounted
.Pa dev
directories and rulesets that should be applied to them.
For example: /mount/dev=ruleset_name
.It Va devfs_load_rulesets
.Pq Vt bool
If set, always load the default rulesets listed in
.Va devfs_rulesets .
.It Va performance_cx_lowest
.Pq Vt str
CPU idle state to use while on AC power.
The string
.Dq Li LOW
indicates that
.Xr acpi 4
should use the lowest power state available while
.Dq Li HIGH
indicates that the lowest latency state (less power savings) should be used.
.It Va performance_cpu_freq
.Pq Vt str
CPU clock frequency to use while on AC power.
The string
.Dq Li LOW
indicates that
.Xr cpufreq 4
should use the lowest frequency available while
.Dq Li HIGH
indicates that the highest frequency (less power savings) should be used.
.It Va economy_cx_lowest
.Pq Vt str
CPU idle state to use when off AC power.
The string
.Dq Li LOW
indicates that
.Xr acpi 4
should use the lowest power state available while
.Dq Li HIGH
indicates that the lowest latency state (less power savings) should be used.
.It Va economy_cpu_freq
.Pq Vt str
CPU clock frequency to use when off AC power.
The string
.Dq Li LOW
indicates that
.Xr cpufreq 4
should use the lowest frequency available while
.Dq Li HIGH
indicates that the highest frequency (less power savings) should be used.
.It Va jail_enable
.Pq Vt bool
If set to
.Dq Li NO ,
any configured jails will not be started.
.It Va jail_conf
.Pq Vt str
The configuration filename used by
.Xr jail 8
utility.
The default value is
.Pa /etc/jail.conf .
.Pa /etc/jail. Ns Ao Ar jname Ac Ns Va .conf
and
.Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf
will also be used if
.Va Ao Ar jname Ac Va
is set in
.Va jail_list .
.It Va jail_parallel_start
.Pq Vt bool
If set to
.Dq Li YES ,
all configured jails will be started in the background (in parallel).
.It Va jail_flags
.Pq Vt str
Unset by default.
When set, use as default value for
.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
for every jail in
.Va jail_list .
.It Va jail_list
.Pq Vt str
A space-delimited list of jail names.
When left empty, all of the
.Xr jail 8
instances defined in the configuration file are started.
The names specified in this list control the jail startup order.
.Xr jail 8
instances missing from
.Va jail_list
must be started manually.
Note that a jail's
.Va depend
parameter in the configuration file may override this list.
.It Va jail_reverse_stop
.Pq Vt bool
When set to
.Dq Li YES ,
all configured jails in
.Va jail_list
are stopped in reverse order.
.It Va jail_ Ns * variables
Note that older releases supported per-jail configuration via
.Nm
variables.
For example,
hostname of a jail named
.Li vjail
was able to be set by
.Li jail_vjail_hostname .
These per-jail configuration variables are now obsolete in favor of
.Xr jail 8
configuration file.
For backward compatibility,
when per-jail configuration variables are defined,
.Xr jail 8
configuration files are created as
.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf
and used.
.Pp
The following per-jail parameters are handled by
.Pa rc.d/jail
script out of their corresponding
.Nm
variables.
In addition to them, parameters in
.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
will be added to the configuration file.
They must be a semi-colon
.Pq Ql \&;
delimited list of
.Dq key=value .
For more details,
see
.Xr jail 8
manual page.
.Bl -tag -width "host.hostname" -offset indent
.It Li path
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
.It Li host.hostname
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
.It Li exec.consolelog
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
The default value is
.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log .
.It Li interface
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
.It Li vnet.interface
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
This implies
.Li vnet
parameter will be enabled and cannot be specified with
.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
and/or
.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
at the same time.
.It Li fstab
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
.It Li mount
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
.It Li exec.fib
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
.It Li exec.start
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
The parameter name was
.Li command
in some older releases.
.It Li exec.prestart
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
.It Li exec.poststart
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
.It Li exec.stop
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
.It Li exec.prestop
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
.It Li exec.poststop
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
.It Li ip4.addr
set if
.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
or
.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
contain IPv4 addresses
.It Li ip6.addr
set if
.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
or
.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
contain IPv6 addresses
.It Li allow.mount
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
.It Li mount.devfs
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
.It Li devfs_ruleset
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
This must be an integer,
not a string.
.It Li mount.fdescfs
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
.It Li allow.set_hostname
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
.It Li allow.rawsocket
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
.It Li allow.sysvipc
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
.El
.\" -----------------------------------------------------
.It Va harvest_mask
.Pq Vt int
Set to a bit-mask
representing the entropy sources
you wish to harvest.
Refer to
.Xr random 4
for more information.
.It Va entropy_dir
.Pq Vt str
Set to
.Dq Li NO
to disable caching entropy via
.Xr cron 8 .
Otherwise set to the directory
in which the entropy files are stored.
To be useful,
there must be
a system cron job
that regularly writes and rotates
files here.
All files found
will be used at boot time.
The default is
.Pa /var/db/entropy .
.It Va entropy_file
.Pq Vt str
Set to
.Dq Li NO
to disable caching entropy through reboots.
Otherwise set to the name
of a file used to store cached entropy.
This file should be located
on a file system that is readable
before all the volumes specified in
.Xr fstab 5
are mounted.
By default,
.Pa /entropy
is used,
but if
.Pa /var/db/entropy-file
is found it will also be used.
This will be of some use to
.Xr bsdinstall 8 .
.It Va entropy_boot_file
.Pq Vt str
Set to
.Dq Li NO
to disable
very early caching entropy
through reboots.
Otherwise set to the filename
used to read
very early reboot cached entropy.
This file should be located where
.Xr loader 8
can read it.
See also
.Xr loader.conf 5 .
The default location is
.Pa /boot/entropy .
.It Va entropy_save_sz
.Pq Vt int
Size of the entropy cache files saved by
.Nm save-entropy
periodically.
.It Va entropy_save_num
.Pq Vt int
Number of entropy cache files to save by
.Nm save-entropy
periodically.
.It Va ipsec_enable
.Pq Vt bool
Set to
.Dq Li YES
to run
.Xr setkey 8
on
.Va ipsec_file
at boot time.
.It Va ipsec_file
.Pq Vt str
Configuration file for
.Xr setkey 8 .
.It Va dmesg_enable
.Pq Vt bool
Set to
.Dq Li YES
to save
.Xr dmesg 8
to
.Pa /var/run/dmesg.boot
on boot.
.It Va rcshutdown_timeout
.Pq Vt int
If set, start a watchdog timer in the background which will terminate
.Pa rc.shutdown
if
.Xr shutdown 8
has not completed within the specified time (in seconds).
Notice that in addition to this soft timeout,
.Xr init 8
also applies a hard timeout for the execution of
.Pa rc.shutdown .
This is configured via
.Xr sysctl 8
variable
.Va kern.init_shutdown_timeout
and defaults to 120 seconds.
Setting the value of
.Va rcshutdown_timeout
to more than 120 seconds will have no effect until the
.Xr sysctl 8
variable
.Va kern.init_shutdown_timeout
is also increased.
.It Va virecover_enable
.Pq Vt bool
Set to
.Dq Li NO
to prevent the system from trying to
recover pre-maturely terminated
.Xr vi 1
sessions.
.It Va ugidfw_enable
.Pq Vt bool
Set to
.Dq Li YES
to load the
.Xr mac_bsdextended 4
module upon system initialization and load a default
ruleset file.
.It Va bsdextended_script
.Pq Vt str
The default
.Xr mac_bsdextended 4
ruleset file to load.
The default value of this variable is
.Pa /etc/rc.bsdextended .
.It Va newsyslog_enable
.Pq Vt bool
If set to
.Dq Li YES ,
run
.Xr newsyslog 8
command at startup.
.It Va newsyslog_flags
.Pq Vt str
If
.Va newsyslog_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr newsyslog 8
program.
The default is
.Dq Li -CN ,
which causes log files flagged with a
.Cm C
to be created.
.It Va mdconfig_md Ns Aq Ar X
.Pq Vt str
Arguments to
.Xr mdconfig 8
for
.Xr md 4
device
.Ar X .
At minimum a
.Fl t Ar type
must be specified and either a
.Fl s Ar size
for malloc or swap backed
.Xr md 4
devices or a
.Fl f Ar file
for vnode backed
.Xr md 4
devices.
Note that
.Va mdconfig_md Ns Aq Ar X
variables are evaluated until one variable is unset or null.
.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
.Pq Vt str
Optional arguments passed to
.Xr newfs 8
to initialize
.Xr md 4
device
.Ar X .
.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
.Pq Vt str
An ownership specification passed to
.Xr chown 8
after the specified
.Xr md 4
device
.Ar X
has been mounted.
Both the
.Xr md 4
device and the mount point will be changed.
.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
.Pq Vt str
A mode string passed to
.Xr chmod 1
after the specified
.Xr md 4
device
.Ar X
has been mounted.
Both the
.Xr md 4
device and the mount point will be changed.
.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
.Pq Vt str
Files to be copied to the mount point of the
.Xr md 4
device
.Ar X
after it has been mounted.
.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
.Pq Vt str
Command to execute after the specified
.Xr md 4
device
.Ar X
has been mounted.
Note that the command is passed to
.Ic eval
and that both
.Va _dev
and
.Va _mp
variables can be used to reference respectively the
.Xr md 4
device and the mount point.
Assuming that the
.Xr md 4
device is
.Li md0 ,
one could set the following:
.Bd -literal
mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
.Ed
.It Va autobridge_interfaces
.Pq Vt str
Set to the list of bridge interfaces that will have newly arriving interfaces
checked against to be automatically added.
If not set to
.Dq Li NO
then for each whitespace separated
.Ar element
in the value, a
.Va autobridge_ Ns Aq Ar element
variable is assumed to exist which has a whitespace separated list of interface
names to match, these names can use wildcards.
For example:
.Bd -literal
autobridge_interfaces="bridge0"
autobridge_bridge0="tap* dc0 vlan[345]"
.Ed
.It Va mixer_enable
.Pq Vt bool
If set to
.Dq Li YES ,
enable support for sound mixer.
.It Va hcsecd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
enable Bluetooth security daemon.
.It Va hcsecd_config
.Pq Vt str
Configuration file for
.Xr hcsecd 8 .
Default
.Pa /etc/bluetooth/hcsecd.conf .
.It Va sdpd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
enable Bluetooth Service Discovery Protocol daemon.
.It Va sdpd_control
.Pq Vt str
Path to
.Xr sdpd 8
control socket.
Default
.Pa /var/run/sdp .
.It Va sdpd_groupname
.Pq Vt str
Sets
.Xr sdpd 8
group to run as after it initializes.
Default
.Dq Li nobody .
.It Va sdpd_username
.Pq Vt str
Sets
.Xr sdpd 8
user to run as after it initializes.
Default
.Dq Li nobody .
.It Va bthidd_enable
.Pq Vt bool
If set to
.Dq Li YES ,
enable Bluetooth Human Interface Device daemon.
.It Va bthidd_config
.Pq Vt str
Configuration file for
.Xr bthidd 8 .
Default
.Pa /etc/bluetooth/bthidd.conf .
.It Va bthidd_hids
.Pq Vt str
Path to a file, where
.Xr bthidd 8
will store information about known HID devices.
Default
.Pa /var/db/bthidd.hids .
.It Va rfcomm_pppd_server_enable
.Pq Vt bool
If set to
.Dq Li YES ,
enable Bluetooth RFCOMM PPP wrapper daemon.
.It Va rfcomm_pppd_server_profile
.Pq Vt str
The name of the profile to use from
.Pa /etc/ppp/ppp.conf .
Multiple profiles can be specified here.
Also used to specify per-profile overrides.
When the profile name contains any of the characters
.Dq Li .-/+
they are translated to
.Dq Li _
for the proposes of the override variable names.
.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
.Pq Vt str
Overrides local address to listen on.
By default
.Xr rfcomm_pppd 8
will listen on
.Dq Li ANY
address.
The address can be specified as BD_ADDR or name.
.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
.Pq Vt str
Overrides local RFCOMM channel to listen on.
By default
.Xr rfcomm_pppd 8
will listen on RFCOMM channel 1.
Must set properly if multiple profiles used in the same time.
.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
.Pq Vt bool
Tells
.Xr rfcomm_pppd 8
if it should register Serial Port service on the specified RFCOMM channel.
Default
.Dq Li NO .
.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
.Pq Vt bool
Tells
.Xr rfcomm_pppd 8
if it should register Dial-Up Networking service on the specified
RFCOMM channel.
Default
.Dq Li NO .
.It Va ubthidhci_enable
.Pq Vt bool
If set to
.Dq Li YES ,
change the USB Bluetooth controller from HID mode to HCI mode.
You also need to specify the location of USB Bluetooth controller with the
.Va ubthidhci_busnum
and
.Va ubthidhci_addr
variables.
.It Va ubthidhci_busnum
Bus number where the USB Bluetooth controller is located.
Check the output of
.Xr usbconfig 8
on your system to find this information.
.It Va ubthidhci_addr
Bus address of the USB Bluetooth controller.
Check the output of
.Xr usbconfig 8
on your system to find this information.
.It Va netwait_enable
.Pq Vt bool
If set to
.Dq Li YES ,
delays the start of network-reliant services until
.Va netwait_if
is up and ICMP packets to a destination defined in
.Va netwait_ip
are flowing.
Link state is examined first, followed by
.Dq Li pinging
an IP address to verify network usability.
If no destination can be reached or timeouts are exceeded,
network services are started anyway with no guarantee that
the network is usable.
Use of this variable requires both
.Va netwait_ip
and
.Va netwait_if
to be set.
.It Va netwait_ip
.Pq Vt str
Empty by default.
This variable contains a space-delimited list of IP addresses to
.Xr ping 8 .
DNS hostnames should not be used as resolution is not guaranteed
to be functional at this point.
If multiple IP addresses are specified,
each will be tried until one is successful or the list is exhausted.
.It Va netwait_timeout
.Pq Vt int
Indicates the total number of seconds to perform a
.Dq Li ping
against each IP address in
.Va netwait_ip ,
at a rate of one ping per second.
If any of the pings are successful,
full network connectivity is considered reliable.
The default is 60.
.It Va netwait_if
.Pq Vt str
Empty by default.
Defines the name of the network interface on which watch for link.
.Xr ifconfig 8
is used to monitor the interface, looking for
.Dq Li status: no carrier .
Once gone, the link is considered up.
This can be a
.Xr vlan 4
interface if desired.
.It Va netwait_if_timeout
.Pq Vt int
Defines the total number of seconds to wait for link to become usable,
polled at a 1-second interval.
The default is 30.
.It Va rctl_enable
.Pq Vt bool
If set to
.Dq Li YES ,
load
.Xr rctl 8
rules from the defined ruleset.
The kernel must be built with
.Cd "options RACCT"
and
.Cd "options RCTL" .
.It Va rctl_rules
.Pq Vt str
Set to
.Pa /etc/rctl.conf
by default.
This variables contains the
.Xr rctl.conf 5
ruleset to load for
.Xr rctl 8 .
.It Va iovctl_files
.Pq Vt str
A space-separated list of configuration files used by
.Xr iovctl 8 .
The default value is an empty string.
.It Va autofs_enable
.Pq Vt bool
If set to
.Dq Li YES ,
start the
.Xr automount 8
utility and the
.Xr automountd 8
and
.Xr autounmountd 8
daemons at boot time.
.It Va automount_flags
.Pq Vt str
If
.Va autofs_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr automount 8
program.
By default no flags are passed.
.It Va automountd_flags
.Pq Vt str
If
.Va autofs_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr automountd 8
daemon.
By default no flags are passed.
.It Va autounmountd_flags
.Pq Vt str
If
.Va autofs_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr autounmountd 8
daemon.
By default no flags are passed.
.It Va ctld_enable
.Pq Vt bool
If set to
.Dq Li YES ,
start the
.Xr ctld 8
daemon at boot time.
.It Va iscsid_enable
.Pq Vt bool
If set to
.Dq Li YES ,
start the
.Xr iscsid 8
daemon at boot time.
.It Va iscsictl_enable
.Pq Vt bool
If set to
.Dq Li YES ,
start the
.Xr iscsictl 8
utility at boot time.
.It Va iscsictl_flags
.Pq Vt str
If
.Va iscsictl_enable
is set to
.Dq Li YES ,
these are the flags to pass to the
.Xr iscsictl 8
program.
The default is
.Dq Li -Aa ,
which configures sessions based on the
.Pa /etc/iscsi.conf
configuration file.
.It Va cfumass_enable
.Pq Vt bool
If set to
.Dq Li YES ,
create and export an USB LUN using
.Xr cfumass 4
at boot time.
.It Va cfumass_dir
.Pq Vt str
The directory where the files exported by USB LUN are located.
The default directory is
.Pa /var/cfumass .
.It Va service_delete_empty
.Pq Vt bool
If set to
.Dq Li YES ,
.Ql Li service delete
removes empty
.Dq Li rc.conf.d
files.
.It Va zfs_bootonce_activate
.Pq Vt bool
If set to
.Dq Li YES ,
and a boot environment marked bootonce is successfully booted,
it will be made permanently active.
.It Va zfskeys_enable
.Pq Vt bool
If set to
.Dq Li YES ,
enable auto-loading of encryption keys for encrypted ZFS datasets.
For every dataset the script will first load the appropriate encryption key
and then attempt to unlock the dataset.
.Pp
The script operates only on datasets which are encrypted with
ZFS native encryption
and have a ZFS
.Dq Li keylocation
dataset property beginning with
.Dq Li file:// .
.It Va zfskeys_datasets
.Pq Vt str
A whitespace-separated list of ZFS datasets to unlock.
The list is empty by default,
which means that the script will attempt to unlock all datasets.
.It Va zfskeys_timeout
.Pq Vt int
Define the total number of seconds to wait for the zfskeys script
to unlock an encrypted dataset.
The default is 10.
.El
.Sh FILES
.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
.It Pa /etc/defaults/rc.conf
.It Pa /etc/defaults/vendor.conf
.It Pa /etc/rc.conf
.It Pa /etc/rc.conf.local
.El
.Sh SEE ALSO
.Xr chmod 1 ,
.Xr gdb 1 ,
.Xr info 1 ,
.Xr kbdcontrol 1 ,
.Xr limits 1 ,
.Xr protect 1 ,
.Xr sh 1 ,
.Xr vi 1 ,
.Xr vidcontrol 1 ,
.Xr bridge 4 ,
.Xr dummynet 4 ,
.Xr ip 4 ,
.Xr ipf 4 ,
.Xr ipfw 4 ,
.Xr ipnat 4 ,
.Xr kld 4 ,
.Xr pf 4 ,
.Xr pflog 4 ,
.Xr pfsync 4 ,
.Xr tcp 4 ,
.Xr udp 4 ,
.Xr exports 5 ,
.Xr fstab 5 ,
.Xr ipf 5 ,
.Xr ipnat 5 ,
.Xr jail.conf 5 ,
.Xr loader.conf 5 ,
.Xr login.conf 5 ,
.Xr motd 5 ,
.Xr newsyslog.conf 5 ,
.Xr pf.conf 5 ,
.Xr security 7 ,
.Xr accton 8 ,
.Xr apm 8 ,
.Xr bsdinstall 8 ,
.Xr bthidd 8 ,
.Xr chkprintcap 8 ,
.Xr chown 8 ,
.Xr cron 8 ,
.Xr devfs 8 ,
.Xr dhclient 8 ,
.Xr ftpd 8 ,
.Xr geli 8 ,
.Xr hcsecd 8 ,
.Xr ifconfig 8 ,
.Xr inetd 8 ,
.Xr iovctl 8 ,
.Xr ipf 8 ,
.Xr ipfw 8 ,
.Xr ipnat 8 ,
.Xr jail 8 ,
.Xr kldxref 8 ,
.Xr loader 8 ,
.Xr lpd 8 ,
.Xr makewhatis 8 ,
.Xr mdconfig 8 ,
.Xr mdmfs 8 ,
.Xr mixer 8 ,
.Xr mountd 8 ,
.Xr moused 8 ,
.Xr newfs 8 ,
.Xr newsyslog 8 ,
.Xr nfsd 8 ,
.Xr ntpd 8 ,
.Xr ntpdate 8 ,
.Xr pfctl 8 ,
.Xr pflogd 8 ,
.Xr ping 8 ,
.Xr powerd 8 ,
.Xr quotacheck 8 ,
.Xr quotaon 8 ,
.Xr rc 8 ,
.Xr rc.sendmail 8 ,
.Xr rc.subr 8 ,
.Xr rfcomm_pppd 8 ,
.Xr route 8 ,
.Xr routed 8 ,
.Xr rpc.lockd 8 ,
.Xr rpc.statd 8 ,
.Xr rpc.tlsclntd 8 ,
.Xr rpc.tlsservd 8 ,
.Xr rpcbind 8 ,
.Xr rwhod 8 ,
.Xr savecore 8 ,
.Xr sdpd 8 ,
.Xr service 8 ,
.Xr sshd 8 ,
.Xr swapon 8 ,
.Xr sysctl 8 ,
.Xr syslogd 8 ,
.Xr sysrc 8 ,
-.Xr timed 8 ,
.Xr unbound 8 ,
.Xr usbconfig 8 ,
.Xr wlandebug 8 ,
.Xr yp 8 ,
.Xr ypbind 8 ,
.Xr ypserv 8 ,
.Xr ypset 8
.Sh HISTORY
The
.Nm
file appeared in
.Fx 2.2.2 .
.Sh AUTHORS
.An Jordan K. Hubbard .