|
|
| |
RC.CONF(5) |
FreeBSD File Formats Manual |
RC.CONF(5) |
rc.conf —
system configuration information
The file rc.conf contains descriptive information about
the local host name, configuration details for any potential network
interfaces and which services should be started up at system initial boot
time. In new installations, the rc.conf file is
generally initialized by the system installation utility.
The purpose of rc.conf is not to run
commands or perform system startup actions directly. Instead, it is included
by the various generic startup scripts in /etc which
conditionalize their internal actions according to the settings found
there.
The /etc/rc.conf file is included from the
file /etc/defaults/rc.conf, which specifies the
default settings for all the available options. Options need only be
specified in /etc/rc.conf when the system
administrator wishes to override these defaults. The file
/etc/defaults/vendor.conf allows vendors to override
FreeBSD defaults. The file
/etc/rc.conf.local is used to override settings in
/etc/rc.conf for historical reasons.
The sysrc(8) command provides a scripting interface to modify
system config files.
In addition to /etc/rc.conf.local you can
also place smaller configuration files for each
rc(8)
script in the /etc/rc.conf.d directory or
⟨dir⟩/rc.conf.d
directories specified in local_startup, which will be
included by the load_rc_config function. For jail
configurations you could use the file
/etc/rc.conf.d/jail to store jail specific
configuration options. If local_startup contains
/usr/local/etc/rc.d and
/opt/conf,
/usr/local/rc.conf.d/jail and
/opt/conf/rc.conf.d/jail will be loaded. If
⟨dir⟩/rc.conf.d/⟨name⟩
is a directory, all of files in the directory will be loaded. Also see the
rc_conf_files variable below.
Options are set with
“name= value”
assignments that use
sh(1)
syntax. The following list provides a name and short description for each
variable that can be set in the rc.conf file:
- rc_debug
- (bool) If set to
“
YES ”, enable output of debug
messages from rc scripts. This variable can be helpful in diagnosing
mistakes when editing or integrating new scripts. Beware that this
produces copious output to the terminal and
syslog(3).
- rc_info
- (bool) If set to
“
NO ”, disable informational messages
from the rc scripts. Informational messages are displayed when a condition
that is not serious enough to warrant a warning or an error occurs.
- rc_startmsgs
- (bool) If set to
“
YES ”, show “Starting
foo:” when faststart is used (e.g., at boot time).
- early_late_divider
- (str) The name of the script that should be used as
the delimiter between the “early” and “late”
stages of the boot process. The early stage should contain all the
services needed to get the disks (local or remote) mounted so that the
late stage can include scripts contained in the directories listed in the
local_startup variable (see below). Thus, the two
likely candidates for this value are
mountcritlocal for the typical system, and
mountcritremote if the system needs remote file
systems mounted to get access to the local_startup
directories; for example when /usr/local is NFS
mounted. For rc.conf within a
jail(8)
NETWORKING is likely to be an appropriate value.
Extreme care should be taken when changing this value, and before changing
it one should ensure that there are adequate provisions to recover from a
failed boot (such as physical contact with the machine, or reliable remote
console access).
- always_force_depends
- (bool) Various rc.d scripts
use the force_depend function to check whether required services are
already running, and to start them if necessary. By default during boot
time this check is bypassed if the required service is enabled in
/etc/rc.conf[.local]. Setting this option will
bypass that check at boot time and always test whether or not the service
is actually running. Enabling this option is likely to increase your boot
time if services are enabled that utilize the force_depend check.
- ⟨name⟩_chroot
- (str)
chroot(8)
to this directory before running the service.
- ⟨name⟩_user
- (str) Run the service under this user account.
- ⟨name⟩_group
- (str) Run the chrooted service under this system
group. Unlike the _user setting, this setting has no effect if the service
is not chrooted.
- ⟨name⟩_fib
- (int) The
setfib(1)
value to run the service under.
- ⟨name⟩_nice
- (int) The
nice(1)
value to run the service under.
- apm_enable
- (bool) If set to
“
YES ”, enable support for Automatic
Power Management with the
apm(8)
command.
- apmd_enable
- (bool) Run
apmd(8)
to handle APM event from userland. This also enables support for APM.
- apmd_flags
- (str) If apmd_enable is set to
“
YES ”, these are the flags to pass
to the
apmd(8)
daemon.
- devd_enable
- (bool) Run
devd(8)
to handle device added, removed or unknown events from the kernel.
- ddb_enable
- (bool) Run
ddb(8)
to install
ddb(4)
scripts at boot time.
- ddb_config
- (str) Configuration file for
ddb(8).
Default /etc/ddb.conf.
- devmatch_enable
- (bool) If set to
“
NO ”, disable auto-loading of kernel
modules with
devmatch(8).
- devmatch_blocklist
- (str) A whitespace-separated list of kernel modules
to be ignored by
devmatch(8).
- devmatch_blacklist
- (str) This variable is deprecated. Use
devmatch_blocklist instead. A whitespace-separated
list of kernel modules to be ignored by
devmatch(8).
- kld_list
- (str) A whitespace-separated list of kernel modules
to load right after the local disks are mounted, without any
.ko extension or path. Loading modules at this
point in the boot process is much faster than doing it via
/boot/loader.conf for those modules not necessary
for mounting local disks.
- kldxref_enable
- (bool) Set to
“
NO ” by default. Set to
“YES ” to automatically rebuild
linker.hints files with
kldxref(8)
at boot time.
- kldxref_clobber
- (bool) Set to
“
NO ” by default. If
kldxref_enable is true, setting to
“YES ” will overwrite existing
linker.hints files at boot time. Otherwise, only
missing linker.hints files are generated.
- kldxref_module_path
- (str) Empty by default. A semi-colon
(‘
; ’) delimited list of paths
containing
kld(4)
modules. If empty, the contents of the
kern.module_path
sysctl(8)
are used.
- powerd_enable
- (bool) If set to
“
YES ”, enable the system power
control facility with the
powerd(8)
daemon.
- powerd_flags
- (str) If powerd_enable is set
to “
YES ”, these are the flags to
pass to the
powerd(8)
daemon.
- tmpmfs
- Controls the creation of a /tmp memory file
system. Always happens if set to
“
YES ” and never happens if set to
“NO ”. If set to anything else, a
memory file system is created if /tmp is not
writable.
- tmpsize
- Controls the size of a created /tmp memory file
system.
- tmpmfs_flags
- Extra options passed to the
mdmfs(8)
utility when the memory file system for /tmp is
created. The default is “
-S ”, which
inhibits the use of softupdates on /tmp so that
file system space is freed without delay after file truncation or
deletion. See
mdmfs(8)
for other options you can use in tmpmfs_flags.
- varmfs
- Controls the creation of a /var memory file
system. Always happens if set to
“
YES ” and never happens if set to
“NO ”. If set to anything else, a
memory file system is created if /var is not
writable.
- varsize
- Controls the size of a created /var memory file
system.
- varmfs_flags
- Extra options passed to the
mdmfs(8)
utility when the memory file system for /var is
created. The default is “
-S ”, which
inhibits the use of softupdates on /var so that
file system space is freed without delay after file truncation or
deletion. See
mdmfs(8)
for other options you can use in varmfs_flags.
- populate_var
- Controls the automatic population of the /var file
system. Always happens if set to
“
YES ” and never happens if set to
“NO ”. If set to anything else, a
memory file system is created if /var is not
writable. Note that this process requires access to certain commands in
/usr before /usr is
mounted on normal systems.
- cleanvar_enable
- (bool) Clean the /var
directory.
- local_startup
- (str) List of directories to search for startup
script files.
- script_name_sep
- (str) The field separator to use for breaking down
the list of startup script files into individual filenames. The default is
a space. It is not necessary to change this unless there are startup
scripts with names containing spaces.
- hostapd_enable
- (bool) Set to
“
YES ” to start
hostapd(8)
at system boot time.
- hostname
- (str) The fully qualified domain name (FQDN) of this
host on the network. This should almost certainly be set to something
meaningful, even if there is no network connection. If
dhclient(8)
is used to set the hostname via DHCP, this variable should be set to an
empty string. Within a
jail(8)
the hostname is generally already set and this variable may be absent. If
this value remains unset when the system is done booting your console
login will display the default hostname of “Amnesiac”.
- nisdomainname
- (str) The NIS domain name of this host, or
“
NO ” if NIS is not used.
- dhclient_program
- (str) Path to the DHCP client program
(/sbin/dhclient, the
OpenBSD DHCP client, is the default).
- dhclient_flags
- (str) Additional flags to pass to the DHCP client
program. For the OpenBSD DHCP client, see the
dhclient(8)
manpage for a description of the command line options available.
- dhclient_flags_⟨iface⟩
- Additional flags to pass to the DHCP client program running on
iface only. When specified, this variable overrides
dhclient_flags.
- background_dhclient
- (bool) Set to
“
YES ” to start the DHCP client in
background. This can cause trouble with applications depending on a
working network, but it will provide a faster startup in many cases.
- background_dhclient_⟨iface⟩
- When specified, this variable overrides the
background_dhclient variable for interface
iface only.
- synchronous_dhclient
- (bool) Set to
“
YES ” to start
dhclient(8)
synchronously at startup. This behavior can be overridden on a
per-interface basis by replacing the
“DHCP ” keyword in the
ifconfig_⟨interface⟩
variable with “SYNCDHCP ” or
“NOSYNCDHCP ”.
- defaultroute_delay
- (int) When set to a positive value, wait up to this
long after configuring DHCP interfaces at startup to give the interfaces
time to receive a lease.
- firewall_enable
- (bool) Set to
“
YES ” to load firewall rules at
startup. If the kernel was not built with options
IPFIREWALL , the ipfw.ko kernel module will
be loaded. See also ipfilter_enable.
- firewall_script
- (str) This variable specifies the full path to the
firewall script to run. The default is
/etc/rc.firewall.
- firewall_type
- (str) Names the firewall type from the selection in
/etc/rc.firewall, or the file which contains the
local firewall ruleset. Valid selections from
/etc/rc.firewall are:
open
- unrestricted IP access
closed
- all IP services disabled, except via
“
lo0 ”
client
- basic protection for a workstation
simple
- basic protection for a LAN.
If a filename is specified, the full path must be given.
- firewall_quiet
- (bool) Set to
“
YES ” to disable the display of
firewall rules on the console during boot.
- firewall_logging
- (bool) Set to
“
YES ” to enable firewall event
logging. This is equivalent to the
IPFIREWALL_VERBOSE kernel option.
- firewall_logif
- (bool) Set to
“
YES ” to create pseudo interface
ipfw0 for logging. For more details, see
ipfw(8)
manual page.
- firewall_flags
- (str) Flags passed to
ipfw(8)
if firewall_type specifies a filename.
- firewall_coscripts
- (str) List of executables and/or rc scripts to run
after firewall starts/stops. Default is empty.
- firewall_nat_enable
- (bool) The
ipfw(8)
equivalent of natd_enable. Setting this to
“
YES ” will automatically load the
ipfw(8)
NAT kernel module if firewall_enable is also set to
“YES ”.
- firewall_nat_interface
- (str) The
ipfw(8)
equivalent of natd_interface. This is the name of
the public interface or IP address on which kernel NAT should run.
- firewall_nat_flags
- (str) Additional configuration parameters for kernel
NAT should be placed here.
- firewall_nat64_enable
- (bool) Setting this to
“
YES ” will automatically load the
ipfw(8)
NAT64 kernel module if firewall_enable is also set
to “YES ”.
- firewall_nptv6_enable
- (bool) Setting this to
“
YES ” will automatically load the
ipfw(8)
NPTv6 kernel module if firewall_enable is also set
to “YES ”.
- firewall_pmod_enable
- (bool) Setting this to
“
YES ” will automatically load the
ipfw(8)
pmod kernel module if firewall_enable is also set to
“YES ”.
- dummynet_enable
- (bool) Setting this to
“
YES ” will automatically load the
dummynet(4)
module if firewall_enable is also set to
“YES ”.
- ipfw_netflow_enable
- (bool) Setting this to
“
YES ” will enable netflow logging
via
ng_netflow(4)
By default a ipfw rule is inserted and all packets are
duplicated with the ngtee command and netflow packets are sent to
127.0.0.1 on the netflow port using protocol version 5.
- ipfw_netflow_hook
- (int) netflow hook name, must be numerical (default
9995).
- ipfw_netflow_rule
- (int) ipfw rule number (default
1000).
- ipfw_netflow_ip
- (str) Destination server ip for receiving netflow
data (default 127.0.0.1).
- ipfw_netflow_port
- (int) Destination server port for receiving netflow
data (default 9995).
- ipfw_netflow_version
- (int) Do not set for using version 5 of the netflow
protocol, set it to 9 for using version 9.
- ipfw_netflow_fib
- (int) Only match packet in FIB
ipfw_netflow_fib (default is undefined meaning all
FIBs).
- natd_program
- (str) Path to
natd(8).
- natd_enable
- (bool) Set to
“
YES ” to enable
natd(8).
firewall_enable must also be set to
“YES ”, and
divert(4)
sockets must be enabled in the kernel. If the kernel was not built with
options IPDIVERT , the
ipdivert.ko kernel module will be loaded.
- natd_interface
- (str) This is the name of the public interface on
which
natd(8)
should run. The interface may be given as an interface name or as an IP
address.
- natd_flags
- (str) Additional
natd(8)
flags should be placed here. The
-n or
-a flag is automatically added with the above
natd_interface as an argument.
- ipfilter_enable
- (bool) Set to
“
NO ” by default. Setting this to
“YES ” enables
ipf(8)
packet filtering.
Typical usage will require putting
ipfilter_enable="YES"
ipnat_enable="YES"
ipmon_enable="YES"
ipfs_enable="YES"
into /etc/rc.conf and editing
/etc/ipf.rules and
/etc/ipnat.rules appropriately.
Note that ipfilter_enable and
ipnat_enable can be enabled independently.
ipmon_enable and ipfs_enable
both require at least one of ipfilter_enable and
ipnat_enable to be enabled.
Having
options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK
in the kernel configuration file is a good idea, too.
- ipfilter_program
- (str) Path to
ipf(8)
(default /sbin/ipf).
- ipfilter_rules
- (str) Set to /etc/ipf.rules
by default. This variable contains the name of the filter rule definition
file. The file is expected to be readable for the
ipf(8)
command to execute.
- ipv6_ipfilter_rules
- (str) Set to /etc/ipf6.rules
by default. This variable contains the IPv6 filter rule definition file.
The file is expected to be readable for the
ipf(8)
command to execute.
- ipfilter_flags
- (str) Empty by default. This variable contains flags
passed to the
ipf(8)
program.
- ipnat_enable
- (bool) Set to
“
NO ” by default. Set it to
“YES ” to enable
ipnat(8)
network address translation. See ipfilter_enable for
a detailed discussion.
- ipnat_program
- (str) Path to
ipnat(8)
(default /sbin/ipnat).
- ipnat_rules
- (str) Set to
/etc/ipnat.rules by default. This variable
contains the name of the file holding the network address translation
definition. This file is expected to be readable for the
ipnat(8)
command to execute.
- ipnat_flags
- (str) Empty by default. This variable contains flags
passed to the
ipnat(8)
program.
- ipmon_enable
- (bool) Set to
“
NO ” by default. Set it to
“YES ” to enable
ipmon(8)
monitoring (logging
ipf(8)
and
ipnat(8)
events). Setting this variable needs setting
ipfilter_enable or
ipnat_enable too. See
ipfilter_enable for a detailed discussion.
- ipmon_program
- (str) Path to
ipmon(8)
(default /sbin/ipmon).
- ipmon_flags
- (str) Set to
“
-Ds ” by default. This variable
contains flags passed to the
ipmon(8)
program. Another typical example would be
“-D
/var/log/ipflog” to have
ipmon(8)
log directly to a file bypassing
syslogd(8).
Make sure to adjust /etc/newsyslog.conf in such
case like this:
/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid
- ipfs_enable
- (bool) Set to
“
NO ” by default. Set it to
“YES ” to enable
ipfs(8)
saving the filter and NAT state tables during shutdown and reloading them
during startup again. Setting this variable needs setting
ipfilter_enable or
ipnat_enable to
“YES ” too. See
ipfilter_enable for a detailed discussion. Note that
if kern_securelevel is set to 3,
ipfs_enable cannot be used because the raised
securelevel will prevent
ipfs(8)
from saving the state tables at shutdown time.
- ipfs_program
- (str) Path to
ipfs(8)
(default /sbin/ipfs).
- ipfs_flags
- (str) Empty by default. This variable contains flags
passed to the
ipfs(8)
program.
- pf_enable
- (bool) Set to
“
NO ” by default. Setting this to
“YES ” enables
pf(4)
packet filtering.
Typical usage will require putting
pf_enable="YES"
into /etc/rc.conf and editing
/etc/pf.conf appropriately. Adding
device pf
builds support for
pf(4)
into the kernel, otherwise the kernel module will be loaded.
- pf_rules
- (str) Path to
pf(4)
ruleset configuration file (default
/etc/pf.conf).
- pf_program
- (str) Path to
pfctl(8)
(default /sbin/pfctl).
- pf_flags
- (str) If pf_enable is set to
“
YES ”, these flags are passed to the
pfctl(8)
program when loading the ruleset.
- pf_fallback_rules_enable
- (bool) Set to
“
NO ” by default. Setting this to
“YES ” enables loading
pf_fallback_rules_file or
pf_fallback_rules in case of a problem when loading
the ruleset in pf_rules.
- pf_fallback_rules_file
- (str) Path to a pf ruleset to load in case of
failure when loading the ruleset in pf_rules
(default /etc/pf-fallback.conf).
- pf_fallback_rules
- (str) A pf ruleset to load in case of failure when
loading the ruleset in pf_rules and
pf_fallback_rules_file is not found. Multiple rules
can be set as follows:
pf_fallback_rules="\
block drop log all\
pass in quick on em0"
The default fallback rule is “block drop log all”
- pflog_enable
- (bool) Set to
“
NO ” by default. Setting this to
“YES ” enables
pflogd(8)
which logs packets from the
pf(4)
packet filter.
- pflog_logfile
- (str) If pflog_enable is set
to “
YES ” this controls where
pflogd(8)
stores the logfile (default /var/log/pflog). Check
/etc/newsyslog.conf to adjust logfile rotation for
this.
- pflog_program
- (str) Path to
pflogd(8)
(default /sbin/pflogd).
- pflog_flags
- (str) Empty by default. This variable contains
additional flags passed to the
pflogd(8)
program.
- pflog_instances
- (str) If logging to more than one
pflog(4)
interface is desired, pflog_instances is set to the
list of
pflogd(8)
instances that should be started at system boot time. If
pflog_instances is set, for each
whitespace-separated element in the list,
⟨element⟩_dev
and
⟨element⟩_logfile
elements are assumed to exist.
⟨element⟩_dev
must contain the
pflog(4)
interface to be watched by the named
pflogd(8)
instance.
⟨element⟩_logfile
must contain the name of the logfile that will be used by the
pflogd(8)
instance.
- ftpproxy_enable
- (bool) Set to
“
NO ” by default. Setting this to
“YES ” enables
ftp-proxy(8)
which supports the
pf(4)
packet filter in translating ftp connections.
- ftpproxy_flags
- (str) Empty by default. This variable contains
additional flags passed to the
ftp-proxy(8)
program.
- ftpproxy_instances
- (str) Empty by default. If multiple instances of
ftp-proxy(8)
are desired at boot time, ftpproxy_instances should
contain a whitespace-separated list of instance names. For each
element in the list, a variable named
⟨element⟩_flags
should be defined, containing the command-line flags to be passed to the
ftp-proxy(8)
instance.
- pfsync_enable
- (bool) Set to
“
NO ” by default. Setting this to
“YES ” enables exposing
pf(4)
state changes to other hosts over the network by means of
pfsync(4).
The pfsync_syncdev variable must also be set
then.
- pfsync_syncdev
- (str) Empty by default. This variable specifies the
name of the network interface
pfsync(4)
should operate through. It must be set accordingly if
pfsync_enable is set to
“
YES ”.
- pfsync_syncpeer
- (str) Empty by default. This variable is optional.
By default, state change messages are sent out on the synchronisation
interface using IP multicast packets. The protocol is IP protocol 240,
PFSYNC, and the multicast group used is 224.0.0.240. When a peer address
is specified using the pfsync_syncpeer option, the
peer address is used as a destination for the pfsync traffic, and the
traffic can then be protected using
ipsec(4).
See the
pfsync(4)
manpage for more details about using
ipsec(4)
with
pfsync(4)
interfaces.
- pfsync_ifconfig
- (str) Empty by default. This variable can contain
additional options to be passed to the
ifconfig(8)
command used to set up
pfsync(4).
- tcp_extensions
- (bool) Set to
“
YES ” by default. Setting this to
“NO ” disables certain TCP options as
described by RFC 1323.
Setting this to “NO ” might help
remedy such problems with connections as randomly hanging or other weird
behavior. Some network devices are known to be broken with respect to
these options.
- log_in_vain
- (int) Set to 0 by default. The
sysctl(8)
variables, net.inet.tcp.log_in_vain and
net.inet.udp.log_in_vain, as described in
tcp(4)
and
udp(4),
are set to the given value.
- tcp_keepalive
- (bool) Set to
“
YES ” by default. Setting to
“NO ” will disable probing idle TCP
connections to verify that the peer is still up and reachable.
- tcp_drop_synfin
- (bool) Set to
“
NO ” by default. Setting to
“YES ” will cause the kernel to
ignore TCP frames that have both the SYN and FIN flags set. This prevents
OS fingerprinting, but may break some legitimate applications.
- icmp_drop_redirect
- (bool) Set to
“
AUTO ” by default. This setting will
be identical to “YES ”, if a
dynamicrouting daemon is enabled, because redirect processing may cause
performance issues for large routing tables. If no such service is
enabled, this setting behaves like a
“NO ”. Setting to
“YES ” will cause the kernel to
ignore ICMP REDIRECT packets. Setting to
“NO ” will cause the kernel to
process ICMP REDIRECT packets. Refer to
icmp(4)
for more information.
- icmp_log_redirect
- (bool) Set to
“
NO ” by default. Setting to
“YES ” will cause the kernel to log
ICMP REDIRECT packets. Note that the log messages are not rate-limited, so
this option should only be used for troubleshooting networks. Refer to
icmp(4)
for more information.
- icmp_bmcastecho
- (bool) Set to
“
YES ” to respond to broadcast or
multicast ICMP ping packets. Refer to
icmp(4)
for more information.
- ip_portrange_first
- (int) If not set to
“
NO ”, this is the first port in the
default portrange. Refer to
ip(4) for
more information.
- ip_portrange_last
- (int) If not set to
“
NO ”, this is the last port in the
default portrange. Refer to
ip(4) for
more information.
- network_interfaces
- (str) Set to the list of network interfaces to
configure on this host or “
AUTO ”
(the default) for all current interfaces. Setting the
network_interfaces variable to anything other than
the default is deprecated. Interfaces that the administrator wishes to
store configuration for, but not start at boot should be configured with
the “NOAUTO ” keyword in their
ifconfig_⟨interface⟩
variables as described below.
An
ifconfig_⟨interface⟩
variable is also assumed to exist for each value of
interface. When an interface name contains any of
the characters “.-/+ ” they are
translated to “_ ” before lookup.
The variable can contain arguments to
ifconfig(8),
as well as special case-insensitive keywords described below. Such
keywords are removed before passing the value to
ifconfig(8)
while the order of the other arguments is preserved.
It is possible to add IP alias entries using
ifconfig(8)
syntax with the address family keyword such as
inet . Assuming that the interface in question
was em0 , it might look something like this:
ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff"
ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff"
It also possible to configure multiple IP addresses in
Classless Inter-Domain Routing (CIDR) address notation, whose each
address component can be a range like inet
192.0.2.5-23/24 or inet6
2001:db8:1-f::1/64 . This notation allows address and prefix
length part only, not the other address modifiers. Note that the maximum
number of the generated addresses from a range specification is limited
to an integer value specified in
netif_ipexpand_max in
rc.conf because a small typo can unexpectedly
generate a large number of addresses. The default value is
2048 . It can be increased by adding the
following line into rc.conf :
netif_ipexpand_max="4096"
In the case of 192.0.2.5-23/24 , the
address 192.0.2.5 will be configured with the netmask /24 and the
addresses 192.0.2.6 to 192.0.2.23 with the non-conflicting netmask /32
as explained in the
ifconfig(8)
alias section. Note that this special netmask handling is only for
inet , not for the other address families such as
inet6 .
With the interface in question being
em0 , an example could look like:
ifconfig_em0_alias2="inet 192.0.2.129/27"
ifconfig_em0_alias3="inet 192.0.2.1-5/28"
and so on.
Note that deprecated
ipv4_addrs_⟨interface⟩
variable was supported for IPv4 CIDR address notation. The
ifconfig_⟨interface⟩_alias⟨n⟩
variable replaces it, though
ipv4_addrs_⟨interface⟩
is still supported for backward compatibility.
For each
ifconfig_⟨interface⟩_alias⟨n⟩
entry with an address family keyword, its contents are passed to
ifconfig(8).
Execution stops at the first unsuccessful access, so if something like
this is present:
ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff"
ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff"
ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff"
ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff"
Then note that alias4 would not be added
since the search would stop with the missing
“alias3 ” entry. Because of this
difficult to manage behavior, there is
ifconfig_⟨interface⟩_aliases
variable, which has the same functionality as
ifconfig_⟨interface⟩_alias⟨n⟩
and can have all of entries in a variable like the following:
ifconfig_em0_aliases="\
inet 127.0.0.251 netmask 0xffffffff \
inet 127.0.0.252 netmask 0xffffffff \
inet 127.0.0.253 netmask 0xffffffff \
inet 127.0.0.254 netmask 0xffffffff"
It also supports CIDR notation.
If the
/etc/start_if.⟨interface⟩
file is present, it is read and executed by the
sh(1)
interpreter before configuring the interface as specified in the
ifconfig_⟨interface⟩
and
ifconfig_⟨interface⟩_alias⟨n⟩
variables.
If a
vlans_⟨interface⟩
variable is set, a
vlan(4)
interface will be created for each item in the list with the
vlandev argument set to
interface. If a vlan interface's name is a number,
then that number is used as the vlan tag and the new vlan interface is
named interface.tag.
Otherwise, the vlan tag must be specified via a
vlan parameter in the
create_args_⟨interface⟩
variable.
To create a vlan device named em0.101
on em0 with the vlan tag 101 and the optional
the IPv4 address 192.0.2.1/24:
vlans_em0="101"
ifconfig_em0_101="inet 192.0.2.1/24"
To create a vlan device named myvlan
on em0 with the vlan tag 102:
vlans_em0="myvlan"
create_args_myvlan="vlan 102"
If a
wlans_⟨interface⟩
variable is set, an
wlan(4)
interface will be created for each item in the list with the
wlandev argument set to
interface. Further wlan cloning arguments may be
passed to the
ifconfig(8)
create command by setting the
create_args_⟨interface⟩
variable. One or more
wlan(4)
devices must be created for each wireless devices as of
FreeBSD 8.0. Debugging flags for
wlan(4)
devices as set by
wlandebug(8)
may be specified with an
wlandebug_⟨interface⟩
variable. The contents of this variable will be passed directly to
wlandebug(8).
If the
ifconfig_⟨interface⟩
contains the keyword “NOAUTO ” then
the interface will not be configured at boot or by
/etc/pccard_ether when
network_interfaces is set to
“AUTO ”.
It is possible to bring up an interface with DHCP by adding
“DHCP ” to the
ifconfig_⟨interface⟩
variable. For instance, to initialize the em0
device via DHCP, it is possible to use something like:
If you want to configure your wireless interface with
wpa_supplicant(8)
for use with WPA, EAP/LEAP or WEP, you need to add
“WPA ” to the
ifconfig_⟨interface⟩
variable.
On the other hand, if you want to configure your wireless
interface with
hostapd(8),
you need to add “HOSTAP ” to the
ifconfig_⟨interface⟩
variable.
hostapd(8)
will use the settings from
/etc/hostapd-⟨interface⟩.conf
Finally, you can add
ifconfig(8)
options in this variable, in addition to the
/etc/start_if.⟨interface⟩
file. For instance, to configure an
ath(4)
wireless device in station mode with an address obtained via DHCP, using
WPA authentication and 802.11b mode, it is possible to use something
like:
wlans_ath0="wlan0"
ifconfig_wlan0="DHCP WPA mode 11b"
In addition to the
ifconfig_⟨interface⟩
form, a fallback variable ifconfig_DEFAULT may be
configured. It will be used for all interfaces with no
ifconfig_⟨interface⟩
variable. This is intended to replace the no longer supported
pccard_ifconfig variable.
It is also possible to rename an interface by doing:
ifconfig_em0_name="net0"
ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
- ipv6_enable
- (bool) This variable is deprecated. Use
ifconfig_⟨interface⟩_ipv6
and ipv6_activate_all_interfaces if necessary.
If the variable is
“YES ”,
“inet6 accept_rtadv ” is added to
all of
ifconfig_⟨interface⟩_ipv6
and the ipv6_activate_all_interfaces is defined as
“YES ”.
- ipv6_prefer
- (bool) This variable is deprecated. Use
ip6addrctl_policy instead.
If the variable is
“YES ”, the default address
selection policy table set by
ip6addrctl(8)
will be IPv6-preferred.
If the variable is “NO ”,
the default address selection policy table set by
ip6addrctl(8)
will be IPv4-preferred.
- ipv6_activate_all_interfaces
- (bool) This controls initial configuration on
IPv6-capable interfaces with no corresponding
ifconfig_⟨interface⟩_ipv6
variable. Note that it is not always necessary to set this variable to
“YES” to use IPv6 functionality on
FreeBSD. In most cases, just configuring
ifconfig_⟨interface⟩_ipv6
variables works.
If the variable is “NO ”,
all interfaces which do not have a corresponding
ifconfig_⟨interface⟩_ipv6
variable will be marked as
“IFDISABLED ” at creation. This
means that all of IPv6 functionality on that interface is completely
disabled to enforce a security policy. If the variable is set to
“YES”, the flag will be cleared on all of the
interfaces.
In most cases, just defining an
ifconfig_⟨interface⟩_ipv6
for an IPv6-capable interface should be sufficient. However, if an
interface is added dynamically (by some tunneling protocols such as PPP,
for example), it is often difficult to define the variable in advance.
In such a case, configuring the
“IFDISABLED ” flag can be disabled
by setting this variable to “YES”.
For more details of the
“IFDISABLED ” flag and keywords
“inet6 ifdisabled ”, see
ifconfig(8).
Default is “NO ”.
- ipv6_privacy
- (bool) If the variable is
“
YES ” privacy addresses will be
generated for each IPv6 interface as described in RFC 4941.
- ipv6_network_interfaces
- (str) This is the IPv6 equivalent of
network_interfaces. Normally manual configuration of
this variable is not needed.
- ipv6_cpe_wanif
- (str) If the variable is set to an interface name,
the
ifconfig(8)
options “inet6 -no_radr accept_rtadv” will be added to the
specified interface automatically before evaluating
ifconfig_⟨interface⟩_ipv6,
and two
sysctl(8)
variables net.inet6.ip6.rfc6204w3 and
net.inet6.ip6.no_radr will be set to 1.
This means the specified interface will accept ICMPv6 Router
Advertisement messages on that link and add the discovered routers into
the Default Router List. While the other interfaces can still accept RA
messages if the “inet6 accept_rtadv” option is specified,
adding routes into the Default Router List will be disabled by
“inet6 no_radr” option by default. See
ifconfig(8)
for more details.
Note that ICMPv6 Router Advertisement messages will be
accepted even when net.inet6.ip6.forwarding is 1
(packet forwarding is enabled) when
net.inet6.ip6.rfc6204w3 is set to 1.
Default is “NO ”.
- ifconfig_⟨interface⟩_descr
- (str) This assigns arbitrary description to an
interface. The
sysctl(8)
variable net.ifdescr_maxlen limits its length. This
static setting may be overridden by commands started with dynamic
interface configuration utilities like
dhclient(8)
hooks. The description can be seen with
ifconfig(8)
command and it may be exported with
bsnmpd(1)
daemon using its MIB-2 module.
- ifconfig_⟨interface⟩_ipv6
- (str) IPv6 functionality on an interface should be
configured by
ifconfig_⟨interface⟩_ipv6,
instead of setting ifconfig parameters in
ifconfig_⟨interface⟩.
If this variable is empty, all of IPv6 configurations on the specified
interface by other variables such as
ipv6_prefix_⟨interface⟩
will be ignored.
Aliases should be set by
ifconfig_⟨interface⟩_alias⟨n⟩
with “inet6 ” keyword. For
example:
ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64"
Interfaces that have an “inet6
accept_rtadv ” keyword in
ifconfig_⟨interface⟩_ipv6
setting will be automatically configured by SLAAC (StateLess Address
AutoConfiguration) described in RFC
4862.
Note that a link-local address will be automatically
configured in addition to the configured global-scope addresses because
the IPv6 specifications require it on each link. The address is
calculated from the MAC address by using an algorithm defined in
RFC 4862,
Section 5.3.
If only a link-local address is needed on the interface, the
following configuration can be used:
ifconfig_em0_ipv6="inet6 auto_linklocal"
A link-local address can also be configured manually. This is
useful for the default router address of an IPv6 router so that it does
not change when the network interface card is replaced. For example:
ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64"
- ipv6_prefix_⟨interface⟩
- (str) If one or more prefixes are defined in
ipv6_prefix_⟨interface⟩
addresses based on each prefix and the EUI-64 interface index will be
configured on that interface. Note that this variable will be ignored when
ifconfig_⟨interface⟩_ipv6
is empty.
For example, the following configuration
ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"
is equivalent to the following:
ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
These Subnet-Router anycast addresses will be added only when
ipv6_gateway_enable is YES.
- ipv6_default_interface
- (str) If not set to
“
NO ”, this is the default output
interface for scoped addresses. This works only with
ipv6_gateway_enable="NO".
- ip6addrctl_enable
- (bool) This variable is to enable configuring
default address selection policy table (RFC 3484). The table can be
specified in another variable ip6addrctl_policy. For
ip6addrctl_policy the following keywords can be
specified: “
ipv4_prefer ”,
“ipv6_prefer ”, or
“AUTO ”.
If “ipv4_prefer ” or
“ipv6_prefer ” is specified,
ip6addrctl(8)
installs a pre-defined policy table described in Section 10.3
(IPv4-preferred) or 2.1 (IPv6-preferred) of RFC 3484.
If “AUTO ” is specified,
it attempts to read a file /etc/ip6addrctl.conf
first. If this file is found,
ip6addrctl(8)
reads and installs it. If not found, a policy is automatically set
according to ipv6_activate_all_interfaces
variable; if the variable is set to
“YES ” the IPv6-preferred one is
used. Otherwise IPv4-preferred.
The default value of ip6addrctl_enable
and ip6addrctl_policy are
“YES ” and
“AUTO ”, respectively.
- cloned_interfaces
- (str) Set to the list of clonable network interfaces
to create on this host. Further cloning arguments may be passed to the
ifconfig(8)
create command for each interface by setting the
create_args_⟨interface⟩
variable. If an interface name is specified with “:sticky”
keyword, the interface will not be destroyed even when
rc.d/netif script is invoked with
“stop” argument. This is useful when reconfiguring the
interface without destroying it. Entries in
cloned_interfaces are automatically appended to
network_interfaces for configuration.
- cloned_interfaces_sticky
- (bool) This variable is to globally enable
functionality of “:sticky” keyword in
cloned_interfaces for all interfaces. The default
value is “NO”. Even if this variable is specified to
“YES”, “:nosticky” keyword can be used to
override it on per interface basis.
- gif_interfaces
- Set to the list of
gif(4)
tunnel interfaces to configure on this host. A
gifconfig_⟨interface⟩
variable is assumed to exist for each value of
interface. The value of this variable is used to
configure the link layer of the tunnel using the
tunnel option to
ifconfig.
Additionally, this option ensures that each listed interface is created
via the create option to
ifconfig
before attempting to configure it.
For example, configure two
gif
interfaces with:
gif_interfaces="gif0 gif1"
gifconfig_gif0="100.64.0.1 100.64.0.2"
ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252"
gifconfig_gif1="inet6 2a00::1 2a01::1"
ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252"
- sppp_interfaces
- (str) Set to the list of
sppp(4)
interfaces to configure on this host. A
spppconfig_⟨interface⟩
variable is assumed to exist for each value of
interface. Each interface should also be configured
by a general
ifconfig_⟨interface⟩
setting. Refer to
spppcontrol(8)
for more information about available options.
- ppp_enable
- (bool) If set to
“
YES ”, run the
ppp(8)
daemon.
- ppp_profile
- (str) The name of the profile to use from
/etc/ppp/ppp.conf. Also used for per-profile
overrides of ppp_mode and
ppp_nat, and
ppp_⟨profile⟩_unit.
When the profile name contains any of the characters
“
.-/+ ” they are translated to
“_ ” for the proposes of the override
variable names.
- ppp_mode
- (str) Mode in which to run the
ppp(8)
daemon.
- ppp_⟨profile⟩_mode
- (str) Overrides the global
ppp_mode for profile. Accepted
modes are “
auto ”,
“ddial ”,
“direct ” and
“dedicated ”. See the manual for a
full description.
- ppp_nat
- (bool) If set to
“
YES ”, enables network address
translation. Used in conjunction with gateway_enable
allows hosts on private network addresses access to the Internet using
this host as a network address translating router. Default is
“YES ”.
- ppp_⟨profile⟩_nat
- (str) Overrides the global
ppp_nat for profile.
- ppp_⟨profile⟩_unit
- (int) Set the unit number to be used for this
profile. See the manual description of
-unit N for details.
- ppp_user
- (str) The name of the user under which
ppp(8)
should be started. By default,
ppp(8)
is started as “
root ”.
- rc_conf_files
- (str) This option is used to specify a list of files
that will override the settings in
/etc/defaults/rc.conf. The files will be read in
the order in which they are specified and should include the full path to
the file. By default, the files specified are
/etc/rc.conf and
/etc/rc.conf.local
- zfs_enable
- (bool) If set to
“
YES ”,
/etc/rc.d/zfs will attempt to automatically mount
ZFS file systems and initialize ZFS volumes (ZVOLs).
- gptboot_enable
- (bool) If set to
“
YES ”,
/etc/rc.d/gptboot will log if the system
successfully (or not) booted from a GPT partition, which had the
bootonce attribute set using
gpart(8)
utility.
- gbde_autoattach_all
- (bool) If set to
“
YES ”,
/etc/rc.d/gbde will attempt to automatically
initialize your .bde devices in /etc/fstab.
- gbde_devices
- (str) List the devices that the script should try to
attach, or “
AUTO ”.
- gbde_lockdir
- (str) The directory where the
gbde(4)
lockfiles are located. The default lockfile directory is
/etc.
The lockfile for each individual
gbde(4)
device can be overridden by setting the variable
gbde_lock_⟨device⟩,
where device is the encrypted device without the
“/dev/” and
“.bde” parts.
- gbde_attach_attempts
- (int) Number of times to attempt attaching to a
gbde(4)
device, i.e., how many times the user is asked for the pass-phrase.
Default is 3.
- geli_devices
- (str) List of devices to automatically attach on
boot. Note that .eli devices from /etc/fstab are
automatically appended to this list.
- geli_groups
- (str) List of groups containing devices to
automatically attach on boot with the same keyfiles and passphrase. This
must be accompanied with a corresponding
geli_⟨group⟩_devices
variable.
- geli_tries
- (int) Number of times user is asked for the
pass-phrase. If empty, it will be taken from
kern.geom.eli.tries sysctl variable.
- geli_default_flags
- (str) Default flags to use by
geli(8)
when configuring disk encryption. Flags can be configured for every device
separately by defining the
geli_⟨device⟩_flags
variable, and for every group separately by defining the
geli_⟨group⟩_flags
variable.
- geli_autodetach
- (str) Specifies if GELI devices should be marked for
detach on last close after file systems are mounted. Default is
“
YES ”. This can be changed for every
device separately by defining the
geli_⟨device⟩_autodetach
variable.
- root_rw_mount
- (bool) Set to
“
YES ” by default. After the file
systems are checked at boot time, the root file system is remounted as
read-write if this is set to “YES ”.
Diskless systems that mount their root file system from a read-only remote
NFS share should set this to “NO ” in
their rc.conf.
- fsck_y_enable
- (bool) If set to
“
YES ”,
fsck(8)
will be run with the -y flag if the initial preen
of the file systems fails.
- background_fsck
- (bool) If set to
“
NO ”, the system will not attempt to
run
fsck(8)
in the background where possible.
- background_fsck_delay
- (int) The amount of time in seconds to sleep before
starting a background
fsck(8).
It defaults to sixty seconds to allow large applications such as the X
server to start before disk I/O bandwidth is monopolized by
fsck(8).
If set to a negative number, the background file system check will be
delayed indefinitely to allow the administrator to run it at a more
convenient time. For example it may be run from
cron(8)
by adding a line like
0 4 * * * root /etc/rc.d/bgfsck
forcestart
to /etc/crontab.
- netfs_types
- (str) List of file system types that are
network-based. This list should generally not be modified by end users.
Use extra_netfs_types instead.
- extra_netfs_types
- (str) If set to something other than
“
NO ” (the default), this variable
extends the list of file system types for which automatic mounting at
startup by
rc(8)
should be delayed until the network is initialized. It should contain a
whitespace-separated list of network file system descriptor pairs, each
consisting of a file system type as passed to
mount(8)
and a human-readable, one-word description, joined with a colon
(‘: ’). Extending the default list in
this way is only necessary when third party file system types are
used.
- syslogd_enable
- (bool) If set to
“
YES ”, run the
syslogd(8)
daemon.
- syslogd_program
- (str) Path to
syslogd(8)
(default /usr/sbin/syslogd).
- syslogd_flags
- (str) If syslogd_enable is set
to “
YES ”, these are the flags to
pass to
syslogd(8).
- inetd_enable
- (bool) If set to
“
YES ”, run the
inetd(8)
daemon.
- inetd_program
- (str) Path to
inetd(8)
(default /usr/sbin/inetd).
- inetd_flags
- (str) If inetd_enable is set
to “
YES ”, these are the flags to
pass to
inetd(8).
- hastd_enable
- (bool) If set to
“
YES ”, run the
hastd(8)
daemon.
- hastd_program
- (str) Path to
hastd(8)
(default /sbin/hastd).
- hastd_flags
- (str) If hastd_enable is set
to “
YES ”, these are the flags to
pass to
hastd(8).
- local_unbound_enable
- (bool) If set to
“
YES ”, run the
unbound(8)
daemon as a local caching resolver.
- kdc_enable
- (bool) Set to
“
YES ” to start a Kerberos 5
authentication server at boot time.
- kdc_program
- (str) If kdc_enable is set to
“
YES ” this is the path to Kerberos 5
Authentication Server.
- kdc_flags
- (str) Empty by default. This variable contains
additional flags to be passed to the Kerberos 5 authentication
server.
- kadmind_enable
- (bool) Set to
“
YES ” to start
kadmind(8),
the Kerberos 5 Administration Daemon; set to
“NO ” on a slave server.
- kadmind_program
- (str) If kadmind_enable is set
to “
YES ” this is the path to
Kerberos 5 Administration Daemon.
- kpasswdd_enable
- (bool) Set to
“
YES ” to start
kpasswdd(8),
the Kerberos 5 Password-Changing Daemon; set to
“NO ” on a slave server.
- kpasswdd_program
- (str) If kpasswdd_enable is
set to “
YES ” this is the path to
Kerberos 5 Password-Changing Daemon.
- kfd_enable
- (bool) Set to
“
YES ” to start
kfd(8),
the Kerberos 5 ticket forwarding daemon, at the boot time.
- kfd_program
- (str) Path to
kfd(8)
(default /usr/libexec/kfd).
- rwhod_enable
- (bool) If set to
“
YES ”, run the
rwhod(8)
daemon at boot time.
- rwhod_flags
- (str) If rwhod_enable is set
to “
YES ”, these are the flags to
pass to it.
- update_motd
- (bool) If set to
“
YES ”,
/etc/motd will be updated at boot time to reflect
the kernel release being run. If set to
“NO ”,
/etc/motd will not be updated.
- nfs_client_enable
- (bool) If set to
“
YES ”, run the NFS client daemons at
boot time.
- nfs_access_cache
- (int) If nfs_client_enable is
set to “
YES ”, this can be set to
“0 ” to disable NFS ACCESS RPC
caching, or to the number of seconds for which NFS ACCESS results should
be cached. A value of 2-10 seconds will substantially reduce network
traffic for many NFS operations.
- nfs_server_enable
- (bool) If set to
“
YES ”, run the NFS server daemons at
boot time.
- nfs_server_flags
- (str) If nfs_server_enable is
set to “
YES ”, these are the flags to
pass to the
nfsd(8)
daemon.
- nfsv4_server_enable
- (bool) If nfs_server_enable is
set to “
YES ” and
nfsv4_server_enable is set to
“YES ”, enable the server for NFSv4
as well as NFSv2 and NFSv3.
- nfsv4_server_only
- (bool) If nfs_server_enable is
set to “
YES ” and
nfsv4_server_only is set to
“YES ”, enable the NFS server for
NFSv4 only.
- nfs_server_maxio
- (int) value to set vfs.nfsd.srvmaxio to, which is
the maximum I/O size for the NFS server.
- tlsclntd_enable
- (bool) If set to
“
YES ”, run the
rpc.tlsclntd(8)
daemon, which is needed for NFS-over-TLS NFS mounts.
- tlsservd_enable
- (bool) If set to
“
YES ”, run the
rpc.tlsservd(8)
daemon, which is needed for the
nfsd(8)
to support NFS-over-TLS NFS mounts.
- nfsuserd_enable
- (bool) If nfsuserd_enable is
set to “
YES ”, run the nfsuserd
daemon, which is needed for NFSv4 in order to map between user/group names
vs uid/gid numbers. If nfsv4_server_enable is set to
“YES ”, this will be forced
enabled.
- nfsuserd_flags
- (str) If nfsuserd_enable is
set to “
YES ”, these are the flags to
pass to the
nfsuserd(8)
daemon.
- nfscbd_enable
- (bool) If nfscbd_enable is set
to “
YES ”, run the nfscbd daemon,
which enables callbacks/delegations for the NFSv4 client.
- nfscbd_flags
- (str) If nfscbd_enable is set
to “
YES ”, these are the flags to
pass to the
nfscbd(8)
daemon.
- mountd_enable
- (bool) If set to
“
YES ”, and no
nfs_server_enable is set, start
mountd(8),
but not
nfsd(8)
daemon. It is commonly needed to run CFS without real NFS used.
- mountd_flags
- (str) If mountd_enable is set
to “
YES ”, these are the flags to
pass to the
mountd(8)
daemon.
- weak_mountd_authentication
- (bool) If set to
“
YES ”, allow services like PCNFSD to
make non-privileged mount requests.
- nfs_reserved_port_only
- (bool) If set to
“
YES ”, provide NFS services only on
a secure port.
- nfs_bufpackets
- (int) If set to a number, indicates the number of
packets worth of socket buffer space to reserve on an NFS client. The
kernel default is typically 4. Using a higher number may be useful on
gigabit networks to improve performance. The minimum value is 2 and the
maximum is 64.
- rpc_lockd_enable
- (bool) If set to
“
YES ” and also an NFS server or
client, run
rpc.lockd(8)
at boot time.
- rpc_lockd_flags
- (str) If rpc_lockd_enable is
set to “
YES ”, these are the flags to
pass to the
rpc.lockd(8)
daemon.
- rpc_statd_enable
- (bool) If set to
“
YES ” and also an NFS server or
client, run
rpc.statd(8)
at boot time.
- rpc_statd_flags
- (str) If rpc_statd_enable is
set to “
YES ”, these are the flags to
pass to the
rpc.statd(8)
daemon.
- rpcbind_program
- (str) Path to
rpcbind(8)
(default /usr/sbin/rpcbind).
- rpcbind_enable
- (bool) If set to
“
YES ”, run the
rpcbind(8)
service at boot time.
- rpcbind_flags
- (str) If rpcbind_enable is set
to “
YES ”, these are the flags to
pass to the
rpcbind(8)
daemon.
- keyserv_enable
- (bool) If set to
“
YES ”, run the
keyserv(8)
daemon on boot for running Secure RPC.
- keyserv_flags
- (str) If keyserv_enable is set
to “
YES ”, these are the flags to
pass to
keyserv(8)
daemon.
- pppoed_enable
- (bool) If set to
“
YES ”, run the
pppoed(8)
daemon at boot time to provide PPP over Ethernet services.
- pppoed_⟨provider⟩
- (str)
pppoed(8)
listens to requests to this provider and ultimately
runs
ppp(8)
with a system argument of the same name.
- pppoed_flags
- (str) Additional flags to pass to
pppoed(8).
- pppoed_interface
- (str) The network interface to run
pppoed(8)
on. This is mandatory when pppoed_enable is set to
“
YES ”.
- timed_enable
- (bool) If set to
“
YES ”, run the
timed(8)
service at boot time. This command is intended for networks of machines
where a consistent “network time” for all hosts must be
established. This is often useful in large NFS environments where time
stamps on files are expected to be consistent network-wide.
- timed_flags
- (str) If timed_enable is set
to “
YES ”, these are the flags to
pass to the
timed(8)
service.
- ntpdate_enable
- (bool) If set to
“
YES ”, run
ntpdate(8)
at system startup. This command is intended to synchronize the system
clock only once from some standard reference.
Note that the use of the
ntpd_sync_on_start variable is a preferred
alternative to the
ntpdate(8)
utility as
ntpdate(8)
is to be retired from the NTP distribution.
- ntpdate_config
- (str) Configuration file for
ntpdate(8).
Default /etc/ntp.conf.
- ntpdate_hosts
- (str) A whitespace-separated list of NTP servers to
synchronize with at startup. The default is to use the servers listed in
ntpdate_config, if that file exists.
- ntpdate_program
- (str) Path to
ntpdate(8)
(default /usr/sbin/ntpdate).
- ntpdate_flags
- (str) If ntpdate_enable is set
to “
YES ”, these are the flags to
pass to the
ntpdate(8)
command (typically a hostname).
- ntpd_enable
- (bool) If set to
“
YES ”, run the
ntpd(8)
command at boot time.
- ntpd_program
- (str) Path to
ntpd(8)
(default /usr/sbin/ntpd).
- ntpd_config
- (str) Path to
ntpd(8)
configuration file. Default /etc/ntp.conf.
- ntpd_flags
- (str) If ntpd_enable is set to
“
YES ”, these are the flags to pass
to the
ntpd(8)
daemon.
- ntpd_sync_on_start
- (bool) If set to
“
YES ”,
ntpd(8)
is run with the -g flag, which syncs the system's
clock on startup. See
ntpd(8)
for more information regarding the -g option. This
is a preferred alternative to using
ntpdate(8)
or specifying the ntpdate_enable variable.
- nis_client_enable
- (bool) If set to
“
YES ”, run the
ypbind(8)
service at system boot time.
- nis_client_flags
- (str) If nis_client_enable is
set to “
YES ”, these are the flags to
pass to the
ypbind(8)
service.
- nis_ypldap_enable
- (bool) If set to
“
YES ”, run the
ypldap(8)
daemon at system boot time.
- nis_ypldap_flags
- (str) If nis.ypldap_enable is
set to “
YES ”, these are the flags to
pass to the
ypldap(8)
daemon.
- nis_ypset_enable
- (bool) If set to
“
YES ”, run the
ypset(8)
daemon at system boot time.
- nis_ypset_flags
- (str) If nis_ypset_enable is
set to “
YES ”, these are the flags to
pass to the
ypset(8)
daemon.
- nis_server_enable
- (bool) If set to
“
YES ”, run the
ypserv(8)
daemon at system boot time.
- nis_server_flags
- (str) If nis_server_enable is
set to “
YES ”, these are the flags to
pass to the
ypserv(8)
daemon.
- nis_ypxfrd_enable
- (bool) If set to
“
YES ”, run the
rpc.ypxfrd(8)
daemon at system boot time.
- nis_ypxfrd_flags
- (str) If nis_ypxfrd_enable is
set to “
YES ”, these are the flags to
pass to the
rpc.ypxfrd(8)
daemon.
- nis_yppasswdd_enable
- (bool) If set to
“
YES ”, run the
rpc.yppasswdd(8)
daemon at system boot time.
- nis_yppasswdd_flags
- (str) If nis_yppasswdd_enable
is set to “
YES ”, these are the flags
to pass to the
rpc.yppasswdd(8)
daemon.
- rpc_ypupdated_enable
- (bool) If set to
“
YES ”, run the
rpc.ypupdated daemon at system boot time.
- bsnmpd_enable
- (bool) If set to
“
YES ”, run the
bsnmpd(1)
daemon at system boot time. Be sure to understand the security
implications of running SNMP daemon on your host.
- bsnmpd_flags
- (str) If bsnmpd_enable is set
to “
YES ”, these are the flags to
pass to the
bsnmpd(1)
daemon.
- defaultrouter
- (str) If not set to
“
NO ”, create a default route to this
host name or IP address (use an IP address if this router is also required
to get to the name server!).
- ipv6_defaultrouter
- (str) The IPv6 equivalent of
defaultrouter.
- static_arp_pairs
- (str) Set to the list of static ARP pairs that are
to be added at system boot time. For each whitespace separated
element in the value, a
static_arp_⟨element⟩
variable is assumed to exist whose contents will later be passed to a
“
arp -S ”
operation. For example
static_arp_pairs="gw"
static_arp_gw="192.168.1.1 00:01:02:03:04:05"
- static_ndp_pairs
- (str) Set to the list of static NDP pairs that are
to be added at system boot time. For each whitespace separated
element in the value, a
static_ndp_⟨element⟩
variable is assumed to exist whose contents will later be passed to a
“
ndp -s ”
operation. For example
static_ndp_pairs="gw"
static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
- static_routes
- (str) Set to the list of static routes that are to
be added at system boot time. If not set to
“
NO ” then for each whitespace
separated element in the value, a
route_⟨element⟩
variable is assumed to exist whose contents will later be passed to a
“route add ”
operation. For example:
static_routes="ext mcast:gif0 gif0local:gif0"
route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
route_mcast="-net 224.0.0.0/4 -iface gif0"
route_gif0local="-host 169.254.1.1 -iface lo0"
When an element is in the form of
name:ifname , the route is specific to the
interface ifname .
- ipv6_static_routes
- (str) The IPv6 equivalent of
static_routes. If not set to
“
NO ” then for each whitespace
separated element in the value, a
ipv6_route_⟨element⟩
variable is assumed to exist whose contents will later be passed to a
“route add
-inet6 ” operation.
- gateway_enable
- (bool) If set to
“
YES ”, configure host to act as an
IP router, e.g. to forward packets between interfaces.
- ipv6_gateway_enable
- (bool) The IPv6 equivalent of
gateway_enable.
- routed_enable
- (bool) If set to
“
YES ”, run a routing daemon of some
sort, based on the settings of routed_program and
routed_flags.
- route6d_enable
- (bool) The IPv6 equivalent of
routed_enable. If set to
“
YES ”, run a routing daemon of some
sort, based on the settings of route6d_program and
route6d_flags.
- routed_program
- (str) If routed_enable is set
to “
YES ”, this is the name of the
routing daemon to use.
- route6d_program
- (str) The IPv6 equivalent of
routed_program.
- routed_flags
- (str) If routed_enable is set
to “
YES ”, these are the flags to
pass to the routing daemon.
- route6d_flags
- (str) The IPv6 equivalent of
routed_flags.
- rtadvd_enable
- (bool) If set to
“
YES ”, run the
rtadvd(8)
daemon at boot time. The
rtadvd(8)
utility sends ICMPv6 Router Advertisement messages to the interfaces
specified in rtadvd_interfaces. This should only be
enabled with great care. You may want to fine-tune
rtadvd.conf(5).
- rtadvd_interfaces
- (str) If rtadvd_enable is set
to “
YES ” this is the list of
interfaces to use.
- arpproxy_all
- (bool) If set to
“
YES ”, enable global proxy ARP.
- forward_sourceroute
- (bool) If set to
“
YES ” and
gateway_enable is also set to
“YES ”, source-routed packets are
forwarded.
- accept_sourceroute
- (bool) If set to
“
YES ”, the system will accept
source-routed packets directed at it.
- rarpd_enable
- (bool) If set to
“
YES ”, run the
rarpd(8)
daemon at system boot time.
- rarpd_flags
- (str) If rarpd_enable is set
to “
YES ”, these are the flags to
pass to the
rarpd(8)
daemon.
- bootparamd_enable
- (bool) If set to
“
YES ”, run the
bootparamd(8)
daemon at system boot time.
- bootparamd_flags
- (str) If bootparamd_enable is
set to “
YES ”, these are the flags to
pass to the
bootparamd(8)
daemon.
- stf_interface_ipv4addr
- (str) If not set to
“
NO ”, this is the local IPv4 address
for 6to4 (IPv6 over IPv4 tunneling interface). Specify this entry to
enable the 6to4 interface.
- stf_interface_ipv4plen
- (int) Prefix length for 6to4 IPv4 addresses, to
limit peer address range. An effective value is 0-31.
- stf_interface_ipv6_ifid
- (str) IPv6 interface ID for
stf(4).
This can be set to “
AUTO ”.
- stf_interface_ipv6_slaid
- (str) IPv6 Site Level Aggregator for
stf(4).
- ipv6_ipv4mapping
- (bool) If set to
“
YES ” this enables IPv4 mapped IPv6
address communication (like ::ffff:a.b.c.d ).
- rtsold_enable
- (bool) Set to
“
YES ” to enable the
rtsold(8)
daemon to send ICMPv6 Router Solicitation messages.
- rtsold_flags
- (str) If rtsold_enable is set
to “
YES ”, these are the flags to
pass to
rtsold(8).
- rtsol_flags
- (str) For interfaces configured with the
“
inet6 accept_rtadv ” keyword, these
are the flags to pass to
rtsol(8).
Note that rtsold_enable is mutually
exclusive to rtsol_flags;
rtsold_enable takes precedence.
- keybell
- (str) The keyboard bell sound. Set to
“
normal ”,
“visual ”,
“off ”, or
“NO ” if the default behavior is
desired. For details, refer to the
kbdcontrol(1)
manpage.
- keyboard
- (str) If set to a non-null string, the virtual
console's keyboard input is set to this device.
- keymap
- (str) If set to
“
NO ”, no keymap is installed,
otherwise the value is used to install the keymap file found in
/usr/share/syscons/keymaps/⟨value⟩.kbd
(if using
syscons(4))
or
/usr/share/vt/keymaps/⟨value⟩.kbd
(if using
vt(4)).
- keyrate
- (str) The keyboard repeat speed. Set to
“
slow ”,
“normal ”,
“fast ”, or
“NO ” if the default behavior is
desired.
- keychange
- (str) If not set to
“
NO ”, attempt to program the
function keys with the value. The value should be a single string of the
form: “funkey_number new_value
[funkey_number new_value ...]”.
- cursor
- (str) Can be set to the value of
“
normal ”,
“blink ”,
“destructive ”, or
“NO ” to set the cursor behavior
explicitly or choose the default behavior.
- scrnmap
- (str) If set to
“
NO ”, no screen map is installed,
otherwise the value is used to install the screen map file in
/usr/share/syscons/scrnmaps/⟨value⟩.
This parameter is ignored when using
vt(4) as
the console driver.
- font8x16
- (str) If set to
“
NO ”, the default 8x16 font value is
used for screen size requests, otherwise the value in
/usr/share/syscons/fonts/⟨value⟩
or
/usr/share/vt/fonts/⟨value⟩
is used (depending on the console driver being used).
- font8x14
- (str) If set to
“
NO ”, the default 8x14 font value is
used for screen size requests, otherwise the value in
/usr/share/syscons/fonts/⟨value⟩
or
/usr/share/vt/fonts/⟨value⟩
is used (depending on the console driver being used).
- font8x8
- (str) If set to
“
NO ”, the default 8x8 font value is
used for screen size requests, otherwise the value in
/usr/share/syscons/fonts/⟨value⟩
or
/usr/share/vt/fonts/⟨value⟩
is used (depending on the console driver being used).
- blanktime
- (int) If set to
“
NO ”, the default screen blanking
interval is used, otherwise it is set to value
seconds.
- saver
- (str) If not set to
“
NO ”, this is the actual screen
saver to use (blank ,
snake , daemon , etc).
- moused_nondefault_enable
- (str) If set to
“
NO ”, the mouse device specified on
the command line is not automatically treated as enabled by the
/etc/rc.d/moused script. Having this variable set
to “YES ” allows a
usb(4)
mouse, for example, to be enabled as soon as it is plugged in.
- moused_enable
- (str) If set to
“
YES ”, the
moused(8)
daemon is started for doing cut/paste selection on the console.
- moused_type
- (str) This is the protocol type of the mouse
connected to this host. This variable must be set if
moused_enable is set to
“
YES ”. The
moused(8)
daemon is able to detect the appropriate mouse type automatically in many
cases. Set this variable to “auto ”
to let the daemon detect it, or select one from the following list if the
automatic detection fails.
If the mouse is attached to the PS/2 mouse port, choose
“auto ” or
“ps/2 ”, regardless of the brand
and model of the mouse. Likewise, if the mouse is attached to the bus
mouse port, choose “auto ” or
“busmouse ”. All other protocols
are for serial mice and will not work with the PS/2 and bus mice. If
this is a USB mouse, “auto ” is the
only protocol type which will work.
microsoft
- Microsoft mouse (serial)
intellimouse
- Microsoft IntelliMouse (serial)
mousesystems
- Mouse systems Corp. mouse (serial)
mmseries
- MM Series mouse (serial)
logitech
- Logitech mouse (serial)
busmouse
- A bus mouse
mouseman
- Logitech MouseMan and TrackMan (serial)
glidepoint
- ALPS GlidePoint (serial)
thinkingmouse
- Kensington ThinkingMouse (serial)
ps/2
- PS/2 mouse
mmhittab
- MM HitTablet (serial)
x10mouseremote
- X10 MouseRemote (serial)
versapad
- Interlink VersaPad (serial)
Even if the mouse is not in the above list, it may be
compatible with one in the list. Refer to the manual page for
moused(8)
for compatibility information.
It should also be noted that while this is enabled, any other
client of the mouse (such as an X server) should access the mouse
through the virtual mouse device, /dev/sysmouse,
and configure it as a “sysmouse ”
type mouse, since all mouse data is converted to this single canonical
format when using
moused(8).
If the client program does not support the
“sysmouse ” type, specify the
“mousesystems ” type. It is the
second preferred type.
- moused_port
- (str) If moused_enable is set
to “
YES ”, this is the actual port
the mouse is on. It might be /dev/cuau0 for a COM1
serial mouse, or /dev/psm0 for a PS/2 mouse, for
example.
- moused_flags
- (str) If moused_flags is set,
its value is used as an additional set of flags to pass to the
moused(8)
daemon.
- moused_XXX_flags
- When moused_nondefault_enable is enabled, and a
moused(8)
daemon is started for a non-default port, the
moused_XXX_flags
set of options has precedence over and replaces the default
moused_flags (where XXX is the
name of the non-default port, i.e., ums0). By
setting
moused_XXX_flags
it is possible to set up a different set of default flags for each
moused(8)
instance. For example, you can use
“
-3 ” for the default
moused_flags to make your laptop's touchpad more
comfortable to use, but an empty set of options for
moused_ums0_flags when your
usb(4)
mouse has three or more buttons.
- mousechar_start
- (int) If set to
“
NO ”, the default mouse cursor
character range 0xd0 -0xd3
is used, otherwise the range start is set to value
character, see
vidcontrol(1).
Use if the default range is occupied in the language code table.
- allscreens_flags
- (str) If set,
vidcontrol(1)
is run with these options for each of the virtual terminals
(/dev/ttyv*). For example,
“
-m on ” will
enable the mouse pointer on all virtual terminals if
moused_enable is set to
“YES ”.
- allscreens_kbdflags
- (str) If set,
kbdcontrol(1)
is run with these options for each of the virtual terminals
(/dev/ttyv*). For example,
“
-h 200 ”
will set the
syscons(4)
or vt(4)
scrollback (history) buffer to 200 lines.
- cron_enable
- (bool) If set to
“
YES ”, run the
cron(8)
daemon at system boot time.
- cron_program
- (str) Path to
cron(8)
(default /usr/sbin/cron).
- cron_flags
- (str) If cron_enable is set to
“
YES ”, these are the flags to pass
to
cron(8).
- cron_dst
- (bool) If set to
“
YES ”, enable the special handling
of transitions to and from the Daylight Saving Time in
cron(8)
(equivalent to using the flag -s ).
- lpd_program
- (str) Path to
lpd(8)
(default /usr/sbin/lpd).
- lpd_enable
- (bool) If set to
“
YES ”, run the
lpd(8)
daemon at system boot time.
- lpd_flags
- (str) If lpd_enable is set to
“
YES ”, these are the flags to pass
to the
lpd(8)
daemon.
- chkprintcap_enable
- (bool) If set to
“
YES ”, run the
chkprintcap(8)
command before starting the
lpd(8)
daemon.
- chkprintcap_flags
- (str) If lpd_enable and
chkprintcap_enable are set to
“
YES ”, these are the flags to pass
to the
chkprintcap(8)
program. The default is “-d ”, which
causes missing directories to be created.
- mta_start_script
- (str) This variable specifies the full path to the
script to run to start a mail transfer agent. The default is
/etc/rc.sendmail. The
sendmail_* variables which
/etc/rc.sendmail uses are documented in the
rc.sendmail(8)
manual page.
- dumpdev
- (str) Indicates the device (usually a swap
partition) to which a crash dump should be written in the event of a
system crash. If the value of this variable is
“
AUTO ”, the first suitable swap
device listed in /etc/fstab will be used as dump
device. Otherwise, the value of this variable is passed as the argument to
dumpon(8)
and
savecore(8).
To disable crash dumps, set this variable to
“NO ”.
- dumpon_flags
- (str) Flags to pass to
dumpon(8)
when configuring dumpdev as the system dump
device.
- dumpdir
- (str) When the system reboots after a crash and a
crash dump is found on the device specified by the
dumpdev variable,
savecore(8)
will save that crash dump and a copy of the kernel to the directory
specified by the dumpdir variable. The default value
is /var/crash. Set to
“
NO ” to not run
savecore(8)
at boot time when dumpdir is set.
- savecore_enable
- (bool) If set to
“
NO ”, disable automatic extraction
of the crash dump from the dumpdev.
- savecore_flags
- (str) If crash dumps are enabled, these are the
flags to pass to the
savecore(8)
utility.
- quota_enable
- (bool) Set to
“
YES ” to turn on user and group disk
quotas on system startup via the
quotaon(8)
command for all file systems marked as having quotas enabled in
/etc/fstab. The kernel must be built with
options QUOTA for disk quotas to function.
- check_quotas
- (bool) Set to
“
YES ” to enable user and group disk
quota checking via the
quotacheck(8)
command.
- quotacheck_flags
- (str) If quota_enable is set
to “
YES ”, and
check_quotas is set to
“YES ”, these are the flags to pass
to the
quotacheck(8)
utility. The default is “-a ”, which
checks quotas for all file systems with quotas enabled in
/etc/fstab.
- quotaon_flags
- (str) If quota_enable is set
to “
YES ”, these are the flags to
pass to the
quotaon(8)
utility. The default is “-a ”, which
enables quotas for all file systems with quotas enabled in
/etc/fstab.
- quotaoff_flags
- (str) If quota_enable is set
to “
YES ”, these are the flags to
pass to the
quotaoff(8)
utility when shutting down the quota system. The default is
“-a ”, which disables quotas for all
file systems with quotas enabled in
/etc/fstab.
- accounting_enable
- (bool) Set to
“
YES ” to enable system accounting
through the
accton(8)
facility.
- firstboot_sentinel
- (str) This variable specifies the full path to a
“first boot” sentinel file. If a file exists with this path,
rc.d scripts with the “firstboot”
keyword will be run on startup and the sentinel file will be deleted after
the boot process completes. The sentinel file must be located on a
writable file system which is mounted no later than
early_late_divider to function properly. The default
is /firstboot.
- linux_enable
- (bool) Set to
“
YES ” to enable Linux/ELF binary
emulation at system initial boot time.
- sysvipc_enable
- (bool) If set to
“
YES ”, load System V IPC primitives
at boot time.
- clear_tmp_enable
- (bool) Set to
“
YES ” to have
/tmp cleaned at startup.
- clear_tmp_X
- (bool) Set to
“
NO ” to disable removing of X11 lock
files, and the removal and (secure) recreation of the various socket
directories for X11 related programs.
- ldconfig_paths
- (str) Set to the list of shared library paths to use
with
ldconfig(8).
NOTE: /lib and /usr/lib
will always be added first, so they need not appear in this list.
- ldconfig32_paths
- (str) Set to the list of 32-bit compatibility shared
library paths to use with
ldconfig(8).
- ldconfig_insecure
- (bool) The
ldconfig(8)
utility normally refuses to use directories which are writable by anyone
except root. Set this variable to
“
YES ” to disable that security check
during system startup.
- ldconfig_local_dirs
- (str) Set to the list of local
ldconfig(8)
directories. The names of all files in the directories listed will be
passed as arguments to
ldconfig(8).
- ldconfig_local32_dirs
- (str) Set to the list of local 32-bit compatibility
ldconfig(8)
directories. The names of all files in the directories listed will be
passed as arguments to “
ldconfig
-32 ”.
- kern_securelevel_enable
- (bool) Set to
“
YES ” to set the kernel security
level at system startup.
- kern_securelevel
- (int) The kernel security level to set at startup.
The allowed range of value ranges from -1 (the
compile time default) to 3 (the most secure). See
security(7)
for the list of possible security levels and their effect on system
operation.
- sshd_program
- (str) Path to the SSH server program
(/usr/sbin/sshd is the default).
- sshd_enable
- (bool) Set to
“
YES ” to start
sshd(8)
at system boot time.
- sshd_flags
- (str) If sshd_enable is set to
“
YES ”, these are the flags to pass
to the
sshd(8)
daemon.
- ftpd_program
- (str) Path to the FTP server program
(/usr/libexec/ftpd is the default).
- ftpd_enable
- (bool) Set to
“
YES ” to start
ftpd(8)
as a stand-alone daemon at system boot time.
- ftpd_flags
- (str) If ftpd_enable is set to
“
YES ”, these are the additional
flags to pass to the
ftpd(8)
daemon.
- watchdogd_enable
- (bool) If set to
“
YES ”, start the
watchdogd(8)
daemon at boot time. This requires that the kernel have been compiled with
a
watchdog(4)
compatible device.
- watchdogd_flags
- (str) If watchdogd_enable is
set to “
YES ”, these are the flags
passed to the
watchdogd(8)
daemon.
- watchdogd_timeout
- (int) If watchdogd_enable is
set to “
YES ”, this is a timeout that
will be used by the
watchdogd(8)
daemon. If this option is set, it overrides -t in
watchdogd_flags.
- watchdogd_shutdown_timeout
- (int) If watchdogd_enable is
set to “
YES ”, this is a timeout that
will be set by the
watchdogd(8)
daemon when it exits during the system shutdown. This timeout will not be
set when returning to the single-user mode or when the watchdogd service
is stopped individually using the
service(8)
command or the rc.d script. Note that the timeout will be applied if
watchdogd(8)
is stopped outside of
rc(8)
framework. If this option is set, it overrides -x
in watchdogd_flags.
- devfs_rulesets
- (str) List of files containing sets of rules for
devfs(8).
- devfs_system_ruleset
- (str) Rule name(s) to apply to the system
/dev itself.
- devfs_set_rulesets
- (str) Pairs of already-mounted
dev directories and rulesets that should be
applied to them. For example: /mount/dev=ruleset_name
- devfs_load_rulesets
- (bool) If set, always load the default rulesets
listed in devfs_rulesets.
- performance_cx_lowest
- (str) CPU idle state to use while on AC power. The
string “
LOW ” indicates that
acpi(4)
should use the lowest power state available while
“HIGH ” indicates that the lowest
latency state (less power savings) should be used.
- performance_cpu_freq
- (str) CPU clock frequency to use while on AC power.
The string “
LOW ” indicates that
cpufreq(4)
should use the lowest frequency available while
“HIGH ” indicates that the highest
frequency (less power savings) should be used.
- economy_cx_lowest
- (str) CPU idle state to use when off AC power. The
string “
LOW ” indicates that
acpi(4)
should use the lowest power state available while
“HIGH ” indicates that the lowest
latency state (less power savings) should be used.
- economy_cpu_freq
- (str) CPU clock frequency to use when off AC power.
The string “
LOW ” indicates that
cpufreq(4)
should use the lowest frequency available while
“HIGH ” indicates that the highest
frequency (less power savings) should be used.
- jail_enable
- (bool) If set to
“
NO ”, any configured jails will not
be started.
- jail_conf
- (str) The configuration filename used by
jail(8)
utility. The default value is /etc/jail.conf.
/etc/jail.⟨jname⟩.conf
and
/etc/jail.conf.d/⟨jname⟩.conf
will also be used if ⟨jname⟩ is set in
jail_list.
- jail_parallel_start
- (bool) If set to
“
YES ”, all configured jails will be
started in the background (in parallel).
- jail_flags
- (str) Unset by default. When set, use as default
value for
jail_⟨jname⟩_flags
for every jail in jail_list.
- jail_list
- (str) A space-delimited list of jail names. When
left empty, all of the
jail(8)
instances defined in the configuration file are started. The names
specified in this list control the jail startup order.
jail(8)
instances missing from jail_list must be started
manually. Note that a jail's depend parameter in the
configuration file may override this list.
- jail_reverse_stop
- (bool) When set to
“
YES ”, all configured jails in
jail_list are stopped in reverse order.
- jail_* variables
- Note that older releases supported per-jail configuration via
rc.conf variables. For example, hostname of a jail
named vjail was able to be set by
jail_vjail_hostname . These per-jail configuration
variables are now obsolete in favor of
jail(8)
configuration file. For backward compatibility, when per-jail
configuration variables are defined,
jail(8)
configuration files are created as
/var/run/jail.⟨jname⟩.conf
and used.
The following per-jail parameters are handled by
rc.d/jail script out of their corresponding
rc.conf variables. In addition to them,
parameters in
jail_⟨jname⟩_parameters
will be added to the configuration file. They must be a semi-colon
(‘; ’) delimited list of
“key=value”. For more details, see
jail(8)
manual page.
path
- set from
jail_⟨jname⟩_rootdir
host.hostname
- set from
jail_⟨jname⟩_hostname
exec.consolelog
- set from
jail_⟨jname⟩_consolelog.
The default value is /var/log/jail_
⟨jname⟩
_console.log.
interface
- set from
jail_⟨jname⟩_interface.
vnet.interface
- set from
jail_⟨jname⟩_vnet_interface.
This implies
vnet parameter will be enabled
and cannot be specified with
jail_⟨jname⟩_interface,
jail_⟨jname⟩_ip
and/or
jail_⟨jname⟩_ip_multi⟨n⟩
at the same time.
fstab
- set from
jail_⟨jname⟩_fstab
mount
- set from
jail_⟨jname⟩_procfs_enable.
exec.fib
- set from
jail_⟨jname⟩_fib
exec.start
- set from
jail_⟨jname⟩_exec_start.
The parameter name was
command in some older
releases.
exec.prestart
- set from
jail_⟨jname⟩_exec_prestart
exec.poststart
- set from
jail_⟨jname⟩_exec_poststart
exec.stop
- set from
jail_⟨jname⟩_exec_stop
exec.prestop
- set from
jail_⟨jname⟩_exec_prestop
exec.poststop
- set from
jail_⟨jname⟩_exec_poststop
ip4.addr
- set if
jail_⟨jname⟩_ip
or
jail_⟨jname⟩_ip_multi⟨n⟩
contain IPv4 addresses
ip6.addr
- set if
jail_⟨jname⟩_ip
or
jail_⟨jname⟩_ip_multi⟨n⟩
contain IPv6 addresses
allow.mount
- set from
jail_⟨jname⟩_mount_enable
mount.devfs
- set from
jail_⟨jname⟩_devfs_enable
devfs_ruleset
- set from
jail_⟨jname⟩_devfs_ruleset.
This must be an integer, not a string.
mount.fdescfs
- set from
jail_⟨jname⟩_fdescfs_enable
allow.set_hostname
- set from
jail_⟨jname⟩_set_hostname_allow
allow.rawsocket
- set from
jail_⟨jname⟩_socket_unixiproute_only
allow.sysvipc
- set from
jail_⟨jname⟩_sysvipc_allow
- harvest_mask
- (int) Set to a bit-mask representing the entropy
sources you wish to harvest. Refer to
random(4)
for more information.
- entropy_dir
- (str) Set to
“
NO ” to disable caching entropy via
cron(8).
Otherwise set to the directory in which the entropy files are stored. To
be useful, there must be a system cron job that regularly writes and
rotates files here. All files found will be used at boot time. The default
is /var/db/entropy.
- entropy_file
- (str) Set to
“
NO ” to disable caching entropy
through reboots. Otherwise set to the name of a file used to store cached
entropy. This file should be located on a file system that is readable
before all the volumes specified in
fstab(5)
are mounted. By default, /entropy is used, but if
/var/db/entropy-file is found it will also be
used. This will be of some use to
bsdinstall(8).
- entropy_boot_file
- (str) Set to
“
NO ” to disable very early caching
entropy through reboots. Otherwise set to the filename used to read very
early reboot cached entropy. This file should be located where
loader(8)
can read it. See also
loader.conf(5).
The default location is /boot/entropy.
- entropy_save_sz
- (int) Size of the entropy cache files saved by
save-entropy periodically.
- entropy_save_num
- (int) Number of entropy cache files to save by
save-entropy periodically.
- ipsec_enable
- (bool) Set to
“
YES ” to run
setkey(8)
on ipsec_file at boot time.
- ipsec_file
- (str) Configuration file for
setkey(8).
- dmesg_enable
- (bool) Set to
“
YES ” to save
dmesg(8)
to /var/run/dmesg.boot on boot.
- rcshutdown_timeout
- (int) If set, start a watchdog timer in the
background which will terminate rc.shutdown if
shutdown(8)
has not completed within the specified time (in seconds). Notice that in
addition to this soft timeout,
init(8)
also applies a hard timeout for the execution of
rc.shutdown. This is configured via
sysctl(8)
variable kern.init_shutdown_timeout and defaults to
120 seconds. Setting the value of rcshutdown_timeout
to more than 120 seconds will have no effect until the
sysctl(8)
variable kern.init_shutdown_timeout is also
increased.
- virecover_enable
- (bool) Set to
“
NO ” to prevent the system from
trying to recover pre-maturely terminated
vi(1)
sessions.
- ugidfw_enable
- (bool) Set to
“
YES ” to load the
mac_bsdextended(4)
module upon system initialization and load a default ruleset file.
- bsdextended_script
- (str) The default
mac_bsdextended(4)
ruleset file to load. The default value of this variable is
/etc/rc.bsdextended.
- newsyslog_enable
- (bool) If set to
“
YES ”, run
newsyslog(8)
command at startup.
- newsyslog_flags
- (str) If newsyslog_enable is
set to “
YES ”, these are the flags to
pass to the
newsyslog(8)
program. The default is “-CN ”, which
causes log files flagged with a C to be
created.
- mdconfig_md⟨X⟩
- (str) Arguments to
mdconfig(8)
for md(4)
device X. At minimum a
-t
type must be specified and either a
-s size for malloc or swap
backed
md(4)
devices or a -f file for
vnode backed
md(4)
devices. Note that
mdconfig_md⟨X⟩
variables are evaluated until one variable is unset or null.
- mdconfig_md⟨X⟩_newfs
- (str) Optional arguments passed to
newfs(8)
to initialize
md(4)
device X.
- mdconfig_md⟨X⟩_owner
- (str) An ownership specification passed to
chown(8)
after the specified
md(4)
device X has been mounted. Both the
md(4)
device and the mount point will be changed.
- mdconfig_md⟨X⟩_perms
- (str) A mode string passed to
chmod(1)
after the specified
md(4)
device X has been mounted. Both the
md(4)
device and the mount point will be changed.
- mdconfig_md⟨X⟩_files
- (str) Files to be copied to the mount point of the
md(4)
device X after it has been mounted.
- mdconfig_md⟨X⟩_cmd
- (str) Command to execute after the specified
md(4)
device X has been mounted. Note that the command is
passed to
eval and that both
_dev and _mp variables can be
used to reference respectively the
md(4)
device and the mount point. Assuming that the
md(4)
device is md0 , one could set the following:
mdconfig_md0_cmd="tar xfzC /var/file.tgz \${_mp}"
- autobridge_interfaces
- (str) Set to the list of bridge interfaces that will
have newly arriving interfaces checked against to be automatically added.
If not set to “
NO ” then for each
whitespace separated element in the value, a
autobridge_⟨element⟩
variable is assumed to exist which has a whitespace separated list of
interface names to match, these names can use wildcards. For example:
autobridge_interfaces="bridge0"
autobridge_bridge0="tap* dc0 vlan[345]"
- mixer_enable
- (bool) If set to
“
YES ”, enable support for sound
mixer.
- hcsecd_enable
- (bool) If set to
“
YES ”, enable Bluetooth security
daemon.
- hcsecd_config
- (str) Configuration file for
hcsecd(8).
Default /etc/bluetooth/hcsecd.conf.
- sdpd_enable
- (bool) If set to
“
YES ”, enable Bluetooth Service
Discovery Protocol daemon.
- sdpd_control
- (str) Path to
sdpd(8)
control socket. Default /var/run/sdp.
- sdpd_groupname
- (str) Sets
sdpd(8)
group to run as after it initializes. Default
“
nobody ”.
- sdpd_username
- (str) Sets
sdpd(8)
user to run as after it initializes. Default
“
nobody ”.
- bthidd_enable
- (bool) If set to
“
YES ”, enable Bluetooth Human
Interface Device daemon.
- bthidd_config
- (str) Configuration file for
bthidd(8).
Default /etc/bluetooth/bthidd.conf.
- bthidd_hids
- (str) Path to a file, where
bthidd(8)
will store information about known HID devices. Default
/var/db/bthidd.hids.
- rfcomm_pppd_server_enable
- (bool) If set to
“
YES ”, enable Bluetooth RFCOMM PPP
wrapper daemon.
- rfcomm_pppd_server_profile
- (str) The name of the profile to use from
/etc/ppp/ppp.conf. Multiple profiles can be
specified here. Also used to specify per-profile overrides. When the
profile name contains any of the characters
“
.-/+ ” they are translated to
“_ ” for the proposes of the override
variable names.
- rfcomm_pppd_server_⟨profile⟩_bdaddr
- (str) Overrides local address to listen on. By
default
rfcomm_pppd(8)
will listen on “
ANY ” address. The
address can be specified as BD_ADDR or name.
- rfcomm_pppd_server_⟨profile⟩_channel
- (str) Overrides local RFCOMM channel to listen on.
By default
rfcomm_pppd(8)
will listen on RFCOMM channel 1. Must set properly if multiple profiles
used in the same time.
- rfcomm_pppd_server_⟨profile⟩_register_sp
- (bool) Tells
rfcomm_pppd(8)
if it should register Serial Port service on the specified RFCOMM channel.
Default “
NO ”.
- rfcomm_pppd_server_⟨profile⟩_register_dun
- (bool) Tells
rfcomm_pppd(8)
if it should register Dial-Up Networking service on the specified RFCOMM
channel. Default “
NO ”.
- ubthidhci_enable
- (bool) If set to
“
YES ”, change the USB Bluetooth
controller from HID mode to HCI mode. You also need to specify the
location of USB Bluetooth controller with the
ubthidhci_busnum and
ubthidhci_addr variables.
- ubthidhci_busnum
- Bus number where the USB Bluetooth controller is located. Check the output
of
usbconfig(8)
on your system to find this information.
- ubthidhci_addr
- Bus address of the USB Bluetooth controller. Check the output of
usbconfig(8)
on your system to find this information.
- netwait_enable
- (bool) If set to
“
YES ”, delays the start of
network-reliant services until netwait_if is up and
ICMP packets to a destination defined in netwait_ip
are flowing. Link state is examined first, followed by
“pinging ” an IP address to verify
network usability. If no destination can be reached or timeouts are
exceeded, network services are started anyway with no guarantee that the
network is usable. Use of this variable requires both
netwait_ip and netwait_if to
be set.
- netwait_ip
- (str) Empty by default. This variable contains a
space-delimited list of IP addresses to
ping(8).
DNS hostnames should not be used as resolution is not guaranteed to be
functional at this point. If multiple IP addresses are specified, each
will be tried until one is successful or the list is exhausted.
- netwait_timeout
- (int) Indicates the total number of seconds to
perform a “
ping ” against each IP
address in netwait_ip, at a rate of one ping per
second. If any of the pings are successful, full network connectivity is
considered reliable. The default is 60.
- netwait_if
- (str) Empty by default. Defines the name of the
network interface on which watch for link.
ifconfig(8)
is used to monitor the interface, looking for
“
status: no carrier ”. Once gone, the
link is considered up. This can be a
vlan(4)
interface if desired.
- netwait_if_timeout
- (int) Defines the total number of seconds to wait
for link to become usable, polled at a 1-second interval. The default is
30.
- rctl_enable
- (bool) If set to
“
YES ”, load
rctl(8)
rules from the defined ruleset. The kernel must be built with
options RACCT and options
RCTL .
- rctl_rules
- (str) Set to /etc/rctl.conf
by default. This variables contains the
rctl.conf(5)
ruleset to load for
rctl(8).
- iovctl_files
- (str) A space-separated list of configuration files
used by
iovctl(8).
The default value is an empty string.
- autofs_enable
- (bool) If set to
“
YES ”, start the
automount(8)
utility and the
automountd(8)
and
autounmountd(8)
daemons at boot time.
- automount_flags
- (str) If autofs_enable is set
to “
YES ”, these are the flags to
pass to the
automount(8)
program. By default no flags are passed.
- automountd_flags
- (str) If autofs_enable is set
to “
YES ”, these are the flags to
pass to the
automountd(8)
daemon. By default no flags are passed.
- autounmountd_flags
- (str) If autofs_enable is set
to “
YES ”, these are the flags to
pass to the
autounmountd(8)
daemon. By default no flags are passed.
- ctld_enable
- (bool) If set to
“
YES ”, start the
ctld(8)
daemon at boot time.
- iscsid_enable
- (bool) If set to
“
YES ”, start the
iscsid(8)
daemon at boot time.
- iscsictl_enable
- (bool) If set to
“
YES ”, start the
iscsictl(8)
utility at boot time.
- iscsictl_flags
- (str) If iscsictl_enable is
set to “
YES ”, these are the flags to
pass to the
iscsictl(8)
program. The default is “-Aa ”, which
configures sessions based on the /etc/iscsi.conf
configuration file.
- cfumass_enable
- (bool) If set to
“
YES ”, create and export an USB LUN
using
cfumass(4)
at boot time.
- cfumass_dir
- (str) The directory where the files exported by USB
LUN are located. The default directory is
/var/cfumass.
- service_delete_empty
- (bool) If set to
“
YES ”,
‘service
delete ’ removes empty
“rc.conf.d ” files.
- zfs_bootonce_activate
- (bool) If set to
“
YES ”, and a boot environment marked
bootonce is successfully booted, it will be made permanently active.
- zfskeys_enable
- (bool) If set to
“
YES ”, enable auto-loading of
encryption keys for encrypted ZFS datasets. For every dataset the script
will first load the appropriate encryption key and then attempt to unlock
the dataset.
The script operates only on datasets which are encrypted with
ZFS native encryption and have a ZFS
“keylocation ” dataset property
beginning with “file:// ”.
- zfskeys_datasets
- (str) A whitespace-separated list of ZFS datasets to
unlock. The list is empty by default, which means that the script will
attempt to unlock all datasets.
- zfskeys_timeout
- (int) Define the total number of seconds to wait for
the zfskeys script to unlock an encrypted dataset. The default is 10.
- /etc/defaults/rc.conf
-
- /etc/defaults/vendor.conf
-
- /etc/rc.conf
-
- /etc/rc.conf.local
-
chmod(1),
gdb(1),
info(1),
kbdcontrol(1),
makewhatis(1),
sh(1),
vi(1),
vidcontrol(1),
bridge(4),
dummynet(4),
ip(4),
ipf(4),
ipfw(4),
ipnat(4),
kld(4),
pf(4),
pflog(4),
pfsync(4),
tcp(4),
udp(4),
exports(5),
fstab(5),
ipf(5),
ipnat(5),
jail.conf(5),
loader.conf(5),
motd(5),
newsyslog.conf(5),
pf.conf(5),
security(7),
accton(8),
apm(8),
bsdinstall(8),
bthidd(8),
chkprintcap(8),
chown(8),
cron(8),
devfs(8),
dhclient(8),
ftpd(8),
geli(8),
hcsecd(8),
ifconfig(8),
inetd(8),
iovctl(8),
ipf(8),
ipfw(8),
ipnat(8),
jail(8),
kldxref(8),
loader(8),
lpd(8),
mdconfig(8),
mdmfs(8),
mixer(8),
mountd(8),
moused(8),
newfs(8),
newsyslog(8),
nfsd(8),
ntpd(8),
ntpdate(8),
pfctl(8),
pflogd(8),
ping(8),
powerd(8),
quotacheck(8),
quotaon(8),
rc(8),
rc.sendmail(8),
rfcomm_pppd(8),
route(8),
routed(8),
rpc.lockd(8),
rpc.statd(8),
rpc.tlsclntd(8),
rpc.tlsservd(8),
rpcbind(8),
rwhod(8),
savecore(8),
sdpd(8),
service(8),
sshd(8),
swapon(8),
sysctl(8),
syslogd(8),
sysrc(8),
timed(8),
unbound(8),
usbconfig(8),
wlandebug(8),
yp(8),
ypbind(8),
ypserv(8),
ypset(8)
The rc.conf file appeared in FreeBSD
2.2.2.
Visit the GSP FreeBSD Man Page Interface. Output converted with ManDoc. |