NAME

rc.conf — system configuration information

DESCRIPTION

The file rc.conf contains descriptive information about the local host name, configuration details for any potential network interfaces and which services should be started up at system initial boot time. In new installations, the rc.conf file is generally initialized by the system installation utility.

The purpose of rc.conf is not to run commands or perform system startup actions directly. Instead, it is included by the various generic startup scripts in /etc which conditionalize their internal actions according to the settings found there.

The /etc/rc.conf file is included from the file /etc/defaults/rc.conf, which specifies the default settings for all the available options. Options need only be specified in /etc/rc.conf when the system administrator wishes to override these defaults. The file /etc/rc.conf.local is used to override settings in /etc/rc.conf for historical reasons.

The sysrc(8) command provides a scripting interface to modify system config files.

In addition to /etc/rc.conf.local you can also place smaller configuration files for each rc(8) script in the /etc/rc.conf.d directory or ⟨dir⟩/rc.conf.d directories specified in local_startup, which will be included by the load_rc_config function. For jail configurations you could use the file /etc/rc.conf.d/jail to store jail-specific configuration options. If local_startup contains /usr/local/etc/rc.d and /opt/conf, /usr/local/etc/rc.conf.d/jail and /opt/conf/rc.conf.d/jail will be loaded. If ⟨dir⟩/rc.conf.d/⟨name⟩ is a directory, all of files in the directory will be loaded. Also see the rc_conf_files variable below.

Options are set with “name=value” assignments that use sh(1) syntax. The following list provides a name and short description for each variable that can be set in the rc.conf file:

rc_debug

(bool) If set to “YES”, enable output of debug messages from rc scripts. This variable can be helpful in diagnosing mistakes when editing or integrating new scripts. Beware that this produces copious output to the terminal and syslog(3).

rc_info

(bool) If set to “NO”, disable informational messages from the rc scripts. Informational messages are displayed when a condition that is not serious enough to warrant a warning or an error occurs.

rc_startmsgs

(bool) If set to “YES”, show “Starting foo:” when faststart is used (e.g., at boot time).

early_late_divider

(str) The name of the script that should be used as the delimiter between the “early” and “late” stages of the boot process. The early stage should contain all the services needed to get the disks (local or remote) mounted so that the late stage can include scripts contained in the directories listed in the local_startup variable (see below). Thus, the two likely candidates for this value are mountcritlocal for the typical system, and mountcritremote if the system needs remote file systems mounted to get access to the local_startup directories; for example when /usr/local is NFS mounted. For rc.conf within a jail(8) NETWORKING is likely to be an appropriate value. Extreme care should be taken when changing this value, and before changing it one should ensure that there are adequate provisions to recover from a failed boot (such as physical contact with the machine, or reliable remote console access).

always_force_depends

(bool) Various rc.d scripts use the force_depend function to check whether required services are already running, and to start them if necessary. By default during boot time this check is bypassed if the required service is enabled in /etc/rc.conf[.local]. Setting this option will bypass that check at boot time and always test whether or not the service is actually running. Enabling this option is likely to increase your boot time if services are enabled that utilize the force_depend check.

⟨name⟩_chroot

(str) chroot(8) to this directory before running the service.

⟨name⟩_fib

(int) The setfib(1) value to run the service under.

⟨name⟩_group

(str) Run the chrooted service under this system group. Unlike the ⟨name⟩_user setting, this setting has no effect if the service is not chrooted.

⟨name⟩_limits

(str) Resource limits to apply to the service using limits(1). By default, resource limits are based on the login class defined in ⟨name⟩_login_class.

⟨name⟩_login_class

(str) Login class to be used with ⟨name⟩_limits. Defaults to “daemon”.

⟨name⟩_nice

(int) The nice(1) value to run the service under.

⟨name⟩_oomprotect

(str) Use protect(1) to prevent the service from being killed when swap space is exhausted. Use “YES” to protect only the service itself, and “ALL” to protect the service and all its child processes.

Please note that rc scripts which redefine

${argument}_cmd

(see rc.subr(8)) such as PostgreSQL will not inherit the OOM killer protection.

This variable has no effect on services running within a jail(8).

⟨name⟩_user

(str) Run the service under this user account.

apm_enable

(bool) If set to “YES”, enable support for Automatic Power Management with the apm(8) command.

apmd_enable

(bool) Run apmd(8) to handle APM event from userland. This also enables support for APM.

apmd_flags

(str) If apmd_enable is set to “YES”, these are the flags to pass to the apmd(8) daemon.

devd_enable

(bool) Run devd(8) to handle device added, removed or unknown events from the kernel.

ddb_enable

(bool) Run ddb(8) to install ddb(4) scripts at boot time.

ddb_config

(str) Configuration file for ddb(8). Default /etc/ddb.conf.

devmatch_enable

(bool) If set to “NO”, disable auto-loading of kernel modules with devmatch(8).

devmatch_blocklist

(str) A whitespace-separated list of kernel modules to be ignored by devmatch(8).

devmatch_blacklist

(str) This variable is deprecated. Use devmatch_blocklist instead. A whitespace-separated list of kernel modules to be ignored by devmatch(8).

kld_list

(str) A whitespace-separated list of kernel modules to load right after the local disks are mounted, without any .ko extension or path. Loading modules at this point in the boot process is much faster than doing it via /boot/loader.conf for those modules not necessary for mounting local disks.

kldxref_enable

(bool) Set to “NO” by default. Set to “YES” to automatically rebuild linker.hints files with kldxref(8) at boot time.

kldxref_clobber

(bool) Set to “NO” by default. If kldxref_enable is true, setting to “YES” will overwrite existing linker.hints files at boot time. Otherwise, only missing linker.hints files are generated.

kldxref_module_path

(str) Empty by default. A semi-colon (‘;’) delimited list of paths containing kld(4) modules. If empty, the contents of the kern.module_path sysctl(8) are used.

powerd_enable

(bool) If set to “YES”, enable the system power control facility with the powerd(8) daemon.

powerd_flags

(str) If powerd_enable is set to “YES”, these are the flags to pass to the powerd(8) daemon.

tmpmfs

Controls the creation of a /tmp memory file system. Always happens if set to “YES” and never happens if set to “NO”. If set to anything else, a memory file system is created if /tmp is not writable.

tmpsize

Controls the size of a created /tmp memory file system.

tmpmfs_flags

Extra options passed to the mdmfs(8) utility when the memory file system for /tmp is created. The default is “-S”, which inhibits the use of softupdates on /tmp so that file system space is freed without delay after file truncation or deletion. See mdmfs(8) for other options you can use in tmpmfs_flags.

varmfs

Controls the creation of a /var memory file system. Always happens if set to “YES” and never happens if set to “NO”. If set to anything else, a memory file system is created if /var is not writable.

varsize

Controls the size of a created /var memory file system.

varmfs_flags

Extra options passed to the mdmfs(8) utility when the memory file system for /var is created. The default is “-S”, which inhibits the use of softupdates on /var so that file system space is freed without delay after file truncation or deletion. See mdmfs(8) for other options you can use in varmfs_flags.

populate_var

Controls the automatic population of the /var file system. Always happens if set to “YES” and never happens if set to “NO”. If set to anything else, a memory file system is created if /var is not writable. Note that this process requires access to certain commands in /usr before /usr is mounted on normal systems.

cleanvar_enable

(bool) Clean the /var directory.

var_run_enable

(bool) Set to "YES" to enable saving of the /var/run directory strcucture into an mtree file at shutdown and the reload of the /var/run directory structure at boot.

var_run_autosave

(bool) In some cases it may be undesirable to save /var/run at shutdown. When set to "NO" /var/run is loaded at reboot but not saved at shutdown. Typically in this scenario a service var_run save would be performed to save a copy of the /var/run directory structure once, to be reload during all subsequent reboots.

var_run_mtree

(str) Where to save the /var/run mtree. The default location is /var/db/mtree/BSD.var-run.mtree.

local_startup

(str) List of directories to search for startup script files.

script_name_sep

(str) The field separator to use for breaking down the list of startup script files into individual filenames. The default is a space. It is not necessary to change this unless there are startup scripts with names containing spaces.

hostapd_enable

(bool) Set to “YES” to start hostapd(8) at system boot time.

hostname

(str) The fully qualified domain name (FQDN) of this host on the network. This should almost certainly be set to something meaningful, even if there is no network connection. If dhclient(8) is used to set the hostname via DHCP, this variable should be set to an empty string. Within a jail(8) the hostname is generally already set and this variable may absent. If this value remains unset when the system is done booting your console login will display the default hostname of “Amnesiac”.

nisdomainname

(str) The NIS domain name of this host, or “NO” if NIS is not used.

dhclient_program

(str) Path to the DHCP client program (/sbin/dhclient, the OpenBSD DHCP client, is the default).

dhclient_flags

(str) Additional flags to pass to the DHCP client program. For the OpenBSD DHCP client, see the dhclient(8) manpage for a description of the command line options available.

dhclient_flags_⟨iface⟩

Additional flags to pass to the DHCP client program running on iface only. When specified, this variable overrides dhclient_flags.

background_dhclient

(bool) Set to “YES” to start the DHCP client in background. This can cause trouble with applications depending on a working network, but it will provide a faster startup in many cases.

background_dhclient_⟨iface⟩

When specified, this variable overrides the background_dhclient variable for interface iface only.

synchronous_dhclient

(bool) Set to “YES” to start dhclient(8) synchronously at startup. This behavior can be overridden on a per-interface basis by replacing the “DHCP” keyword in the ifconfig_⟨interface⟩ variable with “SYNCDHCP” or “NOSYNCDHCP”.

defaultroute_delay

(int) When set to a positive value, wait up to this long after configuring DHCP interfaces at startup to give the interfaces time to receive a lease.

firewall_enable

(bool) Set to “YES” to load firewall rules at startup. If the kernel was not built with options IPFIREWALL, the ipfw.ko kernel module will be loaded. See also ipfilter_enable.

firewall_script

(str) This variable specifies the full path to the firewall script to run. The default is /etc/rc.firewall.

firewall_type

(str) Names the firewall type from the selection in /etc/rc.firewall, or the file which contains the local firewall ruleset. Valid selections from /etc/rc.firewall are:

open

unrestricted IP access

closed

all IP services disabled, except via “lo0”

client

basic protection for a workstation

simple

basic protection for a LAN.

If a filename is specified, the full path must be given.

firewall_quiet

(bool) Set to “YES” to disable the display of firewall rules on the console during boot.

firewall_logging

(bool) Set to “YES” to enable firewall event logging. This is equivalent to the IPFIREWALL_VERBOSE kernel option.

firewall_logif

(bool) Set to “YES” to create pseudo interface ipfw0 for logging. For more details, see ipfw(8) manual page.

firewall_flags

(str) Flags passed to ipfw(8) if firewall_type specifies a filename.

firewall_coscripts

(str) List of executables and/or rc scripts to run after firewall starts/stops. Default is empty.

firewall_nat_enable

(bool) The ipfw(8) equivalent of natd_enable. Setting this to “YES” will automatically load the ipfw(8) NAT kernel module if firewall_enable is also set to “YES”.

firewall_nat_interface

(str) The ipfw(8) equivalent of natd_interface. This is the name of the public interface or IP address on which kernel NAT should run.

firewall_nat_flags

(str) Additional configuration parameters for kernel NAT should be placed here.

firewall_nat64_enable

(bool) Setting this to “YES” will automatically load the ipfw(8) NAT64 kernel module if firewall_enable is also set to “YES”.

firewall_nptv6_enable

(bool) Setting this to “YES” will automatically load the ipfw(8) NPTv6 kernel module if firewall_enable is also set to “YES”.

firewall_pmod_enable

(bool) Setting this to “YES” will automatically load the ipfw(8) pmod kernel module if firewall_enable is also set to “YES”.

dummynet_enable

(bool) Setting this to “YES” will automatically load the dummynet(4) module if firewall_enable is also set to “YES”.

ipfw_netflow_enable

(bool) Setting this to “YES” will enable netflow logging via ng_netflow(4)

By default a ipfw rule is inserted and all packets are duplicated with the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow port using protocol version 5.

ipfw_netflow_hook

(int) netflow hook name, must be numerical (default 9995).

ipfw_netflow_rule

(int) ipfw rule number (default 1000).

ipfw_netflow_ip

(str) Destination server ip for receiving netflow data (default 127.0.0.1).

ipfw_netflow_port

(int) Destination server port for receiving netflow data (default 9995).

ipfw_netflow_version

(int) Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.

ipfw_netflow_fib

(int) Only match packet in FIB ipfw_netflow_fib (default is undefined meaning all FIBs).

natd_program

(str) Path to natd(8).

natd_enable

(bool) Set to “YES” to enable natd(8). firewall_enable must also be set to “YES”, and divert(4) sockets must be enabled in the kernel. If the kernel was not built with options IPDIVERT, the ipdivert.ko kernel module will be loaded.

natd_interface

(str) This is the name of the public interface on which natd(8) should run. The interface may be given as an interface name or as an IP address.

natd_flags

(str) Additional natd(8) flags should be placed here. The -n or -a flag is automatically added with the above natd_interface as an argument.

ipfilter_enable

(bool) Set to “NO” by default. Setting this to “YES” enables ipf(8) packet filtering.

Typical usage will require putting

ipfilter_enable="YES"
ipnat_enable="YES"
ipmon_enable="YES"
ipfs_enable="YES"

into /etc/rc.conf and editing /etc/ipf.rules and /etc/ipnat.rules appropriately.

Note that ipfilter_enable and ipnat_enable can be enabled independently. ipmon_enable and ipfs_enable both require at least one of ipfilter_enable and ipnat_enable to be enabled.

Having

options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK

in the kernel configuration file is a good idea, too.

ipfilter_program

(str) Path to ipf(8) (default /sbin/ipf).

ipfilter_rules

(str) Set to /etc/ipf.rules by default. This variable contains the name of the filter rule definition file. The file is expected to be readable for the ipf(8) command to execute.

ipv6_ipfilter_rules

(str) Set to /etc/ipf6.rules by default. This variable contains the IPv6 filter rule definition file. The file is expected to be readable for the ipf(8) command to execute.

ipfilter_flags

(str) Empty by default. This variable contains flags passed to the ipf(8) program.

ipnat_enable

(bool) Set to “NO” by default. Set it to “YES” to enable ipnat(8) network address translation. See ipfilter_enable for a detailed discussion.

ipnat_program

(str) Path to ipnat(8) (default /sbin/ipnat).

ipnat_rules

(str) Set to /etc/ipnat.rules by default. This variable contains the name of the file holding the network address translation definition. This file is expected to be readable for the ipnat(8) command to execute.

ipnat_flags

(str) Empty by default. This variable contains flags passed to the ipnat(8) program.

ipmon_enable

(bool) Set to “NO” by default. Set it to “YES” to enable ipmon(8) monitoring (logging ipf(8) and ipnat(8) events). Setting this variable needs setting ipfilter_enable or ipnat_enable too. See ipfilter_enable for a detailed discussion.

ipmon_program

(str) Path to ipmon(8) (default /sbin/ipmon).

ipmon_flags

(str) Set to “-Ds” by default. This variable contains flags passed to the ipmon(8) program. Another typical example would be “-D /var/log/ipflog” to have ipmon(8) log directly to a file bypassing syslogd(8). Make sure to adjust /etc/newsyslog.conf in such case like this:

/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid

ipfs_enable

(bool) Set to “NO” by default. Set it to “YES” to enable ipfs(8) saving the filter and NAT state tables during shutdown and reloading them during startup again. Setting this variable needs setting ipfilter_enable or ipnat_enable to “YES” too. See ipfilter_enable for a detailed discussion. Note that if kern_securelevel is set to 3, ipfs_enable cannot be used because the raised securelevel will prevent ipfs(8) from saving the state tables at shutdown time.

ipfs_program

(str) Path to ipfs(8) (default /sbin/ipfs).

ipfs_flags

(str) Empty by default. This variable contains flags passed to the ipfs(8) program.

pf_enable

(bool) Set to “NO” by default. Setting this to “YES” enables pf(4) packet filtering.

Typical usage will require putting

pf_enable="YES"

into /etc/rc.conf and editing /etc/pf.conf appropriately. Adding

device pf

builds support for pf(4) into the kernel, otherwise the kernel module will be loaded.

pf_rules

(str) Path to pf(4) ruleset configuration file (default /etc/pf.conf).

pf_program

(str) Path to pfctl(8) (default /sbin/pfctl).

pf_flags

(str) If pf_enable is set to “YES”, these flags are passed to the pfctl(8) program when loading the ruleset.

pflog_enable

(bool) Set to “NO” by default. Setting this to “YES” enables pflogd(8) which logs packets from the pf(4) packet filter.

pflog_logfile

(str) If pflog_enable is set to “YES” this controls where pflogd(8) stores the logfile (default /var/log/pflog). Check /etc/newsyslog.conf to adjust logfile rotation for this.

pflog_program

(str) Path to pflogd(8) (default /sbin/pflogd).

pflog_flags

(str) Empty by default. This variable contains additional flags passed to the pflogd(8) program.

pflog_instances

(str) If logging to more than one pflog(4) interface is desired, pflog_instances is set to the list of pflogd(8) instances that should be started at system boot time. If pflog_instances is set, for each whitespace-separated element in the list, ⟨element⟩_dev and ⟨element⟩_logfile elements are assumed to exist. ⟨element⟩_dev must contain the pflog(4) interface to be watched by the named pflogd(8) instance. ⟨element⟩_logfile must contain the name of the logfile that will be used by the pflogd(8) instance.

ftpproxy_enable

(bool) Set to “NO” by default. Setting this to “YES” enables ftp-proxy(8) which supports the pf(4) packet filter in translating ftp connections.

ftpproxy_flags

(str) Empty by default. This variable contains additional flags passed to the ftp-proxy(8) program.

ftpproxy_instances

(str) Empty by default. If multiple instances of ftp-proxy(8) are desired at boot time, ftpproxy_instances should contain a whitespace-separated list of instance names. For each element in the list, a variable named ⟨element⟩_flags should be defined, containing the command-line flags to be passed to the ftp-proxy(8) instance.

pfsync_enable

(bool) Set to “NO” by default. Setting this to “YES” enables exposing pf(4) state changes to other hosts over the network by means of pfsync(4). The pfsync_syncdev variable must also be set then.

pfsync_syncdev

(str) Empty by default. This variable specifies the name of the network interface pfsync(4) should operate through. It must be set accordingly if pfsync_enable is set to “YES”.

pfsync_syncpeer

(str) Empty by default. This variable is optional. By default, state change messages are sent out on the synchronisation interface using IP multicast packets. The protocol is IP protocol 240, PFSYNC, and the multicast group used is 224.0.0.240. When a peer address is specified using the pfsync_syncpeer option, the peer address is used as a destination for the pfsync traffic, and the traffic can then be protected using ipsec(4). See the pfsync(4) manpage for more details about using ipsec(4) with pfsync(4) interfaces.

pfsync_ifconfig

(str) Empty by default. This variable can contain additional options to be passed to the ifconfig(8) command used to set up pfsync(4).

tcp_extensions

(bool) Set to “YES” by default. Setting this to “NO” disables certain TCP options as described by RFC 1323. Setting this to “NO” might help remedy such problems with connections as randomly hanging or other weird behavior. Some network devices are known to be broken with respect to these options.

log_in_vain

(int) Set to 0 by default. The sysctl(8) variables, net.inet.tcp.log_in_vain and net.inet.udp.log_in_vain, as described in tcp(4) and udp(4), are set to the given value.

tcp_keepalive

(bool) Set to “YES” by default. Setting to “NO” will disable probing idle TCP connections to verify that the peer is still up and reachable.

tcp_drop_synfin

(bool) Set to “NO” by default. Setting to “YES” will cause the kernel to ignore TCP frames that have both the SYN and FIN flags set. This prevents OS fingerprinting, but may break some legitimate applications.

icmp_drop_redirect

(bool) Set to “NO” by default. Setting to “YES” will cause the kernel to ignore ICMP REDIRECT packets. Refer to icmp(4) for more information.

icmp_log_redirect

(bool) Set to “NO” by default. Setting to “YES” will cause the kernel to log ICMP REDIRECT packets. Note that the log messages are not rate-limited, so this option should only be used for troubleshooting networks. Refer to icmp(4) for more information.

icmp_bmcastecho

(bool) Set to “YES” to respond to broadcast or multicast ICMP ping packets. Refer to icmp(4) for more information.

ip_portrange_first

(int) If not set to “NO”, this is the first port in the default portrange. Refer to ip(4) for more information.

ip_portrange_last

(int) If not set to “NO”, this is the last port in the default portrange. Refer to ip(4) for more information.

network_interfaces

(str) Set to the list of network interfaces to configure on this host or “AUTO” (the default) for all current interfaces. Setting the network_interfaces variable to anything other than the default is deprecated. Interfaces that the administrator wishes to store configuration for, but not start at boot should be configured with the “NOAUTO” keyword in their ifconfig_⟨interface⟩ variables as described below.

An ifconfig_⟨interface⟩ variable is also assumed to exist for each value of interface. When an interface name contains any of the characters “.-/+” they are translated to “_” before lookup. The variable can contain arguments to ifconfig(8), as well as special case-insensitive keywords described below. Such keywords are removed before passing the value to ifconfig(8) while the order of the other arguments is preserved.

It is possible to add IP alias entries using ifconfig(8) syntax with the address family keyword such as inet. Assuming that the interface in question was ed0, it might look something like this:

ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"

It also possible to configure multiple IP addresses in Classless Inter-Domain Routing (CIDR) address notation, whose each address component can be a range like inet 192.0.2.5-23/24 or inet6 2001:db8:1-f::1/64. This notation allows address and prefix length part only, not the other address modifiers. Note that the maximum number of the generated addresses from a range specification is limited to an integer value specified in netif_ipexpand_max in rc.conf because a small typo can unexpectedly generate a large number of addresses. The default value is 2048. It can be increased by adding the following line into rc.conf:

netif_ipexpand_max="4096"

In the case of 192.0.2.5-23/24, the address 192.0.2.5 will be configured with the netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with the non-conflicting netmask /32 as explained in the ifconfig(8) alias section. Note that this special netmask handling is only for inet, not for the other address families such as inet6.

With the interface in question being ed0, an example could look like:

ifconfig_ed0_alias2="inet 192.0.2.129/27"
ifconfig_ed0_alias3="inet 192.0.2.1-5/28"

and so on.

Note that ipv4_addrs_⟨interface⟩ variable was supported for IPv4 CIDR address notation. It is now deprecated because the functionality was integrated into ifconfig_⟨interface⟩_alias⟨n⟩ though ipv4_addrs_⟨interface⟩ is still supported for backward compatibility.

For each ifconfig_⟨interface⟩_alias⟨n⟩ entry with an address family keyword, its contents are passed to ifconfig(8). Execution stops at the first unsuccessful access, so if something like this is present:

ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"

Then note that alias4 would not be added since the search would stop with the missing “alias3” entry. Because of this difficult to manage behavior, there is ifconfig_⟨interface⟩_aliases variable, which has the same functionality as ifconfig_⟨interface⟩_alias⟨n⟩ and can have all of entries in a variable like the following:

ifconfig_ed0_aliases="\
	inet 127.0.0.251 netmask 0xffffffff \
	inet 127.0.0.252 netmask 0xffffffff \
	inet 127.0.0.253 netmask 0xffffffff \
	inet 127.0.0.254 netmask 0xffffffff"

It also supports CIDR notation.

If the /etc/start_if.⟨interface⟩ file is present, it is read and executed by the sh(1) interpreter before configuring the interface as specified in the ifconfig_⟨interface⟩ and ifconfig_⟨interface⟩_alias⟨n⟩ variables.

If a vlans_⟨interface⟩ variable is set, a vlan(4) interface will be created for each item in the list with the vlandev argument set to interface. If a vlan interface's name is a number, then that number is used as the vlan tag and the new vlan interface is named interface.tag. Otherwise, the vlan tag must be specified via a vlan parameter in the create_args_⟨interface⟩ variable.

To create a vlan device named em0.101 on em0 with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:

vlans_em0="101"
ifconfig_em0_101="inet 192.0.2.1/24"

To create a vlan device named myvlan on em0 with the vlan tag 102:

vlans_em0="myvlan"
create_args_myvlan="vlan 102"

If a wlans_⟨interface⟩ variable is set, an wlan(4) interface will be created for each item in the list with the wlandev argument set to interface. Further wlan cloning arguments may be passed to the ifconfig(8) create command by setting the create_args_⟨interface⟩ variable. One or more wlan(4) devices must be created for each wireless devices as of FreeBSD 8.0. Debugging flags for wlan(4) devices as set by wlandebug(8) may be specified with an wlandebug_⟨interface⟩ variable. The contents of this variable will be passed directly to wlandebug(8).

If the ifconfig_⟨interface⟩ contains the keyword “NOAUTO” then the interface will not be configured at boot or by /etc/pccard_ether when network_interfaces is set to “AUTO”.

It is possible to bring up an interface with DHCP by adding “DHCP” to the ifconfig_⟨interface⟩ variable. For instance, to initialize the ed0 device via DHCP, it is possible to use something like:

ifconfig_ed0="DHCP"

If you want to configure your wireless interface with wpa_supplicant(8) for use with WPA, EAP/LEAP or WEP, you need to add “WPA” to the ifconfig_⟨interface⟩ variable.

On the other hand, if you want to configure your wireless interface with hostapd(8), you need to add “HOSTAP” to the ifconfig_⟨interface⟩ variable. hostapd(8) will use the settings from /etc/hostapd-⟨interface⟩.conf

Finally, you can add ifconfig(8) options in this variable, in addition to the /etc/start_if.⟨interface⟩ file. For instance, to configure an ath(4) wireless device in station mode with an address obtained via DHCP, using WPA authentication and 802.11b mode, it is possible to use something like:

wlans_ath0="wlan0"
ifconfig_wlan0="DHCP WPA mode 11b"

In addition to the ifconfig_⟨interface⟩ form, a fallback variable ifconfig_DEFAULT may be configured. It will be used for all interfaces with no ifconfig_⟨interface⟩ variable. This is intended to replace the no longer supported pccard_ifconfig variable.

It is also possible to rename an interface by doing:

ifconfig_ed0_name="net0"
ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"

ipv6_enable

(bool) This variable is deprecated. Use ifconfig_⟨interface⟩_ipv6 and ipv6_activate_all_interfaces if necessary.

If the variable is “YES”, “inet6 accept_rtadv” is added to all of ifconfig_⟨interface⟩_ipv6 and the ipv6_activate_all_interfaces is defined as “YES”.

ipv6_prefer

(bool) This variable is deprecated. Use ip6addrctl_policy instead.

If the variable is “YES”, the default address selection policy table set by ip6addrctl(8) will be IPv6-preferred.

If the variable is “NO”, the default address selection policy table set by ip6addrctl(8) will be IPv4-preferred.

ipv6_activate_all_interfaces

(bool) This controls initial configuration on IPv6-capable interfaces with no corresponding ifconfig_⟨interface⟩_ipv6 variable. Note that it is not always necessary to set this variable to “YES” to use IPv6 functionality on FreeBSD. In most cases, just configuring ifconfig_⟨interface⟩_ipv6 variables works.

If the variable is “NO”, all interfaces which do not have a corresponding ifconfig_⟨interface⟩_ipv6 variable will be marked as “IFDISABLED” at creation. This means that all of IPv6 functionality on that interface is completely disabled to enforce a security policy. If the variable is set to “YES”, the flag will be cleared on all of the interfaces.

In most cases, just defining an ifconfig_⟨interface⟩_ipv6 for an IPv6-capable interface should be sufficient. However, if an interface is added dynamically (by some tunneling protocols such as PPP, for example), it is often difficult to define the variable in advance. In such a case, configuring the “IFDISABLED” flag can be disabled by setting this variable to “YES”.

For more details of the “IFDISABLED” flag and keywords “inet6 ifdisabled”, see ifconfig(8).

Default is “NO”.

ipv6_privacy

(bool) If the variable is “YES” privacy addresses will be generated for each IPv6 interface as described in RFC 4941.

ipv6_network_interfaces

(str) This is the IPv6 equivalent of network_interfaces. Normally manual configuration of this variable is not needed.

ipv6_cpe_wanif

(str) If the variable is set to an interface name, the ifconfig(8) options “inet6 -no_radr accept_rtadv” will be added to the specified interface automatically before evaluating ifconfig_⟨interface⟩_ipv6, and two sysctl(8) variables net.inet6.ip6.rfc6204w3 and net.inet6.ip6.no_radr will be set to 1.

This means the specified interface will accept ICMPv6 Router Advertisement messages on that link and add the discovered routers into the Default Router List. While the other interfaces can still accept RA messages if the “inet6 accept_rtadv” option is specified, adding routes into the Default Router List will be disabled by “inet6 no_radr” option by default. See ifconfig(8) for more details.

Note that ICMPv6 Router Advertisement messages will be accepted even when net.inet6.ip6.forwarding is 1 (packet forwarding is enabled) when net.inet6.ip6.rfc6204w3 is set to 1.

Default is “NO”.

ifconfig_⟨interface⟩_descr

(str) This assigns arbitrary description to an interface. The sysctl(8) variable net.ifdescr_maxlen limits its length. This static setting may be overridden by commands started with dynamic interface configuration utilities like dhclient(8) hooks. The description can be seen with ifconfig(8) command and it may be exported with bsnmpd(1) daemon using its MIB-2 module.

ifconfig_⟨interface⟩_ipv6

(str) IPv6 functionality on an interface should be configured by ifconfig_⟨interface⟩_ipv6, instead of setting ifconfig parameters in ifconfig_⟨interface⟩. If this variable is empty, all of IPv6 configurations on the specified interface by other variables such as ipv6_prefix_⟨interface⟩ will be ignored.

Aliases should be set by ifconfig_⟨interface⟩_alias⟨n⟩ with “inet6” keyword. For example:

ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"

Interfaces that have an “inet6 accept_rtadv” keyword in ifconfig_⟨interface⟩_ipv6 setting will be automatically configured by SLAAC (StateLess Address AutoConfiguration) described in RFC 4862.

Note that a link-local address will be automatically configured in addition to the configured global-scope addresses because the IPv6 specifications require it on each link. The address is calculated from the MAC address by using an algorithm defined in RFC 4862, Section 5.3.

If only a link-local address is needed on the interface, the following configuration can be used:

ifconfig_ed0_ipv6="inet6 auto_linklocal"

A link-local address can also be configured manually. This is useful for the default router address of an IPv6 router so that it does not change when the network interface card is replaced. For example:

ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64"

ipv6_prefix_⟨interface⟩

(str) If one or more prefixes are defined in ipv6_prefix_⟨interface⟩ addresses based on each prefix and the EUI-64 interface index will be configured on that interface. Note that this variable will be ignored when ifconfig_⟨interface⟩_ipv6 is empty.

For example, the following configuration

ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0"

is equivalent to the following:

ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"

These Subnet-Router anycast addresses will be added only when ipv6_gateway_enable is YES.

ipv6_default_interface

(str) If not set to “NO”, this is the default output interface for scoped addresses. This works only with ipv6_gateway_enable="NO".

ip6addrctl_enable

(bool) This variable is to enable configuring default address selection policy table (RFC 3484). The table can be specified in another variable ip6addrctl_policy. For ip6addrctl_policy the following keywords can be specified: “ipv4_prefer”, “ipv6_prefer”, or “AUTO”.

If “ipv4_prefer” or “ipv6_prefer” is specified, ip6addrctl(8) installs a pre-defined policy table described in Section 2.1 (IPv6-preferred) or 10.3 (IPv4-preferred) of RFC 3484.

If “AUTO” is specified, it attempts to read a file /etc/ip6addrctl.conf first. If this file is found, ip6addrctl(8) reads and installs it. If not found, a policy is automatically set according to ipv6_activate_all_interfaces variable; if the variable is set to “YES” the IPv6-preferred one is used. Otherwise IPv4-preferred.

The default value of ip6addrctl_enable and ip6addrctl_policy are “YES” and “AUTO”, respectively.

cloned_interfaces

(str) Set to the list of clonable network interfaces to create on this host. Further cloning arguments may be passed to the ifconfig(8) create command for each interface by setting the create_args_⟨interface⟩ variable. If an interface name is specified with “:sticky” keyword, the interface will not be destroyed even when rc.d/netif script is invoked with “stop” argument. This is useful when reconfiguring the interface without destroying it. Entries in cloned_interfaces are automatically appended to network_interfaces for configuration.

cloned_interfaces_sticky

(bool) This variable is to globally enable functionality of “:sticky” keyword in cloned_interfaces for all interfaces. The default value is “NO”. Even if this variable is specified to “YES”, “:nosticky” keyword can be used to override it on per interface basis.

gif_interfaces

Set to the list of gif(4) tunnel interfaces to configure on this host. A gifconfig_⟨interface⟩ variable is assumed to exist for each value of interface. The value of this variable is used to configure the link layer of the tunnel using the tunnel option to ifconfig(8). Additionally, this option ensures that each listed interface is created via the create option to ifconfig(8) before attempting to configure it.

For example, configure two gif(4) interfaces with:

gif_interfaces="gif0 gif1"
gifconfig_gif0="100.64.0.1 100.64.0.2"
ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252"
gifconfig_gif1="inet6 2a00::1 2a01::1"
ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252"

sppp_interfaces

(str) Set to the list of sppp(4) interfaces to configure on this host. A spppconfig_⟨interface⟩ variable is assumed to exist for each value of interface. Each interface should also be configured by a general ifconfig_⟨interface⟩ setting. Refer to spppcontrol(8) for more information about available options.

ppp_enable

(bool) If set to “YES”, run the ppp(8) daemon.

ppp_profile

(str) The name of the profile to use from /etc/ppp/ppp.conf. Also used for per-profile overrides of ppp_mode and ppp_nat, and ppp_⟨profile⟩_unit. When the profile name contains any of the characters “.-/+” they are translated to “_” for the proposes of the override variable names.

ppp_mode

(str) Mode in which to run the ppp(8) daemon.

ppp_⟨profile⟩_mode

(str) Overrides the global ppp_mode for profile. Accepted modes are “auto”, “ddial”, “direct” and “dedicated”. See the manual for a full description.

ppp_nat

(bool) If set to “YES”, enables network address translation. Used in conjunction with gateway_enable allows hosts on private network addresses access to the Internet using this host as a network address translating router.

ppp_⟨profile⟩_nat

(str) Overrides the global ppp_nat for profile.

ppp_⟨profile⟩_unit

(int) Set the unit number to be used for this profile. See the manual description of -unitN for details.

ppp_user

(str) The name of the user under which ppp(8) should be started. By default, ppp(8) is started as “root”.

rc_conf_files

(str) This option is used to specify a list of files that will override the settings in /etc/defaults/rc.conf. The files will be read in the order in which they are specified and should include the full path to the file. By default, the files specified are /etc/rc.conf and /etc/rc.conf.local

zfs_enable

(bool) If set to “YES”, /etc/rc.d/zfs will attempt to automatically mount ZFS file systems and initialize ZFS volumes (ZVOLs).

gptboot_enable

(bool) If set to “YES”, /etc/rc.d/gptboot will log if the system successfully (or not) booted from a GPT partition, which had the bootonce attribute set using gpart(8) utility.

gbde_autoattach_all

(bool) If set to “YES”, /etc/rc.d/gbde will attempt to automatically initialize your .bde devices in /etc/fstab.

gbde_devices

(str) List the devices that the script should try to attach, or “AUTO”.

gbde_lockdir

(str) The directory where the gbde(4) lockfiles are located. The default lockfile directory is /etc.

The lockfile for each individual gbde(4) device can be overridden by setting the variable gbde_lock_⟨device⟩, where device is the encrypted device without the “/dev/” and “.bde” parts.

gbde_attach_attempts

(int) Number of times to attempt attaching to a gbde(4) device, i.e., how many times the user is asked for the pass-phrase. Default is 3.

geli_devices

(str) List of devices to automatically attach on boot. Note that .eli devices from /etc/fstab are automatically appended to this list.

geli_groups

(str) List of groups containing devices to automatically attach on boot with the same keyfiles and passphrase. This must be accompanied with a corresponding geli_⟨group⟩_devices variable.

geli_tries

(int) Number of times user is asked for the pass-phrase. If empty, it will be taken from kern.geom.eli.tries sysctl variable.

geli_default_flags

(str) Default flags to use by geli(8) when configuring disk encryption. Flags can be configured for every device separately by defining the geli_⟨device⟩_flags variable, and for every group separately by defining the geli_⟨group⟩_flags variable.

geli_autodetach

(str) Specifies if GELI devices should be marked for detach on last close after file systems are mounted. Default is “YES”. This can be changed for every device separately by defining the geli_⟨device⟩_autodetach variable.

root_rw_mount

(bool) Set to “YES” by default. After the file systems are checked at boot time, the root file system is remounted as read-write if this is set to “YES”. Diskless systems that mount their root file system from a read-only remote NFS share should set this to “NO” in their rc.conf.

fsck_y_enable

(bool) If set to “YES”, fsck(8) will be run with the -y flag if the initial preen of the file systems fails.

background_fsck

(bool) If set to “NO”, the system will not attempt to run fsck(8) in the background where possible.

background_fsck_delay

(int) The amount of time in seconds to sleep before starting a background fsck(8). It defaults to sixty seconds to allow large applications such as the X server to start before disk I/O bandwidth is monopolized by fsck(8). If set to a negative number, the background file system check will be delayed indefinitely to allow the administrator to run it at a more convenient time. For example it may be run from cron(8) by adding a line like

0 4 * * * root /etc/rc.d/bgfsck forcestart

to /etc/crontab.

netfs_types

(str) List of file system types that are network-based. This list should generally not be modified by end users. Use extra_netfs_types instead.

extra_netfs_types

(str) If set to something other than “NO” (the default), this variable extends the list of file system types for which automatic mounting at startup by rc(8) should be delayed until the network is initialized. It should contain a whitespace-separated list of network file system descriptor pairs, each consisting of a file system type as passed to mount(8) and a human-readable, one-word description, joined with a colon (‘:’). Extending the default list in this way is only necessary when third party file system types are used.

syslogd_enable

(bool) If set to “YES”, run the syslogd(8) daemon.

syslogd_program

(str) Path to syslogd(8) (default /usr/sbin/syslogd).

syslogd_flags

(str) If syslogd_enable is set to “YES”, these are the flags to pass to syslogd(8).

inetd_enable

(bool) If set to “YES”, run the inetd(8) daemon.

inetd_program

(str) Path to inetd(8) (default /usr/sbin/inetd).

inetd_flags

(str) If inetd_enable is set to “YES”, these are the flags to pass to inetd(8).

hastd_enable

(bool) If set to “YES”, run the hastd(8) daemon.

hastd_program

(str) Path to hastd(8) (default /sbin/hastd).

hastd_flags

(str) If hastd_enable is set to “YES”, these are the flags to pass to hastd(8).

local_unbound_enable

(bool) If set to “YES”, run the unbound(8) daemon as a local caching resolver.

kdc_enable

(bool) Set to “YES” to start a Kerberos 5 authentication server at boot time.

kdc_program

(str) If kdc_enable is set to “YES” this is the path to Kerberos 5 Authentication Server.

kdc_flags

(str) Empty by default. This variable contains additional flags to be passed to the Kerberos 5 authentication server.

kadmind_enable

(bool) Set to “YES” to start kadmind(8), the Kerberos 5 Administration Daemon; set to “NO” on a slave server.

kadmind_program

(str) If kadmind_enable is set to “YES” this is the path to Kerberos 5 Administration Daemon.

kpasswdd_enable

(bool) Set to “YES” to start kpasswdd(8), the Kerberos 5 Password-Changing Daemon; set to “NO” on a slave server.

kpasswdd_program

(str) If kpasswdd_enable is set to “YES” this is the path to Kerberos 5 Password-Changing Daemon.

kfd_enable

(bool) Set to “YES” to start kfd(8), the Kerberos 5 ticket forwarding daemon, at the boot time.

kfd_program

(str) Path to kfd(8) (default /usr/libexec/kfd).

rwhod_enable

(bool) If set to “YES”, run the rwhod(8) daemon at boot time.

rwhod_flags

(str) If rwhod_enable is set to “YES”, these are the flags to pass to it.

amd_enable

(bool) If set to “YES”, run the amd(8) daemon at boot time.

amd_flags

(str) If amd_enable is set to “YES”, these are the flags to pass to it. See the amd(8) manpage for more information.

amd_map_program

(str) If set, the specified program is run to get the list of amd(8) maps. For example, if the amd(8) maps are stored in NIS, one can set this to run ypcat(1) to get a list of amd(8) maps from the amd.master NIS map.

update_motd

(bool) If set to “YES”, /etc/motd will be updated at boot time to reflect the kernel release being run. If set to “NO”, /etc/motd will not be updated.

nfs_client_enable

(bool) If set to “YES”, run the NFS client daemons at boot time.

nfs_access_cache

(int) If nfs_client_enable is set to “YES”, this can be set to “0” to disable NFS ACCESS RPC caching, or to the number of seconds for which NFS ACCESS results should be cached. A value of 2-10 seconds will substantially reduce network traffic for many NFS operations.

nfs_server_enable

(bool) If set to “YES”, run the NFS server daemons at boot time.

nfs_server_flags

(str) If nfs_server_enable is set to “YES”, these are the flags to pass to the nfsd(8) daemon.

nfsv4_server_enable

(bool) If nfs_server_enable is set to “YES” and nfsv4_server_enable are set to “YES”, enable the server for NFSv4 as well as NFSv2 and NFSv3.

nfsuserd_enable

(bool) If nfsuserd_enable is set to “YES”, run the nfsuserd daemon, which is needed for NFSv4 in order to map between user/group names vs uid/gid numbers. If nfsv4_server_enable is set to “YES”, this will be forced enabled.

nfsuserd_flags

(str) If nfsuserd_enable is set to “YES”, these are the flags to pass to the nfsuserd(8) daemon.

nfscbd_enable

(bool) If nfscbd_enable is set to “YES”, run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.

nfscbd_flags

(str) If nfscbd_enable is set to “YES”, these are the flags to pass to the nfscbd(8) daemon.

mountd_enable

(bool) If set to “YES”, and no nfs_server_enable is set, start mountd(8), but not nfsd(8) daemon. It is commonly needed to run CFS without real NFS used.

mountd_flags

(str) If mountd_enable is set to “YES”, these are the flags to pass to the mountd(8) daemon.

weak_mountd_authentication

(bool) If set to “YES”, allow services like PCNFSD to make non-privileged mount requests.

nfs_reserved_port_only

(bool) If set to “YES”, provide NFS services only on a secure port.

nfs_bufpackets

(int) If set to a number, indicates the number of packets worth of socket buffer space to reserve on an NFS client. The kernel default is typically 4. Using a higher number may be useful on gigabit networks to improve performance. The minimum value is 2 and the maximum is 64.

rpc_lockd_enable

(bool) If set to “YES” and also an NFS server or client, run rpc.lockd(8) at boot time.

rpc_lockd_flags

(str) If rpc_lockd_enable is set to “YES”, these are the flags to pass to the rpc.lockd(8) daemon.

rpc_statd_enable

(bool) If set to “YES” and also an NFS server or client, run rpc.statd(8) at boot time.

rpc_statd_flags

(str) If rpc_statd_enable is set to “YES”, these are the flags to pass to the rpc.statd(8) daemon.

rpcbind_program

(str) Path to rpcbind(8) (default /usr/sbin/rpcbind).

rpcbind_enable

(bool) If set to “YES”, run the rpcbind(8) service at boot time.

rpcbind_flags

(str) If rpcbind_enable is set to “YES”, these are the flags to pass to the rpcbind(8) daemon.

keyserv_enable

(bool) If set to “YES”, run the keyserv(8) daemon on boot for running Secure RPC.

keyserv_flags

(str) If keyserv_enable is set to “YES”, these are the flags to pass to keyserv(8) daemon.

pppoed_enable

(bool) If set to “YES”, run the pppoed(8) daemon at boot time to provide PPP over Ethernet services.

pppoed_⟨provider⟩

(str) pppoed(8) listens to requests to this provider and ultimately runs ppp(8) with a system argument of the same name.

pppoed_flags

(str) Additional flags to pass to pppoed(8).

pppoed_interface

(str) The network interface to run pppoed(8) on. This is mandatory when pppoed_enable is set to “YES”.

timed_enable

(bool) If set to “YES”, run the timed(8) service at boot time. This command is intended for networks of machines where a consistent “network time” for all hosts must be established. This is often useful in large NFS environments where time stamps on files are expected to be consistent network-wide.

timed_flags

(str) If timed_enable is set to “YES”, these are the flags to pass to the timed(8) service.

ntpdate_enable

(bool) If set to “YES”, run ntpdate(8) at system startup. This command is intended to synchronize the system clock only once from some standard reference.

Note that the use of the ntpd_sync_on_start variable is a preferred alternative to the ntpdate(8) utility as ntpdate(8) is to be retired from the NTP distribution.

ntpdate_config

(str) Configuration file for ntpdate(8). Default /etc/ntp.conf.

ntpdate_hosts

(str) A whitespace-separated list of NTP servers to synchronize with at startup. The default is to use the servers listed in ntpdate_config, if that file exists.

ntpdate_program

(str) Path to ntpdate(8) (default /usr/sbin/ntpdate).

ntpdate_flags

(str) If ntpdate_enable is set to “YES”, these are the flags to pass to the ntpdate(8) command (typically a hostname).

ntpd_enable

(bool) If set to “YES”, run the ntpd(8) command at boot time.

ntpd_program

(str) Path to ntpd(8) (default /usr/sbin/ntpd).

ntpd_config

(str) Path to ntpd(8) configuration file. Default /etc/ntp.conf.

ntpd_flags

(str) If ntpd_enable is set to “YES”, these are the flags to pass to the ntpd(8) daemon.

ntpd_sync_on_start

(bool) If set to “YES”, ntpd(8) is run with the -g flag, which syncs the system's clock on startup. See ntpd(8) for more information regarding the -g option. This is a preferred alternative to using ntpdate(8) or specifying the ntpdate_enable variable.

nis_client_enable

(bool) If set to “YES”, run the ypbind(8) service at system boot time.

nis_client_flags

(str) If nis_client_enable is set to “YES”, these are the flags to pass to the ypbind(8) service.

nis_ypldap_enable

(bool) If set to “YES”, run the ypldap(8) daemon at system boot time.

nis_ypldap_flags

(str) If nis.ypldap_enable is set to “YES”, these are the flags to pass to the ypldap(8) daemon.

nis_ypset_enable

(bool) If set to “YES”, run the ypset(8) daemon at system boot time.

nis_ypset_flags

(str) If nis_ypset_enable is set to “YES”, these are the flags to pass to the ypset(8) daemon.

nis_server_enable

(bool) If set to “YES”, run the ypserv(8) daemon at system boot time.

nis_server_flags

(str) If nis_server_enable is set to “YES”, these are the flags to pass to the ypserv(8) daemon.

nis_ypxfrd_enable

(bool) If set to “YES”, run the rpc.ypxfrd(8) daemon at system boot time.

nis_ypxfrd_flags

(str) If nis_ypxfrd_enable is set to “YES”, these are the flags to pass to the rpc.ypxfrd(8) daemon.

nis_yppasswdd_enable

(bool) If set to “YES”, run the rpc.yppasswdd(8) daemon at system boot time.

nis_yppasswdd_flags

(str) If nis_yppasswdd_enable is set to “YES”, these are the flags to pass to the rpc.yppasswdd(8) daemon.

rpc_ypupdated_enable

(bool) If set to “YES”, run the rpc.ypupdated daemon at system boot time.

bsnmpd_enable

(bool) If set to “YES”, run the bsnmpd(1) daemon at system boot time. Be sure to understand the security implications of running SNMP daemon on your host.

bsnmpd_flags

(str) If bsnmpd_enable is set to “YES”, these are the flags to pass to the bsnmpd(1) daemon.

defaultrouter

(str) If not set to “NO”, create a default route to this host name or IP address (use an IP address if this router is also required to get to the name server!).

ipv6_defaultrouter

(str) The IPv6 equivalent of defaultrouter.

static_arp_pairs

(str) Set to the list of static ARP pairs that are to be added at system boot time. For each whitespace separated element in the value, a static_arp_⟨element⟩ variable is assumed to exist whose contents will later be passed to a “arp -S” operation. For example

static_arp_pairs="gw"
static_arp_gw="192.168.1.1 00:01:02:03:04:05"

static_ndp_pairs

(str) Set to the list of static NDP pairs that are to be added at system boot time. For each whitespace separated element in the value, a static_ndp_⟨element⟩ variable is assumed to exist whose contents will later be passed to a “ndp -s” operation. For example

static_ndp_pairs="gw"
static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"

static_routes

(str) Set to the list of static routes that are to be added at system boot time. If not set to “NO” then for each whitespace separated element in the value, a route_⟨element⟩ variable is assumed to exist whose contents will later be passed to a “route add” operation. For example:

static_routes="ext mcast:gif0 gif0local:gif0"
route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
route_mcast="-net 224.0.0.0/4 -iface gif0"
route_gif0local="-host 169.254.1.1 -iface lo0"

When an element is in the form of name:ifname, the route is specific to the interface ifname.

ipv6_static_routes

(str) The IPv6 equivalent of static_routes. If not set to “NO” then for each whitespace separated element in the value, a ipv6_route_⟨element⟩ variable is assumed to exist whose contents will later be passed to a “route add -inet6” operation.

gateway_enable

(bool) If set to “YES”, configure host to act as an IP router, e.g. to forward packets between interfaces.

ipv6_gateway_enable

(bool) The IPv6 equivalent of gateway_enable.

routed_enable

(bool) If set to “YES”, run a routing daemon of some sort, based on the settings of routed_program and routed_flags.

route6d_enable

(bool) The IPv6 equivalent of routed_enable. If set to “YES”, run a routing daemon of some sort, based on the settings of route6d_program and route6d_flags.

routed_program

(str) If routed_enable is set to “YES”, this is the name of the routing daemon to use.

route6d_program

(str) The IPv6 equivalent of routed_program.

routed_flags

(str) If routed_enable is set to “YES”, these are the flags to pass to the routing daemon.

route6d_flags

(str) The IPv6 equivalent of routed_flags.

rtadvd_enable

(bool) If set to “YES”, run the rtadvd(8) daemon at boot time. The rtadvd(8) utility sends ICMPv6 Router Advertisement messages to the interfaces specified in rtadvd_interfaces. This should only be enabled with great care. You may want to fine-tune rtadvd.conf(5).

rtadvd_interfaces

(str) If rtadvd_enable is set to “YES” this is the list of interfaces to use.

arpproxy_all

(bool) If set to “YES”, enable global proxy ARP.

forward_sourceroute

(bool) If set to “YES” and gateway_enable is also set to “YES”, source-routed packets are forwarded.

accept_sourceroute

(bool) If set to “YES”, the system will accept source-routed packets directed at it.

rarpd_enable

(bool) If set to “YES”, run the rarpd(8) daemon at system boot time.

rarpd_flags

(str) If rarpd_enable is set to “YES”, these are the flags to pass to the rarpd(8) daemon.

bootparamd_enable

(bool) If set to “YES”, run the bootparamd(8) daemon at system boot time.

bootparamd_flags

(str) If bootparamd_enable is set to “YES”, these are the flags to pass to the bootparamd(8) daemon.

stf_interface_ipv4addr

(str) If not set to “NO”, this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling interface). Specify this entry to enable the 6to4 interface.

stf_interface_ipv4plen

(int) Prefix length for 6to4 IPv4 addresses, to limit peer address range. An effective value is 0-31.

stf_interface_ipv6_ifid

(str) IPv6 interface ID for stf(4). This can be set to “AUTO”.

stf_interface_ipv6_slaid

(str) IPv6 Site Level Aggregator for stf(4).

ipv6_ipv4mapping

(bool) If set to “YES” this enables IPv4 mapped IPv6 address communication (like ::ffff:a.b.c.d).

rtsold_enable

(bool) Set to “YES” to enable the rtsold(8) daemon to send ICMPv6 Router Solicitation messages.

rtsold_flags

(str) If rtsold_enable is set to “YES”, these are the flags to pass to rtsold(8).

rtsol_flags

(str) For interfaces configured with the “inet6 accept_rtadv” keyword, these are the flags to pass to rtsol(8).

Note that rtsold_enable is mutually exclusive to rtsol_flags; rtsold_enable takes precedence.

keybell

(str) The keyboard bell sound. Set to “normal”, “visual”, “off”, or “NO” if the default behavior is desired. For details, refer to the kbdcontrol(1) manpage.

keyboard

(str) If set to a non-null string, the virtual console's keyboard input is set to this device.

keymap

(str) If set to “NO”, no keymap is installed, otherwise the value is used to install the keymap file found in /usr/share/syscons/keymaps/⟨value⟩.kbd (if using syscons(4)) or /usr/share/vt/keymaps/⟨value⟩.kbd (if using vt(4)).

keyrate

(str) The keyboard repeat speed. Set to “slow”, “normal”, “fast”, or “NO” if the default behavior is desired.

keychange

(str) If not set to “NO”, attempt to program the function keys with the value. The value should be a single string of the form: “funkey_number new_value [funkey_number new_value ...]”.

cursor

(str) Can be set to the value of “normal”, “blink”, “destructive”, or “NO” to set the cursor behavior explicitly or choose the default behavior.

scrnmap

(str) If set to “NO”, no screen map is installed, otherwise the value is used to install the screen map file in /usr/share/syscons/scrnmaps/⟨value⟩. This parameter is ignored when using vt(4) as the console driver.

font8x16

(str) If set to “NO”, the default 8x16 font value is used for screen size requests, otherwise the value in /usr/share/syscons/fonts/⟨value⟩ or /usr/share/vt/fonts/⟨value⟩ is used (depending on the console driver being used).

font8x14

(str) If set to “NO”, the default 8x14 font value is used for screen size requests, otherwise the value in /usr/share/syscons/fonts/⟨value⟩ or /usr/share/vt/fonts/⟨value⟩ is used (depending on the console driver being used).

font8x8

(str) If set to “NO”, the default 8x8 font value is used for screen size requests, otherwise the value in /usr/share/syscons/fonts/⟨value⟩ or /usr/share/vt/fonts/⟨value⟩ is used (depending on the console driver being used).

blanktime

(int) If set to “NO”, the default screen blanking interval is used, otherwise it is set to value seconds.

saver

(str) If not set to “NO”, this is the actual screen saver to use (blank, snake, daemon, etc).

moused_nondefault_enable

(str) If set to “NO”, the mouse device specified on the command line is not automatically treated as enabled by the /etc/rc.d/moused script. Having this variable set to “YES” allows a usb(4) mouse, for example, to be enabled as soon as it is plugged in.

moused_enable

(str) If set to “YES”, the moused(8) daemon is started for doing cut/paste selection on the console.

moused_type

(str) This is the protocol type of the mouse connected to this host. This variable must be set if moused_enable is set to “YES”. The moused(8) daemon is able to detect the appropriate mouse type automatically in many cases. Set this variable to “auto” to let the daemon detect it, or select one from the following list if the automatic detection fails.

If the mouse is attached to the PS/2 mouse port, choose “auto” or “ps/2”, regardless of the brand and model of the mouse. Likewise, if the mouse is attached to the bus mouse port, choose “auto” or “busmouse”. All other protocols are for serial mice and will not work with the PS/2 and bus mice. If this is a USB mouse, “auto” is the only protocol type which will work.

microsoft

Microsoft mouse (serial)

intellimouse

Microsoft IntelliMouse (serial)

mousesystems

Mouse systems Corp. mouse (serial)

mmseries

MM Series mouse (serial)

logitech

Logitech mouse (serial)

busmouse

A bus mouse

mouseman

Logitech MouseMan and TrackMan (serial)

glidepoint

ALPS GlidePoint (serial)

thinkingmouse

Kensington ThinkingMouse (serial)

ps/2

PS/2 mouse

mmhittab

MM HitTablet (serial)

x10mouseremote

X10 MouseRemote (serial)

versapad

Interlink VersaPad (serial)

Even if the mouse is not in the above list, it may be compatible with one in the list. Refer to the manual page for moused(8) for compatibility information.

It should also be noted that while this is enabled, any other client of the mouse (such as an X server) should access the mouse through the virtual mouse device, /dev/sysmouse, and configure it as a “sysmouse” type mouse, since all mouse data is converted to this single canonical format when using moused(8). If the client program does not support the “sysmouse” type, specify the “mousesystems” type. It is the second preferred type.

moused_port

(str) If moused_enable is set to “YES”, this is the actual port the mouse is on. It might be /dev/cuau0 for a COM1 serial mouse, /dev/psm0 for a PS/2 mouse or /dev/mse0 for a bus mouse, for example.

moused_flags

(str) If moused_flags is set, its value is used as an additional set of flags to pass to the moused(8) daemon.

moused_XXX_flags

When moused_nondefault_enable is enabled, and a moused(8) daemon is started for a non-default port, the moused_XXX_flags set of options has precedence over and replaces the default moused_flags (where XXX is the name of the non-default port, i.e., ums0). By setting moused_XXX_flags it is possible to set up a different set of default flags for each moused(8) instance. For example, you can use “-3” for the default moused_flags to make your laptop's touchpad more comfortable to use, but an empty set of options for moused_ums0_flags when your usb(4) mouse has three or more buttons.

mousechar_start

(int) If set to “NO”, the default mouse cursor character range 0xd0-0xd3 is used, otherwise the range start is set to value character, see vidcontrol(1). Use if the default range is occupied in the language code table.

allscreens_flags

(str) If set, vidcontrol(1) is run with these options for each of the virtual terminals (/dev/ttyv*). For example, “-m on” will enable the mouse pointer on all virtual terminals if moused_enable is set to “YES”.

allscreens_kbdflags

(str) If set, kbdcontrol(1) is run with these options for each of the virtual terminals (/dev/ttyv*). For example, “-h 200” will set the syscons(4) or vt(4) scrollback (history) buffer to 200 lines.

cron_enable

(bool) If set to “YES”, run the cron(8) daemon at system boot time.

cron_program

(str) Path to cron(8) (default /usr/sbin/cron).

cron_flags

(str) If cron_enable is set to “YES”, these are the flags to pass to cron(8).

cron_dst

(bool) If set to “YES”, enable the special handling of transitions to and from the Daylight Saving Time in cron(8) (equivalent to using the flag -s).

lpd_program

(str) Path to lpd(8) (default /usr/sbin/lpd).

lpd_enable

(bool) If set to “YES”, run the lpd(8) daemon at system boot time.

lpd_flags

(str) If lpd_enable is set to “YES”, these are the flags to pass to the lpd(8) daemon.

chkprintcap_enable

(bool) If set to “YES”, run the chkprintcap(8) command before starting the lpd(8) daemon.

chkprintcap_flags

(str) If lpd_enable and chkprintcap_enable are set to “YES”, these are the flags to pass to the chkprintcap(8) program. The default is “-d”, which causes missing directories to be created.

mta_start_script

(str) This variable specifies the full path to the script to run to start a mail transfer agent. The default is /etc/rc.sendmail. The sendmail_* variables which /etc/rc.sendmail uses are documented in the rc.sendmail(8) manual page.

dumpdev

(str) Indicates the device (usually a swap partition) to which a crash dump should be written in the event of a system crash. If the value of this variable is “AUTO”, the first suitable swap device listed in /etc/fstab will be used as dump device. Otherwise, the value of this variable is passed as the argument to dumpon(8). To disable crash dumps, set this variable to “NO”.

dumpon_flags

(str) Flags to pass to dumpon(8) when configuring dumpdev as the system dump device.

dumpdir

(str) When the system reboots after a crash and a crash dump is found on the device specified by the dumpdev variable, savecore(8) will save that crash dump and a copy of the kernel to the directory specified by the dumpdir variable. The default value is /var/crash. Set to “NO” to not run savecore(8) at boot time when dumpdir is set.

savecore_enable

(bool) If set to “NO”, disable automatic extraction of the crash dump from the dumpdev.

savecore_flags

(str) If crash dumps are enabled, these are the flags to pass to the savecore(8) utility.

quota_enable

(bool) Set to “YES” to turn on user and group disk quotas on system startup via the quotaon(8) command for all file systems marked as having quotas enabled in /etc/fstab. The kernel must be built with options QUOTA for disk quotas to function.

check_quotas

(bool) Set to “YES” to enable user and group disk quota checking via the quotacheck(8) command.

quotacheck_flags

(str) If quota_enable is set to “YES”, and check_quotas is set to “YES”, these are the flags to pass to the quotacheck(8) utility. The default is “-a”, which checks quotas for all file systems with quotas enabled in /etc/fstab.

quotaon_flags

(str) If quota_enable is set to “YES”, these are the flags to pass to the quotaon(8) utility. The default is “-a”, which enables quotas for all file systems with quotas enabled in /etc/fstab.

quotaoff_flags

(str) If quota_enable is set to “YES”, these are the flags to pass to the quotaoff(8) utility when shutting down the quota system. The default is “-a”, which disables quotas for all file systems with quotas enabled in /etc/fstab.

accounting_enable

(bool) Set to “YES” to enable system accounting through the accton(8) facility.

ibcs2_enable

(bool) Set to “YES” to enable iBCS2 (SCO) binary emulation at system initial boot time.

ibcs2_loaders

(str) If not set to “NO” and if ibcs2_enable is set to “YES”, this specifies a list of additional iBCS2 loaders to enable.

firstboot_sentinel

(str) This variable specifies the full path to a “first boot” sentinel file. If a file exists with this path, rc.d scripts with the “firstboot” keyword will be run on startup and the sentinel file will be deleted after the boot process completes. The sentinel file must be located on a writable file system which is mounted no later than early_late_divider to function properly. The default is /firstboot.

linux_enable

(bool) Set to “YES” to enable Linux/ELF binary emulation at system initial boot time.

sysvipc_enable

(bool) If set to “YES”, load System V IPC primitives at boot time.

clear_tmp_enable

(bool) Set to “YES” to have /tmp cleaned at startup.

clear_tmp_X

(bool) Set to “NO” to disable removing of X11 lock files, and the removal and (secure) recreation of the various socket directories for X11 related programs.

ldconfig_paths

(str) Set to the list of shared library paths to use with ldconfig(8). NOTE: /lib and /usr/lib will always be added first, so they need not appear in this list.

ldconfig32_paths

(str) Set to the list of 32-bit compatibility shared library paths to use with ldconfig(8).

ldconfig_paths_aout

(str) Set to the list of shared library paths to use with ldconfig(8) legacy a.out(5) support.

ldconfig_insecure

(bool) The ldconfig(8) utility normally refuses to use directories which are writable by anyone except root. Set this variable to “YES” to disable that security check during system startup.

ldconfig_local_dirs

(str) Set to the list of local ldconfig(8) directories. The names of all files in the directories listed will be passed as arguments to ldconfig(8).

ldconfig_local32_dirs

(str) Set to the list of local 32-bit compatibility ldconfig(8) directories. The names of all files in the directories listed will be passed as arguments to “ldconfig -32”.

kern_securelevel_enable

(bool) Set to “YES” to set the kernel security level at system startup.

kern_securelevel

(int) The kernel security level to set at startup. The allowed range of value ranges from -1 (the compile time default) to 3 (the most secure). See security(7) for the list of possible security levels and their effect on system operation.

sshd_program

(str) Path to the SSH server program (/usr/sbin/sshd is the default).

sshd_enable

(bool) Set to “YES” to start sshd(8) at system boot time.

sshd_flags

(str) If sshd_enable is set to “YES”, these are the flags to pass to the sshd(8) daemon.

ftpd_program

(str) Path to the FTP server program (/usr/libexec/ftpd is the default).

ftpd_enable

(bool) Set to “YES” to start ftpd(8) as a stand-alone daemon at system boot time.

ftpd_flags

(str) If ftpd_enable is set to “YES”, these are the additional flags to pass to the ftpd(8) daemon.

watchdogd_enable

(bool) If set to “YES”, start the watchdogd(8) daemon at boot time. This requires that the kernel have been compiled with a watchdog(4) compatible device.

watchdogd_flags

(str) If watchdogd_enable is set to “YES”, these are the flags passed to the watchdogd(8) daemon.

watchdogd_timeout

(int) If watchdogd_enable is set to “YES”, this is a timeout that will be used by the watchdogd(8) daemon. If this option is set, it overrides -t in watchdogd_flags.

watchdogd_shutdown_timeout

(int) If watchdogd_enable is set to “YES”, this is a timeout that will be set by the watchdogd(8) daemon when it exits during the system shutdown. This timeout will not be set when returning to the single-user mode or when the watchdogd service is stopped individually using the service(8) command or the rc.d script. Note that the timeout will be applied if watchdogd(8) is stopped outside of rc(8) framework. If this option is set, it overrides -x in watchdogd_flags.

devfs_rulesets

(str) List of files containing sets of rules for devfs(8).

devfs_system_ruleset

(str) Rule name(s) to apply to the system /dev itself.

devfs_set_rulesets

(str) Pairs of already-mounted dev directories and rulesets that should be applied to them. For example: /mount/dev=ruleset_name

devfs_load_rulesets

(bool) If set, always load the default rulesets listed in devfs_rulesets.

performance_cx_lowest

(str) CPU idle state to use while on AC power. The string “LOW” indicates that acpi(4) should use the lowest power state available while “HIGH” indicates that the lowest latency state (less power savings) should be used.

performance_cpu_freq

(str) CPU clock frequency to use while on AC power. The string “LOW” indicates that cpufreq(4) should use the lowest frequency available while “HIGH” indicates that the highest frequency (less power savings) should be used.

economy_cx_lowest

(str) CPU idle state to use when off AC power. The string “LOW” indicates that acpi(4) should use the lowest power state available while “HIGH” indicates that the lowest latency state (less power savings) should be used.

economy_cpu_freq

(str) CPU clock frequency to use when off AC power. The string “LOW” indicates that cpufreq(4) should use the lowest frequency available while “HIGH” indicates that the highest frequency (less power savings) should be used.

jail_enable

(bool) If set to “NO”, any configured jails will not be started.

jail_conf

(str) The configuration filename used by jail(8) utility. The default value is /etc/jail.conf.

jail_parallel_start

(bool) If set to “YES”, all configured jails will be started in the background (in parallel).

jail_flags

(str) Unset by default. When set, use as default value for jail_⟨jname⟩_flags for every jail in jail_list.

jail_list

(str) A space-delimited list of jail names. When left empty, all of the jail(8) instances defined in the configuration file are started. The names specified in this list control the jail startup order. jail(8) instances missing from jail_list must be started manually. Note that a jail's depend parameter in the configuration file may override this list.

jail_reverse_stop

(bool) When set to “YES”, all configured jails in jail_list are stopped in reverse order.

jail_* variables

Note that older releases supported per-jail configuration via rc.conf variables. For example, hostname of a jail named vjail was able to be set by jail_vjail_hostname. These per-jail configuration variables are now obsolete in favor of jail(8) configuration file. For backward compatibility, when per-jail configuration variables are defined, jail(8) configuration files are created as /var/run/jail.⟨jname⟩.conf and used.

The following per-jail parameters are handled by rc.d/jail script out of their corresponding rc.conf variables. In addition to them, parameters in jail_⟨jname⟩_parameters will be added to the configuration file. They must be a semi-colon (‘;’) delimited list of “key=value”. For more details, see jail(8) manual page.

path

set from jail_⟨jname⟩_rootdir

host.hostname

set from jail_⟨jname⟩_hostname

exec.consolelog

set from jail_⟨jname⟩_consolelog. The default value is /var/log/jail_⟨jname⟩_console.log.

interface

set from jail_⟨jname⟩_interface.

vnet.interface

set from jail_⟨jname⟩_vnet_interface. This implies vnet parameter will be enabled and cannot be specified with jail_⟨jname⟩_interface, jail_⟨jname⟩_ip and/or jail_⟨jname⟩_ip_multi⟨n⟩ at the same time.

fstab

set from jail_⟨jname⟩_fstab

mount

set from jail_⟨jname⟩_procfs_enable.

exec.fib

set from jail_⟨jname⟩_fib

exec.start

set from jail_⟨jname⟩_exec_start. The parameter name was command in some older releases.

exec.prestart

set from jail_⟨jname⟩_exec_prestart

exec.poststart

set from jail_⟨jname⟩_exec_poststart

exec.stop

set from jail_⟨jname⟩_exec_stop

exec.prestop

set from jail_⟨jname⟩_exec_prestop

exec.poststop

set from jail_⟨jname⟩_exec_poststop

ip4.addr

set if jail_⟨jname⟩_ip or jail_⟨jname⟩_ip_multi⟨n⟩ contain IPv4 addresses

ip6.addr

set if jail_⟨jname⟩_ip or jail_⟨jname⟩_ip_multi⟨n⟩ contain IPv6 addresses

allow.mount

set from jail_⟨jname⟩_mount_enable

mount.devfs

set from jail_⟨jname⟩_devfs_enable

devfs_ruleset

set from jail_⟨jname⟩_devfs_ruleset. This must be an integer, not a string.

mount.fdescfs

set from jail_⟨jname⟩_fdescfs_enable

allow.set_hostname

set from jail_⟨jname⟩_set_hostname_allow

allow.rawsocket

set from jail_⟨jname⟩_socket_unixiproute_only

allow.sysvipc

set from jail_⟨jname⟩_sysvipc_allow

harvest_mask

(int) Set to a bit-mask representing the entropy sources you wish to harvest. Refer to random(4) for more information.

entropy_dir

(str) Set to “NO” to disable caching entropy via cron(8). Otherwise set to the directory in which the entropy files are stored. To be useful, there must be a system cron job that regularly writes and rotates files here. All files found will be used at boot time. The default is /var/db/entropy.

entropy_file

(str) Set to “NO” to disable caching entropy through reboots. Otherwise set to the name of a file used to store cached entropy. This file should be located on a file system that is readable before all the volumes specified in fstab(5) are mounted. By default, /entropy is used, but if /var/db/entropy-file is found it will also be used. This will be of some use to bsdinstall(8).

entropy_boot_file

(str) Set to “NO” to disable very early caching entropy through reboots. Otherwise set to the filename used to read very early reboot cached entropy. This file should be located where loader(8) can read it. See also loader.conf(5). The default location is /boot/entropy.

entropy_save_sz

(int) Size of the entropy cache files saved by save-entropy periodically.

entropy_save_num

(int) Number of entropy cache files to save by save-entropy periodically.

ipsec_enable

(bool) Set to “YES” to run setkey(8) on ipsec_file at boot time.

ipsec_file

(str) Configuration file for setkey(8).

dmesg_enable

(bool) Set to “YES” to save dmesg(8) to /var/run/dmesg.boot on boot.

rcshutdown_timeout

(int) If set, start a watchdog timer in the background which will terminate rc.shutdown if shutdown(8) has not completed within the specified time (in seconds). Notice that in addition to this soft timeout, init(8) also applies a hard timeout for the execution of rc.shutdown. This is configured via sysctl(8) variable kern.init_shutdown_timeout and defaults to 120 seconds. Setting the value of rcshutdown_timeout to more than 120 seconds will have no effect until the sysctl(8) variable kern.init_shutdown_timeout is also increased.

virecover_enable

(bool) Set to “NO” to prevent the system from trying to recover pre-maturely terminated vi(1) sessions.

ugidfw_enable

(bool) Set to “YES” to load the mac_bsdextended(4) module upon system initialization and load a default ruleset file.

bsdextended_script

(str) The default mac_bsdextended(4) ruleset file to load. The default value of this variable is /etc/rc.bsdextended.

newsyslog_enable

(bool) If set to “YES”, run newsyslog(8) command at startup.

newsyslog_flags

(str) If newsyslog_enable is set to “YES”, these are the flags to pass to the newsyslog(8) program. The default is “-CN”, which causes log files flagged with a C to be created.

mdconfig_md⟨X⟩

(str) Arguments to mdconfig(8) for md(4) device X. At minimum a -t type must be specified and either a -s size for malloc or swap backed md(4) devices or a -f file for vnode backed md(4) devices. Note that mdconfig_md⟨X⟩ variables are evaluated until one variable is unset or null.

mdconfig_md⟨X⟩_newfs

(str) Optional arguments passed to newfs(8) to initialize md(4) device X.

mdconfig_md⟨X⟩_owner

(str) An ownership specification passed to chown(8) after the specified md(4) device X has been mounted. Both the md(4) device and the mount point will be changed.

mdconfig_md⟨X⟩_perms

(str) A mode string passed to chmod(1) after the specified md(4) device X has been mounted. Both the md(4) device and the mount point will be changed.

mdconfig_md⟨X⟩_files

(str) Files to be copied to the mount point of the md(4) device X after it has been mounted.

mdconfig_md⟨X⟩_cmd

(str) Command to execute after the specified md(4) device X has been mounted. Note that the command is passed to eval and that both _dev and _mp variables can be used to reference respectively the md(4) device and the mount point. Assuming that the md(4) device is md0, one could set the following:

mdconfig_md0_cmd="tar xfzC /var/file.tgz \${_mp}"

autobridge_interfaces

(str) Set to the list of bridge interfaces that will have newly arriving interfaces checked against to be automatically added. If not set to “NO” then for each whitespace separated element in the value, a autobridge_⟨element⟩ variable is assumed to exist which has a whitespace separated list of interface names to match, these names can use wildcards. For example:

autobridge_interfaces="bridge0"
autobridge_bridge0="tap* dc0 vlan[345]"

mixer_enable

(bool) If set to “YES”, enable support for sound mixer.

hcsecd_enable

(bool) If set to “YES”, enable Bluetooth security daemon.

hcsecd_config

(str) Configuration file for hcsecd(8). Default /etc/bluetooth/hcsecd.conf.

sdpd_enable

(bool) If set to “YES”, enable Bluetooth Service Discovery Protocol daemon.

sdpd_control

(str) Path to sdpd(8) control socket. Default /var/run/sdp.

sdpd_groupname

(str) Sets sdpd(8) group to run as after it initializes. Default “nobody”.

sdpd_username

(str) Sets sdpd(8) user to run as after it initializes. Default “nobody”.

bthidd_enable

(bool) If set to “YES”, enable Bluetooth Human Interface Device daemon.

bthidd_config

(str) Configuration file for bthidd(8). Default /etc/bluetooth/bthidd.conf.

bthidd_hids

(str) Path to a file, where bthidd(8) will store information about known HID devices. Default /var/db/bthidd.hids.

rfcomm_pppd_server_enable

(bool) If set to “YES”, enable Bluetooth RFCOMM PPP wrapper daemon.

rfcomm_pppd_server_profile

(str) The name of the profile to use from /etc/ppp/ppp.conf. Multiple profiles can be specified here. Also used to specify per-profile overrides. When the profile name contains any of the characters “.-/+” they are translated to “_” for the proposes of the override variable names.

rfcomm_pppd_server_⟨profile⟩_bdaddr

(str) Overrides local address to listen on. By default rfcomm_pppd(8) will listen on “ANY” address. The address can be specified as BD_ADDR or name.

rfcomm_pppd_server_⟨profile⟩_channel

(str) Overrides local RFCOMM channel to listen on. By default rfcomm_pppd(8) will listen on RFCOMM channel 1. Must set properly if multiple profiles used in the same time.

rfcomm_pppd_server_⟨profile⟩_register_sp

(bool) Tells rfcomm_pppd(8) if it should register Serial Port service on the specified RFCOMM channel. Default “NO”.

rfcomm_pppd_server_⟨profile⟩_register_dun

(bool) Tells rfcomm_pppd(8) if it should register Dial-Up Networking service on the specified RFCOMM channel. Default “NO”.

ubthidhci_enable

(bool) If set to “YES”, change the USB Bluetooth controller from HID mode to HCI mode. You also need to specify the location of USB Bluetooth controller with the ubthidhci_busnum and ubthidhci_addr variables.

ubthidhci_busnum

Bus number where the USB Bluetooth controller is located. Check the output of usbconfig(8) on your system to find this information.

ubthidhci_addr

Bus address of the USB Bluetooth controller. Check the output of usbconfig(8) on your system to find this information.

netwait_enable

(bool) If set to “YES”, delays the start of network-reliant services until netwait_if is up and ICMP packets to a destination defined in netwait_ip are flowing. Link state is examined first, followed by “pinging” an IP address to verify network usability. If no destination can be reached or timeouts are exceeded, network services are started anyway with no guarantee that the network is usable. Use of this variable requires both netwait_ip and netwait_if to be set.

netwait_ip

(str) Empty by default. This variable contains a space-delimited list of IP addresses to ping(8). DNS hostnames should not be used as resolution is not guaranteed to be functional at this point. If multiple IP addresses are specified, each will be tried until one is successful or the list is exhausted.

netwait_timeout

(int) Indicates the total number of seconds to perform a “ping” against each IP address in netwait_ip, at a rate of one ping per second. If any of the pings are successful, full network connectivity is considered reliable. The default is 60.

netwait_if

(str) Empty by default. Defines the name of the network interface on which watch for link. ifconfig(8) is used to monitor the interface, looking for “status: no carrier”. Once gone, the link is considered up. This can be a vlan(4) interface if desired.

netwait_if_timeout

(int) Defines the total number of seconds to wait for link to become usable, polled at a 1-second interval. The default is 30.

rctl_enable

(bool) If set to “YES”, load rctl(8) rules from the defined ruleset. The kernel must be built with options RACCT and options RCTL.

rctl_rules

(str) Set to /etc/rctl.conf by default. This variables contains the rctl.conf(5) ruleset to load for rctl(8).

iovctl_files

(str) A space-separated list of configuration files used by iovctl(8). The default value is an empty string.

autofs_enable

(bool) If set to “YES”, start the automount(8) utility and the automountd(8) and autounmountd(8) daemons at boot time.

automount_flags

(str) If autofs_enable is set to “YES”, these are the flags to pass to the automount(8) program. By default no flags are passed.

automountd_flags

(str) If autofs_enable is set to “YES”, these are the flags to pass to the automountd(8) daemon. By default no flags are passed.

autounmountd_flags

(str) If autofs_enable is set to “YES”, these are the flags to pass to the autounmountd(8) daemon. By default no flags are passed.

ctld_enable

(bool) If set to “YES”, start the ctld(8) daemon at boot time.

iscsid_enable

(bool) If set to “YES”, start the iscsid(8) daemon at boot time.

iscsictl_enable

(bool) If set to “YES”, start the iscsictl(8) utility at boot time.

iscsictl_flags

(str) If iscsictl_enable is set to “YES”, these are the flags to pass to the iscsictl(8) program. The default is “-Aa”, which configures sessions based on the /etc/iscsi.conf configuration file.

cfumass_enable

(bool) If set to “YES”, create and export an USB LUN using cfumass(4) at boot time.

cfumass_dir

(str) The directory where the files exported by USB LUN are located. The default directory is /var/cfumass.

service_delete_empty

(bool) If set to “YES”, ‘service delete’ removes empty “rc.conf.d” files.

FILES

/etc/defaults/rc.conf

 

/etc/rc.conf

 

/etc/rc.conf.local

 

SEE ALSO

chmod(1), gdb(1), info(1), kbdcontrol(1), limits(1), protect(1), sh(1), vi(1), vidcontrol(1), bridge(4), dummynet(4), ip(4), ipf(4), ipfw(4), ipnat(4), kld(4), pf(4), pflog(4), pfsync(4), tcp(4), udp(4), exports(5), fstab(5), ipf(5), ipnat(5), jail.conf(5), loader.conf(5), login.conf(5), motd(5), newsyslog.conf(5), pf.conf(5), security(7), accton(8), amd(8), apm(8), bsdinstall(8), bthidd(8), chkprintcap(8), chown(8), cron(8), devfs(8), dhclient(8), ftpd(8), geli(8), hcsecd(8), ifconfig(8), inetd(8), iovctl(8), ipf(8), ipfw(8), ipnat(8), jail(8), kldxref(8), loader(8), lpd(8), makewhatis(8), mdconfig(8), mdmfs(8), mixer(8), mountd(8), moused(8), newfs(8), newsyslog(8), nfsd(8), ntpd(8), ntpdate(8), pfctl(8), pflogd(8), ping(8), powerd(8), quotacheck(8), quotaon(8), rc(8), rc.sendmail(8), rc.subr(8), rfcomm_pppd(8), route(8), routed(8), rpc.lockd(8), rpc.statd(8), rpcbind(8), rwhod(8), savecore(8), sdpd(8), service(8), sshd(8), swapon(8), sysctl(8), syslogd(8), sysrc(8), timed(8), unbound(8), usbconfig(8), wlandebug(8), yp(8), ypbind(8), ypserv(8), ypset(8)

HISTORY

The rc.conf file appeared in FreeBSD 2.2.2.

AUTHORS

Jordan K. Hubbard.