Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
RC.CONF(5)		      File Formats Manual		    RC.CONF(5)

NAME
       rc.conf -- system configuration information

DESCRIPTION
       The  file rc.conf contains descriptive information about	the local host
       name, configuration details for any potential  network  interfaces  and
       which  services	should	be started up at system	initial	boot time.  In
       new installations, the rc.conf file is  generally  initialized  by  the
       system installation utility.

       The purpose of rc.conf is not to	run commands or	perform	system startup
       actions	directly.   Instead,  it  is  included	by the various generic
       startup scripts in /etc which conditionalize their internal actions ac-
       cording to the settings found there.

       The /etc/rc.conf	file is	included from the file	/etc/defaults/rc.conf,
       which  specifies	 the  default  settings	for all	the available options.
       Options need only be specified in /etc/rc.conf when the system adminis-
       trator	wishes	  to	override    these    defaults.	   The	  file
       /etc/defaults/vendor.conf  allows vendors to override FreeBSD defaults.
       The  file  /etc/rc.conf.local  is  used	 to   override	 settings   in
       /etc/rc.conf for	historical reasons.

       The  sysrc(8)  command  provides	a scripting interface to modify	system
       config files.

       In addition to /etc/rc.conf.local you can also place smaller configura-
       tion files for each rc(8) script	in  the	 /etc/rc.conf.d	 directory  or
       <dir>/rc.conf.d	directories  (where  <dir>  is each entry specified in
       local_startup, but with any trailing /rc.d stripped), which will	be in-
       cluded by the load_rc_config function.	For  jail  configurations  you
       could  use the file /etc/rc.conf.d/jail to store	jail-specific configu-
       ration options.	 If  local_startup  contains  /usr/local/etc/rc.d  and
       /opt/conf,  /usr/local/etc/rc.conf.d/jail  and /opt/conf/rc.conf.d/jail
       will be loaded.	If <dir>/rc.conf.d/<name> is a directory, all  of  the
       files  in  the  directory  will	be loaded.  Also see the rc_conf_files
       variable	below.

       Options are set with "name=value" assignments that  use	sh(1)  syntax.
       The following list provides a name and short description	for each vari-
       able that can be	set in the rc.conf file:

       rc_debug	   (bool)  If  set  to	"YES", enable output of	debug messages
		   from	rc scripts.  This variable can be helpful in  diagnos-
		   ing	mistakes when editing or integrating new scripts.  Be-
		   ware	that this produces copious output to the terminal  and
		   syslog(3).

       rc_info	   (bool)  If set to "NO", disable informational messages from
		   the rc scripts.  Informational messages are displayed  when
		   a condition that is not serious enough to warrant a warning
		   or an error occurs.

       rc_startmsgs
		   (bool) If set to "YES", show	"Starting foo:"	when faststart
		   is used (e.g., at boot time).

       early_late_divider
		   (str) The name of the script	that should be used as the de-
		   limiter  between  the "early" and "late" stages of the boot
		   process.  The early stage should contain all	 the  services
		   needed  to  get the disks (local or remote) mounted so that
		   the late stage can include scripts contained	in the	direc-
		   tories  listed  in  the local_startup variable (see below).
		   Thus,  the  two  likely  candidates	for  this  value   are
		   mountcritlocal  for the typical system, and mountcritremote
		   if the system needs remote file systems mounted to get  ac-
		   cess	 to  the  local_startup	 directories; for example when
		   /usr/local is NFS mounted.  For rc.conf  within  a  jail(8)
		   NETWORKING  is  likely to be	an appropriate value.  Extreme
		   care	should be taken	when changing this value,  and	before
		   changing  it	one should ensure that there are adequate pro-
		   visions to recover from a failed  boot  (such  as  physical
		   contact  with  the  machine,	or reliable remote console ac-
		   cess).

       always_force_depends
		   (bool) Various rc.d scripts use the	force_depend  function
		   to check whether required services are already running, and
		   to  start  them  if necessary.  By default during boot time
		   this	check is bypassed if the required service  is  enabled
		   in  /etc/rc.conf[.local].   Setting this option will	bypass
		   that	check at boot time and always test whether or not  the
		   service  is	actually  running.   Enabling  this  option is
		   likely to increase your boot	time if	services  are  enabled
		   that	utilize	the force_depend check.

       <name>_chroot
		   (str)  chroot(8)  to	this directory before running the ser-
		   vice.

       <name>_cpuset
		   (str) A list	of CPUs	to run	the  service  on.   Passed  to
		   cpuset(1) using the -l flag.

       <name>_fib  (int) The setfib(1) value to	run the	service	under.

       <name>_group
		   (str)  Run  the  chrooted  service under this system	group.
		   Unlike the <name>_user setting, this	setting	has no	effect
		   if the service is not chrooted.

       <name>_limits
		   (str)  Resource  limits  to	apply  to  the	service	 using
		   limits(1).  By default, resource limits are	based  on  the
		   login class defined in <name>_login_class.

       <name>_login_class
		   (str)  Login	class to be used with <name>_limits.  Defaults
		   to "daemon".

       <name>_nice
		   (int) The nice(1) value to run the service under.

       <name>_oomprotect
		   (str) Use protect(1)	to  prevent  the  service  from	 being
		   killed  when	swap space is exhausted.  Use "YES" to protect
		   only	the service itself, and	"ALL" to protect  the  service
		   and all its child processes.

		   Please note that rc scripts which redefine
			 ${argument}_cmd
		   (see	 rc.subr(8))  such  as PostgreSQL will not inherit the
		   OOM killer protection.

		   This	variable has no	effect on services  running  within  a
		   jail(8).

       <name>_setup
		   (str)  Run the specified setup script right before starting
		   the actual service command.	Useful for automatic  configu-
		   ration file generation.

       <name>_umask
		   (int) Run the service using this umask(1) value.

       <name>_user
		   (str) Run the service under this user account.

       apm_enable  (bool)  If set to "YES", enable support for Automatic Power
		   Management with the apm(8) command.

       apmd_enable
		   (bool) Run apmd(8) to handle	APM event from userland.  This
		   also	enables	support	for APM.

       apmd_flags  (str) If apmd_enable	is set to "YES", these are  the	 flags
		   to pass to the apmd(8) daemon.

       devd_enable
		   (bool)  Run	devd(8)	to handle device added,	removed	or un-
		   known events	from the kernel.

       ddb_enable  (bool) Run ddb(8) to	install	ddb(4) scripts at boot time.

       ddb_config  (str)   Configuration    file    for	   ddb(8).     Default
		   /etc/ddb.conf.

       devmatch_enable
		   (bool)  If set to "NO", disable auto-loading	of kernel mod-
		   ules	with devmatch(8).

       devmatch_blocklist
		   (str) A whitespace-separated	list of	kernel modules	to  be
		   ignored   by	  devmatch(8).	  In   addition,  the  kenv(1)
		   devmatch_blocklist is appended to this  variable  to	 allow
		   disabling  of  devmatch(8)  loaded  modules	from  the boot
		   loader.

       devmatch_blacklist
		   (str) This variable is deprecated.  Use  devmatch_blocklist
		   instead.   A	whitespace-separated list of kernel modules to
		   be ignored by devmatch(8).

       kld_list	   (str) A whitespace-separated	list of	kernel modules to load
		   right after the local disks are mounted,  without  any  .ko
		   extension  or  path.	  Loading modules at this point	in the
		   boot	 process  is   much   faster   than   doing   it   via
		   /boot/loader.conf  for  those  modules  not	necessary  for
		   mounting local disks.

       kldxref_enable
		   (bool) Set to "NO" by default.  Set to "YES"	 to  automati-
		   cally  rebuild  linker.hints	 files with kldxref(8) at boot
		   time.

       kldxref_clobber
		   (bool) Set to "NO" by default.  If kldxref_enable is	 true,
		   setting to "YES" will overwrite existing linker.hints files
		   at  boot  time.  Otherwise, only missing linker.hints files
		   are generated.

       kldxref_module_path
		   (str) Empty by default.  A semi-colon (`;') delimited  list
		   of paths containing kld(4) modules.	If empty, the contents
		   of the kern.module_path sysctl(8) are used.

       powerd_enable
		   (bool) If set to "YES", enable the system power control fa-
		   cility with the powerd(8) daemon.

       powerd_flags
		   (str) If powerd_enable is set to "YES", these are the flags
		   to pass to the powerd(8) daemon.

       tmpmfs	   Controls the	creation of a /tmp memory file system.	Always
		   happens  if	set to "YES" and never happens if set to "NO".
		   If set to anything else, a memory file system is created if
		   /tmp	is not writable.

       tmpsize	   Controls the	size of	a created /tmp memory file system.

       tmpmfs_flags
		   Extra options passed	to the mdmfs(8)	utility	when the  mem-
		   ory	file system for	/tmp is	created.  The default is "-S",
		   which inhibits the use of softupdates on /tmp so that  file
		   system  space  is freed without delay after file truncation
		   or deletion.	 See mdmfs(8) for other	options	you can	use in
		   tmpmfs_flags.

       varmfs	   Controls the	creation of a /var memory file system.	Always
		   happens if set to "YES" and never happens if	set  to	 "NO".
		   If set to anything else, a memory file system is created if
		   /var	is not writable.

       varsize	   Controls the	size of	a created /var memory file system.

       varmfs_flags
		   Extra  options passed to the	mdmfs(8) utility when the mem-
		   ory file system for /var is created.	 The default is	 "-S",
		   which  inhibits the use of softupdates on /var so that file
		   system space	is freed without delay after  file  truncation
		   or deletion.	 See mdmfs(8) for other	options	you can	use in
		   varmfs_flags.

       populate_var
		   Controls  the automatic population of the /var file system.
		   Always happens if set to "YES" and never happens if set  to
		   "NO".   If  set  to	anything else, a memory	file system is
		   created if /var is not writable.  Note  that	 this  process
		   requires  access to certain commands	in /usr	before /usr is
		   mounted on normal systems.

       cleanvar_enable
		   (bool) Clean	the /var directory.

       var_run_enable
		   (bool) Set to "YES" to enable saving	of the /var/run	direc-
		   tory	structure into an mtree	file at	shutdown and  the  re-
		   load	of the /var/run	directory structure at boot.

       var_run_autosave
		   (bool) In some cases	it may be undesirable to save /var/run
		   at shutdown.	 When set to "NO" /var/run is loaded at	reboot
		   but	not  saved  at	shutdown.   Typically in this scenario
		   `service var_run save' would	be performed to	save a copy of
		   the /var/run	directory structure once, to be	reloaded  dur-
		   ing all subsequent reboots.

       var_run_mtree
		   (str)  Where	to save	the /var/run mtree.  The default loca-
		   tion	is /var/db/mtree/BSD.var-run.mtree.

       local_startup
		   (str) List of directories  to  search  for  startup	script
		   files.

       script_name_sep
		   (str) The field separator to	use for	breaking down the list
		   of startup script files into	individual filenames.  The de-
		   fault  is  a	space.	It is not necessary to change this un-
		   less	 there	are  startup  scripts  with  names  containing
		   spaces.

       hostapd_enable
		   (bool)  Set	to  "YES"  to  start hostapd(8)	at system boot
		   time.

       hostname	   (str) The fully qualified domain name (FQDN)	of  this  host
		   on  the  network.   This  should almost certainly be	set to
		   something meaningful, even if there is no  network  connec-
		   tion.  If dhclient(8) is used to set	the hostname via DHCP,
		   this	 variable  should be set to an empty string.  Within a
		   jail(8) the hostname	is  generally  already	set  and  this
		   variable  may  be absent.  If this value remains unset when
		   the system is done booting your console login will  display
		   the default hostname	of "Amnesiac".

       nisdomainname
		   (str)  The  NIS domain name of this host, or	"NO" if	NIS is
		   not used.

       hostid_enable
		   (bool) If set to "NO", disable the generation or saving  of
		   the	hostid	and  machine-id	files at system	boot and shut-
		   down.

       hostid_file
		   (str) Path to the hostid file, default /etc/hostid.

       hostid_uuidgen_flags
		   (str) Flags passed to uuidgen(1) when generating a software
		   host	UUID.  This is used only if the	system	cannot	deter-
		   mine	a hardware UUID.  Set to "-r" by default.

       machine_id_file
		   (str) Path to the machine-id	file, default /etc/machine-id.

       dhclient_program
		   (str)  Path	to  the	 DHCP  client  program,	 defaulting to
		   /sbin/dhclient.

       dhclient_flags
		   (str) Additional flags to pass to the DHCP client  program.
		   See	the  dhclient(8) manpage for a description of the com-
		   mand	line options available.

       dhclient_flags_<iface>
		   Additional flags to pass to the DHCP	client program running
		   on iface only.  When	 specified,  this  variable  overrides
		   dhclient_flags.

       background_dhclient
		   (bool) Set to "YES" to start	the DHCP client	in background.
		   This	 can  cause  trouble  with applications	depending on a
		   working network, but	it will	provide	a  faster  startup  in
		   many	cases.

       background_dhclient_<iface>
		   When	    specified,	  this	  variable    overrides	   the
		   background_dhclient variable	for interface iface only.

       synchronous_dhclient
		   (bool) Set to "YES" to start	dhclient(8)  synchronously  at
		   startup.   This  behavior can be overridden on a per-inter-
		   face	 basis	by  replacing  the  "DHCP"  keyword   in   the
		   ifconfig_<interface>	   variable    with    "SYNCDHCP"   or
		   "NOSYNCDHCP".

       defaultroute_delay
		   (int) When set to a positive	value, wait up	to  this  long
		   after  configuring  DHCP  interfaces	at startup to give the
		   interfaces time to receive a	lease.

       firewall_enable
		   (bool) Set to "YES" to load firewall	rules at startup.   If
		   the	kernel	was  not  built	 with  options IPFIREWALL, the
		   ipfw.ko  kernel  module   will   be	 loaded.    See	  also
		   ipfilter_enable.

       firewall_script
		   (str) This variable specifies the full path to the firewall
		   script to run.  The default is /etc/rc.firewall.

       firewall_type
		   (str)  Names	 the  firewall	type  from  the	 selection  in
		   /etc/rc.firewall, or	the  file  which  contains  the	 local
		   firewall  ruleset.	Valid selections from /etc/rc.firewall
		   are:

		   open		unrestricted IP	access
		   closed	all IP services	disabled, except via "lo0"
		   client	basic protection for a workstation
		   workstation	basic  protection  for	a  workstation	 using
				stateful firewalling
		   simple	basic protection for a LAN.

		   If a	filename is specified, the full	path must be given.

		   Most	 of the	predefined rulesets define additional configu-
		   ration    variables.	    These    are     documented	    in
		   /etc/rc.firewall.

       firewall_quiet
		   (bool)  Set	to  "YES"  to  disable the display of firewall
		   rules on the	console	during boot.

       firewall_logging
		   (bool) Set to "YES" to enable firewall event	logging.  This
		   is equivalent to the	IPFIREWALL_VERBOSE kernel option.

       firewall_logif
		   (bool) Set to "YES" to create pseudo	 interface  ipfw0  for
		   logging.  For more details, see ipfw(8) manual page.

       firewall_flags
		   (str)  Flags	passed to ipfw(8) if firewall_type specifies a
		   filename.

       firewall_coscripts
		   (str) List of executables and/or rc scripts	to  run	 after
		   firewall starts/stops.  Default is empty.

       firewall_nat_enable
		   (bool) The ipfw(8) equivalent of natd_enable.  Setting this
		   to  "YES"  will  automatically  load	the ipfw(8) NAT	kernel
		   module if firewall_enable is	also set to "YES".

       firewall_nat_interface
		   (str) The ipfw(8) equivalent	of  natd_interface.   This  is
		   the	name  of  the  public interface	or IP address on which
		   kernel NAT should run.

       firewall_nat_flags
		   (str) Additional configuration parameters  for  kernel  NAT
		   should be placed here.

       firewall_nat64_enable
		   (bool)  Setting  this  to "YES" will	automatically load the
		   ipfw(8) NAT64 kernel	module if firewall_enable is also  set
		   to "YES".

       firewall_nptv6_enable
		   (bool)  Setting  this  to "YES" will	automatically load the
		   ipfw(8) NPTv6 kernel	module if firewall_enable is also  set
		   to "YES".

       firewall_pmod_enable
		   (bool)  Setting  this  to "YES" will	automatically load the
		   ipfw(8) pmod	kernel module if firewall_enable is  also  set
		   to "YES".

       dummynet_enable
		   (bool)  Setting  this  to "YES" will	automatically load the
		   dummynet(4) module if firewall_enable is also set to	"YES".

       ipfw_netflow_enable
		   (bool) Setting this to "YES"	will  enable  netflow  logging
		   via ng_netflow(4).

		   By  default a ipfw rule is inserted and all packets are du-
		   plicated with the ngtee command  and	 netflow  packets  are
		   sent	 to  127.0.0.1 on the netflow port using protocol ver-
		   sion	5.

       ipfw_netflow_hook
		   (int) netflow hook name, must be numerical (default 9995).

       ipfw_netflow_rule
		   (int) ipfw rule number (default 1000).

       ipfw_netflow_ip
		   (str) Destination server ip for receiving netflow data (de-
		   fault 127.0.0.1).

       ipfw_netflow_port
		   (int) Destination server port for  receiving	 netflow  data
		   (default 9995).

       ipfw_netflow_version
		   (int)  Do not set for using version 5 of the	netflow	proto-
		   col,	set it to 9 for	using version 9.

       ipfw_netflow_fib
		   (int) Only match packet in FIB ipfw_netflow_fib (default is
		   undefined meaning all FIBs).

       natd_program
		   (str) Path to natd(8).

       natd_enable
		   (bool) Set to "YES"	to  enable  natd(8).   firewall_enable
		   must	 also  be  set to "YES", and divert(4) sockets must be
		   enabled in the kernel.  If the kernel was  not  built  with
		   options  IPDIVERT,  the  ipdivert.ko	 kernel	module will be
		   loaded.

       natd_interface
		   (str) This is the name of the  public  interface  on	 which
		   natd(8)  should  run.  The interface	may be given as	an in-
		   terface name	or as an IP address.

       natd_flags  (str) Additional natd(8) flags should be placed here.   The
		   -n  or  -a  flag  is	 automatically	added  with  the above
		   natd_interface as an	argument.

       ipfilter_enable
		   (bool) Set to "NO" by default.  Setting this	to  "YES"  en-
		   ables ipf(8)	packet filtering.

		   Typical usage will require putting

		   ipfilter_enable="YES"
		   ipnat_enable="YES"
		   ipmon_enable="YES"
		   ipfs_enable="YES"

		   into	   /etc/rc.conf	  and	editing	  /etc/ipf.rules   and
		   /etc/ipnat.rules appropriately.

		   Note	that ipfilter_enable and ipnat_enable can  be  enabled
		   independently.   ipmon_enable  and ipfs_enable both require
		   at least one	of ipfilter_enable and ipnat_enable to be  en-
		   abled.

		   Having

		   options IPFILTER
		   options IPFILTER_LOG
		   options IPFILTER_DEFAULT_BLOCK

		   in the kernel configuration file is a good idea, too.

       ipfilter_program
		   (str) Path to ipf(8)	(default /sbin/ipf).

       ipfilter_rules
		   (str) Set to	/etc/ipf.rules by default.  This variable con-
		   tains  the  name  of	 the filter rule definition file.  The
		   file	is expected to be readable for the ipf(8)  command  to
		   execute.

       ipfilter_flags
		   (str)  Empty	 by  default.	This  variable	contains flags
		   passed to the ipf(8)	program.

       ipnat_enable
		   (bool) Set to "NO" by default.  Set it to "YES"  to	enable
		   ipnat(8)  network address translation.  See ipfilter_enable
		   for a detailed discussion.

       ipnat_program
		   (str) Path to ipnat(8) (default /sbin/ipnat).

       ipnat_rules
		   (str) Set to	/etc/ipnat.rules by  default.	This  variable
		   contains  the  name of the file holding the network address
		   translation definition.  This file is expected to be	 read-
		   able	for the	ipnat(8) command to execute.

       ipnat_flags
		   (str)  Empty	 by  default.	This  variable	contains flags
		   passed to the ipnat(8) program.

       ipmon_enable
		   (bool) Set to "NO" by default.  Set it to "YES"  to	enable
		   ipmon(8)  monitoring	 (logging ipf(8) and ipnat(8) events).
		   Setting this	 variable  needs  setting  ipfilter_enable  or
		   ipnat_enable	 too.  See ipfilter_enable for a detailed dis-
		   cussion.

       ipmon_program
		   (str) Path to ipmon(8) (default /sbin/ipmon).

       ipmon_flags
		   (str) Set to	"-Ds"  by  default.   This  variable  contains
		   flags  passed to the	ipmon(8) program.  Another typical ex-
		   ample would be "-D /var/log/ipflog" to  have	 ipmon(8)  log
		   directly  to	a file bypassing syslogd(8).  Make sure	to ad-
		   just	/etc/newsyslog.conf in such case like this:

		   /var/log/ipflog  640	 10  100  *  Z	/var/run/ipmon.pid

       ipfs_enable
		   (bool) Set to "NO" by default.  Set it to "YES"  to	enable
		   ipfs(8) saving the filter and NAT state tables during shut-
		   down	and reloading them during startup again.  Setting this
		   variable  needs  setting ipfilter_enable or ipnat_enable to
		   "YES" too.  See ipfilter_enable for a detailed  discussion.
		   Note	that if	kern_securelevel is set	to 3, ipfs_enable can-
		   not	be  used  because  the raised securelevel will prevent
		   ipfs(8) from	saving the state tables	at shutdown time.

       ipfs_program
		   (str) Path to ipfs(8) (default /sbin/ipfs).

       ipfs_flags  (str) Empty	by  default.   This  variable  contains	 flags
		   passed to the ipfs(8) program.

       pf_enable   (bool)  Set	to "NO"	by default.  Setting this to "YES" en-
		   ables pf(4) packet filtering.

		   Typical usage will require putting

			 pf_enable="YES"

		   into	/etc/rc.conf and editing  /etc/pf.conf	appropriately.
		   Adding

			 device	pf

		   builds  support  for	 pf(4)	into the kernel, otherwise the
		   kernel module will be loaded.

       pf_rules	   (str) Path to pf(4)	ruleset	 configuration	file  (default
		   /etc/pf.conf).

       pf_program  (str) Path to pfctl(8) (default /sbin/pfctl).

       pf_flags	   (str)  If pf_enable is set to "YES",	these flags are	passed
		   to the pfctl(8) program when	loading	the ruleset.

       pf_fallback_rules_enable
		   (bool) Set to "NO" by default.  Setting this	to  "YES"  en-
		   ables  loading  pf_fallback_rules_file or pf_fallback_rules
		   in case of a	problem	when loading the ruleset in pf_rules.

       pf_fallback_rules_file
		   (str) Path to a pf ruleset to load in case of failure  when
		   loading     the     ruleset	   in	  pf_rules    (default
		   /etc/pf-fallback.conf).

       pf_fallback_rules
		   (str) A pf ruleset to load in case of failure when  loading
		   the	ruleset	 in pf_rules and pf_fallback_rules_file	is not
		   found.  Multiple rules can be set as	follows:

		   pf_fallback_rules="\
			   block drop log all\
			   pass	in quick on em0"

		   The default fallback	rule is	"block drop log	all"

       pflog_enable
		   (bool) Set to "NO" by default.  Setting this	to  "YES"  en-
		   ables  pflogd(8)  which  logs packets from the pf(4)	packet
		   filter.

       pflog_logfile
		   (str) If pflog_enable is set	to "YES" this  controls	 where
		   pflogd(8)  stores  the  logfile  (default  /var/log/pflog).
		   Check /etc/newsyslog.conf to	adjust	logfile	 rotation  for
		   this.

       pflog_program
		   (str) Path to pflogd(8) (default /sbin/pflogd).

       pflog_flags
		   (str)  Empty	by default.  This variable contains additional
		   flags passed	to the pflogd(8) program.

       pflog_instances
		   (str) If logging to more than one pflog(4) interface	is de-
		   sired, pflog_instances is set to the	list of	pflogd(8)  in-
		   stances  that  should  be  started at system	boot time.  If
		   pflog_instances  is	set,  for  each	  whitespace-separated
		   element  in	the  list, <element>_dev and <element>_logfile
		   elements are	assumed	to exist.  <element>_dev must  contain
		   the pflog(4)	interface to be	watched	by the named pflogd(8)
		   instance.   <element>_logfile  must contain the name	of the
		   logfile that	will be	used by	the pflogd(8) instance.

       ftpproxy_enable
		   (bool) Set to "NO" by default.  Setting this	to  "YES"  en-
		   ables  ftp-proxy(8)	which supports the pf(4) packet	filter
		   in translating ftp connections.

       ftpproxy_flags
		   (str) Empty by default.  This variable contains  additional
		   flags passed	to the ftp-proxy(8) program.

       ftpproxy_instances
		   (str)   Empty   by	default.   If  multiple	 instances  of
		   ftp-proxy(8)	are desired at boot  time,  ftpproxy_instances
		   should  contain  a  whitespace-separated  list  of instance
		   names.  For each element in	the  list,  a  variable	 named
		   <element>_flags  should be defined, containing the command-
		   line	flags to be passed to the ftp-proxy(8) instance.

       pfsync_enable
		   (bool) Set to "NO" by default.  Setting this	to  "YES"  en-
		   ables  exposing pf(4) state changes to other	hosts over the
		   network by means of pfsync(4).  The pfsync_syncdev variable
		   must	also be	set then.

       pfsync_syncdev
		   (str) Empty by default.  This variable specifies  the  name
		   of  the network interface pfsync(4) should operate through.
		   It must be set  accordingly	if  pfsync_enable  is  set  to
		   "YES".

       pfsync_syncpeer
		   (str) Empty by default.  This variable is optional.	By de-
		   fault, state	change messages	are sent out on	the synchroni-
		   sation  interface using IP multicast	packets.  The protocol
		   is IP protocol 240, PFSYNC, and the multicast group used is
		   224.0.0.240.	 When a	peer address is	 specified  using  the
		   pfsync_syncpeer  option, the	peer address is	used as	a des-
		   tination for	the pfsync traffic, and	the traffic  can  then
		   be protected	using ipsec(4).	 See the pfsync(4) manpage for
		   more	 details  about	 using	ipsec(4) with pfsync(4)	inter-
		   faces.

       pfsync_ifconfig
		   (str) Empty by default.  This variable  can	contain	 addi-
		   tional options to be	passed to the ifconfig(8) command used
		   to set up pfsync(4).

       tcp_extensions
		   (bool)  Set to "YES"	by default.  Setting this to "NO" dis-
		   ables certain TCP options as	described by RFC  1323.	  Set-
		   ting	this to	"NO" might help	remedy such problems with con-
		   nections as randomly	hanging	or other weird behavior.  Some
		   network  devices  are  known	 to  be	broken with respect to
		   these options.

       log_in_vain
		   (int) Set  to  0  by	 default.   The	 sysctl(8)  variables,
		   net.inet.tcp.log_in_vain  and  net.inet.udp.log_in_vain, as
		   described in	tcp(4) and udp(4), are set to the given	value.

       tcp_keepalive
		   (bool) Set to "YES" by default.  Setting to "NO" will  dis-
		   able	 probing  idle TCP connections to verify that the peer
		   is still up and reachable.

       tcp_drop_synfin
		   (bool) Set to "NO" by default.  Setting to "YES" will cause
		   the kernel to ignore	TCP frames that	have both the SYN  and
		   FIN	flags  set.   This prevents OS fingerprinting, but may
		   break some legitimate applications.

       icmp_drop_redirect
		   (bool) Set to "AUTO"	by  default.   This  setting  will  be
		   identical to	"YES", if a dynamic routing daemon is enabled,
		   because  redirect  processing  may cause performance	issues
		   for large routing tables.  If no such service  is  enabled,
		   this	 setting  behaves  like	a "NO".	 Setting to "YES" will
		   cause the kernel to ignore ICMP REDIRECT packets.   Setting
		   to  "NO"  will  cause  the  kernel to process ICMP REDIRECT
		   packets.  Refer to icmp(4) for more information.

       icmp_log_redirect
		   (bool) Set to "NO" by default.  Setting to "YES" will cause
		   the kernel to log ICMP REDIRECT packets.  Note that the log
		   messages are	not rate-limited, so this option  should  only
		   be used for troubleshooting networks.  Refer	to icmp(4) for
		   more	information.

       icmp_bmcastecho
		   (bool)  Set	to  "YES" to respond to	broadcast or multicast
		   ICMP	ping packets.  Refer to	icmp(4)	for more information.

       ip_portrange_first
		   (int) If not	set to "NO", this is the first port in the de-
		   fault portrange.  Refer to ip(4) for	more information.

       ip_portrange_last
		   (int) If not	set to "NO", this is the last port in the  de-
		   fault portrange.  Refer to ip(4) for	more information.

       network_interfaces
		   (str) Set to	the list of network interfaces to configure on
		   this	 host  or  "AUTO" (the default)	for all	current	inter-
		   faces.  Setting the network_interfaces variable to anything
		   other than the default is deprecated.  Interfaces that  the
		   administrator  wishes  to  store configuration for, but not
		   start at boot should	be configured with the	"NOAUTO"  key-
		   word	 in  their ifconfig_<interface>	variables as described
		   below.

		   An ifconfig_<interface> variable is also assumed  to	 exist
		   for	each  value of interface.  When	an interface name con-
		   tains any of	the characters ".-/+" they are	translated  to
		   "_"	before	lookup.	 The variable can contain arguments to
		   ifconfig(8),	as well	as special  case-insensitive  keywords
		   described  below.  Such keywords are	removed	before passing
		   the value to	ifconfig(8) while the order of the other argu-
		   ments is preserved.

		   It is possible to add IP alias  entries  using  ifconfig(8)
		   syntax  with	 the address family keyword such as inet.  As-
		   suming that the interface in	question  was  em0,  it	 might
		   look	something like this:

		   ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff"
		   ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff"

		   It  also  possible  to  configure  multiple IP addresses in
		   Classless Inter-Domain  Routing  (CIDR)  address  notation,
		   whose  each	address	 component  can	 be  a range like inet
		   192.0.2.5-23/24 or inet6 2001:db8:1-f::1/64.	 This notation
		   allows address and prefix length part only, not  the	 other
		   address  modifiers.	 Note  that  the maximum number	of the
		   generated addresses from a range specification  is  limited
		   to  an  integer  value  specified  in netif_ipexpand_max in
		   rc.conf because a small typo	can  unexpectedly  generate  a
		   large  number of addresses.	The default value is 2048.  It
		   can be increased by adding the following line into rc.conf:

		   netif_ipexpand_max="4096"

		   In the case of 192.0.2.5-23/24, the address 192.0.2.5  will
		   be  configured  with	 the  netmask  /24  and	 the addresses
		   192.0.2.6 to	192.0.2.23 with	 the  non-conflicting  netmask
		   /32	as  explained  in the ifconfig(8) alias	section.  Note
		   that	this special netmask handling is only  for  inet,  not
		   for the other address families such as inet6.

		   With	 the interface in question being em0, an example could
		   look	like:

		   ifconfig_em0_alias2="inet 192.0.2.129/27"
		   ifconfig_em0_alias3="inet 192.0.2.1-5/28"

		   and so on.

		   Note	that deprecated	 ipv4_addrs_<interface>	 variable  was
		   supported	for   IPv4   CIDR   address   notation.	   The
		   ifconfig_<interface>_alias<n> variable replaces it,	though
		   ipv4_addrs_<interface> is still supported for backward com-
		   patibility.

		   For	each  ifconfig_<interface>_alias<n>  entry with	an ad-
		   dress  family  keyword,  its	  contents   are   passed   to
		   ifconfig(8).	 Execution stops at the	first unsuccessful ac-
		   cess, so if something like this is present:

		   ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff"
		   ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff"
		   ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff"
		   ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff"

		   Then	 note  that alias4 would not be	added since the	search
		   would stop with the missing	"alias3"  entry.   Because  of
		   this	   difficult	to    manage	behavior,   there   is
		   ifconfig_<interface>_aliases	variable, which	has  the  same
		   functionality as ifconfig_<interface>_alias<n> and can have
		   all of the entries in a variable like the following:

		   ifconfig_em0_aliases="\
			   inet	127.0.0.251 netmask 0xffffffff \
			   inet	127.0.0.252 netmask 0xffffffff \
			   inet	127.0.0.253 netmask 0xffffffff \
			   inet	127.0.0.254 netmask 0xffffffff"

		   It also supports CIDR notation.

		   If  the  /etc/start_if.<interface>  file  is	present, it is
		   read	and executed by	the sh(1) interpreter before configur-
		   ing the interface as	specified in the  ifconfig_<interface>
		   and ifconfig_<interface>_alias<n> variables.

		   If a	vlans_<interface> variable is set, a vlan(4) interface
		   will	 be created for	each item in the list with the vlandev
		   argument set	to interface.  If a vlan interface's name is a
		   number, then	that number is used as the vlan	 tag  and  the
		   new	vlan interface is named	interface.tag.	Otherwise, the
		   vlan	tag must be specified via  a  vlan  parameter  in  the
		   create_args_<interface> variable.

		   To  create a	vlan device named em0.101 on em0 with the vlan
		   tag 101 and the optional IPv4 address 192.0.2.1/24:

		   vlans_em0="101"
		   ifconfig_em0_101="inet 192.0.2.1/24"

		   To create a vlan device named myvlan	on em0 with  the  vlan
		   tag 102:

		   vlans_em0="myvlan"
		   create_args_myvlan="vlan 102"

		   If  a  wlans_<interface> variable is	set, an	wlan(4)	inter-
		   face	will be	created	for each item in  the  list  with  the
		   wlandev  argument  set  to interface.  Further wlan cloning
		   arguments may be passed to the ifconfig(8)  create  command
		   by  setting	the  create_args_<interface> variable.	One or
		   more	wlan(4)	devices	must be	created	for each wireless  de-
		   vice	 as  of	 FreeBSD 8.0.  Debugging flags for wlan(4) de-
		   vices as set	by  wlandebug(8)  may  be  specified  with  an
		   wlandebug_<interface> variable.  The	contents of this vari-
		   able	will be	passed directly	to wlandebug(8).

		   If  the  ifconfig_<interface> contains the keyword "NOAUTO"
		   then	the interface will not be configured  at  boot	or  by
		   /etc/pccard_ether when network_interfaces is	set to "AUTO".

		   It is possible to bring up an interface with	DHCP by	adding
		   "DHCP" to the ifconfig_<interface> variable.	 For instance,
		   to  initialize  the	em0 device via DHCP, it	is possible to
		   use something like:

		   ifconfig_em0="DHCP"

		   If you want	to  configure  your  wireless  interface  with
		   wpa_supplicant(8)  for  use	with WPA, EAP/LEAP or WEP, you
		   need	to add "WPA" to	the ifconfig_<interface> variable.

		   On the other	hand, if you want to configure	your  wireless
		   interface  with hostapd(8), you need	to add "HOSTAP"	to the
		   ifconfig_<interface>	variable.   hostapd(8)	will  use  the
		   settings from /etc/hostapd-<interface>.conf

		   Finally,  you can add ifconfig(8) options in	this variable,
		   in addition to the /etc/start_if.<interface>	file.  For in-
		   stance, to configure	an ath(4) wireless device  in  station
		   mode	with an	address	obtained via DHCP, using WPA authenti-
		   cation  and	802.11b	 mode, it is possible to use something
		   like:

		   wlans_ath0="wlan0"
		   ifconfig_wlan0="DHCP	WPA mode 11b"

		   In addition to the ifconfig_<interface>  form,  a  fallback
		   variable  ifconfig_DEFAULT  may  be configured.  It will be
		   used	for all	interfaces with	no ifconfig_<interface>	 vari-
		   able.

		   It is also possible to rename an interface by doing:

		   ifconfig_em0_name="net0"
		   ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"

       ipv6_enable
		   (bool)     This     variable	    is	   deprecated.	   Use
		   ifconfig_<interface>_ipv6 and  ipv6_activate_all_interfaces
		   if necessary.

		   If  the variable is "YES", "inet6 accept_rtadv" is added to
		   all	   of	   ifconfig_<interface>_ipv6	  and	   the
		   ipv6_activate_all_interfaces	is defined as "YES".

       ipv6_prefer
		   (bool)  This	variable is deprecated.	 Use ip6addrctl_policy
		   instead.

		   If the variable is "YES",  the  default  address  selection
		   policy table	set by ip6addrctl(8) will be IPv6-preferred.

		   If the variable is "NO", the	default	address	selection pol-
		   icy table set by ip6addrctl(8) will be IPv4-preferred.

       ipv6_activate_all_interfaces
		   (bool)  This	controls initial configuration on IPv6-capable
		   interfaces with no corresponding  ifconfig_<interface>_ipv6
		   variable.  Note that	it is not always necessary to set this
		   variable to "YES" to	use IPv6 functionality on FreeBSD.  In
		   most	  cases,  just	configuring  ifconfig_<interface>_ipv6
		   variables works.

		   If the variable is "NO", all	interfaces which do not	have a
		   corresponding ifconfig_<interface>_ipv6  variable  will  be
		   marked  as  "IFDISABLED"  at	creation.  This	means that all
		   IPv6	functionality on that interface	is completely disabled
		   to enforce a	security policy.  If the variable  is  set  to
		   "YES", the flag will	be cleared on all of the interfaces.

		   In  most  cases, just defining an ifconfig_<interface>_ipv6
		   for an IPv6-capable interface should	be  sufficient.	  How-
		   ever,  if  an  interface  is	 added	dynamically  (by  some
		   tunneling protocols such as PPP, for	example), it is	 often
		   difficult  to  define  the  variable	in advance.  In	such a
		   case, configuring the "IFDISABLED" flag can be disabled  by
		   setting this	variable to "YES".

		   For	more  details  of  the	"IFDISABLED" flag and keywords
		   "inet6 ifdisabled", see ifconfig(8).

		   Default is "NO".

       ipv6_privacy
		   (bool) If the variable is "YES" privacy addresses  will  be
		   generated for each IPv6 interface as	described in RFC 4941.

       ipv6_network_interfaces
		   (str)  This	is  the	IPv6 equivalent	of network_interfaces.
		   Normally manual  configuration  of  this  variable  is  not
		   needed.

       ipv6_cpe_wanif
		   (str)  If  the  variable  is	 set to	an interface name, the
		   ifconfig(8) options "inet6 -no_radr accept_rtadv"  will  be
		   added to the	specified interface automatically before eval-
		   uating  ifconfig_<interface>_ipv6,  and two sysctl(8) vari-
		   ables  net.inet6.ip6.rfc6204w3  and	 net.inet6.ip6.no_radr
		   will	be set to 1.

		   This	 means	the  specified	interface  will	 accept	ICMPv6
		   Router Advertisement	messages on that link and add the dis-
		   covered routers into	the Default Router  List.   While  the
		   other interfaces can	still accept RA	messages if the	"inet6
		   accept_rtadv"  option  is specified,	adding routes into the
		   Default Router List will be disabled	by "inet6 no_radr" op-
		   tion	by default.  See ifconfig(8) for more details.

		   Note	that ICMPv6 Router Advertisement messages will be  ac-
		   cepted  even	 when  net.inet6.ip6.forwarding	 is  1 (packet
		   forwarding is enabled) when net.inet6.ip6.rfc6204w3 is  set
		   to 1.

		   Default is "NO".

       ifconfig_<interface>_descr
		   (str)  This	assigns	arbitrary description to an interface.
		   The	sysctl(8)  variable  net.ifdescr_maxlen	  limits   its
		   length.   This static setting may be	overridden by commands
		   started with	dynamic	interface configuration	utilities like
		   dhclient(8)	hooks.	 The  description  can	be  seen  with
		   ifconfig(8)	command	 and it	may be exported	with bsnmpd(1)
		   daemon using	its MIB-2 module.

       ifconfig_<interface>_ipv6
		   (str) IPv6 functionality on an interface should be  config-
		   ured	 by  ifconfig_<interface>_ipv6,	instead	of setting if-
		   config parameters in	ifconfig_<interface>.  If  this	 vari-
		   able	is empty, all IPv6 configurations on the specified in-
		   terface  by other variables such as ipv6_prefix_<interface>
		   will	be ignored.

		   Aliases should be set by ifconfig_<interface>_alias<n> with
		   "inet6" keyword.  For example:

		   ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
		   ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64"

		   Interfaces that have	an  "inet6  accept_rtadv"  keyword  in
		   ifconfig_<interface>_ipv6  setting  will  be	 automatically
		   configured by SLAAC (StateLess  Address  AutoConfiguration)
		   described in	RFC 4862.

		   Note	 that  a link-local address will be automatically con-
		   figured in addition	to  the	 configured  global-scope  ad-
		   dresses  because the	IPv6 specifications require it on each
		   link.  The address is calculated from the  MAC  address  by
		   using an algorithm defined in RFC 4862, Section 5.3.

		   If  only  a	link-local address is needed on	the interface,
		   the following configuration can be used:

		   ifconfig_em0_ipv6="inet6 auto_linklocal"

		   A link-local	address	can also be configured manually.  This
		   is useful for the default router address of an IPv6	router
		   so  that it does not	change when the	network	interface card
		   is replaced.	 For example:

		   ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64"

       ipv6_prefix_<interface>
		   (str)  If   one   or	  more	 prefixes   are	  defined   in
		   ipv6_prefix_<interface>  addresses based on each prefix and
		   the EUI-64 interface	index will be configured on  that  in-
		   terface.   Note  that  this	variable  will be ignored when
		   ifconfig_<interface>_ipv6 is	empty.

		   For example,	the following configuration

		   ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"

		   is equivalent to the	following:

		   ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
		   ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64	anycast"
		   ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
		   ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64	anycast"

		   These Subnet-Router anycast addresses will  be  added  only
		   when	ipv6_gateway_enable is YES.

       ipv6_default_interface
		   (str) If not	set to "NO", this is the default output	inter-
		   face	for scoped addresses.  This works only with ipv6_gate-
		   way_enable="NO".

       ip6addrctl_enable
		   (bool)  This	 variable is to	enable configuring default ad-
		   dress selection policy table	(RFC 3484).  The table can  be
		   specified   in  another  variable  ip6addrctl_policy.   For
		   ip6addrctl_policy the following keywords can	be  specified:
		   "ipv4_prefer", "ipv6_prefer", or "AUTO".

		   If	 "ipv4_prefer"	  or   "ipv6_prefer"   is   specified,
		   ip6addrctl(8) installs a pre-defined	policy table described
		   in Section 10.3 (IPv4-preferred) or 2.1 (IPv6-preferred) of
		   RFC 3484.

		   If  "AUTO"  is  specified,  it  attempts  to	 read  a  file
		   /etc/ip6addrctl.conf	  first.    If	this  file  is	found,
		   ip6addrctl(8) reads and installs it.	 If not	found, a  pol-
		   icy	    is	    automatically     set     according	    to
		   ipv6_activate_all_interfaces	variable; if the  variable  is
		   set	to  "YES"  the	IPv6-preferred one is used.  Otherwise
		   IPv4-preferred.

		   The	  default    value    of     ip6addrctl_enable	   and
		   ip6addrctl_policy are "YES" and "AUTO", respectively.

       cloned_interfaces
		   (str)  Set  to  the	list of	clonable network interfaces to
		   create on this host.	  Further  cloning  arguments  may  be
		   passed to the ifconfig(8) create command for	each interface
		   by setting the create_args_<interface> variable.  If	an in-
		   terface  name  is specified with ":sticky" keyword, the in-
		   terface will	not be destroyed even when  rc.d/netif	script
		   is  invoked	with "stop" argument.  This is useful when re-
		   configuring the interface without destroying	 it.   Entries
		   in	cloned_interfaces   are	  automatically	  appended  to
		   network_interfaces for configuration.

       cloned_interfaces_sticky
		   (bool) This variable	is to globally enable functionality of
		   ":sticky" keyword in	cloned_interfaces for all  interfaces.
		   The default value is	"NO".  Even if this variable is	speci-
		   fied	 to "YES", ":nosticky" keyword can be used to override
		   it on per interface basis.

       gif_interfaces
		   Set to the list of gif(4) tunnel interfaces to configure on
		   this	host.  A gifconfig_<interface> variable	is assumed  to
		   exist for each value	of interface.  The value of this vari-
		   able	 is used to configure the link layer of	the tunnel us-
		   ing the tunnel option to ifconfig(8).   Additionally,  this
		   option  ensures  that  each listed interface	is created via
		   the create option to	ifconfig(8) before attempting to  con-
		   figure it.

		   For example,	configure two gif(4) interfaces	with:

		   gif_interfaces="gif0	gif1"
		   gifconfig_gif0="100.64.0.1 100.64.0.2"
		   ifconfig_gif0="inet 10.0.0.1	10.0.0.2 netmask 255.255.255.252"
		   gifconfig_gif1="inet6 2a00::1 2a01::1"
		   ifconfig_gif1="inet 10.1.0.1	10.1.0.2 netmask 255.255.255.252"

       ppp_enable  (bool) If set to "YES", run the ppp(8) daemon.

       ppp_profile
		   (str)    The	   name	  of   the   profile   to   use	  from
		   /etc/ppp/ppp.conf.  Also used for per-profile overrides  of
		   ppp_mode  and  ppp_nat,  and	 ppp_<profile>_unit.  When the
		   profile name	contains any of	the characters ".-/+" they are
		   translated to "_" for the proposes of the override variable
		   names.

       ppp_mode	   (str) Mode in which to run the ppp(8) daemon.

       ppp_<profile>_mode
		   (str) Overrides the global ppp_mode for profile.   Accepted
		   modes  are  "auto", "ddial",	"direct" and "dedicated".  See
		   the manual for a full description.

       ppp_nat	   (bool) If set to "YES", enables  network  address  transla-
		   tion.  Used in conjunction with gateway_enable allows hosts
		   on  private	network	addresses access to the	Internet using
		   this	host as	a network address translating router.  Default
		   is "YES".

       ppp_<profile>_nat
		   (str) Overrides the global ppp_nat for profile.

       ppp_<profile>_unit
		   (int) Set the unit number to	be used	for this profile.  See
		   the manual description of -unitN for	details.

       ppp_user	   (str) The name of the user under  which  ppp(8)  should  be
		   started.  By	default, ppp(8)	is started as "root".

       rc_conf_files
		   (str)  This	option is used to specify a list of files that
		   will	override the settings in  /etc/defaults/rc.conf.   The
		   files will be read in the order in which they are specified
		   and	should include the full	path to	the file.  By default,
		   the	  files	    specified	  are	  /etc/rc.conf	   and
		   /etc/rc.conf.local.

       zfs_enable  (bool) If set to "YES", /etc/rc.d/zfs will attempt to auto-
		   matically mount ZFS file systems and	initialize ZFS volumes
		   (ZVOLs).

       zpool_reguid
		   (str)  A  space-separated  list of ZFS pool names for which
		   new pool GUIDs should be assigned upon first	boot.  This is
		   useful when using a ZFS pool	copied from a  template,  such
		   as a	virtual	machine	image.

       zpool_upgrade
		   (str)  A  space-separated  list of ZFS pool names for which
		   the version should be upgraded upon first  boot.   This  is
		   useful  when	 using	a  ZFS pool generated by the makefs(8)
		   utility.

       gptboot_enable
		   (bool) If set to "YES", /etc/rc.d/gptboot will log  if  the
		   system  successfully	 (or not) booted from a	GPT partition,
		   which had the bootonce attribute set	using  gpart(8)	 util-
		   ity.

       gbde_autoattach_all
		   (bool)  If set to "YES", /etc/rc.d/gbde will	attempt	to au-
		   tomatically	initialize  the	 .bde  devices	specified   in
		   /etc/fstab.

       gbde_devices
		   (str)  List	the  devices that the script should try	to at-
		   tach, or "AUTO".

       gbde_lockdir
		   (str) The directory where the  gbde(4)  lockfiles  are  lo-
		   cated.  The default lockfile	directory is /etc.

		   The	lockfile  for  each  individual	 gbde(4) device	can be
		   overridden  by  setting  the	 variable  gbde_lock_<device>,
		   where  device  is  the encrypted device without the "/dev/"
		   and ".bde" parts.

       gbde_attach_attempts
		   (int) Number	of times to attempt attaching to a gbde(4) de-
		   vice, i.e., how many	times the user is asked	for the	 pass-
		   phrase.  Default is 3.

       geli_devices
		   (str)  List	of  devices  to	 automatically attach on boot.
		   Note	that .eli devices from	/etc/fstab  are	 automatically
		   appended to this list.

       geli_groups
		   (str)  List	of  groups containing devices to automatically
		   attach on boot with the same	keyfiles and passphrase.  This
		   must	   be	  accompanied	  with	   a	 corresponding
		   geli_<group>_devices	variable.

       geli_tries  (int)  Number  of  times user is asked for the pass-phrase.
		   If empty, it	will be	taken from kern.geom.eli.tries	sysctl
		   variable.

       geli_default_flags
		   (str) Default flags to use by geli(8) when configuring disk
		   encryption.	Flags can be configured	for every device sepa-
		   rately  by  defining	 the geli_<device>_flags variable, and
		   for	 every	  group	   separately	 by    defining	   the
		   geli_<group>_flags variable.

       geli_autodetach
		   (str) Specifies if GELI devices should be marked for	detach
		   on  last  close after file systems are mounted.  Default is
		   "YES".  This	can be changed for every device	separately  by
		   defining the	geli_<device>_autodetach variable.

       root_rw_mount
		   (bool) Set to "YES" by default.  After the file systems are
		   checked  at boot time, the root file	system is remounted as
		   read-write if this is set to	"YES".	Diskless systems  that
		   mount  their	 root  file system from	a read-only remote NFS
		   share should	set this to "NO" in their rc.conf.

       fsck_y_enable
		   (bool) If set to "YES", fsck(8) will	be  run	 with  the  -y
		   flag	if the initial preen of	the file systems fails.

       background_fsck
		   (bool)  If  set to "NO", the	system will not	attempt	to run
		   fsck(8) in the background where possible.

       background_fsck_delay
		   (int) The amount of time in seconds to sleep	before	start-
		   ing	a background fsck(8).  It defaults to sixty seconds to
		   allow large applications such as the	X server to start  be-
		   fore	 disk I/O bandwidth is monopolized by fsck(8).	If set
		   to a	negative number, the background	file system check will
		   be delayed indefinitely to allow the	administrator  to  run
		   it  at  a  more convenient time.  For example it may	be run
		   from	cron(8)	by adding a line like

			 0 4 * * * root	/etc/rc.d/bgfsck forcestart

		   to /etc/crontab.

       netfs_types
		   (str) List of file system  types  that  are	network-based.
		   This	 list  should  generally not be	modified by end	users.
		   Use extra_netfs_types instead.

       extra_netfs_types
		   (str) If set	to something other than	 "NO"  (the  default),
		   this	 variable  extends  the	 list of file system types for
		   which automatic mounting at startup by rc(8)	should be  de-
		   layed  until	the network is initialized.  It	should contain
		   a whitespace-separated list of network file system descrip-
		   tor pairs, each consisting of a file	system type as	passed
		   to  mount(8)	 and  a	 human-readable, one-word description,
		   joined with a colon (`:').  Extending the default  list  in
		   this	 way  is  only	necessary when third party file	system
		   types are used.

       syslogd_enable
		   (bool) If set to "YES", run the syslogd(8) daemon.

       syslogd_program
		   (str) Path to syslogd(8) (default /usr/sbin/syslogd).

       syslogd_flags
		   (str) If syslogd_enable is set  to  "YES",  these  are  the
		   flags to pass to syslogd(8).

       inetd_enable
		   (bool) If set to "YES", run the inetd(8) daemon.

       inetd_program
		   (str) Path to inetd(8) (default /usr/sbin/inetd).

       inetd_flags
		   (str)  If inetd_enable is set to "YES", these are the flags
		   to pass to inetd(8).

       hastd_enable
		   (bool) If set to "YES", run the hastd(8) daemon.

       hastd_program
		   (str) Path to hastd(8) (default /sbin/hastd).

       hastd_flags
		   (str) If hastd_enable is set	to "YES", these	are the	 flags
		   to pass to hastd(8).

       local_unbound_enable
		   (bool)  If set to "YES", run	the unbound(8) daemon as a lo-
		   cal caching DNS resolver.

       nscd_enable
		   (bool) Set to "YES" to start	the nscd(8) caching daemon for
		   the nsswitch	subsystem.

       nscd_flags  (str) If nscd_enable	is  set	 to  "YES",  these  flags  are
		   passed to nscd(8).

       kdc_enable  (bool)  Set	to  "YES" to start a Kerberos 5	authentication
		   server at boot time.

       kdc_program
		   (str) If kdc_enable is set to "YES" this  is	 the  path  to
		   Kerberos 5 Authentication Server.

       kdc_flags   (str)  Empty	by default.  This variable contains additional
		   flags to be passed to the Kerberos 5	authentication server.

       kadmind_enable
		   (bool) Set to "YES" to start	kadmind(8), the	Kerberos 5 Ad-
		   ministration	Daemon;	set to "NO" on a slave server.

       kadmind_program
		   (str) If kadmind_enable is set to "YES" this	is the path to
		   Kerberos 5 Administration Daemon.

       kpasswdd_enable
		   (bool) Set to "YES" to start	kpasswdd(8),  the  Kerberos  5
		   Password-Changing Daemon; set to "NO" on a slave server.

       kpasswdd_program
		   (str)  If  kpasswdd_enable is set to	"YES" this is the path
		   to Kerberos 5 Password-Changing Daemon.

       kfd_enable  (bool) Set to "YES" to start	kfd(8),	the Kerberos 5	ticket
		   forwarding daemon, at the boot time.

       kfd_program
		   (str) Path to kfd(8)	(default /usr/libexec/kfd).

       rwhod_enable
		   (bool)  If  set  to	"YES", run the rwhod(8)	daemon at boot
		   time.

       rwhod_flags
		   (str) If rwhod_enable is set	to "YES", these	are the	 flags
		   to pass to it.

       update_motd
		   (bool)  If  set  to "YES", /var/run/motd will be updated at
		   boot	time to	reflect	the kernel release being run.  If  set
		   to "NO", /var/run/motd will not be updated.

       nfs_client_enable
		   (bool)  If set to "YES", run	the NFS	client daemons at boot
		   time.

       nfs_access_cache
		   (int) If nfs_client_enable is set to	"YES", this can	be set
		   to "0" to disable NFS ACCESS	RPC caching, or	to the	number
		   of  seconds	for which NFS ACCESS results should be cached.
		   A value of 2-10 seconds will	substantially  reduce  network
		   traffic for many NFS	operations.

       nfs_server_enable
		   (bool)  If set to "YES", run	the NFS	server daemons at boot
		   time.

       nfs_server_flags
		   (str) If nfs_server_enable is set to	"YES", these  are  the
		   flags to pass to the	nfsd(8)	daemon.

       nfsv4_server_enable
		   (bool)   If	 nfs_server_enable   is	  set	to  "YES"  and
		   nfsv4_server_enable is set to "YES",	enable the server  for
		   NFSv4 as well as NFSv2 and NFSv3.

       nfsv4_server_only
		   (bool)   If	 nfs_server_enable   is	  set	to  "YES"  and
		   nfsv4_server_only is	set to "YES", enable  the  NFS	server
		   for NFSv4 only.

       nfs_server_maxio
		   (int) value to set vfs.nfsd.srvmaxio	to, which is the maxi-
		   mum I/O size	for the	NFS server.

       tlsclntd_enable
		   (bool)  If  set  to	"YES", run the rpc.tlsclntd(8) daemon,
		   which is needed for NFS-over-TLS NFS	mounts.

       tlsservd_enable
		   (bool) If set to "YES",  run	 the  rpc.tlsservd(8)  daemon,
		   which is needed for the nfsd(8) to support NFS-over-TLS NFS
		   mounts.

       nfsuserd_enable
		   (bool) If nfsuserd_enable is	set to "YES", run the nfsuserd
		   daemon,  which  is needed for NFSv4 in order	to map between
		   user/group	 names	   vs	  uid/gid     numbers.	    If
		   nfsv4_server_enable	is  set	 to "YES", this	will be	forced
		   enabled.

       nfsuserd_flags
		   (str) If nfsuserd_enable is set to  "YES",  these  are  the
		   flags to pass to the	nfsuserd(8) daemon.

       nfscbd_enable
		   (bool)  If  nfscbd_enable  is  set to "YES",	run the	nfscbd
		   daemon, which enables callbacks/delegations for  the	 NFSv4
		   client.

       nfscbd_flags
		   (str) If nfscbd_enable is set to "YES", these are the flags
		   to pass to the nfscbd(8) daemon.

       mountd_enable
		   (bool)  If  set  to "YES", and no nfs_server_enable is set,
		   start mountd(8), but	not nfsd(8) daemon.   It  is  commonly
		   needed to run CFS without real NFS used.

       mountd_flags
		   (str) If mountd_enable is set to "YES", these are the flags
		   to pass to the mountd(8) daemon.

       weak_mountd_authentication
		   (bool)  If set to "YES", allow services like	PCNFSD to make
		   non-privileged mount	requests.

       nfs_reserved_port_only
		   (bool) If set to "YES", provide NFS services	only on	a  se-
		   cure	port.

       nfs_bufpackets
		   (int)  If  set to a number, indicates the number of packets
		   worth of socket buffer space	to reserve on an  NFS  client.
		   The	kernel	default	is typically 4.	 Using a higher	number
		   may be useful on gigabit networks to	 improve  performance.
		   The minimum value is	2 and the maximum is 64.

       rpc_lockd_enable
		   (bool)  If  set  to "YES" and also an NFS server or client,
		   run rpc.lockd(8) at boot time.

       rpc_lockd_flags
		   (str) If rpc_lockd_enable is	set to "YES",  these  are  the
		   flags to pass to the	rpc.lockd(8) daemon.

       rpc_statd_enable
		   (bool)  If  set  to "YES" and also an NFS server or client,
		   run rpc.statd(8) at boot time.

       rpc_statd_flags
		   (str) If rpc_statd_enable is	set to "YES",  these  are  the
		   flags to pass to the	rpc.statd(8) daemon.

       rpcbind_program
		   (str) Path to rpcbind(8) (default /usr/sbin/rpcbind).

       rpcbind_enable
		   (bool)  If set to "YES", run	the rpcbind(8) service at boot
		   time.

       rpcbind_flags
		   (str) If rpcbind_enable is set  to  "YES",  these  are  the
		   flags to pass to the	rpcbind(8) daemon.

       keyserv_enable
		   (bool)  If  set to "YES", run the keyserv(8)	daemon on boot
		   for running Secure RPC.

       keyserv_flags
		   (str) If keyserv_enable is set  to  "YES",  these  are  the
		   flags to pass to keyserv(8) daemon.

       pppoed_enable
		   (bool)  If  set  to "YES", run the pppoed(8)	daemon at boot
		   time	to provide PPP over Ethernet services.

       pppoed_<provider>
		   (str) pppoed(8) listens to requests to  this	 provider  and
		   ultimately  runs  ppp(8) with a system argument of the same
		   name.

       pppoed_flags
		   (str) Additional flags to pass to pppoed(8).

       pppoed_interface
		   (str) The network interface to run pppoed(8)	on.   This  is
		   mandatory when pppoed_enable	is set to "YES".

       ntpdate_enable
		   (bool)  If  set to "YES", run ntpdate(8) at system startup.
		   This	command	is intended to synchronize  the	 system	 clock
		   only	once from some standard	reference.

		   Note	 that  the use of the ntpd_sync_on_start variable is a
		   preferred  alternative  to  the   ntpdate(8)	  utility   as
		   ntpdate(8) is to be retired from the	NTP distribution.

       ntpdate_config
		   (str)   Configuration   file	  for	ntpdate(8).    Default
		   /etc/ntp.conf.

       ntpdate_hosts
		   (str) A whitespace-separated	list of	NTP  servers  to  syn-
		   chronize  with  at  startup.	  The  default	is  to use the
		   servers listed in ntpdate_config, if	that file exists.

       ntpdate_program
		   (str) Path to ntpdate(8) (default /usr/sbin/ntpdate).

       ntpdate_flags
		   (str) If ntpdate_enable is set  to  "YES",  these  are  the
		   flags  to pass to the ntpdate(8) command (typically a host-
		   name).

       ntpd_enable
		   (bool) If set to "YES", run the  ntpd(8)  command  at  boot
		   time.

       ntpd_program
		   (str) Path to ntpd(8) (default /usr/sbin/ntpd).

       ntpd_config
		   (str)   Path	  to   ntpd(8)	configuration  file.   Default
		   /etc/ntp.conf.

       ntpd_flags  (str) If ntpd_enable	is set to "YES", these are  the	 flags
		   to pass to the ntpd(8) daemon.

       ntpd_sync_on_start
		   (bool)  If  set  to "YES", ntpd(8) is run with the -g flag,
		   which syncs the system's clock on startup.  See ntpd(8) for
		   more	information regarding the -g option.  This is  a  pre-
		   ferred  alternative	to  using ntpdate(8) or	specifying the
		   ntpdate_enable variable.

       nis_client_enable
		   (bool) If set to "YES", run the ypbind(8) service at	system
		   boot	time.

       nis_client_flags
		   (str) If nis_client_enable is set to	"YES", these  are  the
		   flags to pass to the	ypbind(8) service.

       nis_ypldap_enable
		   (bool)  If set to "YES", run	the ypldap(8) daemon at	system
		   boot	time.

       nis_ypldap_flags
		   (str) If nis.ypldap_enable is set to	"YES", these  are  the
		   flags to pass to the	ypldap(8) daemon.

       nis_ypset_enable
		   (bool)  If  set to "YES", run the ypset(8) daemon at	system
		   boot	time.

       nis_ypset_flags
		   (str) If nis_ypset_enable is	set to "YES",  these  are  the
		   flags to pass to the	ypset(8) daemon.

       nis_server_enable
		   (bool)  If set to "YES", run	the ypserv(8) daemon at	system
		   boot	time.

       nis_server_flags
		   (str) If nis_server_enable is set to	"YES", these  are  the
		   flags to pass to the	ypserv(8) daemon.

       nis_ypxfrd_enable
		   (bool)  If  set  to	"YES", run the rpc.ypxfrd(8) daemon at
		   system boot time.

       nis_ypxfrd_flags
		   (str) If nis_ypxfrd_enable is set to	"YES", these  are  the
		   flags to pass to the	rpc.ypxfrd(8) daemon.

       nis_yppasswdd_enable
		   (bool)  If set to "YES", run	the rpc.yppasswdd(8) daemon at
		   system boot time.

       nis_yppasswdd_flags
		   (str) If nis_yppasswdd_enable is set	to  "YES",  these  are
		   the flags to	pass to	the rpc.yppasswdd(8) daemon.

       rpc_ypupdated_enable
		   (bool)  If  set  to	"YES", run the rpc.ypupdated daemon at
		   system boot time.

       bsnmpd_enable
		   (bool) If set to "YES", run the bsnmpd(1) daemon at	system
		   boot	time.  Be sure to understand the security implications
		   of running an SNMP daemon on	your host.

       bsnmpd_flags
		   (str) If bsnmpd_enable is set to "YES", these are the flags
		   to pass to the bsnmpd(1) daemon.

       defaultrouter
		   (str)  If  not  set to "NO",	create a default route to this
		   host	name or	IP address (use	an IP address if  this	router
		   is also required to get to the name server!).

       defaultrouter_fibN
		   (str)  If  not set to "NO", create a	default	route in FIB N
		   to this host	name or	IP address.

       ipv6_defaultrouter
		   (str) The IPv6 equivalent of	defaultrouter.

       ipv6_defaultrouter_fibN
		   (str) The IPv6 equivalent of	defaultrouter_fibN.

       static_arp_pairs
		   (str) Set to	the list of static ARP pairs that  are	to  be
		   added  at  system boot time.	 For each whitespace separated
		   element in the value, a  static_arp_<element>  variable  is
		   assumed  to	exist whose contents will later	be passed to a
		   "arp	-S" operation.	For example

		   static_arp_pairs="gw"
		   static_arp_gw="192.168.1.1 00:01:02:03:04:05"

       static_ndp_pairs
		   (str) Set to	the list of static NDP pairs that  are	to  be
		   added  at  system boot time.	 For each whitespace separated
		   element in the value, a  static_ndp_<element>  variable  is
		   assumed  to	exist whose contents will later	be passed to a
		   "ndp	-s" operation.	For example

		   static_ndp_pairs="gw"
		   static_ndp_gw="2001:db8:3::1	00:01:02:03:04:05"

       static_routes
		   (str) Set to	the list of static routes that are to be added
		   at system boot time.	 If not	set  to	 "NO"  then  for  each
		   whitespace	 separated    element	 in   the   value,   a
		   route_<element> variable is assumed to exist	whose contents
		   will	later be passed	to a "route add" operation.  For exam-
		   ple:

		   static_routes="ext mcast:gif0 gif0local:gif0"
		   route_ext="-net 10.0.0.0/24 -gateway	192.168.0.1"
		   route_mcast="-net 224.0.0.0/4 -iface	gif0"
		   route_gif0local="-host 169.254.1.1 -iface lo0"

		   When	an element is in the form of name:ifname, the route is
		   specific to the interface ifname.

       ipv6_static_routes
		   (str) The IPv6 equivalent of	static_routes.	If not set  to
		   "NO"	 then  for  each  whitespace  separated	element	in the
		   value, a ipv6_route_<element> variable is assumed to	 exist
		   whose contents will later be	passed to a "route add -inet6"
		   operation.

       gateway_enable
		   (bool)  If  set  to	"YES",	configure host to act as an IP
		   router, e.g.	to forward packets between interfaces.

       ipv6_gateway_enable
		   (bool) The IPv6 equivalent of gateway_enable.

       routed_enable
		   (bool) If set to "YES", run a routing daemon	of some	 sort,
		   based on the	settings of routed_program and routed_flags.

       route6d_enable
		   (bool)  The	IPv6  equivalent  of routed_enable.  If	set to
		   "YES", run a	routing	daemon of some sort, based on the set-
		   tings of route6d_program and	route6d_flags.

       routed_program
		   (str) If routed_enable is set to "YES", this	is the name of
		   the routing daemon to use.  The default is routed(8).

       route6d_program
		   (str) The IPv6 equivalent of	routed_program.	  The  default
		   is route6d(8).

       routed_flags
		   (str) If routed_enable is set to "YES", these are the flags
		   to pass to the routing daemon.

       route6d_flags
		   (str) The IPv6 equivalent of	routed_flags.

       rtadvd_enable
		   (bool)  If  set  to "YES", run the rtadvd(8)	daemon at boot
		   time.  The rtadvd(8)	utility	sends ICMPv6 Router Advertise-
		   ment	  messages   to	  the	 interfaces    specified    in
		   rtadvd_interfaces.	This should only be enabled with great
		   care.  You may want to fine-tune rtadvd.conf(5).

       rtadvd_interfaces
		   (str) If rtadvd_enable is set to "YES" this is the list  of
		   interfaces to use.

       arpproxy_all
		   (bool) If set to "YES", enable global proxy ARP.

       forward_sourceroute
		   (bool)  If  set  to "YES" and gateway_enable	is also	set to
		   "YES", source-routed	packets	are forwarded.

       accept_sourceroute
		   (bool) If set to "YES",  the	 system	 will  accept  source-
		   routed packets directed at it.

       rarpd_enable
		   (bool)  If  set to "YES", run the rarpd(8) daemon at	system
		   boot	time.

       rarpd_flags
		   (str) If rarpd_enable is set	to "YES", these	are the	 flags
		   to pass to the rarpd(8) daemon.

       bootparamd_enable
		   (bool)  If  set  to	"YES", run the bootparamd(8) daemon at
		   system boot time.

       bootparamd_flags
		   (str) If bootparamd_enable is set to	"YES", these  are  the
		   flags to pass to the	bootparamd(8) daemon.

       stf_interface_ipv4addr
		   (str)  If  not  set to "NO",	this is	the local IPv4 address
		   for 6to4 (IPv6 over	IPv4  tunneling	 interface).   Specify
		   this	entry to enable	the 6to4 interface.

       stf_interface_ipv4plen
		   (int)  Prefix length	for 6to4 IPv4 addresses, to limit peer
		   address range.  An effective	value is 0-31.

       stf_interface_ipv6_ifid
		   (str) IPv6 interface	ID for stf(4).	This  can  be  set  to
		   "AUTO".

       stf_interface_ipv6_slaid
		   (str) IPv6 Site Level Aggregator for	stf(4).

       ipv6_ipv4mapping
		   (bool)  If  set  to "YES" this enables IPv4 mapped IPv6 ad-
		   dress communication (like ::ffff:a.b.c.d).

       rtsold_enable
		   (bool) Set to "YES" to enable the rtsold(8) daemon to  send
		   ICMPv6 Router Solicitation messages.

       rtsold_flags
		   (str) If rtsold_enable is set to "YES", these are the flags
		   to pass to rtsold(8).

       rtsol_flags
		   (str)   For	 interfaces   configured   with	  the	"inet6
		   accept_rtadv" keyword, these	 are  the  flags  to  pass  to
		   rtsol(8).

		   Note	  that	 rtsold_enable	 is   mutually	 exclusive  to
		   rtsol_flags;	rtsold_enable takes precedence.

       keybell	   (str) The keyboard bell sound.  Set to "normal",  "visual",
		   "off", or "NO" if the default behavior is desired.  For de-
		   tails, refer	to the kbdcontrol(1) manpage.

       keyboard	   (str)  If  set  to a	non-null string, the virtual console's
		   keyboard input is set to this device.

       keymap	   (str) If set	to "NO", no keymap is installed, otherwise the
		   value  is  used  to	install	 the  keymap  file  found   in
		   /usr/share/syscons/keymaps/<value>.kbd	(if	 using
		   syscons(4)) or /usr/share/vt/keymaps/<value>.kbd (if	 using
		   vt(4)).

       keyrate	   (str)  The keyboard repeat speed.  Set to "slow", "normal",
		   "fast", or "NO" if the default behavior is desired.

       keychange   (str) If not	set to "NO", attempt to	program	 the  function
		   keys	 with  the value.  The value should be a single	string
		   of  the  form:  "funkey_number   new_value	[funkey_number
		   new_value ...]".

       cursor	   (str)  Can  be  set	to  the	 value	of  "normal", "blink",
		   "destructive", or "NO" to set the cursor  behavior  explic-
		   itly	or choose the default behavior.

       scrnmap	   (str) If set	to "NO", no screen map is installed, otherwise
		   the	value  is  used	 to  install  the  screen  map file in
		   /usr/share/syscons/scrnmaps/<value>.	 This parameter	is ig-
		   nored when using vt(4) as the console driver.

       font8x16	   (str) If set	to "NO", the default 8x16 font value  is  used
		   for	 screen	  size	 requests,   otherwise	the  value  in
		   /usr/share/syscons/fonts/<value>			    or
		   /usr/share/vt/fonts/<value>	is used	(depending on the con-
		   sole	driver being used).

       font8x14	   (str) If set	to "NO", the default 8x14 font value  is  used
		   for	 screen	  size	 requests,   otherwise	the  value  in
		   /usr/share/syscons/fonts/<value>			    or
		   /usr/share/vt/fonts/<value>	is used	(depending on the con-
		   sole	driver being used).

       font8x8	   (str) If set	to "NO", the default 8x8 font  value  is  used
		   for	 screen	  size	 requests,   otherwise	the  value  in
		   /usr/share/syscons/fonts/<value>			    or
		   /usr/share/vt/fonts/<value>	is used	(depending on the con-
		   sole	driver being used).

       blanktime   (int) If set	to "NO", the default screen blanking  interval
		   is used, otherwise it is set	to value seconds.

       saver	   (str)  If  not set to "NO", this is the actual screen saver
		   to use (blank, snake, daemon, etc).

       moused_nondefault_enable
		   (str) If set	to "NO", the mouse  device  specified  on  the
		   command line	is not automatically treated as	enabled	by the
		   /etc/rc.d/moused script.  Having this variable set to "YES"
		   allows  a  usb(4) mouse, for	example, to be enabled as soon
		   as it is plugged in.

       moused_enable
		   (str) If set	to "YES", the moused(8)	daemon is started  for
		   doing cut/paste selection on	the console.

       moused_type
		   (str)  This	is the protocol	type of	the mouse connected to
		   this	host.  This variable must be set if  moused_enable  is
		   set	to "YES", but defaults to "auto" as the	moused(8) dae-
		   mon is able to detect the appropriate mouse type  automati-
		   cally  in  many  cases.   Set this variable to one from the
		   following list if the automatic detection fails.

		   If the mouse	is attached to the  PS/2  mouse	 port,	choose
		   "auto"  or "ps/2", regardless of the	brand and model	of the
		   mouse.  Likewise, if	the mouse is attached to the bus mouse
		   port, choose	"auto" or "busmouse".  All other protocols are
		   for serial mice and will not	work with  the	PS/2  and  bus
		   mice.   If this is a	USB mouse, "auto" is the only protocol
		   type	which will work.

		   microsoft	   Microsoft mouse (serial)
		   intellimouse	   Microsoft IntelliMouse (serial)
		   mousesystems	   Mouse systems Corp. mouse (serial)
		   mmseries	   MM Series mouse (serial)
		   logitech	   Logitech mouse (serial)
		   busmouse	   A bus mouse
		   mouseman	   Logitech MouseMan and TrackMan (serial)
		   glidepoint	   ALPS	GlidePoint (serial)
		   thinkingmouse   Kensington ThinkingMouse (serial)
		   ps/2		   PS/2	mouse
		   mmhittab	   MM HitTablet	(serial)
		   x10mouseremote  X10 MouseRemote (serial)
		   versapad	   Interlink VersaPad (serial)

		   Even	if the mouse is	not in the above list, it may be  com-
		   patible with	one in the list.  Refer	to the manual page for
		   moused(8) for compatibility information.

		   It  should  also  be	 noted that while this is enabled, any
		   other client	of the mouse (such as an X server) should  ac-
		   cess	  the	mouse	through	  the  virtual	mouse  device,
		   /dev/sysmouse, and configure	it as a	"sysmouse" type	mouse,
		   since all mouse data	is converted to	this single  canonical
		   format  when	 using	moused(8).  If the client program does
		   not support the "sysmouse" type, specify the	"mousesystems"
		   type.  It is	the second preferred type.

       moused_port
		   (str) If moused_enable is set to "YES", this	is the	actual
		   port	 the  mouse  is	on.  It	might be /dev/cuau0 for	a COM1
		   serial mouse, or /dev/psm0 for a PS/2 mouse,	for example.

       moused_flags
		   (str) If moused_flags is set, its value is used as an addi-
		   tional set of flags to pass to the moused(8)	daemon.

       moused_XXX_flags
		   When	moused_nondefault_enable is enabled, and  a  moused(8)
		   daemon   is	 started   for	 a   non-default   port,   the
		   moused_XXX_flags set	of options has precedence over and re-
		   places the default moused_flags (where XXX is the  name  of
		   the	  non-default	port,	i.e.,	ums0).	  By   setting
		   moused_XXX_flags it is possible to set up a	different  set
		   of default flags for	each moused(8) instance.  For example,
		   you	can use	"-3" for the default moused_flags to make your
		   laptop's touchpad more comfortable to use, but an empty set
		   of options for moused_ums0_flags when your usb(4) mouse has
		   three or more buttons.

       mousechar_start
		   (int) If set	to "NO", the default  mouse  cursor  character
		   range  0xd0-0xd3  is	used, otherwise	the range start	is set
		   to value character, see vidcontrol(1).  Use if the  default
		   range is occupied in	the language code table.

       allscreens_flags
		   (str)  If  set, vidcontrol(1) is run	with these options for
		   each	of the virtual terminals (/dev/ttyv*).	 For  example,
		   "-m on" will	enable the mouse pointer on all	virtual	termi-
		   nals	if moused_enable is set	to "YES".

       allscreens_kbdflags
		   (str)  If  set, kbdcontrol(1) is run	with these options for
		   each	of the virtual terminals (/dev/ttyv*).	 For  example,
		   "-h	200" will set the syscons(4) or	vt(4) scrollback (his-
		   tory) buffer	to 200 lines.

       cron_enable
		   (bool) If set to "YES", run the cron(8)  daemon  at	system
		   boot	time.

       cron_program
		   (str) Path to cron(8) (default /usr/sbin/cron).

       cron_flags  (str)  If  cron_enable is set to "YES", these are the flags
		   to pass to cron(8).

       cron_dst	   (bool) If set to "YES",  enable  the	 special  handling  of
		   transitions to and from the Daylight	Saving Time in cron(8)
		   (equivalent to using	the flag -s).

       lpd_program
		   (str) Path to lpd(8)	(default /usr/sbin/lpd).

       lpd_enable  (bool)  If  set  to	"YES", run the lpd(8) daemon at	system
		   boot	time.

       lpd_flags   (str) If lpd_enable is set to "YES",	these are the flags to
		   pass	to the lpd(8) daemon.

       chkprintcap_enable
		   (bool) If set to "YES", run the chkprintcap(8) command  be-
		   fore	starting the lpd(8) daemon.

       chkprintcap_flags
		   (str)  If  lpd_enable  and  chkprintcap_enable  are	set to
		   "YES", these	are the	flags to pass  to  the	chkprintcap(8)
		   program.   The default is "-d", which causes	missing	direc-
		   tories to be	created.

       dumpdev	   (str) Indicates the device (usually a  swap	partition)  to
		   which a crash dump should be	written	in the event of	a sys-
		   tem	crash.	 If  the value of this variable	is "AUTO", the
		   first suitable swap device listed  in  /etc/fstab  will  be
		   used	as dump	device.	 Otherwise, the	value of this variable
		   is passed as	the argument to	dumpon(8) and savecore(8).  To
		   disable crash dumps,	set this variable to "NO".

       dumpon_flags
		   (str)  Flags	 to pass to dumpon(8) when configuring dumpdev
		   as the system dump device.

       dumpdir	   (str) When the system reboots after a  crash	 and  a	 crash
		   dump	 is found on the device	specified by the dumpdev vari-
		   able, savecore(8) will save that crash dump and a  copy  of
		   the	kernel to the directory	specified by the dumpdir vari-
		   able.  The default value is /var/crash.  Set	to "NO"	to not
		   run savecore(8) at boot time	when dumpdir is	set.

       savecore_enable
		   (bool) If set to "NO", disable automatic extraction of  the
		   crash dump from the dumpdev.

       savecore_flags
		   (str)  If  crash  dumps are enabled,	these are the flags to
		   pass	to the savecore(8) utility.

       quota_enable
		   (bool) Set to "YES" to turn on user and group  disk	quotas
		   on  system  startup via the quotaon(8) command for all file
		   systems marked as having quotas enabled in /etc/fstab.  The
		   kernel must be built	with options QUOTA for disk quotas  to
		   function.

       check_quotas
		   (bool)  Set	to  "YES"  to enable user and group disk quota
		   checking via	the quotacheck(8) command.

       quotacheck_flags
		   (str) If quota_enable is set	to "YES", and check_quotas  is
		   set	 to  "YES",  these  are	 the  flags  to	 pass  to  the
		   quotacheck(8) utility.  The default is "-a",	 which	checks
		   quotas   for	 all  file  systems  with  quotas  enabled  in
		   /etc/fstab.

       quotaon_flags
		   (str) If quota_enable is set	to "YES", these	are the	 flags
		   to  pass  to	 the quotaon(8)	utility.  The default is "-a",
		   which enables quotas	for all	file systems with  quotas  en-
		   abled in /etc/fstab.

       quotaoff_flags
		   (str)  If quota_enable is set to "YES", these are the flags
		   to pass to the quotaoff(8) utility when shutting  down  the
		   quota  system.   The	default	is "-a", which disables	quotas
		   for all file	systems	with quotas enabled in /etc/fstab.

       accounting_enable
		   (bool) Set to "YES" to enable system	accounting through the
		   accton(8) facility.

       firstboot_sentinel
		   (str) This variable specifies the full  path	 to  a	"first
		   boot" sentinel file.	 If a file exists with this path, rc.d
		   scripts with	the "firstboot"	keyword	will be	run on startup
		   and	the  sentinel  file  will  be  deleted	after the boot
		   process completes.  The sentinel file must be located on  a
		   writable  file  system  which  is  mounted  no  later  than
		   early_late_divider to function properly.   The  default  is
		   /firstboot.

       linux_enable
		   (bool) Set to "YES" to enable Linux/ELF binary emulation at
		   system initial boot time.

       sysvipc_enable
		   (bool)  If  set  to	"YES", load System V IPC primitives at
		   boot	time.

       clear_tmp_enable
		   (bool) Set to "YES" to have /tmp cleaned at startup.

       clear_tmp_X
		   (bool) Set to "NO" to disable removing of X11  lock	files,
		   and	the  removal  and  (secure)  recreation	of the various
		   socket directories for X11 related programs.

       ldconfig_paths
		   (str) Set to	the list of shared library paths to  use  with
		   ldconfig(8).	  NOTE:	/lib and /usr/lib will always be added
		   first, so they need not appear in this list.

       ldconfig32_paths
		   (str) Set to	the list of 32-bit  compatibility  shared  li-
		   brary paths to use with ldconfig(8).

       ldconfig_insecure
		   (bool)  The ldconfig(8) utility normally refuses to use di-
		   rectories which are writable	by anyone  except  root.   Set
		   this	 variable to "YES" to disable that security check dur-
		   ing system startup.

       ldconfig_local_dirs
		   (str) Set to	the list  of  local  ldconfig(8)  directories.
		   The	names  of  all files in	the directories	listed will be
		   passed as arguments to ldconfig(8).

       ldconfig_local32_dirs
		   (str)  Set  to  the	list  of  local	 32-bit	 compatibility
		   ldconfig(8) directories.  The names of all files in the di-
		   rectories  listed  will be passed as	arguments to "ldconfig
		   -32".

       kern_securelevel_enable
		   (bool) Set to "YES" to set the  kernel  security  level  at
		   system startup.

       kern_securelevel
		   (int) The kernel security level to set at startup.  The al-
		   lowed  range	 of value ranges from -1 (the compile time de-
		   fault) to 3 (the most secure).   See	 security(7)  for  the
		   list	of possible security levels and	their effect on	system
		   operation.

       sshd_program
		   (str) Path to the SSH server	program	(/usr/sbin/sshd	is the
		   default).

       sshd_enable
		   (bool) Set to "YES" to start	sshd(8)	at system boot time.

       sshd_flags  (str)  If  sshd_enable is set to "YES", these are the flags
		   to pass to the sshd(8) daemon.

       ftpd_program
		   (str) Path to the FTP server	program	(/usr/libexec/ftpd  is
		   the default).

       ftpd_enable
		   (bool)  Set to "YES"	to start ftpd(8) as a stand-alone dae-
		   mon at system boot time.

       ftpd_flags  (str) If ftpd_enable	is set to "YES", these are  the	 addi-
		   tional flags	to pass	to the ftpd(8) daemon.

       watchdogd_enable
		   (bool)  If  set  to "YES", start the	watchdogd(8) daemon at
		   boot	time.  This requires that the kernel  have  been  com-
		   piled with a	watchdog(4) compatible device.

       watchdogd_flags
		   (str)  If  watchdogd_enable	is set to "YES", these are the
		   flags passed	to the watchdogd(8) daemon.

       watchdogd_timeout
		   (int) If watchdogd_enable is	set to "YES", this is a	 time-
		   out	that will be used by the watchdogd(8) daemon.  If this
		   option is set, it overrides -t in watchdogd_flags.

       watchdogd_shutdown_timeout
		   (int) If watchdogd_enable is	set to "YES", this is a	 time-
		   out that will be set	by the watchdogd(8) daemon when	it ex-
		   its	during	the system shutdown.  This timeout will	not be
		   set when returning to the  single-user  mode	 or  when  the
		   watchdogd   service	 is  stopped  individually  using  the
		   service(8) command or the rc.d script.  Note	that the time-
		   out will be applied if watchdogd(8) is stopped  outside  of
		   rc(8) framework.  If	this option is set, it overrides -x in
		   watchdogd_flags.

       devfs_rulesets
		   (str) List of files containing sets of rules	for devfs(8).

       devfs_system_ruleset
		   (str) Rule name(s) to apply to the system /dev itself.

       devfs_set_rulesets
		   (str) Pairs of already-mounted dev directories and rulesets
		   that	  should   be	applied	  to   them.	For   example:
		   /mount/dev=ruleset_name

       devfs_load_rulesets
		   (bool) If set, always load the default rulesets  listed  in
		   devfs_rulesets.

       performance_cx_lowest
		   (str)  CPU idle state to use	while on AC power.  The	string
		   "LOW" indicates that	acpi(4)	should use  the	 lowest	 power
		   state  available while "HIGH" indicates that	the lowest la-
		   tency state (less power savings) should be used.

       performance_cpu_freq
		   (str) CPU clock frequency to	use while on  AC  power.   The
		   string  "LOW" indicates that	cpufreq(4) should use the low-
		   est frequency available while  "HIGH"  indicates  that  the
		   highest frequency (less power savings) should be used.

       economy_cx_lowest
		   (str)  CPU idle state to use	when off AC power.  The	string
		   "LOW" indicates that	acpi(4)	should use  the	 lowest	 power
		   state  available while "HIGH" indicates that	the lowest la-
		   tency state (less power savings) should be used.

       economy_cpu_freq
		   (str) CPU clock frequency to	use when off  AC  power.   The
		   string  "LOW" indicates that	cpufreq(4) should use the low-
		   est frequency available while  "HIGH"  indicates  that  the
		   highest frequency (less power savings) should be used.

       jail_enable
		   (bool)  If  set  to	"NO", any configured jails will	not be
		   started.

       jail_conf   (str) The configuration filename used by  jail(8)  utility.
		   The	     default	   value       is      /etc/jail.conf.
		   /etc/jail.<jname>.conf  and	 /etc/jail.conf.d/<jname>.conf
		   will	also be	used if	<jname>	is set in jail_list.

       jail_parallel_start
		   (bool)  If  set  to	"YES",	all  configured	 jails will be
		   started in the background (in parallel).

       jail_flags  (str) Unset by default.  When set, use as default value for
		   jail_<jname>_flags for every	jail in	jail_list.

       jail_list   (str) A space-delimited list	 of  jail  names.   When  left
		   empty, all of the jail(8) instances defined in the configu-
		   ration  file	are started.  The names	specified in this list
		   control the jail startup order.  jail(8) instances  missing
		   from	 jail_list  must  be  started  manually.   Note	that a
		   jail's depend parameter in the configuration	file may over-
		   ride	this list.

       jail_reverse_stop
		   (bool) When set to "YES", all configured jails in jail_list
		   are stopped in reverse order.

       jail_* variables
		   Note	that older releases supported  per-jail	 configuration
		   via	rc.conf	 variables.   For  example, hostname of	a jail
		   named vjail was able	 to  be	 set  by  jail_vjail_hostname.
		   These  per-jail configuration variables are now obsolete in
		   favor of jail(8) configuration file.	 For backward compati-
		   bility, when	per-jail configuration variables are  defined,
		   jail(8)     configuration	 files	  are	 created    as
		   /var/run/jail.<jname>.conf and used.

		   The following per-jail parameters are handled by  rc.d/jail
		   script  out	of  their corresponding	rc.conf	variables.  In
		   addition to	them,  parameters  in  jail_<jname>_parameters
		   will	 be  added  to the configuration file.	They must be a
		   semi-colon (`;') delimited list of "key=value".   For  more
		   details, see	jail(8)	manual page.

			 path		set from jail_<jname>_rootdir

			 host.hostname	set from jail_<jname>_hostname

			 exec.consolelog
					set from jail_<jname>_consolelog.  The
					default		   value	    is
					/var/log/jail_<jname>_console.log.

			 interface	set from jail_<jname>_interface.

			 vnet.interface
					set from  jail_<jname>_vnet_interface.
					This  implies  vnet  parameter will be
					enabled	and cannot be  specified  with
					jail_<jname>_interface,
					jail_<jname>_ip			and/or
					jail_<jname>_ip_multi<n> at  the  same
					time.

			 fstab		set from jail_<jname>_fstab

			 mount		set from jail_<jname>_procfs_enable.

			 exec.fib	set from jail_<jname>_fib

			 exec.start	set from jail_<jname>_exec_start.  The
					parameter  name	 was  command  in some
					older releases.

			 exec.prestart	set from jail_<jname>_exec_prestart

			 exec.poststart
					set from jail_<jname>_exec_poststart

			 exec.stop	set from jail_<jname>_exec_stop

			 exec.prestop	set from jail_<jname>_exec_prestop

			 exec.poststop	set from jail_<jname>_exec_poststop

			 ip4.addr	set	if     jail_<jname>_ip	    or
					jail_<jname>_ip_multi<n>  contain IPv4
					addresses

			 ip6.addr	set	if     jail_<jname>_ip	    or
					jail_<jname>_ip_multi<n>  contain IPv6
					addresses

			 allow.mount	set from jail_<jname>_mount_enable

			 mount.devfs	set from jail_<jname>_devfs_enable

			 devfs_ruleset	set  from  jail_<jname>_devfs_ruleset.
					This must be an	integer, not a string.

			 mount.fdescfs	set from jail_<jname>_fdescfs_enable

			 allow.set_hostname
					set				  from
					jail_<jname>_set_hostname_allow

			 allow.rawsocket
					set				  from
					jail_<jname>_socket_unixiproute_only

			 allow.sysvipc	set from jail_<jname>_sysvipc_allow

       harvest_mask
		   (int)  Set  to  a bit-mask representing the entropy sources
		   you wish to harvest.	 Refer to random(4) for	more  informa-
		   tion.

       entropy_dir
		   (str)  Set  to "NO" to disable caching entropy via cron(8).
		   Otherwise set to the	directory in which the	entropy	 files
		   are	stored.	 To be useful, there must be a system cron job
		   that	regularly writes and rotates files  here.   All	 files
		   found   will	  be  used  at	boot  time.   The  default  is
		   /var/db/entropy.

       entropy_file
		   (str) Set to	"NO" to	disable	caching	 entropy  through  re-
		   boots.   Otherwise  set to the name of a file used to store
		   cached entropy.  This file should be	located	on a file sys-
		   tem that is readable	before all the	volumes	 specified  in
		   fstab(5) are	mounted.  By default, /entropy is used,	but if
		   /var/db/entropy-file	 is  found it will also	be used.  This
		   will	be of some use to bsdinstall(8).

       entropy_boot_file
		   (str) Set to	"NO" to	disable	 very  early  caching  entropy
		   through  reboots.   Otherwise  set  to the filename used to
		   read	very early reboot cached entropy.  This	file should be
		   located  where   loader(8)	can   read   it.    See	  also
		   loader.conf(5).  The	default	location is /boot/entropy.

       entropy_save_sz
		   (int) Size of the entropy cache files saved by save-entropy
		   periodically.

       entropy_save_num
		   (int) Number	of entropy cache files to save by save-entropy
		   periodically.

       ipsec_enable
		   (bool)  Set to "YES"	to run setkey(8) on ipsec_file at boot
		   time.

       ipsec_file  (str) Configuration file for	setkey(8).

       dmesg_enable
		   (bool) Set to "YES" to save dmesg(8)	to /var/run/dmesg.boot
		   on boot.

       rcshutdown_timeout
		   (int) If set, start a  watchdog  timer  in  the  background
		   which  will	terminate  rc.shutdown	if shutdown(8) has not
		   completed within the	specified time (in  seconds).	Notice
		   that	in addition to this soft timeout, init(8) also applies
		   a  hard  timeout for	the execution of rc.shutdown.  This is
		   configured	      via	   sysctl(8)	      variable
		   kern.init_shutdown_timeout  and  defaults  to  120 seconds.
		   Setting the value of	rcshutdown_timeout to  more  than  120
		   seconds  will  have	no effect until	the sysctl(8) variable
		   kern.init_shutdown_timeout is also increased.

       virecover_enable
		   (bool) Set to "NO" to prevent the system from trying	to re-
		   cover prematurely terminated	vi(1) sessions.

       ugidfw_enable
		   (bool) Set to "YES" to load the  mac_bsdextended(4)	module
		   upon	system initialization and load a default ruleset file.

       bsdextended_script
		   (str)  The default mac_bsdextended(4) ruleset file to load.
		   The default value of	this variable is /etc/rc.bsdextended.

       newsyslog_enable
		   (bool)  If  set  to	"YES",	run  newsyslog(8)  command  at
		   startup.

       newsyslog_flags
		   (str)  If  newsyslog_enable	is set to "YES", these are the
		   flags to pass to the	newsyslog(8) program.  The default  is
		   "-CN",  which  causes log files flagged with	a C to be cre-
		   ated.

       mdconfig_md<X>
		   (str) Arguments to mdconfig(8) for md(4) device X.  At min-
		   imum	a -t type must be specified and	either a -s  size  for
		   malloc  or swap backed md(4)	devices	or a -f	file for vnode
		   backed md(4)	devices.  Note that  mdconfig_md<X>  variables
		   are evaluated until one variable is unset or	null.

       mdconfig_md<X>_newfs
		   (str)  Optional  arguments passed to	newfs(8) to initialize
		   md(4) device	X.

       mdconfig_md<X>_owner
		   (str) An ownership specification passed to  chown(8)	 after
		   the	specified  md(4)  device X has been mounted.  Both the
		   md(4) device	and the	mount point will be changed.

       mdconfig_md<X>_perms
		   (str) A mode	string passed to chmod(1) after	the  specified
		   md(4) device	X has been mounted.  Both the md(4) device and
		   the mount point will	be changed.

       mdconfig_md<X>_files
		   (str)  Files	 to  be	copied to the mount point of the md(4)
		   device X after it has been mounted.

       mdconfig_md<X>_cmd
		   (str) Command to execute after the specified	md(4) device X
		   has been mounted.  Note that	the command is passed to  eval
		   and	that both _dev and _mp variables can be	used to	refer-
		   ence	respectively the md(4) device  and  the	 mount	point.
		   Assuming  that  the	md(4) device is	md0, one could set the
		   following:

		   mdconfig_md0_cmd="tar xfzC /var/file.tgz \${_mp}"

       autobridge_interfaces
		   (str) Set to	the list of bridge interfaces that  will  have
		   newly  arriving  interfaces checked against to be automati-
		   cally added.	 If not	set to "NO" then for  each  whitespace
		   separated  element  in  the	value,	a autobridge_<element>
		   variable is assumed to exist	which has a  whitespace	 sepa-
		   rated list of interface names to match, these names can use
		   wildcards.  For example:

		   autobridge_interfaces="bridge0"
		   autobridge_bridge0="tap* dc0	vlan[345]"

       mixer_enable
		   (bool) If set to "YES", enable support for sound mixer.

       hcsecd_enable
		   (bool) If set to "YES", enable Bluetooth security daemon.

       hcsecd_config
		   (str)    Configuration   file   for	 hcsecd(8).    Default
		   /etc/bluetooth/hcsecd.conf.

       sdpd_enable
		   (bool) If set to "YES", enable Bluetooth Service  Discovery
		   Protocol daemon.

       sdpd_control
		   (str)    Path   to	sdpd(8)	  control   socket.    Default
		   /var/run/sdp.

       sdpd_groupname
		   (str) Sets sdpd(8) group to run as  after  it  initializes.
		   Default "nobody".

       sdpd_username
		   (str)  Sets	sdpd(8)	 user  to run as after it initializes.
		   Default "nobody".

       bthidd_enable
		   (bool) If set to "YES", enable  Bluetooth  Human  Interface
		   Device daemon.

       bthidd_config
		   (str)    Configuration   file   for	 bthidd(8).    Default
		   /etc/bluetooth/bthidd.conf.

       bthidd_hids
		   (str) Path to a file, where bthidd(8) will  store  informa-
		   tion	about known HID	devices.  Default /var/db/bthidd.hids.

       rfcomm_pppd_server_enable
		   (bool) If set to "YES", enable Bluetooth RFCOMM PPP wrapper
		   daemon.

       rfcomm_pppd_server_profile
		   (str)    The	   name	  of   the   profile   to   use	  from
		   /etc/ppp/ppp.conf.	Multiple  profiles  can	 be  specified
		   here.   Also	 used  to specify per-profile overrides.  When
		   the profile name contains any of the	characters ".-/+" they
		   are translated to "_" for  the  proposes  of	 the  override
		   variable names.

       rfcomm_pppd_server_<profile>_bdaddr
		   (str)  Overrides  local  address  to	listen on.  By default
		   rfcomm_pppd(8) will listen on "ANY" address.	  The  address
		   can be specified as BD_ADDR or name.

       rfcomm_pppd_server_<profile>_channel
		   (str)  Overrides local RFCOMM channel to listen on.	By de-
		   fault rfcomm_pppd(8)	will listen on RFCOMM channel 1.  Must
		   set properly	if multiple profiles used in the same time.

       rfcomm_pppd_server_<profile>_register_sp
		   (bool) Tells	rfcomm_pppd(8) if it  should  register	Serial
		   Port	 service  on  the  specified  RFCOMM channel.  Default
		   "NO".

       rfcomm_pppd_server_<profile>_register_dun
		   (bool) Tells	rfcomm_pppd(8) if it should  register  Dial-Up
		   Networking  service	on  the	specified RFCOMM channel.  De-
		   fault "NO".

       ubthidhci_enable
		   (bool) If set to "YES", change the USB Bluetooth controller
		   from	HID mode to HCI	mode.  You also	need  to  specify  the
		   location    of    USB   Bluetooth   controller   with   the
		   ubthidhci_busnum and	ubthidhci_addr variables.

       ubthidhci_busnum
		   Bus number where the	USB Bluetooth controller  is  located.
		   Check  the  output  of  usbconfig(8)	on your	system to find
		   this	information.

       ubthidhci_addr
		   Bus address of the USB  Bluetooth  controller.   Check  the
		   output of usbconfig(8) on your system to find this informa-
		   tion.

       utx_enable  (bool)  Set	to "YES" to enable user	accounting through the
		   utx(8) facility.

       netwait_enable
		   (bool) If set to "YES", delays the start of network-reliant
		   services until netwait_if is	up and ICMP packets to a  des-
		   tination  defined in	netwait_ip are flowing.	 Link state is
		   examined first, followed by "pinging" an IP address to ver-
		   ify network usability.  If no destination can be reached or
		   timeouts are	exceeded, network services are started	anyway
		   with	 no guarantee that the network is usable.  Use of this
		   variable requires both netwait_ip and netwait_if to be set.

       netwait_ip  (str) Empty by default.  This variable contains a space-de-
		   limited list	of IP addresses	 to  ping(8).	DNS  hostnames
		   should  not	be  used as resolution is not guaranteed to be
		   functional at this point.  If  multiple  IP	addresses  are
		   specified,  each  will  be tried until one is successful or
		   the list is exhausted.

       netwait_timeout
		   (int) Indicates the total number of seconds	to  perform  a
		   "ping"  against each	IP address in netwait_ip, at a rate of
		   one ping per	second.	 If any	of the pings  are  successful,
		   full	 network connectivity is considered reliable.  The de-
		   fault is 60.

       netwait_if  (str) Empty by default.  Defines the	name  of  the  network
		   interface  on which watch for link.	ifconfig(8) is used to
		   monitor the interface, looking for  "status:	 no  carrier".
		   Once	 gone,	the  link  is  considered  up.	 This can be a
		   vlan(4) interface if	desired.

       netwait_if_timeout
		   (int) Defines the total number of seconds to	wait for  link
		   to  become  usable, polled at a 1-second interval.  The de-
		   fault is 30.

       rctl_enable
		   (bool) If set to "YES", load	rctl(8)	rules from the defined
		   ruleset.  The kernel	must be	built with options  RACCT  and
		   options RCTL.

       rctl_rules  (str)  Set  to  /etc/rctl.conf  by default.	This variables
		   contains the	rctl.conf(5) ruleset to	load for rctl(8).

       iovctl_files
		   (str) A space-separated list	of configuration files used by
		   iovctl(8).  The default value is an empty string.

       autofs_enable
		   (bool) If set to "YES", start the automount(8) utility  and
		   the automountd(8) and autounmountd(8) daemons at boot time.

       automount_flags
		   (str) If autofs_enable is set to "YES", these are the flags
		   to  pass  to	the automount(8) program.  By default no flags
		   are passed.

       automountd_flags
		   (str) If autofs_enable is set to "YES", these are the flags
		   to pass to the automountd(8)	daemon.	 By default  no	 flags
		   are passed.

       autounmountd_flags
		   (str) If autofs_enable is set to "YES", these are the flags
		   to pass to the autounmountd(8) daemon.  By default no flags
		   are passed.

       ctld_enable
		   (bool)  If  set  to "YES", start the	ctld(8)	daemon at boot
		   time.

       iscsid_enable
		   (bool) If set to "YES", start the iscsid(8) daemon at  boot
		   time.

       iscsictl_enable
		   (bool)  If  set  to "YES", start the	iscsictl(8) utility at
		   boot	time.

       iscsictl_flags
		   (str) If iscsictl_enable is set to  "YES",  these  are  the
		   flags  to  pass to the iscsictl(8) program.	The default is
		   "-Aa",   which   configures	 sessions   based    on	   the
		   /etc/iscsi.conf configuration file.

       cfumass_enable
		   (bool)  If set to "YES", create and export an USB LUN using
		   cfumass(4) at boot time.

       cfumass_dir
		   (str) The directory where the files exported	by USB LUN are
		   located.  The default directory is /var/cfumass.

       service_delete_empty
		   (bool) If set to  "YES",  `service  delete'	removes	 empty
		   "rc.conf.d" files.

       zfs_bootonce_activate
		   (bool)  If  set  to	"YES",	and  a boot environment	marked
		   bootonce is successfully booted, it	will  be  made	perma-
		   nently active.

       zfskeys_enable
		   (bool)  If  set to "YES", enable auto-loading of encryption
		   keys	for encrypted ZFS datasets.   For  every  dataset  the
		   script  will	 first load the	appropriate encryption key and
		   then	attempt	to unlock the dataset.

		   The script operates only on datasets	 which	are  encrypted
		   with	 ZFS  native  encryption  and have a ZFS "keylocation"
		   dataset property beginning with "file://".

       zfskeys_datasets
		   (str) A whitespace-separated	list of	ZFS  datasets  to  un-
		   lock.   The	list is	empty by default, which	means that the
		   script will attempt to unlock all datasets.

       zfskeys_timeout
		   (int) Define	the total number of seconds to	wait  for  the
		   zfskeys script to unlock an encrypted dataset.  The default
		   is 10.

       sendmail_enable
		   (str) If set	to "YES", run the sendmail(8) daemon at	system
		   boot	time.  If set to "NO", do not run a sendmail(8)	daemon
		   to  listen  for  incoming network mail.  This does not pre-
		   clude a sendmail(8) daemon listening	on the	SMTP  port  of
		   the	loopback  interface.   The  "NONE"  option  sets  each
		   sendmail_enable,		       sendmail_submit_enable,
		   sendmail_outbound_enable,	sendmail_msp_queue_enable   to
		   "NO".

       sendmail_cert_create
		   (str) If sendmail_enable is set to "YES", create  a	signed
		   certificate	    /etc/mail/certs/host.cert	  representing
		   /etc/mail/certs/host.key   by   the	 CA   certificate   in
		   /etc/mail/certs/cacert.pem.	 This  will  enable connecting
		   hosts to negotiate STARTTLS allowing	incoming email	to  be
		   encrypted  in  transit.  sendmail(8)	needs to be configured
		   to use these	generated files.  The default configuration in
		   /etc/mail/freebsd.mc	has the	required options in it.

       sendmail_cert_cn
		   (str)   If	sendmail_enable	  is   set   to	  "YES"	   and
		   sendmail_cert_create	 is  set  to "YES", this is the	Common
		   Name	(CN) of	the certificate	 that  will  be	 created.   If
		   sendmail_cert_cn  is	not set, the system's hostname will be
		   used.  If there is no  hostname  set,  "amnesiac"  will  be
		   used.

       sendmail_flags
		   (str)  If  sendmail_enable  is  set to "YES", these are the
		   flags to pass to the	sendmail(8) daemon.

       sendmail_submit_enable
		   (bool) If set to "YES" and sendmail_enable is set to	 "NO",
		   run	sendmail(8)  using  sendmail_submit_flags  instead  of
		   sendmail_flags.  This is intended to	allow local mail  sub-
		   mission  via	 a  localhost-only  listening SMTP service re-
		   quired for running sendmail(8) as a non-set-user-ID binary.
		   Note	that this does not work	 inside	 jail(2)  systems,  as
		   jails do not	allow binding to just the localhost interface.

       sendmail_submit_flags
		   (str)    If	  sendmail_enable   is	 set   to   "NO"   and
		   sendmail_submit_enable is set to "YES", these are the flags
		   to pass to the sendmail(8) daemon.

       sendmail_outbound_enable
		   (bool)  If  set  to	"YES"  and  both  sendmail_enable  and
		   sendmail_submit_enable are set to "NO", run sendmail(8) us-
		   ing	 sendmail_outbound_flags  instead  of  sendmail_flags.
		   This	is intended to allow local mail	queue  management  for
		   systems that	do not offer a listening SMTP service.

       sendmail_outbound_flags
		   (str)  If  both  sendmail_enable and	sendmail_submit_enable
		   are set to "NO"  and	 sendmail_outbound_enable  is  set  to
		   "YES",  these are the flags to pass to the sendmail(8) dae-
		   mon.

       sendmail_msp_queue_enable
		   (bool) If set to "YES", start a client (MSP)	 queue	runner
		   sendmail(8)	daemon	at  system  boot time.	As of sendmail
		   8.12, a separate queue is used  for	command	 line  submis-
		   sions.   The	 client	 queue	runner ensures that nothing is
		   left	behind in the submission queue.

       sendmail_msp_queue_flags
		   (str)  If  sendmail_msp_queue_enable	 is  set  to   daemon.
		   "YES", these	are the	flags to pass to the sendmail(8)

FILES
       /etc/defaults/rc.conf
       /etc/defaults/vendor.conf
       /etc/rc.conf
       /etc/rc.conf.local
       /etc/rc.conf.d/

SEE ALSO
       chmod(1),    cpuset(1),	  gdb(1)   (ports/devel/gdb),	kbdcontrol(1),
       limits(1),   protect(1),	  sh(1),    umask(1),	 uuidgen(1),	vi(1),
       vidcontrol(1),	bridge(4),   dummynet(4),   ip(4),   ipf(4),  ipfw(4),
       ipnat(4),  kld(4),  pf(4),   pflog(4),	pfsync(4),   tcp(4),   udp(4),
       exports(5),  fstab(5),  ipf(5), ipnat(5), jail.conf(5), loader.conf(5),
       login.conf(5),  motd(5),	 newsyslog.conf(5),  pf.conf(5),  firewall(7),
       growfs(7),  security(7),	 tuning(7),  accton(8),	apm(8),	bsdinstall(8),
       bthidd(8), chkprintcap(8), chown(8),  cron(8),  devfs(8),  dhclient(8),
       ftpd(8),	 geli(8), hcsecd(8), ifconfig(8), inetd(8), iovctl(8), ipf(8),
       ipfw(8),	  ipnat(8),   jail(8),	  kldxref(8),	 loader(8),    lpd(8),
       makewhatis(8),  mdconfig(8),  mdmfs(8), mixer(8), mountd(8), moused(8),
       newfs(8),  newsyslog(8),	 nfsd(8),   ntpd(8),   ntpdate(8),   pfctl(8),
       pflogd(8),   ping(8),   powerd(8),  quotacheck(8),  quotaon(8),	rc(8),
       rc.subr(8),   rcorder(8),   rfcomm_pppd(8),    route(8),	   route6d(8),
       routed(8),	rpc.lockd(8),	   rpc.statd(8),      rpc.tlsclntd(8),
       rpc.tlsservd(8),	  rpcbind(8),	 rwhod(8),    savecore(8),    sdpd(8),
       sendmail(8),  service(8),  sshd(8),  swapon(8),	sysctl(8), syslogd(8),
       sysrc(8),  unbound(8),  usbconfig(8),  utx(8),	wlandebug(8),	yp(8),
       ypbind(8), ypserv(8), ypset(8)

HISTORY
       The rc.conf file	appeared in FreeBSD 2.2.2.

AUTHORS
       Jordan K. Hubbard.

FreeBSD	13.2		      September	18, 2023		    RC.CONF(5)

NAME | DESCRIPTION | FILES | SEE ALSO | HISTORY | AUTHORS

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=rc.conf&sektion=5&manpath=FreeBSD+14.1-RELEASE+and+Ports>

home | help