| @@ -1,1250 +1,1274 @@ | | | @@ -1,1250 +1,1274 @@ |
1 | .\" $NetBSD: rc.conf.5,v 1.166.6.1 2019/05/14 11:33:43 martin Exp $ | | 1 | .\" $NetBSD: rc.conf.5,v 1.166.6.2 2020/04/23 13:43:42 martin Exp $ |
2 | .\" | | 2 | .\" |
3 | .\" Copyright (c) 1996 Matthew R. Green | | 3 | .\" Copyright (c) 1996 Matthew R. Green |
4 | .\" All rights reserved. | | 4 | .\" All rights reserved. |
5 | .\" | | 5 | .\" |
6 | .\" Redistribution and use in source and binary forms, with or without | | 6 | .\" Redistribution and use in source and binary forms, with or without |
7 | .\" modification, are permitted provided that the following conditions | | 7 | .\" modification, are permitted provided that the following conditions |
8 | .\" are met: | | 8 | .\" are met: |
9 | .\" 1. Redistributions of source code must retain the above copyright | | 9 | .\" 1. Redistributions of source code must retain the above copyright |
10 | .\" notice, this list of conditions and the following disclaimer. | | 10 | .\" notice, this list of conditions and the following disclaimer. |
11 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 11 | .\" 2. Redistributions in binary form must reproduce the above copyright |
12 | .\" notice, this list of conditions and the following disclaimer in the | | 12 | .\" notice, this list of conditions and the following disclaimer in the |
13 | .\" documentation and/or other materials provided with the distribution. | | 13 | .\" documentation and/or other materials provided with the distribution. |
14 | .\" | | 14 | .\" |
15 | .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | | 15 | .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
16 | .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | | 16 | .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
17 | .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | | 17 | .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
18 | .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | | 18 | .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
19 | .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | | 19 | .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
20 | .\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | | 20 | .\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
21 | .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED | | 21 | .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED |
22 | .\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | | 22 | .\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
23 | .\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 23 | .\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
24 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 24 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
25 | .\" SUCH DAMAGE. | | 25 | .\" SUCH DAMAGE. |
26 | .\" | | 26 | .\" |
27 | .\" Copyright (c) 1997 Curt J. Sampson | | 27 | .\" Copyright (c) 1997 Curt J. Sampson |
28 | .\" Copyright (c) 1997 Michael W. Long | | 28 | .\" Copyright (c) 1997 Michael W. Long |
29 | .\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. | | 29 | .\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. |
30 | .\" All rights reserved. | | 30 | .\" All rights reserved. |
31 | .\" | | 31 | .\" |
32 | .\" This document is derived from works contributed to The NetBSD Foundation | | 32 | .\" This document is derived from works contributed to The NetBSD Foundation |
33 | .\" by Luke Mewburn. | | 33 | .\" by Luke Mewburn. |
34 | .\" | | 34 | .\" |
35 | .\" Redistribution and use in source and binary forms, with or without | | 35 | .\" Redistribution and use in source and binary forms, with or without |
36 | .\" modification, are permitted provided that the following conditions | | 36 | .\" modification, are permitted provided that the following conditions |
37 | .\" are met: | | 37 | .\" are met: |
38 | .\" 1. Redistributions of source code must retain the above copyright | | 38 | .\" 1. Redistributions of source code must retain the above copyright |
39 | .\" notice, this list of conditions and the following disclaimer. | | 39 | .\" notice, this list of conditions and the following disclaimer. |
40 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 40 | .\" 2. Redistributions in binary form must reproduce the above copyright |
41 | .\" notice, this list of conditions and the following disclaimer in the | | 41 | .\" notice, this list of conditions and the following disclaimer in the |
42 | .\" documentation and/or other materials provided with the distribution. | | 42 | .\" documentation and/or other materials provided with the distribution. |
43 | .\" 3. The name of the author may not be used to endorse or promote products | | 43 | .\" 3. The name of the author may not be used to endorse or promote products |
44 | .\" derived from this software without specific prior written permission. | | 44 | .\" derived from this software without specific prior written permission. |
45 | .\" | | 45 | .\" |
46 | .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | | 46 | .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
47 | .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | | 47 | .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
48 | .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | | 48 | .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
49 | .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | | 49 | .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
50 | .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | | 50 | .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
51 | .\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | | 51 | .\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
52 | .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED | | 52 | .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED |
53 | .\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | | 53 | .\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
54 | .\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 54 | .\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
55 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 55 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
56 | .\" SUCH DAMAGE. | | 56 | .\" SUCH DAMAGE. |
57 | .\" | | 57 | .\" |
58 | .Dd May 14, 2019 | | 58 | .Dd April 23, 2020 |
59 | .Dt RC.CONF 5 | | 59 | .Dt RC.CONF 5 |
60 | .Os | | 60 | .Os |
61 | .Sh NAME | | 61 | .Sh NAME |
62 | .Nm rc.conf | | 62 | .Nm rc.conf |
63 | .Nd system startup configuration file | | 63 | .Nd system startup configuration file |
64 | .Sh DESCRIPTION | | 64 | .Sh DESCRIPTION |
65 | The | | 65 | The |
66 | .Nm | | 66 | .Nm |
67 | file specifies which services are enabled during system startup by | | 67 | file specifies which services are enabled during system startup by |
68 | the startup scripts invoked by | | 68 | the startup scripts invoked by |
69 | .Pa /etc/rc | | 69 | .Pa /etc/rc |
70 | (see | | 70 | (see |
71 | .Xr rc 8 ) , | | 71 | .Xr rc 8 ) , |
72 | and the shutdown scripts invoked by | | 72 | and the shutdown scripts invoked by |
73 | .Pa /etc/rc.shutdown . | | 73 | .Pa /etc/rc.shutdown . |
74 | The | | 74 | The |
75 | .Nm | | 75 | .Nm |
76 | file is a shell script that is sourced by | | 76 | file is a shell script that is sourced by |
77 | .Xr rc 8 , | | 77 | .Xr rc 8 , |
78 | meaning that | | 78 | meaning that |
79 | .Nm | | 79 | .Nm |
80 | must contain valid shell commands. | | 80 | must contain valid shell commands. |
81 | .Pp | | 81 | .Pp |
82 | Listed below are the standard | | 82 | Listed below are the standard |
83 | .Nm | | 83 | .Nm |
84 | variables that may be set, the values to which each may be set, | | 84 | variables that may be set, the values to which each may be set, |
85 | a brief description of what each variable does, and a reference to | | 85 | a brief description of what each variable does, and a reference to |
86 | relevant manual pages. | | 86 | relevant manual pages. |
87 | Third party packages may test for additional variables. | | 87 | Third party packages may test for additional variables. |
88 | .Pp | | 88 | .Pp |
89 | By default, | | 89 | By default, |
90 | .Nm | | 90 | .Nm |
91 | reads | | 91 | reads |
92 | .Pa /etc/defaults/rc.conf | | 92 | .Pa /etc/defaults/rc.conf |
93 | (if it is readable) | | 93 | (if it is readable) |
94 | to obtain default values for various variables, and the end-user | | 94 | to obtain default values for various variables, and the end-user |
95 | may override these by appending appropriate entries to the end of | | 95 | may override these by appending appropriate entries to the end of |
96 | .Nm . | | 96 | .Nm . |
97 | .Pp | | 97 | .Pp |
98 | .Xr rc.d 8 | | 98 | .Xr rc.d 8 |
99 | scripts that use | | 99 | scripts that use |
100 | .Ic load_rc_config | | 100 | .Ic load_rc_config |
101 | from | | 101 | from |
102 | .Xr rc.subr 8 | | 102 | .Xr rc.subr 8 |
103 | also support sourcing an optional end-user provided per-script override | | 103 | also support sourcing an optional end-user provided per-script override |
104 | file | | 104 | file |
105 | .Pa /etc/rc.conf.d/ Ns Ar service , | | 105 | .Pa /etc/rc.conf.d/ Ns Ar service , |
106 | (where | | 106 | (where |
107 | .Ar service | | 107 | .Ar service |
108 | is the contents of the | | 108 | is the contents of the |
109 | .Sy name | | 109 | .Sy name |
110 | variable in the | | 110 | variable in the |
111 | .Xr rc.d 8 | | 111 | .Xr rc.d 8 |
112 | script). | | 112 | script). |
113 | This may contain variable overrides, including allowing the end-user | | 113 | This may contain variable overrides, including allowing the end-user |
114 | to override various | | 114 | to override various |
115 | .Ic run_rc_command | | 115 | .Ic run_rc_command |
116 | .Xr rc.d 8 | | 116 | .Xr rc.d 8 |
117 | control variables, and thus changing the operation of the script | | 117 | control variables, and thus changing the operation of the script |
118 | without requiring editing of the script. | | 118 | without requiring editing of the script. |
119 | .Ss Variable naming conventions and data types | | 119 | .Ss Variable naming conventions and data types |
120 | Most variables are one of two types: enabling variables or flags | | 120 | Most variables are one of two types: enabling variables or flags |
121 | variables. | | 121 | variables. |
122 | Enabling variables, such as | | 122 | Enabling variables, such as |
123 | .Sy inetd , | | 123 | .Sy inetd , |
124 | are generally named after the program or the system they enable, | | 124 | are generally named after the program or the system they enable, |
125 | and have boolean values (specified using | | 125 | and have boolean values (specified using |
126 | .Sq Ic YES , | | 126 | .Sq Ic YES , |
127 | .Sq Ic TRUE , | | 127 | .Sq Ic TRUE , |
128 | .Sq Ic ON | | 128 | .Sq Ic ON |
129 | or | | 129 | or |
130 | .Sq Ic 1 | | 130 | .Sq Ic 1 |
131 | for true, and | | 131 | for true, and |
132 | .Sq Ic NO , | | 132 | .Sq Ic NO , |
133 | .Sq Ic FALSE , | | 133 | .Sq Ic FALSE , |
134 | .Sq Ic OFF | | 134 | .Sq Ic OFF |
135 | or | | 135 | or |
136 | .Sq Ic 0 | | 136 | .Sq Ic 0 |
137 | for false, with the values being case insensitive). | | 137 | for false, with the values being case insensitive). |
138 | Flags variables, such as | | 138 | Flags variables, such as |
139 | .Sy inetd_flags | | 139 | .Sy inetd_flags |
140 | have the same name with "_flags" appended, and determine what | | 140 | have the same name with "_flags" appended, and determine what |
141 | arguments are passed to the program if it is enabled. | | 141 | arguments are passed to the program if it is enabled. |
142 | .Pp | | 142 | .Pp |
143 | If a variable that | | 143 | If a variable that |
144 | .Xr rc 8 | | 144 | .Xr rc 8 |
145 | expects to be set is not set, or the value is not one of the allowed | | 145 | expects to be set is not set, or the value is not one of the allowed |
146 | values, a warning will be printed. | | 146 | values, a warning will be printed. |
147 | .Ss Overall control | | 147 | .Ss Overall control |
148 | .Bl -tag -width net_interfaces | | 148 | .Bl -tag -width net_interfaces |
149 | .It Sy do_rcshutdown | | 149 | .It Sy do_rcshutdown |
150 | Boolean value. | | 150 | Boolean value. |
151 | If false, | | 151 | If false, |
152 | .Xr shutdown 8 | | 152 | .Xr shutdown 8 |
153 | will not run | | 153 | will not run |
154 | .Pa /etc/rc.shutdown . | | 154 | .Pa /etc/rc.shutdown . |
155 | .It Sy rcshutdown_rcorder_flags | | 155 | .It Sy rcshutdown_rcorder_flags |
156 | A string. | | 156 | A string. |
157 | Extra arguments to the | | 157 | Extra arguments to the |
158 | .Xr rcorder 8 | | 158 | .Xr rcorder 8 |
159 | run by | | 159 | run by |
160 | .Pa /etc/rc.shutdown . | | 160 | .Pa /etc/rc.shutdown . |
161 | .It Sy rcshutdown_timeout | | 161 | .It Sy rcshutdown_timeout |
162 | A number. | | 162 | A number. |
163 | If non-blank, use this as the number of seconds to run a watchdog timer for | | 163 | If non-blank, use this as the number of seconds to run a watchdog timer for |
164 | which will terminate | | 164 | which will terminate |
165 | .Pa /etc/rc.shutdown | | 165 | .Pa /etc/rc.shutdown |
166 | if the timer expires before the shutdown script completes. | | 166 | if the timer expires before the shutdown script completes. |
167 | .It Sy rc_configured | | 167 | .It Sy rc_configured |
168 | Boolean value. | | 168 | Boolean value. |
169 | If false then the system will drop into single-user mode during boot. | | 169 | If false then the system will drop into single-user mode during boot. |
170 | .It Sy rc_fast_and_loose | | 170 | .It Sy rc_fast_and_loose |
171 | If set to a non-empty string, | | 171 | If set to a non-empty string, |
172 | each script in | | 172 | each script in |
173 | .Pa /etc/rc.d | | 173 | .Pa /etc/rc.d |
174 | will be executed in the current shell rather than a sub shell. | | 174 | will be executed in the current shell rather than a sub shell. |
175 | This may be faster on slow machines that have an expensive | | 175 | This may be faster on slow machines that have an expensive |
176 | .Xr fork 2 | | 176 | .Xr fork 2 |
177 | operation. | | 177 | operation. |
178 | .Bl -hang | | 178 | .Bl -hang |
179 | .It Em Note : | | 179 | .It Em Note : |
180 | Use this at your own risk! | | 180 | Use this at your own risk! |
181 | A rogue command or script may inadvertently prevent boot to multiuser. | | 181 | A rogue command or script may inadvertently prevent boot to multiuser. |
182 | .El | | 182 | .El |
183 | .It Sy rc_rcorder_flags | | 183 | .It Sy rc_rcorder_flags |
184 | A string. | | 184 | A string. |
185 | Extra arguments to the | | 185 | Extra arguments to the |
186 | .Xr rcorder 8 | | 186 | .Xr rcorder 8 |
187 | run by | | 187 | run by |
188 | .Pa /etc/rc . | | 188 | .Pa /etc/rc . |
189 | .It Sy rc_directories | | 189 | .It Sy rc_directories |
190 | A string. | | 190 | A string. |
191 | Space separated list of directories searched for rc scripts. | | 191 | Space separated list of directories searched for rc scripts. |
192 | The default is | | 192 | The default is |
193 | .Pa /etc/rc.d . | | 193 | .Pa /etc/rc.d . |
194 | All directories in | | 194 | All directories in |
195 | .Ev rc_directories | | 195 | .Ev rc_directories |
196 | must be located in the root file system, otherwise they will be silently | | 196 | must be located in the root file system, otherwise they will be silently |
197 | skipped. | | 197 | skipped. |
198 | .It Sy rc_silent | | 198 | .It Sy rc_silent |
199 | Boolean value. | | 199 | Boolean value. |
200 | If true then the usual output is suppressed, and | | 200 | If true then the usual output is suppressed, and |
201 | .Xr rc 8 | | 201 | .Xr rc 8 |
202 | invokes the command specified in the | | 202 | invokes the command specified in the |
203 | .Va rc_silent_cmd | | 203 | .Va rc_silent_cmd |
204 | variable once for each line of suppressed output. | | 204 | variable once for each line of suppressed output. |
205 | The default value of | | 205 | The default value of |
206 | .Va rc_silent | | 206 | .Va rc_silent |
207 | is set from the | | 207 | is set from the |
208 | .Dv AB_SILENT | | 208 | .Dv AB_SILENT |
209 | flag in the kernel's | | 209 | flag in the kernel's |
210 | .Va boothowto | | 210 | .Va boothowto |
211 | variable (see | | 211 | variable (see |
212 | .Xr boot 8 , | | 212 | .Xr boot 8 , |
213 | .Xr reboot 2 ) . | | 213 | .Xr reboot 2 ) . |
214 | .It Sy rc_silent_cmd | | 214 | .It Sy rc_silent_cmd |
215 | A command to be executed once per line of suppressed output, when | | 215 | A command to be executed once per line of suppressed output, when |
216 | .Va rc_silent | | 216 | .Va rc_silent |
217 | is true. | | 217 | is true. |
218 | The default value of | | 218 | The default value of |
219 | .Va rc_silent_cmd | | 219 | .Va rc_silent_cmd |
220 | is | | 220 | is |
221 | .Dq twiddle , | | 221 | .Dq twiddle , |
222 | which will display a spinning symbol instead of each line of output. | | 222 | which will display a spinning symbol instead of each line of output. |
223 | Another useful value is | | 223 | Another useful value is |
224 | .Dq \&: , | | 224 | .Dq \&: , |
225 | which will display nothing at all. | | 225 | which will display nothing at all. |
226 | .El | | 226 | .El |
227 | .Ss Basic network configuration | | 227 | .Ss Basic network configuration |
228 | .Bl -tag -width net_interfaces | | 228 | .Bl -tag -width net_interfaces |
229 | .It Sy defaultroute | | 229 | .It Sy defaultroute |
230 | A string. | | 230 | A string. |
231 | Default IPv4 network route. | | 231 | Default IPv4 network route. |
232 | If empty or not set, then the contents of | | 232 | If empty or not set, then the contents of |
233 | .Pa /etc/mygate | | 233 | .Pa /etc/mygate |
234 | (if it exists) are used. | | 234 | (if it exists) are used. |
235 | .It Sy defaultroute6 | | 235 | .It Sy defaultroute6 |
236 | A string. | | 236 | A string. |
237 | Default IPv6 network route. | | 237 | Default IPv6 network route. |
238 | If empty or not set, then the contents of | | 238 | If empty or not set, then the contents of |
239 | .Pa /etc/mygate6 | | 239 | .Pa /etc/mygate6 |
240 | (if it exists) are used. | | 240 | (if it exists) are used. |
241 | .It Sy domainname | | 241 | .It Sy domainname |
242 | A string. | | 242 | A string. |
243 | .Tn NIS | | 243 | .Tn NIS |
244 | (YP) domain of host. | | 244 | (YP) domain of host. |
245 | If empty or not set, then the contents of | | 245 | If empty or not set, then the contents of |
246 | .Pa /etc/defaultdomain | | 246 | .Pa /etc/defaultdomain |
247 | (if it exists) are used. | | 247 | (if it exists) are used. |
248 | .It Sy force_down_interfaces | | 248 | .It Sy force_down_interfaces |
249 | A space separated list of interface names. | | 249 | A space separated list of interface names. |
250 | These interfaces will be configured down when going from multiuser to single-user | | 250 | These interfaces will be configured down when going from multiuser to single-user |
251 | mode or on system shutdown. | | 251 | mode or on system shutdown. |
| | | 252 | .It Sy dns_domain |
| | | 253 | A string. |
| | | 254 | Sets domain in |
| | | 255 | .Pa /etc/resolv.conf . |
| | | 256 | .It Sy dns_search |
| | | 257 | A string. |
| | | 258 | Sets search in |
| | | 259 | .Pa /etc/resolv.conf . |
| | | 260 | .It Sy dns_nameservers |
| | | 261 | A string of space seperated domain name servers. |
| | | 262 | Sets nameserver for each value in |
| | | 263 | .Pa /etc/resolv.conf . |
| | | 264 | .It Sy dns_sortlist |
| | | 265 | A string. |
| | | 266 | Sets sortlist in |
| | | 267 | .Pa /etc/resolv.conf . |
| | | 268 | .It Sy dns_options |
| | | 269 | A string. |
| | | 270 | Sets options in |
| | | 271 | .Pa /etc/resolv.conf . |
| | | 272 | .It Sy dns_metric |
| | | 273 | An unsigned integer. |
| | | 274 | Sets the priority of the above DNS to other sources, lowest wins. |
| | | 275 | Defaults to 0. |
252 | .Pp | | 276 | .Pp |
253 | This is important for some stateful interfaces, for example PPP over ISDN | | 277 | This is important for some stateful interfaces, for example PPP over ISDN |
254 | connections that cost money by connection time or PPPoE interfaces which | | 278 | connections that cost money by connection time or PPPoE interfaces which |
255 | have no direct means of noticing | | 279 | have no direct means of noticing |
256 | .Dq disconnect | | 280 | .Dq disconnect |
257 | events. | | 281 | events. |
258 | .Pp | | 282 | .Pp |
259 | All active | | 283 | All active |
260 | .Xr pppoe 4 | | 284 | .Xr pppoe 4 |
261 | and | | 285 | and |
262 | .Xr ippp 4 | | 286 | .Xr ippp 4 |
263 | interfaces will be automatically added to this list. | | 287 | interfaces will be automatically added to this list. |
264 | .It Sy hostname | | 288 | .It Sy hostname |
265 | A string. | | 289 | A string. |
266 | Name of host. | | 290 | Name of host. |
267 | If empty or not set, then the contents of | | 291 | If empty or not set, then the contents of |
268 | .Pa /etc/myname | | 292 | .Pa /etc/myname |
269 | (if it exists) are used. | | 293 | (if it exists) are used. |
270 | .El | | 294 | .El |
271 | .Ss Boottime file-system and swap configuration | | 295 | .Ss Boottime file-system and swap configuration |
272 | .Bl -tag -width net_interfaces | | 296 | .Bl -tag -width net_interfaces |
273 | .It Sy critical_filesystems_local | | 297 | .It Sy critical_filesystems_local |
274 | A string. | | 298 | A string. |
275 | File systems mounted very early in the system boot before networking | | 299 | File systems mounted very early in the system boot before networking |
276 | services are available. | | 300 | services are available. |
277 | Usually | | 301 | Usually |
278 | .Pa /var | | 302 | .Pa /var |
279 | is part of this, because it is needed by services such as | | 303 | is part of this, because it is needed by services such as |
280 | .Xr dhcpcd 8 | | 304 | .Xr dhcpcd 8 |
281 | which may be required to get the network operational. | | 305 | which may be required to get the network operational. |
282 | The default is | | 306 | The default is |
283 | .Dq "OPTIONAL:/var" , | | 307 | .Dq "OPTIONAL:/var" , |
284 | where the | | 308 | where the |
285 | .Dq "OPTIONAL:" | | 309 | .Dq "OPTIONAL:" |
286 | prefix means that it's not an error if the file system is not | | 310 | prefix means that it's not an error if the file system is not |
287 | present in | | 311 | present in |
288 | .Xr fstab 5 . | | 312 | .Xr fstab 5 . |
289 | .It Sy critical_filesystems_remote | | 313 | .It Sy critical_filesystems_remote |
290 | A string. | | 314 | A string. |
291 | File systems such as | | 315 | File systems such as |
292 | .Pa /usr | | 316 | .Pa /usr |
293 | that may require network services to be available to mount, | | 317 | that may require network services to be available to mount, |
294 | that must be available early in the system boot for general services to use. | | 318 | that must be available early in the system boot for general services to use. |
295 | The default is | | 319 | The default is |
296 | .Dq "OPTIONAL:/usr" , | | 320 | .Dq "OPTIONAL:/usr" , |
297 | where the | | 321 | where the |
298 | .Dq "OPTIONAL:" | | 322 | .Dq "OPTIONAL:" |
299 | prefix means that it is not an error if the file system is not | | 323 | prefix means that it is not an error if the file system is not |
300 | present in | | 324 | present in |
301 | .Xr fstab 5 . | | 325 | .Xr fstab 5 . |
302 | .It Sy fsck_flags | | 326 | .It Sy fsck_flags |
303 | A string. | | 327 | A string. |
304 | A file system is checked with | | 328 | A file system is checked with |
305 | .Xr fsck 8 | | 329 | .Xr fsck 8 |
306 | during boot before mounting it. | | 330 | during boot before mounting it. |
307 | This option may be used to override the default command-line options | | 331 | This option may be used to override the default command-line options |
308 | passed to the | | 332 | passed to the |
309 | .Xr fsck 8 | | 333 | .Xr fsck 8 |
310 | program. | | 334 | program. |
311 | .Pp | | 335 | .Pp |
312 | When set to | | 336 | When set to |
313 | .Fl y , | | 337 | .Fl y , |
314 | .Xr fsck 8 | | 338 | .Xr fsck 8 |
315 | assumes yes as the answer to all operator questions during file system checks. | | 339 | assumes yes as the answer to all operator questions during file system checks. |
316 | This might be important with hosts where the administrator does not have | | 340 | This might be important with hosts where the administrator does not have |
317 | access to the console and an unsuccessful shutdown must not make the host | | 341 | access to the console and an unsuccessful shutdown must not make the host |
318 | unbootable even if the file system checks would fail in preen mode. | | 342 | unbootable even if the file system checks would fail in preen mode. |
319 | .It Sy no_swap | | 343 | .It Sy no_swap |
320 | Boolean value. | | 344 | Boolean value. |
321 | Should be true if you have deliberately configured your system with no swap. | | 345 | Should be true if you have deliberately configured your system with no swap. |
322 | If false and no swap devices are configured, the system will warn you. | | 346 | If false and no swap devices are configured, the system will warn you. |
323 | .It Sy resize_root | | 347 | .It Sy resize_root |
324 | Boolean value. | | 348 | Boolean value. |
325 | Set to true to have the system resize the root file system to fill its | | 349 | Set to true to have the system resize the root file system to fill its |
326 | partition. | | 350 | partition. |
327 | Will only attempt to resize the root file system if it is of type ffs and does | | 351 | Will only attempt to resize the root file system if it is of type ffs and does |
328 | not have logging enabled. | | 352 | not have logging enabled. |
329 | Defaults to false. | | 353 | Defaults to false. |
330 | .It Sy swapoff | | 354 | .It Sy swapoff |
331 | Boolean value. | | 355 | Boolean value. |
332 | Remove block-type swap devices at shutdown time. | | 356 | Remove block-type swap devices at shutdown time. |
333 | Useful if swapping onto RAIDframe devices. | | 357 | Useful if swapping onto RAIDframe devices. |
334 | .El | | 358 | .El |
335 | .Ss Block device subsystems | | 359 | .Ss Block device subsystems |
336 | .Bl -tag -width net_interfaces | | 360 | .Bl -tag -width net_interfaces |
337 | .It Sy ccd | | 361 | .It Sy ccd |
338 | Boolean value. | | 362 | Boolean value. |
339 | Configures concatenated disk devices according to | | 363 | Configures concatenated disk devices according to |
340 | .Xr ccd.conf 5 . | | 364 | .Xr ccd.conf 5 . |
341 | .It Sy cgd | | 365 | .It Sy cgd |
342 | Boolean value. | | 366 | Boolean value. |
343 | Configures cryptographic disk devices. | | 367 | Configures cryptographic disk devices. |
344 | Requires | | 368 | Requires |
345 | .Pa /etc/cgd/cgd.conf . | | 369 | .Pa /etc/cgd/cgd.conf . |
346 | See | | 370 | See |
347 | .Xr cgdconfig 8 | | 371 | .Xr cgdconfig 8 |
348 | for additional details. | | 372 | for additional details. |
349 | .It Sy lvm | | 373 | .It Sy lvm |
350 | Boolean value. | | 374 | Boolean value. |
351 | Configures the logical volume manager. | | 375 | Configures the logical volume manager. |
352 | See | | 376 | See |
353 | .Xr lvm 8 | | 377 | .Xr lvm 8 |
354 | for additional details. | | 378 | for additional details. |
355 | .It Sy raidframe | | 379 | .It Sy raidframe |
356 | Boolean value. | | 380 | Boolean value. |
357 | Configures | | 381 | Configures |
358 | .Xr raid 4 , | | 382 | .Xr raid 4 , |
359 | RAIDframe disk devices. | | 383 | RAIDframe disk devices. |
360 | See | | 384 | See |
361 | .Xr raidctl 8 | | 385 | .Xr raidctl 8 |
362 | for additional details. | | 386 | for additional details. |
363 | .El | | 387 | .El |
364 | .Ss One-time actions to perform or programs to run on boot-up | | 388 | .Ss One-time actions to perform or programs to run on boot-up |
365 | .Bl -tag -width net_interfaces | | 389 | .Bl -tag -width net_interfaces |
366 | .It Sy accounting | | 390 | .It Sy accounting |
367 | Boolean value. | | 391 | Boolean value. |
368 | Enables process accounting with | | 392 | Enables process accounting with |
369 | .Xr accton 8 . | | 393 | .Xr accton 8 . |
370 | Requires | | 394 | Requires |
371 | .Pa /var/account/acct | | 395 | .Pa /var/account/acct |
372 | to exist. | | 396 | to exist. |
373 | .It Sy clear_tmp | | 397 | .It Sy clear_tmp |
374 | Boolean value. | | 398 | Boolean value. |
375 | Clear | | 399 | Clear |
376 | .Pa /tmp | | 400 | .Pa /tmp |
377 | after reboot. | | 401 | after reboot. |
378 | .It Sy dmesg | | 402 | .It Sy dmesg |
379 | Boolean value. | | 403 | Boolean value. |
380 | Create | | 404 | Create |
381 | .Pa /var/run/dmesg.boot | | 405 | .Pa /var/run/dmesg.boot |
382 | from the output of | | 406 | from the output of |
383 | .Xr dmesg 8 . | | 407 | .Xr dmesg 8 . |
384 | Passes | | 408 | Passes |
385 | .Sy dmesg_flags . | | 409 | .Sy dmesg_flags . |
386 | .It Sy envsys | | 410 | .It Sy envsys |
387 | Boolean value. | | 411 | Boolean value. |
388 | Sets preferences for the environmental systems framework, | | 412 | Sets preferences for the environmental systems framework, |
389 | .Xr envsys 4 . | | 413 | .Xr envsys 4 . |
390 | Requires | | 414 | Requires |
391 | .Pa /etc/envsys.conf , | | 415 | .Pa /etc/envsys.conf , |
392 | which is described in | | 416 | which is described in |
393 | .Xr envsys.conf 5 . | | 417 | .Xr envsys.conf 5 . |
394 | .It Sy gpio | | 418 | .It Sy gpio |
395 | Boolean value. | | 419 | Boolean value. |
396 | Configure | | 420 | Configure |
397 | .Xr gpio 4 | | 421 | .Xr gpio 4 |
398 | devices. | | 422 | devices. |
399 | See | | 423 | See |
400 | .Xr gpio.conf 5 . | | 424 | .Xr gpio.conf 5 . |
401 | .It Sy ldconfig | | 425 | .It Sy ldconfig |
402 | Boolean value. | | 426 | Boolean value. |
403 | Configures | | 427 | Configures |
404 | .Xr a.out 5 | | 428 | .Xr a.out 5 |
405 | runtime link editor directory cache. | | 429 | runtime link editor directory cache. |
406 | .It Sy mixerctl | | 430 | .It Sy mixerctl |
407 | Boolean value. | | 431 | Boolean value. |
408 | Read | | 432 | Read |
409 | .Xr mixerctl.conf 5 | | 433 | .Xr mixerctl.conf 5 |
410 | for how to set mixer values. | | 434 | for how to set mixer values. |
411 | List in | | 435 | List in |
412 | .Sy mixerctl_mixers | | 436 | .Sy mixerctl_mixers |
413 | the devices whose settings are to be saved at shutdown and | | 437 | the devices whose settings are to be saved at shutdown and |
414 | restored at start-up. | | 438 | restored at start-up. |
415 | .It Sy newsyslog | | 439 | .It Sy newsyslog |
416 | Boolean value. | | 440 | Boolean value. |
417 | Run | | 441 | Run |
418 | .Nm newsyslog | | 442 | .Nm newsyslog |
419 | to trim log files before syslogd starts. | | 443 | to trim log files before syslogd starts. |
420 | Intended for laptop users. | | 444 | Intended for laptop users. |
421 | Passes | | 445 | Passes |
422 | .Sy newsyslog_flags . | | 446 | .Sy newsyslog_flags . |
423 | .It Sy per_user_tmp | | 447 | .It Sy per_user_tmp |
424 | Boolean value. | | 448 | Boolean value. |
425 | Enables a per-user | | 449 | Enables a per-user |
426 | .Pa /tmp | | 450 | .Pa /tmp |
427 | directory. | | 451 | directory. |
428 | .Sy per_user_tmp_dir | | 452 | .Sy per_user_tmp_dir |
429 | can be used to override the default location of the | | 453 | can be used to override the default location of the |
430 | .Dq real | | 454 | .Dq real |
431 | temporary directories, | | 455 | temporary directories, |
432 | .Dq Pa /private/tmp . | | 456 | .Dq Pa /private/tmp . |
433 | See | | 457 | See |
434 | .Xr security 7 | | 458 | .Xr security 7 |
435 | for additional details. | | 459 | for additional details. |
436 | .It Sy quota | | 460 | .It Sy quota |
437 | Boolean value. | | 461 | Boolean value. |
438 | Checks and enables quotas by running | | 462 | Checks and enables quotas by running |
439 | .Xr quotacheck 8 | | 463 | .Xr quotacheck 8 |
440 | and | | 464 | and |
441 | .Xr quotaon 8 . | | 465 | .Xr quotaon 8 . |
442 | .It Sy random_seed | | 466 | .It Sy random_seed |
443 | Boolean value. | | 467 | Boolean value. |
444 | During boot-up, runs the | | 468 | During boot-up, runs the |
445 | .Xr rndctl 8 | | 469 | .Xr rndctl 8 |
446 | utility with the | | 470 | utility with the |
447 | .Fl L | | 471 | .Fl L |
448 | flag to seed the random number subsystem from an entropy file. | | 472 | flag to seed the random number subsystem from an entropy file. |
449 | During shutdown, runs the | | 473 | During shutdown, runs the |
450 | .Xr rndctl 8 | | 474 | .Xr rndctl 8 |
451 | utility with the | | 475 | utility with the |
452 | .Fl S | | 476 | .Fl S |
453 | flag to save some random information to the entropy file. | | 477 | flag to save some random information to the entropy file. |
454 | The entropy file name is specified by the | | 478 | The entropy file name is specified by the |
455 | .Sy random_file | | 479 | .Sy random_file |
456 | variable, and defaults to | | 480 | variable, and defaults to |
457 | .Pa /var/db/entropy-file . | | 481 | .Pa /var/db/entropy-file . |
458 | The entropy file must be on a local file system that is writable early during | | 482 | The entropy file must be on a local file system that is writable early during |
459 | boot-up (just after the file systems specified in | | 483 | boot-up (just after the file systems specified in |
460 | .Sy critical_filesystems_local | | 484 | .Sy critical_filesystems_local |
461 | have been mounted), and correspondingly late during shutdown. | | 485 | have been mounted), and correspondingly late during shutdown. |
462 | .It Sy rndctl | | 486 | .It Sy rndctl |
463 | Boolean value. | | 487 | Boolean value. |
464 | Runs the | | 488 | Runs the |
465 | .Xr rndctl 8 | | 489 | .Xr rndctl 8 |
466 | utility one or more times according to the specification in | | 490 | utility one or more times according to the specification in |
467 | .Sy rndctl_flags . | | 491 | .Sy rndctl_flags . |
468 | .Pp | | 492 | .Pp |
469 | If | | 493 | If |
470 | .Sy rndctl_flags | | 494 | .Sy rndctl_flags |
471 | does not contain a semicolon | | 495 | does not contain a semicolon |
472 | .Pq Ql \&; | | 496 | .Pq Ql \&; |
473 | then it is expected to contain zero or more flags, | | 497 | then it is expected to contain zero or more flags, |
474 | followed by one or more device or type names. | | 498 | followed by one or more device or type names. |
475 | The | | 499 | The |
476 | .Xr rndctl 8 | | 500 | .Xr rndctl 8 |
477 | command will be executed once for each device or type name. | | 501 | command will be executed once for each device or type name. |
478 | If the specified flags do not include any of | | 502 | If the specified flags do not include any of |
479 | .Fl c , C , e , | | 503 | .Fl c , C , e , |
480 | or | | 504 | or |
481 | .Fl E , | | 505 | .Fl E , |
482 | then the flags | | 506 | then the flags |
483 | .Fl c | | 507 | .Fl c |
484 | and | | 508 | and |
485 | .Fl e | | 509 | .Fl e |
486 | are added, to specify that entropy from the relevant device or type | | 510 | are added, to specify that entropy from the relevant device or type |
487 | should be both collected and estimated. | | 511 | should be both collected and estimated. |
488 | If the specified flags do not include either of | | 512 | If the specified flags do not include either of |
489 | .Fl d | | 513 | .Fl d |
490 | or | | 514 | or |
491 | .Fl t , | | 515 | .Fl t , |
492 | then the flag | | 516 | then the flag |
493 | .Fl d | | 517 | .Fl d |
494 | is added, to specify that the non-flag arguments are device names, | | 518 | is added, to specify that the non-flag arguments are device names, |
495 | not type names. | | 519 | not type names. |
496 | .Pp | | 520 | .Pp |
497 | .Sy rndctl_flags | | 521 | .Sy rndctl_flags |
498 | may contain multiple semicolon-separated segments, in which each | | 522 | may contain multiple semicolon-separated segments, in which each |
499 | segment contains flags and device or type names as described above. | | 523 | segment contains flags and device or type names as described above. |
500 | This allows different flags to be associated with different | | 524 | This allows different flags to be associated with different |
501 | device or type names. | | 525 | device or type names. |
502 | For example, given | | 526 | For example, given |
503 | .Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , | | 527 | .Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , |
504 | the following commands will be executed: | | 528 | the following commands will be executed: |
505 | .Li "rndctl -c -e -d wd0" ; | | 529 | .Li "rndctl -c -e -d wd0" ; |
506 | .Li "rndctl -c -e -d wd1" ; | | 530 | .Li "rndctl -c -e -d wd1" ; |
507 | .Li "rndctl -c -e -t tty" ; | | 531 | .Li "rndctl -c -e -t tty" ; |
508 | .Li "rndctl -c -t net" . | | 532 | .Li "rndctl -c -t net" . |
509 | .It Sy rtclocaltime | | 533 | .It Sy rtclocaltime |
510 | Boolean value. | | 534 | Boolean value. |
511 | Sets the real time clock to local time by adjusting the | | 535 | Sets the real time clock to local time by adjusting the |
512 | .Xr sysctl 7 | | 536 | .Xr sysctl 7 |
513 | value of | | 537 | value of |
514 | .Pa kern.rtc_offset . | | 538 | .Pa kern.rtc_offset . |
515 | The offset from UTC is calculated automatically according | | 539 | The offset from UTC is calculated automatically according |
516 | to the time zone information in the file | | 540 | to the time zone information in the file |
517 | .Pa /etc/localtime . | | 541 | .Pa /etc/localtime . |
518 | .It Sy savecore | | 542 | .It Sy savecore |
519 | Boolean value. | | 543 | Boolean value. |
520 | Runs the | | 544 | Runs the |
521 | .Xr savecore 8 | | 545 | .Xr savecore 8 |
522 | utility. | | 546 | utility. |
523 | Passes | | 547 | Passes |
524 | .Sy savecore_flags . | | 548 | .Sy savecore_flags . |
525 | The directory where crash dumps are stored is specified by | | 549 | The directory where crash dumps are stored is specified by |
526 | .Sy savecore_dir . | | 550 | .Sy savecore_dir . |
527 | The default setting is | | 551 | The default setting is |
528 | .Dq Pa /var/crash . | | 552 | .Dq Pa /var/crash . |
529 | .It Sy sysdb | | 553 | .It Sy sysdb |
530 | Boolean value. | | 554 | Boolean value. |
531 | Builds various system databases, including | | 555 | Builds various system databases, including |
532 | .Pa /var/run/dev.cdb , | | 556 | .Pa /var/run/dev.cdb , |
533 | .Pa /etc/spwd.db , | | 557 | .Pa /etc/spwd.db , |
534 | .Pa /var/db/netgroup.db , | | 558 | .Pa /var/db/netgroup.db , |
535 | .Pa /var/db/services.cdb , | | 559 | .Pa /var/db/services.cdb , |
536 | and entries for | | 560 | and entries for |
537 | .Xr utmp 5 . | | 561 | .Xr utmp 5 . |
538 | .It Sy tpctl | | 562 | .It Sy tpctl |
539 | Boolean value. | | 563 | Boolean value. |
540 | Run | | 564 | Run |
541 | .Xr tpctl 8 | | 565 | .Xr tpctl 8 |
542 | to calibrate touch panel device. | | 566 | to calibrate touch panel device. |
543 | Passes | | 567 | Passes |
544 | .Sy tpctl_flags . | | 568 | .Sy tpctl_flags . |
545 | .It Sy update_motd | | 569 | .It Sy update_motd |
546 | Boolean value. | | 570 | Boolean value. |
547 | Updates the | | 571 | Updates the |
548 | .Nx | | 572 | .Nx |
549 | version string in the | | 573 | version string in the |
550 | .Pa /etc/motd | | 574 | .Pa /etc/motd |
551 | file to reflect the version of the running kernel. | | 575 | file to reflect the version of the running kernel. |
552 | See | | 576 | See |
553 | .Xr motd 5 . | | 577 | .Xr motd 5 . |
554 | .It Sy virecover | | 578 | .It Sy virecover |
555 | Boolean value. | | 579 | Boolean value. |
556 | Send notification mail to users if any recoverable files exist in | | 580 | Send notification mail to users if any recoverable files exist in |
557 | .Pa /var/tmp/vi.recover . | | 581 | .Pa /var/tmp/vi.recover . |
558 | Read | | 582 | Read |
559 | .Xr virecover 8 | | 583 | .Xr virecover 8 |
560 | for more information. | | 584 | for more information. |
561 | .It Sy wdogctl | | 585 | .It Sy wdogctl |
562 | Boolean value. | | 586 | Boolean value. |
563 | Configures watchdog timers. | | 587 | Configures watchdog timers. |
564 | Passes | | 588 | Passes |
565 | .Sy wdogctl_flags . | | 589 | .Sy wdogctl_flags . |
566 | Refer to | | 590 | Refer to |
567 | .Xr wdogctl 8 | | 591 | .Xr wdogctl 8 |
568 | for information on how to configure a timer. | | 592 | for information on how to configure a timer. |
569 | .El | | 593 | .El |
570 | .Ss System security settings | | 594 | .Ss System security settings |
571 | .Bl -tag -width net_interfaces | | 595 | .Bl -tag -width net_interfaces |
572 | .It Sy securelevel | | 596 | .It Sy securelevel |
573 | A number. | | 597 | A number. |
574 | The system securelevel is set to the specified value early | | 598 | The system securelevel is set to the specified value early |
575 | in the boot process, before any external logins, or other programs | | 599 | in the boot process, before any external logins, or other programs |
576 | that run users job, are started. | | 600 | that run users job, are started. |
577 | If set to nothing, the default action is taken, as described in | | 601 | If set to nothing, the default action is taken, as described in |
578 | .Xr init 8 | | 602 | .Xr init 8 |
579 | and | | 603 | and |
580 | .Xr secmodel_securelevel 9 , | | 604 | .Xr secmodel_securelevel 9 , |
581 | which contains definitive information about the system securelevel. | | 605 | which contains definitive information about the system securelevel. |
582 | Note that setting | | 606 | Note that setting |
583 | .Sy securelevel | | 607 | .Sy securelevel |
584 | to 0 in | | 608 | to 0 in |
585 | .Nm | | 609 | .Nm |
586 | will actually result in the system booting with securelevel set to 1, as | | 610 | will actually result in the system booting with securelevel set to 1, as |
587 | .Xr init 8 | | 611 | .Xr init 8 |
588 | will raise the level when | | 612 | will raise the level when |
589 | .Xr rc 8 | | 613 | .Xr rc 8 |
590 | completes. | | 614 | completes. |
591 | .It Sy permit_nonalpha | | 615 | .It Sy permit_nonalpha |
592 | Boolean value. | | 616 | Boolean value. |
593 | Allow passwords to include non-alpha characters, usually to allow | | 617 | Allow passwords to include non-alpha characters, usually to allow |
594 | NIS/YP netgroups. | | 618 | NIS/YP netgroups. |
595 | .It Sy veriexec | | 619 | .It Sy veriexec |
596 | Boolean value. | | 620 | Boolean value. |
597 | Load Veriexec fingerprints during startup. | | 621 | Load Veriexec fingerprints during startup. |
598 | Read | | 622 | Read |
599 | .Xr veriexecctl 8 | | 623 | .Xr veriexecctl 8 |
600 | for more information. | | 624 | for more information. |
601 | .It Sy veriexec_strict | | 625 | .It Sy veriexec_strict |
602 | A number. | | 626 | A number. |
603 | Controls the strict level of Veriexec. | | 627 | Controls the strict level of Veriexec. |
604 | Level 0 is learning mode, used when building the signatures file. | | 628 | Level 0 is learning mode, used when building the signatures file. |
605 | It will only output messages but will not enforce anything. | | 629 | It will only output messages but will not enforce anything. |
606 | Level 1 will only prevent access to files with a fingerprint | | 630 | Level 1 will only prevent access to files with a fingerprint |
607 | mismatch. | | 631 | mismatch. |
608 | Level 2 will also deny writing to and removing of | | 632 | Level 2 will also deny writing to and removing of |
609 | monitored files, as well as enforce access type (as specified in | | 633 | monitored files, as well as enforce access type (as specified in |
610 | the signatures file). | | 634 | the signatures file). |
611 | Level 3 will take a step further and prevent | | 635 | Level 3 will take a step further and prevent |
612 | access to files that are not monitored. | | 636 | access to files that are not monitored. |
613 | .It Sy veriexec_verbose | | 637 | .It Sy veriexec_verbose |
614 | A number. | | 638 | A number. |
615 | Controls the verbosity of Veriexec. | | 639 | Controls the verbosity of Veriexec. |
616 | Recommended operation is at level 0, verbose output (mostly used when | | 640 | Recommended operation is at level 0, verbose output (mostly used when |
617 | building the signatures file) is at level 1. | | 641 | building the signatures file) is at level 1. |
618 | Level 2 is for debugging only and should not be used. | | 642 | Level 2 is for debugging only and should not be used. |
619 | .It Sy veriexec_flags | | 643 | .It Sy veriexec_flags |
620 | A string. | | 644 | A string. |
621 | Flags to pass to the | | 645 | Flags to pass to the |
622 | .Nm veriexecctl | | 646 | .Nm veriexecctl |
623 | command. | | 647 | command. |
624 | .It Sy smtoff | | 648 | .It Sy smtoff |
625 | Boolean value. | | 649 | Boolean value. |
626 | Disables SMT (Simultaneous Multi-Threading). | | 650 | Disables SMT (Simultaneous Multi-Threading). |
627 | .El | | 651 | .El |
628 | .Ss Networking startup | | 652 | .Ss Networking startup |
629 | .Bl -tag -width net_interfaces | | 653 | .Bl -tag -width net_interfaces |
630 | .It Sy altqd | | 654 | .It Sy altqd |
631 | Boolean value. | | 655 | Boolean value. |
632 | ALTQ configuration/monitoring daemon. | | 656 | ALTQ configuration/monitoring daemon. |
633 | Passes | | 657 | Passes |
634 | .Sy altqd_flags . | | 658 | .Sy altqd_flags . |
635 | .It Sy auto_ifconfig | | 659 | .It Sy auto_ifconfig |
636 | Boolean value. | | 660 | Boolean value. |
637 | Sets the | | 661 | Sets the |
638 | .Sy net_interfaces | | 662 | .Sy net_interfaces |
639 | variable (see below) to the output of | | 663 | variable (see below) to the output of |
640 | .Xr ifconfig 8 | | 664 | .Xr ifconfig 8 |
641 | with the | | 665 | with the |
642 | .Dq Li -l | | 666 | .Dq Li -l |
643 | flag and suppresses warnings about interfaces in this list that | | 667 | flag and suppresses warnings about interfaces in this list that |
644 | do not have an ifconfig file or variable. | | 668 | do not have an ifconfig file or variable. |
645 | .It Sy dhclient | | 669 | .It Sy dhclient |
646 | Boolean value. | | 670 | Boolean value. |
647 | Set true to configure some or all network interfaces using | | 671 | Set true to configure some or all network interfaces using |
648 | the ISC DHCP client. | | 672 | the ISC DHCP client. |
649 | If you set | | 673 | If you set |
650 | .Sy dhclient | | 674 | .Sy dhclient |
651 | true, then | | 675 | true, then |
652 | .Pa /var | | 676 | .Pa /var |
653 | must be in | | 677 | must be in |
654 | .Sy critical_filesystems_local , | | 678 | .Sy critical_filesystems_local , |
655 | or | | 679 | or |
656 | .Pa /var | | 680 | .Pa /var |
657 | must be on the root file system, | | 681 | must be on the root file system, |
658 | or you must modify the | | 682 | or you must modify the |
659 | .Sy dhclient_flags | | 683 | .Sy dhclient_flags |
660 | variable to direct the DHCP client to store the leases file | | 684 | variable to direct the DHCP client to store the leases file |
661 | in some other directory on the root file system. | | 685 | in some other directory on the root file system. |
662 | You must not provide ifconfig information or ifaliases | | 686 | You must not provide ifconfig information or ifaliases |
663 | information for any interface that is to be configured using the DHCP client. | | 687 | information for any interface that is to be configured using the DHCP client. |
664 | Interface aliases can be set up in the DHCP client configuration | | 688 | Interface aliases can be set up in the DHCP client configuration |
665 | file if needed - see | | 689 | file if needed - see |
666 | .Xr dhclient.conf 5 | | 690 | .Xr dhclient.conf 5 |
667 | for details. | | 691 | for details. |
668 | .Pp | | 692 | .Pp |
669 | Passes | | 693 | Passes |
670 | .Sy dhclient_flags | | 694 | .Sy dhclient_flags |
671 | to the DHCP client. | | 695 | to the DHCP client. |
672 | See | | 696 | See |
673 | .Xr dhclient 8 | | 697 | .Xr dhclient 8 |
674 | for complete documentation. | | 698 | for complete documentation. |
675 | If you wish to configure all broadcast | | 699 | If you wish to configure all broadcast |
676 | network interfaces using the DHCP client, you can leave this blank. | | 700 | network interfaces using the DHCP client, you can leave this blank. |
677 | To configure only specific interfaces, name the interfaces to be configured | | 701 | To configure only specific interfaces, name the interfaces to be configured |
678 | on the command line. | | 702 | on the command line. |
679 | .Pp | | 703 | .Pp |
680 | If you must run the DHCP client before mounting critical file systems, | | 704 | If you must run the DHCP client before mounting critical file systems, |
681 | then you should specify an alternate location for the DHCP client's lease | | 705 | then you should specify an alternate location for the DHCP client's lease |
682 | file in the | | 706 | file in the |
683 | .Sy dhclient_flags | | 707 | .Sy dhclient_flags |
684 | variable - for example, "-lf /tmp/dhclient.leases". | | 708 | variable - for example, "-lf /tmp/dhclient.leases". |
685 | .It Sy dhcpcd | | 709 | .It Sy dhcpcd |
686 | Boolean value. | | 710 | Boolean value. |
687 | Set true to configure some or all network interfaces using dhcpcd. | | 711 | Set true to configure some or all network interfaces using dhcpcd. |
688 | If you set | | 712 | If you set |
689 | .Sy dhcpcd | | 713 | .Sy dhcpcd |
690 | true, then | | 714 | true, then |
691 | .Pa /var | | 715 | .Pa /var |
692 | must be in | | 716 | must be in |
693 | .Sy critical_filesystems_local , | | 717 | .Sy critical_filesystems_local , |
694 | or | | 718 | or |
695 | .Pa /var | | 719 | .Pa /var |
696 | must be on the root file system. | | 720 | must be on the root file system. |
697 | If you need to restrict dhcpcd to one or a number of interfaces, | | 721 | If you need to restrict dhcpcd to one or a number of interfaces, |
698 | or need a separate configuration per interface, | | 722 | or need a separate configuration per interface, |
699 | then this should be done in the configuration file - see | | 723 | then this should be done in the configuration file - see |
700 | .Xr dhcpcd.conf 5 | | 724 | .Xr dhcpcd.conf 5 |
701 | for details. | | 725 | for details. |
702 | dhcpcd presently ignores the | | 726 | dhcpcd presently ignores the |
703 | .Sy wpa_supplicant | | 727 | .Sy wpa_supplicant |
704 | variable in rc.conf and will start wpa_supplicant if a suitable | | 728 | variable in rc.conf and will start wpa_supplicant if a suitable |
705 | wpa_supplicant.conf is found unless otherwise instructed in | | 729 | wpa_supplicant.conf is found unless otherwise instructed in |
706 | .Xr dhcpcd.conf 5 . | | 730 | .Xr dhcpcd.conf 5 . |
707 | .It Sy dhcpcd_flags | | 731 | .It Sy dhcpcd_flags |
708 | Passes | | 732 | Passes |
709 | .Sy dhcpcd_flags | | 733 | .Sy dhcpcd_flags |
710 | to dhcpcd. | | 734 | to dhcpcd. |
711 | See | | 735 | See |
712 | .Xr dhcpcd 8 | | 736 | .Xr dhcpcd 8 |
713 | for complete documentation. | | 737 | for complete documentation. |
714 | .It Sy flushroutes | | 738 | .It Sy flushroutes |
715 | Boolean value. | | 739 | Boolean value. |
716 | Flushes the route table on networking startup. | | 740 | Flushes the route table on networking startup. |
717 | Useful when coming up to multiuser mode after going down to | | 741 | Useful when coming up to multiuser mode after going down to |
718 | single-user mode. | | 742 | single-user mode. |
719 | .It Sy ftp_proxy | | 743 | .It Sy ftp_proxy |
720 | Boolean value. | | 744 | Boolean value. |
721 | Runs | | 745 | Runs |
722 | .Xr ftp-proxy 8 , | | 746 | .Xr ftp-proxy 8 , |
723 | the proxy daemon for the Internet File Transfer Protocol. | | 747 | the proxy daemon for the Internet File Transfer Protocol. |
724 | .It Sy hostapd | | 748 | .It Sy hostapd |
725 | Boolean value. | | 749 | Boolean value. |
726 | Runs | | 750 | Runs |
727 | .Xr hostapd 8 , | | 751 | .Xr hostapd 8 , |
728 | the authenticator for IEEE 802.11 networks. | | 752 | the authenticator for IEEE 802.11 networks. |
729 | .It Sy ifaliases_* | | 753 | .It Sy ifaliases_* |
730 | A string. | | 754 | A string. |
731 | List of | | 755 | List of |
732 | .Sq Em "address netmask" | | 756 | .Sq Em "address netmask" |
733 | pairs to configure additional network addresses for the given | | 757 | pairs to configure additional network addresses for the given |
734 | configured interface | | 758 | configured interface |
735 | .Dq * | | 759 | .Dq * |
736 | (e.g. | | 760 | (e.g. |
737 | .Sy ifaliases_le0 ) . | | 761 | .Sy ifaliases_le0 ) . |
738 | If | | 762 | If |
739 | .Em netmask | | 763 | .Em netmask |
740 | is | | 764 | is |
741 | .Dq - , | | 765 | .Dq - , |
742 | then use the default netmask for the interface. | | 766 | then use the default netmask for the interface. |
743 | .Pp | | 767 | .Pp |
744 | .Sy ifaliases_* | | 768 | .Sy ifaliases_* |
745 | covers limited cases only and is considered unrecommended. | | 769 | covers limited cases only and is considered unrecommended. |
746 | We recommend using | | 770 | We recommend using |
747 | .Sy ifconfig_nnX | | 771 | .Sy ifconfig_nnX |
748 | variables or | | 772 | variables or |
749 | .Pa /etc/ifconfig.xxN | | 773 | .Pa /etc/ifconfig.xxN |
750 | files with multiple lines instead. | | 774 | files with multiple lines instead. |
751 | .It Sy ifwatchd | | 775 | .It Sy ifwatchd |
752 | Boolean value. | | 776 | Boolean value. |
753 | Monitor dynamic interfaces and perform actions upon address changes. | | 777 | Monitor dynamic interfaces and perform actions upon address changes. |
754 | Passes | | 778 | Passes |
755 | .Sy ifwatchd_flags . | | 779 | .Sy ifwatchd_flags . |
756 | .It Sy ip6addrctl | | 780 | .It Sy ip6addrctl |
757 | Boolean value. | | 781 | Boolean value. |
758 | Fine grain control of address and routing priorities. | | 782 | Fine grain control of address and routing priorities. |
759 | .It Sy ip6addrctl_policy | | 783 | .It Sy ip6addrctl_policy |
760 | A string. | | 784 | A string. |
761 | Can be: | | 785 | Can be: |
762 | .Bl -tag -width auto -compact | | 786 | .Bl -tag -width auto -compact |
763 | .It Li auto | | 787 | .It Li auto |
764 | automatically determine from system settings; will read priorities from | | 788 | automatically determine from system settings; will read priorities from |
765 | .Pa /etc/ip6addrctl.conf | | 789 | .Pa /etc/ip6addrctl.conf |
766 | or if that file does not exist it will default to IPv6 first, then IPv4. | | 790 | or if that file does not exist it will default to IPv6 first, then IPv4. |
767 | .It Li ipv4_prefer | | 791 | .It Li ipv4_prefer |
768 | try IPv4 before IPv6. | | 792 | try IPv4 before IPv6. |
769 | .It Li ipv6_prefer | | 793 | .It Li ipv6_prefer |
770 | try IPv6 before IPv4. | | 794 | try IPv6 before IPv4. |
771 | .El | | 795 | .El |
772 | .It Sy ip6addrctl_verbose | | 796 | .It Sy ip6addrctl_verbose |
773 | Boolean value. | | 797 | Boolean value. |
774 | If set, print the resulting prefixes and priorities map. | | 798 | If set, print the resulting prefixes and priorities map. |
775 | .It Sy ip6mode | | 799 | .It Sy ip6mode |
776 | A string. | | 800 | A string. |
777 | An IPv6 node can be a router | | 801 | An IPv6 node can be a router |
778 | .Pq nodes that forward packet for others | | 802 | .Pq nodes that forward packet for others |
779 | or a host | | 803 | or a host |
780 | .Pq nodes that do not forward . | | 804 | .Pq nodes that do not forward . |
781 | A host can be autoconfigured | | 805 | A host can be autoconfigured |
782 | based on the information advertised by adjacent IPv6 routers. | | 806 | based on the information advertised by adjacent IPv6 routers. |
783 | By setting | | 807 | By setting |
784 | .Sy ip6mode | | 808 | .Sy ip6mode |
785 | to | | 809 | to |
786 | .Dq Li router , | | 810 | .Dq Li router , |
787 | .Dq Li host , | | 811 | .Dq Li host , |
788 | or | | 812 | or |
789 | .Dq Li autohost , | | 813 | .Dq Li autohost , |
790 | you can configure your node as a router, | | 814 | you can configure your node as a router, |
791 | a non-autoconfigured host, or an autoconfigured host. | | 815 | a non-autoconfigured host, or an autoconfigured host. |
792 | Invalid values will be ignored, and the node will be configured as | | 816 | Invalid values will be ignored, and the node will be configured as |
793 | a non-autoconfigured host. | | 817 | a non-autoconfigured host. |
794 | You may want to check | | 818 | You may want to check |
795 | .Sy rtsol | | 819 | .Sy rtsol |
796 | and | | 820 | and |
797 | .Sy rtsold | | 821 | .Sy rtsold |
798 | as well, if you set the variable to | | 822 | as well, if you set the variable to |
799 | .Dq Li autohost . | | 823 | .Dq Li autohost . |
800 | .It Sy ip6uniquelocal | | 824 | .It Sy ip6uniquelocal |
801 | Boolean value. | | 825 | Boolean value. |
802 | If | | 826 | If |
803 | .Sy ip6mode | | 827 | .Sy ip6mode |
804 | is equal to | | 828 | is equal to |
805 | .Dq Li router , | | 829 | .Dq Li router , |
806 | and | | 830 | and |
807 | .Sy ip6uniquelocal | | 831 | .Sy ip6uniquelocal |
808 | is false, | | 832 | is false, |
809 | a reject route will be installed on boot to avoid misconfiguration relating | | 833 | a reject route will be installed on boot to avoid misconfiguration relating |
810 | to unique-local addresses. | | 834 | to unique-local addresses. |
811 | If | | 835 | If |
812 | .Sy ip6uniquelocal | | 836 | .Sy ip6uniquelocal |
813 | is true, the reject route won't be installed. | | 837 | is true, the reject route won't be installed. |
814 | .It Sy ipfilter | | 838 | .It Sy ipfilter |
815 | Boolean value. | | 839 | Boolean value. |
816 | Runs | | 840 | Runs |
817 | .Xr ipf 8 | | 841 | .Xr ipf 8 |
818 | to load in packet filter specifications from | | 842 | to load in packet filter specifications from |
819 | .Pa /etc/ipf.conf | | 843 | .Pa /etc/ipf.conf |
820 | at network boot time, before any interfaces are configured. | | 844 | at network boot time, before any interfaces are configured. |
821 | Passes | | 845 | Passes |
822 | .Sy ipfilter_flags . | | 846 | .Sy ipfilter_flags . |
823 | See | | 847 | See |
824 | .Xr ipf.conf 5 . | | 848 | .Xr ipf.conf 5 . |
825 | .It Sy ipfs | | 849 | .It Sy ipfs |
826 | Boolean value. | | 850 | Boolean value. |
827 | Runs | | 851 | Runs |
828 | .Xr ipfs 8 | | 852 | .Xr ipfs 8 |
829 | to save and restore information for ipnat and ipfilter state tables. | | 853 | to save and restore information for ipnat and ipfilter state tables. |
830 | The information is stored in | | 854 | The information is stored in |
831 | .Pa /var/db/ipf/ipstate.ipf | | 855 | .Pa /var/db/ipf/ipstate.ipf |
832 | and | | 856 | and |
833 | .Pa /var/db/ipf/ipnat.ipf . | | 857 | .Pa /var/db/ipf/ipnat.ipf . |
834 | Passes | | 858 | Passes |
835 | .Sy ipfs_flags . | | 859 | .Sy ipfs_flags . |
836 | .It Sy ipmon | | 860 | .It Sy ipmon |
837 | Boolean value. | | 861 | Boolean value. |
838 | Runs | | 862 | Runs |
839 | .Xr ipmon 8 | | 863 | .Xr ipmon 8 |
840 | to read | | 864 | to read |
841 | .Xr ipf 8 | | 865 | .Xr ipf 8 |
842 | packet log information and log it to a file or the system log. | | 866 | packet log information and log it to a file or the system log. |
843 | Passes | | 867 | Passes |
844 | .Sy ipmon_flags . | | 868 | .Sy ipmon_flags . |
845 | .It Sy ipmon_flags | | 869 | .It Sy ipmon_flags |
846 | A string. | | 870 | A string. |
847 | Specifies arguments to supply to | | 871 | Specifies arguments to supply to |
848 | .Xr ipmon 8 . | | 872 | .Xr ipmon 8 . |
849 | Defaults to | | 873 | Defaults to |
850 | .Dq Li -ns . | | 874 | .Dq Li -ns . |
851 | A typical example would be | | 875 | A typical example would be |
852 | .Dq Fl nD Pa /var/log/ipflog | | 876 | .Dq Fl nD Pa /var/log/ipflog |
853 | to have | | 877 | to have |
854 | .Xr ipmon 8 | | 878 | .Xr ipmon 8 |
855 | log directly to a file bypassing | | 879 | log directly to a file bypassing |
856 | .Xr syslogd 8 . | | 880 | .Xr syslogd 8 . |
857 | If the | | 881 | If the |
858 | .Dq -D | | 882 | .Dq -D |
859 | argument is used, remember to modify | | 883 | argument is used, remember to modify |
860 | .Pa /etc/newsyslog.conf | | 884 | .Pa /etc/newsyslog.conf |
861 | accordingly; for example: | | 885 | accordingly; for example: |
862 | .Bd -literal | | 886 | .Bd -literal |
863 | /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid | | 887 | /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid |
864 | .Ed | | 888 | .Ed |
865 | .It Sy ipnat | | 889 | .It Sy ipnat |
866 | Boolean value. | | 890 | Boolean value. |
867 | Runs | | 891 | Runs |
868 | .Xr ipnat 8 | | 892 | .Xr ipnat 8 |
869 | to load in the IP network address translation (NAT) rules from | | 893 | to load in the IP network address translation (NAT) rules from |
870 | .Pa /etc/ipnat.conf | | 894 | .Pa /etc/ipnat.conf |
871 | at network boot time, before any interfaces are configured. | | 895 | at network boot time, before any interfaces are configured. |
872 | See | | 896 | See |
873 | .Xr ipnat.conf 5 . | | 897 | .Xr ipnat.conf 5 . |
874 | .It Sy ipsec | | 898 | .It Sy ipsec |
875 | Boolean value. | | 899 | Boolean value. |
876 | Runs | | 900 | Runs |
877 | .Xr setkey 8 | | 901 | .Xr setkey 8 |
878 | to load in IPsec manual keys and policies from | | 902 | to load in IPsec manual keys and policies from |
879 | .Pa /etc/ipsec.conf | | 903 | .Pa /etc/ipsec.conf |
880 | at network boot time, before any interfaces are configured. | | 904 | at network boot time, before any interfaces are configured. |
881 | .It Sy net_interfaces | | 905 | .It Sy net_interfaces |
882 | A string. | | 906 | A string. |
883 | The list of network interfaces to be configured at boot time. | | 907 | The list of network interfaces to be configured at boot time. |
884 | For each interface "xxN", the system first looks for ifconfig | | 908 | For each interface "xxN", the system first looks for ifconfig |
885 | parameters in the variable | | 909 | parameters in the variable |
886 | .Sy ifconfig_xxN , | | 910 | .Sy ifconfig_xxN , |
887 | and then in the file | | 911 | and then in the file |
888 | .Pa /etc/ifconfig.xxN . | | 912 | .Pa /etc/ifconfig.xxN . |
889 | If | | 913 | If |
890 | .Sy auto_ifconfig | | 914 | .Sy auto_ifconfig |
891 | is false, and neither the variable nor the file is found, | | 915 | is false, and neither the variable nor the file is found, |
892 | a warning is printed. | | 916 | a warning is printed. |
893 | Information in either the variable or the file is parsed identically, | | 917 | Information in either the variable or the file is parsed identically, |
894 | except that, if an | | 918 | except that, if an |
895 | .Sy ifconfig_xxN | | 919 | .Sy ifconfig_xxN |
896 | variable contains a single line with embedded semicolons, | | 920 | variable contains a single line with embedded semicolons, |
897 | then the value is split into multiple lines prior to further parsing, | | 921 | then the value is split into multiple lines prior to further parsing, |
898 | treating the semicolon as a line separator. | | 922 | treating the semicolon as a line separator. |
899 | .Pp | | 923 | .Pp |
900 | One common case it to set the | | 924 | One common case it to set the |
901 | .Sy ifconfig_xxN | | 925 | .Sy ifconfig_xxN |
902 | variable to a set of arguments to be passed to an | | 926 | variable to a set of arguments to be passed to an |
903 | .Xr ifconfig 8 | | 927 | .Xr ifconfig 8 |
904 | command after the interface name. | | 928 | command after the interface name. |
905 | Refer to | | 929 | Refer to |
906 | .Xr ifconfig.if 5 | | 930 | .Xr ifconfig.if 5 |
907 | for more details on | | 931 | for more details on |
908 | .Pa /etc/ifconfig.xxN | | 932 | .Pa /etc/ifconfig.xxN |
909 | files, and note that the information there also applies to | | 933 | files, and note that the information there also applies to |
910 | .Sy ifconfig_xxN | | 934 | .Sy ifconfig_xxN |
911 | variables (after the variables are split into lines). | | 935 | variables (after the variables are split into lines). |
912 | .It Sy ntpdate | | 936 | .It Sy ntpdate |
913 | Boolean value. | | 937 | Boolean value. |
914 | Runs | | 938 | Runs |
915 | .Xr ntpdate 8 | | 939 | .Xr ntpdate 8 |
916 | to set the system time from one of the hosts in | | 940 | to set the system time from one of the hosts in |
917 | .Sy ntpdate_hosts . | | 941 | .Sy ntpdate_hosts . |
918 | If | | 942 | If |
919 | .Sy ntpdate_hosts | | 943 | .Sy ntpdate_hosts |
920 | is empty, it will attempt to find a list of hosts in | | 944 | is empty, it will attempt to find a list of hosts in |
921 | .Pa /etc/ntp.conf . | | 945 | .Pa /etc/ntp.conf . |
922 | Passes | | 946 | Passes |
923 | .Sy ntpdate_flags . | | 947 | .Sy ntpdate_flags . |
924 | .It Sy pf | | 948 | .It Sy pf |
925 | Boolean value. | | 949 | Boolean value. |
926 | Enable | | 950 | Enable |
927 | .Xr pf 4 | | 951 | .Xr pf 4 |
928 | at network boot time: | | 952 | at network boot time: |
929 | Load the initial configuration | | 953 | Load the initial configuration |
930 | .Xr pf.boot.conf 5 | | 954 | .Xr pf.boot.conf 5 |
931 | before the network is up. | | 955 | before the network is up. |
932 | After the network has been configured, then load the final rule set | | 956 | After the network has been configured, then load the final rule set |
933 | .Xr pf.conf 5 . | | 957 | .Xr pf.conf 5 . |
934 | .It Sy pf_rules | | 958 | .It Sy pf_rules |
935 | A string. | | 959 | A string. |
936 | The path of the | | 960 | The path of the |
937 | .Xr pf.conf 5 | | 961 | .Xr pf.conf 5 |
938 | rule set that will be used when loading the final rule set. | | 962 | rule set that will be used when loading the final rule set. |
939 | .It Sy pflogd | | 963 | .It Sy pflogd |
940 | Boolean value. | | 964 | Boolean value. |
941 | Run | | 965 | Run |
942 | .Xr pflogd 8 | | 966 | .Xr pflogd 8 |
943 | for dumping packet filter logging information to a file. | | 967 | for dumping packet filter logging information to a file. |
944 | .It Sy ppp | | 968 | .It Sy ppp |
945 | A boolean. | | 969 | A boolean. |
946 | Toggles starting | | 970 | Toggles starting |
947 | .Xr pppd 8 | | 971 | .Xr pppd 8 |
948 | on startup. | | 972 | on startup. |
949 | See | | 973 | See |
950 | .Sy ppp_peers | | 974 | .Sy ppp_peers |
951 | below. | | 975 | below. |
952 | .It Sy ppp_peers | | 976 | .It Sy ppp_peers |
953 | A string. | | 977 | A string. |
954 | If | | 978 | If |
955 | .Sy ppp | | 979 | .Sy ppp |
956 | is true and | | 980 | is true and |
957 | .Sy ppp_peers | | 981 | .Sy ppp_peers |
958 | is not empty, then | | 982 | is not empty, then |
959 | .Pa /etc/rc.d/ppp | | 983 | .Pa /etc/rc.d/ppp |
960 | will check each word in | | 984 | will check each word in |
961 | .Sy ppp_peers | | 985 | .Sy ppp_peers |
962 | for a corresponding ppp configuration file in | | 986 | for a corresponding ppp configuration file in |
963 | .Pa /etc/ppp/peers | | 987 | .Pa /etc/ppp/peers |
964 | and will call | | 988 | and will call |
965 | .Xr pppd 8 | | 989 | .Xr pppd 8 |
966 | with the | | 990 | with the |
967 | .Dq call Sy peer | | 991 | .Dq call Sy peer |
968 | option. | | 992 | option. |
969 | .It Sy racoon | | 993 | .It Sy racoon |
970 | Boolean value. | | 994 | Boolean value. |
971 | Runs | | 995 | Runs |
972 | .Xr racoon 8 , | | 996 | .Xr racoon 8 , |
973 | the IKE (ISAKMP/Oakley) key management daemon. | | 997 | the IKE (ISAKMP/Oakley) key management daemon. |
974 | .It Sy rtsol | | 998 | .It Sy rtsol |
975 | Boolean value. | | 999 | Boolean value. |
976 | Run | | 1000 | Run |
977 | .Xr rtsol 8 , | | 1001 | .Xr rtsol 8 , |
978 | router solicitation command for IPv6 hosts. | | 1002 | router solicitation command for IPv6 hosts. |
979 | On nomadic hosts like notebook computers, you may want to enable | | 1003 | On nomadic hosts like notebook computers, you may want to enable |
980 | .Sy rtsold | | 1004 | .Sy rtsold |
981 | as well. | | 1005 | as well. |
982 | Passes | | 1006 | Passes |
983 | .Sy rtsol_flags . | | 1007 | .Sy rtsol_flags . |
984 | This is only for autoconfigured IPv6 hosts, so set | | 1008 | This is only for autoconfigured IPv6 hosts, so set |
985 | .Sy ip6mode | | 1009 | .Sy ip6mode |
986 | to | | 1010 | to |
987 | .Dq Li autohost | | 1011 | .Dq Li autohost |
988 | if you use it. | | 1012 | if you use it. |
989 | .It Sy wpa_supplicant | | 1013 | .It Sy wpa_supplicant |
990 | Boolean value. | | 1014 | Boolean value. |
991 | Run | | 1015 | Run |
992 | .Xr wpa_supplicant 8 , | | 1016 | .Xr wpa_supplicant 8 , |
993 | WPA/802.11i Supplicant for wireless network devices. | | 1017 | WPA/802.11i Supplicant for wireless network devices. |
994 | If you set | | 1018 | If you set |
995 | .Sy wpa_supplicant | | 1019 | .Sy wpa_supplicant |
996 | true, then | | 1020 | true, then |
997 | .Pa /usr | | 1021 | .Pa /usr |
998 | must be in | | 1022 | must be in |
999 | .Sy critical_filesystems_local , | | 1023 | .Sy critical_filesystems_local , |
1000 | or | | 1024 | or |
1001 | .Pa /usr | | 1025 | .Pa /usr |
1002 | must be on the root file system. | | 1026 | must be on the root file system. |
1003 | dhcpcd ignores this variable, see the | | 1027 | dhcpcd ignores this variable, see the |
1004 | .Sy dhcpcd | | 1028 | .Sy dhcpcd |
1005 | variable for details. | | 1029 | variable for details. |
1006 | .El | | 1030 | .El |
1007 | .Ss Daemons required by other daemons | | 1031 | .Ss Daemons required by other daemons |
1008 | .Bl -tag -width net_interfaces | | 1032 | .Bl -tag -width net_interfaces |
1009 | .It Sy inetd | | 1033 | .It Sy inetd |
1010 | Boolean value. | | 1034 | Boolean value. |
1011 | Runs the | | 1035 | Runs the |
1012 | .Xr inetd 8 | | 1036 | .Xr inetd 8 |
1013 | daemon to start network server processes (as listed in | | 1037 | daemon to start network server processes (as listed in |
1014 | .Pa /etc/inetd.conf ) | | 1038 | .Pa /etc/inetd.conf ) |
1015 | as necessary. | | 1039 | as necessary. |
1016 | Passes | | 1040 | Passes |
1017 | .Sy inetd_flags . | | 1041 | .Sy inetd_flags . |
1018 | The | | 1042 | The |
1019 | .Dq Li -l | | 1043 | .Dq Li -l |
1020 | flag turns on libwrap connection logging. | | 1044 | flag turns on libwrap connection logging. |
1021 | .It Sy rpcbind | | 1045 | .It Sy rpcbind |
1022 | Boolean value. | | 1046 | Boolean value. |
1023 | The | | 1047 | The |
1024 | .Xr rpcbind 8 | | 1048 | .Xr rpcbind 8 |
1025 | daemon is required for any | | 1049 | daemon is required for any |
1026 | .Xr rpc 3 | | 1050 | .Xr rpc 3 |
1027 | services. | | 1051 | services. |
1028 | These include NFS, | | 1052 | These include NFS, |
1029 | .Tn NIS , | | 1053 | .Tn NIS , |
1030 | .Xr rpc.bootparamd 8 , | | 1054 | .Xr rpc.bootparamd 8 , |
1031 | .Xr rpc.rstatd 8 , | | 1055 | .Xr rpc.rstatd 8 , |
1032 | .Xr rpc.rusersd 8 , | | 1056 | .Xr rpc.rusersd 8 , |
1033 | and | | 1057 | and |
1034 | .Xr rpc.rwalld 8 . | | 1058 | .Xr rpc.rwalld 8 . |
1035 | Passes | | 1059 | Passes |
1036 | .Sy rpcbind_flags . | | 1060 | .Sy rpcbind_flags . |
1037 | .El | | 1061 | .El |
1038 | .Ss Commonly used daemons | | 1062 | .Ss Commonly used daemons |
1039 | .Bl -tag -width net_interfaces | | 1063 | .Bl -tag -width net_interfaces |
1040 | .It Sy cron | | 1064 | .It Sy cron |
1041 | Boolean value. | | 1065 | Boolean value. |
1042 | Run | | 1066 | Run |
1043 | .Xr cron 8 . | | 1067 | .Xr cron 8 . |
1044 | .It Sy ftpd | | 1068 | .It Sy ftpd |
1045 | Boolean value. | | 1069 | Boolean value. |
1046 | Runs the | | 1070 | Runs the |
1047 | .Xr ftpd 8 | | 1071 | .Xr ftpd 8 |
1048 | daemon and passes | | 1072 | daemon and passes |
1049 | .Sy ftpd_flags . | | 1073 | .Sy ftpd_flags . |
1050 | .It Sy httpd | | 1074 | .It Sy httpd |
1051 | Boolean value. | | 1075 | Boolean value. |
1052 | Runs the | | 1076 | Runs the |
1053 | .Xr httpd 8 | | 1077 | .Xr httpd 8 |
1054 | daemon and passes | | 1078 | daemon and passes |
1055 | .Sy httpd_flags . | | 1079 | .Sy httpd_flags . |
1056 | .It Sy httpd_wwwdir | | 1080 | .It Sy httpd_wwwdir |
1057 | A string. | | 1081 | A string. |
1058 | The | | 1082 | The |
1059 | .Xr httpd 8 | | 1083 | .Xr httpd 8 |
1060 | WWW root directory. | | 1084 | WWW root directory. |
1061 | Used only if | | 1085 | Used only if |
1062 | .Sy httpd | | 1086 | .Sy httpd |
1063 | is true. | | 1087 | is true. |
1064 | The default setting is | | 1088 | The default setting is |
1065 | .Dq Pa /var/www . | | 1089 | .Dq Pa /var/www . |
1066 | .It Sy httpd_wwwuser | | 1090 | .It Sy httpd_wwwuser |
1067 | A string. | | 1091 | A string. |
1068 | If non-blank and | | 1092 | If non-blank and |
1069 | .Sy httpd | | 1093 | .Sy httpd |
1070 | is true, run | | 1094 | is true, run |
1071 | .Xr httpd 8 | | 1095 | .Xr httpd 8 |
1072 | and cause it to switch to the specified user after initialization. | | 1096 | and cause it to switch to the specified user after initialization. |
1073 | It is preferred to | | 1097 | It is preferred to |
1074 | .Sy httpd_user | | 1098 | .Sy httpd_user |
1075 | because | | 1099 | because |
1076 | .Xr httpd 8 | | 1100 | .Xr httpd 8 |
1077 | is requiring extra privileges to start listening on default port 80. | | 1101 | is requiring extra privileges to start listening on default port 80. |
1078 | The default setting is | | 1102 | The default setting is |
1079 | .Dq Dv _httpd . | | 1103 | .Dq Dv _httpd . |
1080 | .It Sy lpd | | 1104 | .It Sy lpd |
1081 | Boolean value. | | 1105 | Boolean value. |
1082 | Runs | | 1106 | Runs |
1083 | .Xr lpd 8 | | 1107 | .Xr lpd 8 |
1084 | and passes | | 1108 | and passes |
1085 | .Sy lpd_flags . | | 1109 | .Sy lpd_flags . |
1086 | The | | 1110 | The |
1087 | .Dq Li -l | | 1111 | .Dq Li -l |
1088 | flag will turn on extra logging. | | 1112 | flag will turn on extra logging. |
1089 | .It Sy mdnsd | | 1113 | .It Sy mdnsd |
1090 | Boolean value. | | 1114 | Boolean value. |
1091 | Runs | | 1115 | Runs |
1092 | .Xr mdnsd 8 . | | 1116 | .Xr mdnsd 8 . |
1093 | .It Sy named | | 1117 | .It Sy named |
1094 | Boolean value. | | 1118 | Boolean value. |
1095 | Runs | | 1119 | Runs |
1096 | .Xr named 8 | | 1120 | .Xr named 8 |
1097 | and passes | | 1121 | and passes |
1098 | .Sy named_flags . | | 1122 | .Sy named_flags . |
1099 | .It Sy named_chrootdir | | 1123 | .It Sy named_chrootdir |
1100 | A string. | | 1124 | A string. |
1101 | If non-blank and | | 1125 | If non-blank and |
1102 | .Sy named | | 1126 | .Sy named |
1103 | is true, run | | 1127 | is true, run |
1104 | .Xr named 8 | | 1128 | .Xr named 8 |
1105 | as the unprivileged user and group | | 1129 | as the unprivileged user and group |
1106 | .Sq named , | | 1130 | .Sq named , |
1107 | .Xr chroot 2 Ns ed | | 1131 | .Xr chroot 2 Ns ed |
1108 | to | | 1132 | to |
1109 | .Sy named_chrootdir . | | 1133 | .Sy named_chrootdir . |
1110 | .Sy named_chrootdir Ns Pa /var/run/log | | 1134 | .Sy named_chrootdir Ns Pa /var/run/log |
1111 | will be added to the list of log sockets that | | 1135 | will be added to the list of log sockets that |
1112 | .Xr syslogd 8 | | 1136 | .Xr syslogd 8 |
1113 | listens to. | | 1137 | listens to. |
1114 | .It Sy ntpd | | 1138 | .It Sy ntpd |
1115 | Boolean value. | | 1139 | Boolean value. |
1116 | Runs | | 1140 | Runs |
1117 | .Xr ntpd 8 | | 1141 | .Xr ntpd 8 |
1118 | and passes | | 1142 | and passes |
1119 | .Sy ntpd_flags . | | 1143 | .Sy ntpd_flags . |
1120 | .It Sy ntpd_chrootdir | | 1144 | .It Sy ntpd_chrootdir |
1121 | A string. | | 1145 | A string. |
1122 | If non-blank and | | 1146 | If non-blank and |
1123 | .Sy ntpd | | 1147 | .Sy ntpd |
1124 | is true, run | | 1148 | is true, run |
1125 | .Xr ntpd 8 | | 1149 | .Xr ntpd 8 |
1126 | as the unprivileged user and group | | 1150 | as the unprivileged user and group |
1127 | .Sq ntpd , | | 1151 | .Sq ntpd , |
1128 | .Xr chroot 2 Ns ed | | 1152 | .Xr chroot 2 Ns ed |
1129 | to | | 1153 | to |
1130 | .Sy ntpd_chrootdir . | | 1154 | .Sy ntpd_chrootdir . |
1131 | .Sy ntpd_chrootdir Ns Pa /var/run/log | | 1155 | .Sy ntpd_chrootdir Ns Pa /var/run/log |
1132 | will be added to the list of log sockets that | | 1156 | will be added to the list of log sockets that |
1133 | .Xr syslogd 8 | | 1157 | .Xr syslogd 8 |
1134 | listens to. | | 1158 | listens to. |
1135 | This option requires that the kernel has | | 1159 | This option requires that the kernel has |
1136 | .Dl pseudo-device clockctl | | 1160 | .Dl pseudo-device clockctl |
1137 | compiled in, and that | | 1161 | compiled in, and that |
1138 | .Pa /dev/clockctl | | 1162 | .Pa /dev/clockctl |
1139 | is present. | | 1163 | is present. |
1140 | .It Sy postfix | | 1164 | .It Sy postfix |
1141 | Boolean value. | | 1165 | Boolean value. |
1142 | Starts | | 1166 | Starts |
1143 | .Xr postfix 1 | | 1167 | .Xr postfix 1 |
1144 | mail system. | | 1168 | mail system. |
1145 | .It Sy sshd | | 1169 | .It Sy sshd |
1146 | Boolean value. | | 1170 | Boolean value. |
1147 | Runs | | 1171 | Runs |
1148 | .Xr sshd 8 | | 1172 | .Xr sshd 8 |
1149 | and passes | | 1173 | and passes |
1150 | .Sy sshd_flags . | | 1174 | .Sy sshd_flags . |
1151 | .It Sy syslogd | | 1175 | .It Sy syslogd |
1152 | Boolean value. | | 1176 | Boolean value. |
1153 | Runs | | 1177 | Runs |
1154 | .Xr syslogd 8 | | 1178 | .Xr syslogd 8 |
1155 | and passes | | 1179 | and passes |
1156 | .Sy syslogd_flags . | | 1180 | .Sy syslogd_flags . |
1157 | .It Sy timed | | 1181 | .It Sy timed |
1158 | Boolean value. | | 1182 | Boolean value. |
1159 | Runs | | 1183 | Runs |
1160 | .Xr timed 8 | | 1184 | .Xr timed 8 |
1161 | and passes | | 1185 | and passes |
1162 | .Sy timed_flags . | | 1186 | .Sy timed_flags . |
1163 | The | | 1187 | The |
1164 | .Dq Li -M | | 1188 | .Dq Li -M |
1165 | option allows | | 1189 | option allows |
1166 | .Xr timed 8 | | 1190 | .Xr timed 8 |
1167 | to be a master time source as well as a slave. | | 1191 | to be a master time source as well as a slave. |
1168 | If you are also running | | 1192 | If you are also running |
1169 | .Xr ntpd 8 , | | 1193 | .Xr ntpd 8 , |
1170 | only one machine running both should have the | | 1194 | only one machine running both should have the |
1171 | .Dq Li -M | | 1195 | .Dq Li -M |
1172 | flag given to | | 1196 | flag given to |
1173 | .Xr timed 8 . | | 1197 | .Xr timed 8 . |
1174 | .El | | 1198 | .El |
1175 | .Ss Routing daemons | | 1199 | .Ss Routing daemons |
1176 | .Bl -tag -width net_interfaces | | 1200 | .Bl -tag -width net_interfaces |
1177 | .It Sy mrouted | | 1201 | .It Sy mrouted |
1178 | Boolean value. | | 1202 | Boolean value. |
1179 | Runs | | 1203 | Runs |
1180 | .Xr mrouted 8 , | | 1204 | .Xr mrouted 8 , |
1181 | the DVMRP multicast routing protocol daemon. | | 1205 | the DVMRP multicast routing protocol daemon. |
1182 | Passes | | 1206 | Passes |
1183 | .Sy mrouted_flags . | | 1207 | .Sy mrouted_flags . |
1184 | .It Sy route6d | | 1208 | .It Sy route6d |
1185 | Boolean value. | | 1209 | Boolean value. |
1186 | Runs | | 1210 | Runs |
1187 | .Xr route6d 8 , | | 1211 | .Xr route6d 8 , |
1188 | the RIPng routing protocol daemon for IPv6. | | 1212 | the RIPng routing protocol daemon for IPv6. |
1189 | Passes | | 1213 | Passes |
1190 | .Sy route6d_flags . | | 1214 | .Sy route6d_flags . |
1191 | .It Sy routed | | 1215 | .It Sy routed |
1192 | Boolean value. | | 1216 | Boolean value. |
1193 | Runs | | 1217 | Runs |
1194 | .Xr routed 8 , | | 1218 | .Xr routed 8 , |
1195 | the RIP routing protocol daemon. | | 1219 | the RIP routing protocol daemon. |
1196 | Passes | | 1220 | Passes |
1197 | .Sy routed_flags . | | 1221 | .Sy routed_flags . |
1198 | .\" This should be false | | 1222 | .\" This should be false |
1199 | .\" if | | 1223 | .\" if |
1200 | .\" .Sy gated | | 1224 | .\" .Sy gated |
1201 | .\" is true. | | 1225 | .\" is true. |
1202 | .It Sy rtsold | | 1226 | .It Sy rtsold |
1203 | Boolean value. | | 1227 | Boolean value. |
1204 | Runs | | 1228 | Runs |
1205 | .Xr rtsold 8 , | | 1229 | .Xr rtsold 8 , |
1206 | the IPv6 router solicitation daemon. | | 1230 | the IPv6 router solicitation daemon. |
1207 | .Xr rtsold 8 | | 1231 | .Xr rtsold 8 |
1208 | periodically transmits router solicitation packets | | 1232 | periodically transmits router solicitation packets |
1209 | to find IPv6 routers on the network. | | 1233 | to find IPv6 routers on the network. |
1210 | This configuration is mainly for nomadic hosts like notebook computers. | | 1234 | This configuration is mainly for nomadic hosts like notebook computers. |
1211 | Stationary hosts should work fine with just | | 1235 | Stationary hosts should work fine with just |
1212 | .Sy rtsol . | | 1236 | .Sy rtsol . |
1213 | Passes | | 1237 | Passes |
1214 | .Sy rtsold_flags . | | 1238 | .Sy rtsold_flags . |
1215 | This is only for autoconfigured IPv6 hosts, so set | | 1239 | This is only for autoconfigured IPv6 hosts, so set |
1216 | .Sy ip6mode | | 1240 | .Sy ip6mode |
1217 | to | | 1241 | to |
1218 | .Dq Li autohost | | 1242 | .Dq Li autohost |
1219 | if you use it. | | 1243 | if you use it. |
1220 | .El | | 1244 | .El |
1221 | .Ss Daemons used to boot other hosts over a network | | 1245 | .Ss Daemons used to boot other hosts over a network |
1222 | .Bl -tag -width net_interfaces | | 1246 | .Bl -tag -width net_interfaces |
1223 | .It Sy bootparamd | | 1247 | .It Sy bootparamd |
1224 | Boolean value. | | 1248 | Boolean value. |
1225 | Runs | | 1249 | Runs |
1226 | .Xr bootparamd 8 , | | 1250 | .Xr bootparamd 8 , |
1227 | the boot parameter server, with | | 1251 | the boot parameter server, with |
1228 | .Sy bootparamd_flags | | 1252 | .Sy bootparamd_flags |
1229 | as options. | | 1253 | as options. |
1230 | Used to boot | | 1254 | Used to boot |
1231 | .Nx | | 1255 | .Nx |
1232 | and | | 1256 | and |
1233 | .Tn "SunOS 4.x" | | 1257 | .Tn "SunOS 4.x" |
1234 | systems. | | 1258 | systems. |
1235 | .It Sy dhcpd | | 1259 | .It Sy dhcpd |
1236 | Boolean value. | | 1260 | Boolean value. |
1237 | Runs | | 1261 | Runs |
1238 | .Xr dhcpd 8 , | | 1262 | .Xr dhcpd 8 , |
1239 | the Dynamic Host Configuration Protocol (DHCP) daemon, | | 1263 | the Dynamic Host Configuration Protocol (DHCP) daemon, |
1240 | for assigning IP addresses to hosts and passing boot information. | | 1264 | for assigning IP addresses to hosts and passing boot information. |
1241 | Passes | | 1265 | Passes |
1242 | .Sy dhcpd_flags . | | 1266 | .Sy dhcpd_flags . |
1243 | .It Sy dhcrelay | | 1267 | .It Sy dhcrelay |
1244 | Boolean value. | | 1268 | Boolean value. |
1245 | Runs | | 1269 | Runs |
1246 | .Xr dhcrelay 8 . | | 1270 | .Xr dhcrelay 8 . |
1247 | Passes | | 1271 | Passes |
1248 | .Sy dhcrelay_flags . | | 1272 | .Sy dhcrelay_flags . |
1249 | .It Sy mopd | | 1273 | .It Sy mopd |
1250 | Boolean value. | | 1274 | Boolean value. |