mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-17 10:26:15 +00:00
Code Issues Releases Activity
9ab238ab88
freebsd/etc/defaults/rc.conf
Mark Murray cc4d059c03 Merge from project branch. Uninteresting commits are trimmed. 
Refactor of /dev/random device. Main points include:

* Userland seeding is no longer used. This auto-seeds at boot time
on PC/Desktop setups; this may need some tweeking and intelligence
from those folks setting up embedded boxes, but the work is believed
to be minimal.

* An entropy cache is written to /entropy (even during installation)
and the kernel uses this at next boot.

* An entropy file written to /boot/entropy can be loaded by loader(8)

* Hardware sources such as rdrand are fed into Yarrow, and are no
longer available raw.

------------------------------------------------------------------------
r256240 | des | 2013-10-09 21:14:16 +0100 (Wed, 09 Oct 2013) | 4 lines

Add a RANDOM_RWFILE option and hide the entropy cache code behind it.
Rename YARROW_RNG and FORTUNA_RNG to RANDOM_YARROW and RANDOM_FORTUNA.
Add the RANDOM_* options to LINT.

------------------------------------------------------------------------
r256239 | des | 2013-10-09 21:12:59 +0100 (Wed, 09 Oct 2013) | 2 lines

Define RANDOM_PURE_RNDTEST for rndtest(4).

------------------------------------------------------------------------
r256204 | des | 2013-10-09 18:51:38 +0100 (Wed, 09 Oct 2013) | 2 lines

staticize struct random_hardware_source

------------------------------------------------------------------------
r256203 | markm | 2013-10-09 18:50:36 +0100 (Wed, 09 Oct 2013) | 2 lines

Wrap some policy-rich code in 'if NOTYET' until we can thresh out
what it really needs to do.

------------------------------------------------------------------------
r256184 | des | 2013-10-09 10:13:12 +0100 (Wed, 09 Oct 2013) | 2 lines

Re-add /dev/urandom for compatibility purposes.

------------------------------------------------------------------------
r256182 | des | 2013-10-09 10:11:14 +0100 (Wed, 09 Oct 2013) | 3 lines

Add missing include guards and move the existing ones out of the
implementation namespace.

------------------------------------------------------------------------
r256168 | markm | 2013-10-08 23:14:07 +0100 (Tue, 08 Oct 2013) | 10 lines

Fix some just-noticed problems:

o Allow this to work with "nodevice random" by fixing where the
MALLOC pool is defined.

o Fix the explicit reseed code. This was correct as submitted, but
in the project branch doesn't need to set the "seeded" bit as this
is done correctly in the "unblock" function.

o Remove some debug ifdeffing.

o Adjust comments.

------------------------------------------------------------------------
r256159 | markm | 2013-10-08 19:48:11 +0100 (Tue, 08 Oct 2013) | 6 lines

Time to eat crow for me.

I replaced the sx_* locks that Arthur used with regular mutexes;
this turned out the be the wrong thing to do as the locks need to
be sleepable. Revert this folly.

# Submitted by:	Arthur Mesh <arthurmesh@gmail.com> (In original diff)

------------------------------------------------------------------------
r256138 | des | 2013-10-08 12:05:26 +0100 (Tue, 08 Oct 2013) | 10 lines

Add YARROW_RNG and FORTUNA_RNG to sys/conf/options.

Add a SYSINIT that forces a reseed during proc0 setup, which happens
fairly late in the boot process.

Add a RANDOM_DEBUG option which enables some debugging printf()s.

Add a new RANDOM_ATTACH entropy source which harvests entropy from the
get_cyclecount() delta across each call to a device attach method.

------------------------------------------------------------------------
r256135 | markm | 2013-10-08 07:54:52 +0100 (Tue, 08 Oct 2013) | 8 lines

Debugging. My attempt at EVENTHANDLER(multiuser) was a failure; use
EVENTHANDLER(mountroot) instead.

This means we can't count on /var being present, so something will
need to be done about harvesting /var/db/entropy/... .

Some policy now needs to be sorted out, and a pre-sync cache needs
to be written, but apart from that we are now ready to go.

Over to review.

------------------------------------------------------------------------
r256094 | markm | 2013-10-06 23:45:02 +0100 (Sun, 06 Oct 2013) | 8 lines

Snapshot.

Looking pretty good; this mostly works now. New code includes:

* Read cached entropy at startup, both from files and from loader(8)
preloaded entropy. Failures are soft, but announced. Untested.

* Use EVENTHANDLER to do above just before we go multiuser. Untested.

------------------------------------------------------------------------
r256088 | markm | 2013-10-06 14:01:42 +0100 (Sun, 06 Oct 2013) | 2 lines

Fix up the man page for random(4). This mainly removes no-longer-relevant
details about HW RNGs, reseeding explicitly and user-supplied
entropy.

------------------------------------------------------------------------
r256087 | markm | 2013-10-06 13:43:42 +0100 (Sun, 06 Oct 2013) | 6 lines

As userland writing to /dev/random is no more, remove the "better
than nothing" bootstrap mode.

Add SWI harvesting to the mix.

My box seeds Yarrow by itself in a few seconds! YMMV; more to follow.

------------------------------------------------------------------------
r256086 | markm | 2013-10-06 13:40:32 +0100 (Sun, 06 Oct 2013) | 11 lines

Debug run. This now works, except that the "live" sources haven't
been tested. With all sources turned on, this unlocks itself in
a couple of seconds! That is no my box, and there is no guarantee
that this will be the case everywhere.

* Cut debug prints.

* Use the same locks/mutexes all the way through.

* Be a tad more conservative about entropy estimates.

------------------------------------------------------------------------
r256084 | markm | 2013-10-06 13:35:29 +0100 (Sun, 06 Oct 2013) | 5 lines

Don't use the "real" assembler mnemonics; older compilers may not
understand them (like when building CURRENT on 9.x).

# Submitted by:	Konstantin Belousov <kostikbel@gmail.com>

------------------------------------------------------------------------
r256081 | markm | 2013-10-06 10:55:28 +0100 (Sun, 06 Oct 2013) | 12 lines

SNAPSHOT.

Simplify the malloc pools; We only need one for this device.

Simplify the harvest queue.

Marginally improve the entropy pool hashing, making it a bit faster
in the process.

Connect up the hardware "live" source harvesting. This is simplistic
for now, and will need to be made rate-adaptive.

All of the above passes a compile test but needs to be debugged.

------------------------------------------------------------------------
r256042 | markm | 2013-10-04 07:55:06 +0100 (Fri, 04 Oct 2013) | 25 lines

Snapshot. This passes the build test, but has not yet been finished or debugged.

Contains:

* Refactor the hardware RNG CPU instruction sources to feed into
the software mixer. This is unfinished. The actual harvesting needs
to be sorted out. Modified by me (see below).

* Remove 'frac' parameter from random_harvest(). This was never
used and adds extra code for no good reason.

* Remove device write entropy harvesting. This provided a weak
attack vector, was not very good at bootstrapping the device. To
follow will be a replacement explicit reseed knob.

* Separate out all the RANDOM_PURE sources into separate harvest
entities. This adds some secuity in the case where more than one
is present.

* Review all the code and fix anything obviously messy or inconsistent.
Address som review concerns while I'm here, like rename the pseudo-rng
to 'dummy'.

# Submitted by:	Arthur Mesh <arthurmesh@gmail.com> (the first item)

------------------------------------------------------------------------
r255319 | markm | 2013-09-06 18:51:52 +0100 (Fri, 06 Sep 2013) | 4 lines

Yarrow wants entropy estimations to be conservative; the usual idea
is that if you are certain you have N bits of entropy, you declare
N/2.

------------------------------------------------------------------------
r255075 | markm | 2013-08-30 18:47:53 +0100 (Fri, 30 Aug 2013) | 4 lines

Remove short-lived idea; thread to harvest (eg) RDRAND enropy into the
usual harvest queues. It was a nifty idea, but too heavyweight.

# Submitted by:	Arthur Mesh <arthurmesh@gmail.com>

------------------------------------------------------------------------
r255071 | markm | 2013-08-30 12:42:57 +0100 (Fri, 30 Aug 2013) | 4 lines

Separate out the Software RNG entropy harvesting queue and thread
into its own files.

# Submitted by:	 Arthur Mesh <arthurmesh@gmail.com>

------------------------------------------------------------------------
r254934 | markm | 2013-08-26 20:07:03 +0100 (Mon, 26 Aug 2013) | 2 lines

Remove the short-lived namei experiment.

------------------------------------------------------------------------
r254928 | markm | 2013-08-26 19:35:21 +0100 (Mon, 26 Aug 2013) | 2 lines

Snapshot; Do some running repairs on entropy harvesting. More needs
to follow.

------------------------------------------------------------------------
r254927 | markm | 2013-08-26 19:29:51 +0100 (Mon, 26 Aug 2013) | 15 lines

Snapshot of current work;

1) Clean up namespace; only use "Yarrow" where it is Yarrow-specific
or close enough to the Yarrow algorithm. For the rest use a neutral
name.

2) Tidy up headers; put private stuff in private places. More could
be done here.

3) Streamline the hashing/encryption; no need for a 256-bit counter;
128 bits will last for long enough.

There are bits of debug code lying around; these will be removed
at a later stage.

------------------------------------------------------------------------
r254784 | markm | 2013-08-24 14:54:56 +0100 (Sat, 24 Aug 2013) | 39 lines

1) example (partially humorous random_adaptor, that I call "EXAMPLE")
 * It's not meant to be used in a real system, it's there to show how
   the basics of how to create interfaces for random_adaptors. Perhaps
   it should belong in a manual page

2) Move probe.c's functionality in to random_adaptors.c
 * rename random_ident_hardware() to random_adaptor_choose()

3) Introduce a new way to choose (or select) random_adaptors via tunable
"rngs_want" It's a list of comma separated names of adaptors, ordered
by preferences. I.e.:
rngs_want="yarrow,rdrand"

Such setting would cause yarrow to be preferred to rdrand. If neither of
them are available (or registered), then system will default to
something reasonable (currently yarrow). If yarrow is not present, then
we fall back to the adaptor that's first on the list of registered
adaptors.

4) Introduce a way where RNGs can play a role of entropy source. This is
mostly useful for HW rngs.

The way I envision this is that every HW RNG will use this
functionality by default. Functionality to disable this is also present.
I have an example of how to use this in random_adaptor_example.c (see
modload event, and init function)

5) fix kern.random.adaptors from
kern.random.adaptors: yarrowpanicblock
to
kern.random.adaptors: yarrow,panic,block

6) add kern.random.active_adaptor to indicate currently selected
adaptor:
root@freebsd04:~ # sysctl kern.random.active_adaptor
kern.random.active_adaptor: yarrow

# Submitted by:	Arthur Mesh <arthurmesh@gmail.com>

Submitted by:	Dag-Erling Smørgrav <des@FreeBSD.org>, Arthur Mesh <arthurmesh@gmail.com>
Reviewed by:	des@FreeBSD.org
Approved by:	re (delphij)
Approved by:	secteam (des,delphij)
2013-10-12 12:57:57 +00:00

707 lines
36 KiB
Bash
Raw Blame History

#!/bin/sh
# This is rc.conf - a file full of useful variables that you can set
# to change the default startup behavior of your system. You should
# not edit this file! Put any overrides into one of the ${rc_conf_files}
# instead and you will be able to update these defaults later without
# spamming your local configuration information.
#
# The ${rc_conf_files} files should only contain values which override
# values set in this file. This eases the upgrade path when defaults
# are changed and new features are added.
#
# All arguments must be in double or single quotes.
#
# For a more detailed explanation of all the rc.conf variables, please
# refer to the rc.conf(5) manual page.
#
# $FreeBSD$
##############################################################
### Important initial Boot-time options ####################
##############################################################
rc_debug="NO" # Set to YES to enable debugging output from rc.d
rc_info="NO" # Enables display of informational messages at boot.
rc_startmsgs="YES" # Show "Starting foo:" messages at boot
rcshutdown_timeout="90" # Seconds to wait before terminating rc.shutdown
early_late_divider="FILESYSTEMS" # Script that separates early/late
# stages of the boot process. Make sure you know
# the ramifications if you change this.
# See rc.conf(5) for more details.
always_force_depends="NO" # Set to check that indicated dependencies are
# running during boot (can increase boot time).
apm_enable="NO" # Set to YES to enable APM BIOS functions (or NO).
apmd_enable="NO" # Run apmd to handle APM event from userland.
apmd_flags="" # Flags to apmd (if enabled).
ddb_enable="NO" # Set to YES to load ddb scripts at boot.
ddb_config="/etc/ddb.conf" # ddb(8) config file.
devd_enable="YES" # Run devd, to trigger programs on device tree changes.
devd_flags="" # Additional flags for devd(8).
#kld_list="" # Kernel modules to load after local disks are mounted
kldxref_enable="NO" # Build linker.hints files with kldxref(8).
kldxref_clobber="NO" # Overwrite old linker.hints at boot.
kldxref_module_path="" # Override kern.module_path. A ';'-delimited list.
powerd_enable="NO" # Run powerd to lower our power usage.
powerd_flags="" # Flags to powerd (if enabled).
tmpmfs="AUTO" # Set to YES to always create an mfs /tmp, NO to never
tmpsize="20m" # Size of mfs /tmp if created
tmpmfs_flags="-S" # Extra mdmfs options for the mfs /tmp
varmfs="AUTO" # Set to YES to always create an mfs /var, NO to never
varsize="32m" # Size of mfs /var if created
varmfs_flags="-S" # Extra mount options for the mfs /var
populate_var="AUTO" # Set to YES to always (re)populate /var, NO to never
cleanvar_enable="YES" # Clean the /var directory
local_startup="/usr/local/etc/rc.d" # startup script dirs.
script_name_sep=" " # Change if your startup scripts' names contain spaces
rc_conf_files="/etc/rc.conf /etc/rc.conf.local"
# ZFS support
zfs_enable="NO" # Set to YES to automatically mount ZFS file systems
gptboot_enable="YES" # GPT boot success/failure reporting.
# Experimental - test before enabling
gbde_autoattach_all="NO" # YES automatically mounts gbde devices from fstab
gbde_devices="NO" # Devices to automatically attach (list, or AUTO)
gbde_attach_attempts="3" # Number of times to attempt attaching gbde devices
gbde_lockdir="/etc" # Where to look for gbde lockfiles
# GELI disk encryption configuration.
geli_devices="" # List of devices to automatically attach in addition to
# GELI devices listed in /etc/fstab.
geli_tries="" # Number of times to attempt attaching geli device.
# If empty, kern.geom.eli.tries will be used.
geli_default_flags="" # Default flags for geli(8).
geli_autodetach="YES" # Automatically detach on last close.
# Providers are marked as such when all file systems are
# mounted.
# Example use.
#geli_devices="da1 mirror/home"
#geli_da1_flags="-p -k /etc/geli/da1.keys"
#geli_da1_autodetach="NO"
#geli_mirror_home_flags="-k /etc/geli/home.keys"
root_rw_mount="YES" # Set to NO to inhibit remounting root read-write.
fsck_y_enable="NO" # Set to YES to do fsck -y if the initial preen fails.
fsck_y_flags="" # Additional flags for fsck -y
background_fsck="YES" # Attempt to run fsck in the background where possible.
background_fsck_delay="60" # Time to wait (seconds) before starting the fsck.
netfs_types="nfs:NFS oldnfs:OLDNFS smbfs:SMB" # Net filesystems.
extra_netfs_types="NO" # List of network extra filesystem types for delayed
# mount at startup (or NO).
##############################################################
### Network configuration sub-section ######################
##############################################################
### Basic network and firewall/security options: ###
hostname="" # Set this!
hostid_enable="YES" # Set host UUID.
hostid_file="/etc/hostid" # File with hostuuid.
nisdomainname="NO" # Set to NIS domain if using NIS (or NO).
dhclient_program="/sbin/dhclient" # Path to dhcp client program.
dhclient_flags="" # Extra flags to pass to dhcp client.
#dhclient_flags_fxp0="" # Extra dhclient flags for fxp0 only
background_dhclient="NO" # Start dhcp client in the background.
#background_dhclient_fxp0="YES" # Start dhcp client on fxp0 in the background.
synchronous_dhclient="NO" # Start dhclient directly on configured
# interfaces during startup.
defaultroute_delay="30" # Time to wait for a default route on a DHCP interface.
defaultroute_carrier_delay="5" # Time to wait for carrier while waiting for a default route.
wpa_supplicant_program="/usr/sbin/wpa_supplicant"
wpa_supplicant_flags="-s" # Extra flags to pass to wpa_supplicant
wpa_supplicant_conf_file="/etc/wpa_supplicant.conf"
#
firewall_enable="NO" # Set to YES to enable firewall functionality
firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO" # Set to YES to suppress rule display
firewall_logging="NO" # Set to YES to enable events logging
firewall_logif="NO" # Set to YES to create logging-pseudo interface
firewall_flags="" # Flags passed to ipfw when type is a file
firewall_coscripts="" # List of executables/scripts to run after
# firewall starts/stops
firewall_client_net="192.0.2.0/24" # IPv4 Network address for "client"
# firewall.
#firewall_client_net_ipv6="2001:db8:2:1::/64" # IPv6 network prefix for
# "client" firewall.
firewall_simple_iif="ed1" # Inside network interface for "simple"
# firewall.
firewall_simple_inet="192.0.2.16/28" # Inside network address for "simple"
# firewall.
firewall_simple_oif="ed0" # Outside network interface for "simple"
# firewall.
firewall_simple_onet="192.0.2.0/28" # Outside network address for "simple"
# firewall.
#firewall_simple_iif_ipv6="ed1" # Inside IPv6 network interface for "simple"
# firewall.
#firewall_simple_inet_ipv6="2001:db8:2:800::/56" # Inside IPv6 network prefix
# for "simple" firewall.
#firewall_simple_oif_ipv6="ed0" # Outside IPv6 network interface for "simple"
# firewall.
#firewall_simple_onet_ipv6="2001:db8:2:0::/56" # Outside IPv6 network prefix
# for "simple" firewall.
firewall_myservices="" # List of TCP ports on which this host
# offers services for "workstation" firewall.
firewall_allowservices="" # List of IPs which have access to
# $firewall_myservices for "workstation"
# firewall.
firewall_trusted="" # List of IPs which have full access to this
# host for "workstation" firewall.
firewall_logdeny="NO" # Set to YES to log default denied incoming
# packets for "workstation" firewall.
firewall_nologports="135-139,445 1026,1027 1433,1434" # List of TCP/UDP ports
# for which denied incoming packets are not
# logged for "workstation" firewall.
firewall_nat_enable="NO" # Enable kernel NAT (if firewall_enable == YES)
firewall_nat_interface="" # Public interface or IPaddress to use
firewall_nat_flags="" # Additional configuration parameters
dummynet_enable="NO" # Load the dummynet(4) module
ip_portrange_first="NO" # Set first dynamically allocated port
ip_portrange_last="NO" # Set last dynamically allocated port
ike_enable="NO" # Enable IKE daemon (usually racoon or isakmpd)
ike_program="/usr/local/sbin/isakmpd" # Path to IKE daemon
ike_flags="" # Additional flags for IKE daemon
ipsec_enable="NO" # Set to YES to run setkey on ipsec_file
ipsec_file="/etc/ipsec.conf" # Name of config file for setkey
natd_program="/sbin/natd" # path to natd, if you want a different one.
natd_enable="NO" # Enable natd (if firewall_enable == YES).
natd_interface="" # Public interface or IPaddress to use.
natd_flags="" # Additional flags for natd.
ipfilter_enable="NO" # Set to YES to enable ipfilter functionality
ipfilter_program="/sbin/ipf" # where the ipfilter program lives
ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see
# /usr/src/contrib/ipfilter/rules for examples
ipfilter_flags="" # additional flags for ipfilter
ipnat_enable="NO" # Set to YES to enable ipnat functionality
ipnat_program="/sbin/ipnat" # where the ipnat program lives
ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
ipnat_flags="" # additional flags for ipnat
ipmon_enable="NO" # Set to YES for ipmon; needs ipfilter or ipnat
ipmon_program="/sbin/ipmon" # where the ipfilter monitor program lives
ipmon_flags="-Ds" # typically "-Ds" or "-D /var/log/ipflog"
ipfs_enable="NO" # Set to YES to enable saving and restoring
# of state tables at shutdown and boot
ipfs_program="/sbin/ipfs" # where the ipfs program lives
ipfs_flags="" # additional flags for ipfs
pf_enable="NO" # Set to YES to enable packet filter (pf)
pf_rules="/etc/pf.conf" # rules definition file for pf
pf_program="/sbin/pfctl" # where the pfctl program lives
pf_flags="" # additional flags for pfctl
pflog_enable="NO" # Set to YES to enable packet filter logging
pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
pflog_program="/sbin/pflogd" # where the pflogd program lives
pflog_flags="" # additional flags for pflogd
ftpproxy_enable="NO" # Set to YES to enable ftp-proxy(8) for pf
ftpproxy_flags="" # additional flags for ftp-proxy(8)
pfsync_enable="NO" # Expose pf state to other hosts for syncing
pfsync_syncdev="" # Interface for pfsync to work through
pfsync_syncpeer="" # IP address of pfsync peer host
pfsync_ifconfig="" # Additional options to ifconfig(8) for pfsync
tcp_extensions="YES" # Set to NO to turn off RFC1323 extensions.
log_in_vain="0" # >=1 to log connects to ports w/o listeners.
tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO).
tcp_drop_synfin="NO" # Set to YES to drop TCP packets with SYN+FIN
# NOTE: this violates the TCP specification
icmp_drop_redirect="NO" # Set to YES to ignore ICMP REDIRECT packets
icmp_log_redirect="NO" # Set to YES to log ICMP REDIRECT packets
network_interfaces="auto" # List of network interfaces (or "auto").
cloned_interfaces="" # List of cloned network interfaces to create.
#cloned_interfaces="gif0 gif1 gif2 gif3" # Pre-cloning GENERIC config.
#ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.
#ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry.
#ifconfig_ed0_ipx="ipx 0x00010010" # Sample IPX address family entry.
#ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" # Sample IPv6 addr entry
#ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" # Sample IPv6 alias
#ifconfig_fxp0_name="net0" # Change interface name from fxp0 to net0.
#vlans_fxp0="101 vlan0" # vlan(4) interfaces for fxp0 device
#create_args_vlan0="vlan 102" # vlan tag for vlan0 device
#wlans_ath0="wlan0" # wlan(4) interfaces for ath0 device
#wlandebug_wlan0="scan+auth+assoc" # Set debug flags with wlanddebug(8)
#ipv4_addrs_fxp0="192.168.0.1/24 192.168.1.1-5/28" # example IPv4 address entry.
#
#autobridge_interfaces="bridge0" # List of bridges to check
#autobridge_bridge0="tap* vlan0" # Interface glob to automatically add to the bridge
#
# If you have any sppp(4) interfaces above, you might also want to set
# the following parameters. Refer to spppcontrol(8) for their meaning.
sppp_interfaces="" # List of sppp interfaces.
#sppp_interfaces="...0" # example: sppp over ...
#spppconfig_...0="authproto=chap myauthname=foo myauthsecret='top secret' hisauthname=some-gw hisauthsecret='another secret'"
gif_interfaces="" # List of GIF tunnels.
#gif_interfaces="gif0 gif1" # Examples typically for a router.
# Choose correct tunnel addrs.
#gifconfig_gif0="10.1.1.1 10.1.2.1" # Examples typically for a router.
#gifconfig_gif1="10.1.1.2 10.1.2.2" # Examples typically for a router.
fec_interfaces="" # List of Fast EtherChannels.
#fec_interfaces="fec0 fec1"
#fecconfig_fec0="fxp0 dc0" # Examples typically for two NICs
#fecconfig_fec1="em0 em1 bge0 bge1" # Examples typically for four NICs
# User ppp configuration.
ppp_enable="NO" # Start user-ppp (or NO).
ppp_program="/usr/sbin/ppp" # Path to user-ppp program.
ppp_mode="auto" # Choice of "auto", "ddial", "direct" or "dedicated".
# For details see man page for ppp(8). Default is auto.
ppp_nat="YES" # Use PPP's internal network address translation or NO.
ppp_profile="papchap" # Which profile to use from /etc/ppp/ppp.conf.
ppp_user="root" # Which user to run ppp as
# Start multiple instances of ppp at boot time
#ppp_profile="profile1 profile2 profile3" # Which profiles to use
#ppp_profile1_mode="ddial" # Override ppp mode for profile1
#ppp_profile2_nat="NO" # Override nat mode for profile2
# profile3 uses default ppp_mode and ppp_nat
### Network daemon (miscellaneous) ###
hostapd_enable="NO" # Run hostap daemon.
syslogd_enable="YES" # Run syslog daemon (or NO).
syslogd_program="/usr/sbin/syslogd" # path to syslogd, if you want a different one.
syslogd_flags="-s" # Flags to syslogd (if enabled).
inetd_enable="NO" # Run the network daemon dispatcher (YES/NO).
inetd_program="/usr/sbin/inetd" # path to inetd, if you want a different one.
inetd_flags="-wW -C 60" # Optional flags to inetd
iscsid_enable="NO" # iSCSI initiator daemon.
iscsictl_enable="NO" # iSCSI initiator autostart.
iscsictl_flags="-Aa" # Optional flags to iscsictl.
hastd_enable="NO" # Run the HAST daemon (YES/NO).
hastd_program="/sbin/hastd" # path to hastd, if you want a different one.
hastd_flags="" # Optional flags to hastd.
ctld_enable="NO" # CAM Target Layer / iSCSI target daemon.
local_unbound_enable="NO" # local caching resolver
#
# named. It may be possible to run named in a sandbox, man security for
# details.
#
named_enable="NO" # Run named, the DNS server (or NO).
named_program="/usr/sbin/named" # Path to named, if you want a different one.
named_conf="/etc/namedb/named.conf" # Path to the configuration file
#named_flags="" # Use this for flags OTHER than -u and -c
named_uid="bind" # User to run named as
named_chrootdir="/var/named" # Chroot directory (or "" not to auto-chroot it)
named_chroot_autoupdate="YES" # Automatically install/update chrooted
# components of named. See /etc/rc.d/named.
named_symlink_enable="YES" # Symlink the chrooted pid file
named_wait="NO" # Wait for working name service before exiting
named_wait_host="localhost" # Hostname to check if named_wait is enabled
named_auto_forward="NO" # Set up forwarders from /etc/resolv.conf
named_auto_forward_only="NO" # Do "forward only" instead of "forward first"
#
# kerberos. Do not run the admin daemons on slave servers
#
kerberos5_server_enable="NO" # Run a kerberos 5 master server (or NO).
kerberos5_server="/usr/libexec/kdc" # path to kerberos 5 KDC
kerberos5_server_flags="--detach" # Additional flags to the kerberos 5 server
kadmind5_server_enable="NO" # Run kadmind (or NO)
kadmind5_server="/usr/libexec/kadmind" # path to kerberos 5 admin daemon
kpasswdd_server_enable="NO" # Run kpasswdd (or NO)
kpasswdd_server="/usr/libexec/kpasswdd" # path to kerberos 5 passwd daemon
kfd_enable="NO" # Run kfd (or NO)
kfd_program="/usr/libexec/kfd" # path to kerberos 5 kfd daemon
gssd_enable="NO" # Run the gssd daemon (or NO).
gssd_flags="" # Flags for gssd.
rwhod_enable="NO" # Run the rwho daemon (or NO).
rwhod_flags="" # Flags for rwhod
rarpd_enable="NO" # Run rarpd (or NO).
rarpd_flags="-a" # Flags to rarpd.
bootparamd_enable="NO" # Run bootparamd (or NO).
bootparamd_flags="" # Flags to bootparamd
pppoed_enable="NO" # Run the PPP over Ethernet daemon.
pppoed_provider="*" # Provider and ppp(8) config file entry.
pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled).
pppoed_interface="fxp0" # The interface that pppoed runs on.
sshd_enable="NO" # Enable sshd
sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one.
sshd_flags="" # Additional flags for sshd.
ftpd_enable="NO" # Enable stand-alone ftpd.
ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one.
ftpd_flags="" # Additional flags to stand-alone ftpd.
### Network daemon (NFS): All need rpcbind_enable="YES" ###
amd_enable="NO" # Run amd service with $amd_flags (or NO).
amd_program="/usr/sbin/amd" # path to amd, if you want a different one.
amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map"
amd_map_program="NO" # Can be set to "ypcat -k amd.master"
nfs_client_enable="NO" # This host is an NFS client (or NO).
nfs_access_cache="60" # Client cache timeout in seconds
nfs_server_enable="NO" # This host is an NFS server (or NO).
oldnfs_server_enable="NO" # Run the old NFS server (YES/NO).
nfs_server_flags="-u -t -n 4" # Flags to nfsd (if enabled).
mountd_enable="NO" # Run mountd (or NO).
mountd_flags="-r" # Flags to mountd (if NFS server enabled).
weak_mountd_authentication="NO" # Allow non-root mount requests to be served.
nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO).
nfs_bufpackets="" # bufspace (in packets) for client
rpc_lockd_enable="NO" # Run NFS rpc.lockd needed for client/server.
rpc_lockd_flags="" # Flags to rpc.lockd (if enabled).
rpc_statd_enable="NO" # Run NFS rpc.statd needed for client/server.
rpc_statd_flags="" # Flags to rpc.statd (if enabled).
rpcbind_enable="NO" # Run the portmapper service (YES/NO).
rpcbind_program="/usr/sbin/rpcbind" # path to rpcbind, if you want a different one.
rpcbind_flags="" # Flags to rpcbind (if enabled).
rpc_ypupdated_enable="NO" # Run if NIS master and SecureRPC (or NO).
keyserv_enable="NO" # Run the SecureRPC keyserver (or NO).
keyserv_flags="" # Flags to keyserv (if enabled).
nfsv4_server_enable="NO" # Enable support for NFSv4
nfscbd_enable="NO" # NFSv4 client side callback daemon
nfscbd_flags="" # Flags for nfscbd
nfsuserd_enable="NO" # NFSv4 user/group name mapping daemon
nfsuserd_flags="" # Flags for nfsuserd
### Network Time Services options: ###
timed_enable="NO" # Run the time daemon (or NO).
timed_flags="" # Flags to timed (if enabled).
ntpdate_enable="NO" # Run ntpdate to sync time on boot (or NO).
ntpdate_program="/usr/sbin/ntpdate" # path to ntpdate, if you want a different one.
ntpdate_flags="-b" # Flags to ntpdate (if enabled).
ntpdate_config="/etc/ntp.conf" # ntpdate(8) configuration file
ntpdate_hosts="" # Whitespace-separated list of ntpdate(8) servers.
ntpd_enable="NO" # Run ntpd Network Time Protocol (or NO).
ntpd_program="/usr/sbin/ntpd" # path to ntpd, if you want a different one.
ntpd_config="/etc/ntp.conf" # ntpd(8) configuration file
ntpd_sync_on_start="NO" # Sync time on ntpd startup, even if offset is high
ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift"
# Flags to ntpd (if enabled).
# Network Information Services (NIS) options: All need rpcbind_enable="YES" ###
nis_client_enable="NO" # We're an NIS client (or NO).
nis_client_flags="" # Flags to ypbind (if enabled).
nis_ypset_enable="NO" # Run ypset at boot time (or NO).
nis_ypset_flags="" # Flags to ypset (if enabled).
nis_server_enable="NO" # We're an NIS server (or NO).
nis_server_flags="" # Flags to ypserv (if enabled).
nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO).
nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled).
nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or NO).
nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled).
### SNMP daemon ###
# Be sure to understand the security implications of running SNMP v1/v2
# in your network.
bsnmpd_enable="NO" # Run the SNMP daemon (or NO).
bsnmpd_flags="" # Flags for bsnmpd.
### Network routing options: ###
defaultrouter="NO" # Set to default gateway (or NO).
static_arp_pairs="" # Set to static ARP list (or leave empty).
static_ndp_pairs="" # Set to static NDP list (or leave empty).
static_routes="" # Set to static route list (or leave empty).
natm_static_routes="" # Set to static route list for NATM (or leave empty).
gateway_enable="NO" # Set to YES if this host will be a gateway.
routed_enable="NO" # Set to YES to enable a routing daemon.
routed_program="/sbin/routed" # Name of routing daemon to use if enabled.
routed_flags="-q" # Flags for routing daemon.
mrouted_enable="NO" # Do IPv4 multicast routing.
mrouted_program="/usr/local/sbin/mrouted" # Name of IPv4 multicast
# routing daemon. You need to
# install it from package or
# port.
mrouted_flags="" # Flags for multicast routing daemon.
ipxgateway_enable="NO" # Set to YES to enable IPX routing.
ipxrouted_enable="NO" # Set to YES to run the IPX routing daemon.
ipxrouted_flags="" # Flags for IPX routing daemon.
arpproxy_all="NO" # replaces obsolete kernel option ARP_PROXYALL.
forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES")
accept_sourceroute="NO" # accept source routed packets to us
### ATM interface options: ###
atm_enable="NO" # Configure ATM interfaces (or NO).
#atm_netif_hea0="atm 1" # Network interfaces for physical interface.
#atm_sigmgr_hea0="uni31" # Signalling manager for physical interface.
#atm_prefix_hea0="ILMI" # NSAP prefix (UNI interfaces only) (or ILMI).
#atm_macaddr_hea0="NO" # Override physical MAC address (or NO).
#atm_arpserver_atm0="0x47.0005.80.999999.9999.9999.9999.999999999999.00" # ATMARP server address (or local).
#atm_scsparp_atm0="NO" # Run SCSP/ATMARP on network interface (or NO).
atm_pvcs="" # Set to PVC list (or leave empty).
atm_arps="" # Set to permanent ARP list (or leave empty).
### Bluetooth ###
hcsecd_enable="NO" # Enable hcsecd(8) (or NO)
hcsecd_config="/etc/bluetooth/hcsecd.conf" # hcsecd(8) configuration file
sdpd_enable="NO" # Enable sdpd(8) (or NO)
sdpd_control="/var/run/sdp" # sdpd(8) control socket
sdpd_groupname="nobody" # set spdp(8) user/group to run as after
sdpd_username="nobody" # it initializes
bthidd_enable="NO" # Enable bthidd(8) (or NO)
bthidd_config="/etc/bluetooth/bthidd.conf" # bthidd(8) configuration file
bthidd_hids="/var/db/bthidd.hids" # bthidd(8) known HID devices file
rfcomm_pppd_server_enable="NO" # Enable rfcomm_pppd(8) in server mode (or NO)
rfcomm_pppd_server_profile="one two" # Profile to use from /etc/ppp/ppp.conf
#
#rfcomm_pppd_server_one_bdaddr="" # Override local bdaddr for 'one'
rfcomm_pppd_server_one_channel="1" # Override local channel for 'one'
#rfcomm_pppd_server_one_register_sp="NO" # Override SP and DUN register
#rfcomm_pppd_server_one_register_dun="NO" # for 'one'
#
#rfcomm_pppd_server_two_bdaddr="" # Override local bdaddr for 'two'
rfcomm_pppd_server_two_channel="3" # Override local channel for 'two'
#rfcomm_pppd_server_two_register_sp="NO" # Override SP and DUN register
#rfcomm_pppd_server_two_register_dun="NO" # for 'two'
ubthidhci_enable="NO" # Switch an USB BT controller present on
#ubthidhci_busnum="3" # bus 3 and addr 2 from HID mode to HCI mode.
#ubthidhci_addr="2" # Check usbconfig list to find the correct
# numbers for your system.
### Network link/usability verification options
netwait_enable="NO" # Enable rc.d/netwait (or NO)
#netwait_ip="" # IP addresses to be pinged by netwait.
netwait_timeout="60" # Total number of seconds to perform pings.
#netwait_if="" # Interface name to watch link state on.
netwait_if_timeout="30" # Total number of seconds to monitor link state.
### Miscellaneous network options: ###
icmp_bmcastecho="NO" # respond to broadcast ping packets
### IPv6 options: ###
ipv6_network_interfaces="auto" # List of IPv6 network interfaces
# (or "auto" or "none").
ipv6_activate_all_interfaces="NO" # If NO, interfaces which have no
# corresponding $ifconfig_IF_ipv6 is
# marked as IFDISABLED for security
# reason.
ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO).
#ipv6_defaultrouter="2002:c058:6301::" # Use this for 6to4 (RFC 3068)
ipv6_static_routes="" # Set to static route list (or leave empty).
#ipv6_static_routes="xxx" # An example to set fec0:0000:0000:0006::/64
# route toward loopback interface.
#ipv6_route_xxx="fec0:0000:0000:0006:: -prefixlen 64 ::1"
ipv6_gateway_enable="NO" # Set to YES if this host will be a gateway.
ipv6_cpe_wanif="NO" # Set to the upstram interface name if this
# node will work as a router to forward IPv6
# packets not explicitly addressed to itself.
ipv6_privacy="NO" # Use privacy address on RA-receiving IFs
# (RFC 4941)
route6d_enable="NO" # Set to YES to enable an IPv6 routing daemon.
route6d_program="/usr/sbin/route6d" # Name of IPv6 routing daemon.
route6d_flags="" # Flags to IPv6 routing daemon.
#route6d_flags="-l" # Example for route6d with only IPv6 site local
# addrs.
#route6d_flags="-q" # If you want to run a routing daemon on an end
# node, you should stop advertisement.
#ipv6_network_interfaces="ed0 ep0" # Examples for router
# or static configuration for end node.
# Choose correct prefix value.
#ipv6_prefix_ed0="fec0:0000:0000:0001 fec0:0000:0000:0002" # Examples for rtr.
#ipv6_prefix_ep0="fec0:0000:0000:0003 fec0:0000:0000:0004" # Examples for rtr.
ipv6_default_interface="NO" # Default output interface for scoped addrs.
# This works only with
# ipv6_gateway_enable="NO".
rtsol_flags="" # Flags to IPv6 router solicitation.
rtsold_enable="NO" # Set to YES to enable an IPv6 router
# solicitation daemon.
rtsold_flags="-a" # Flags to an IPv6 router solicitation
# daemon.
rtadvd_enable="NO" # Set to YES to enable an IPv6 router
# advertisement daemon. If set to YES,
# this router becomes a possible candidate
# IPv6 default router for local subnets.
rtadvd_interfaces="" # Interfaces rtadvd sends RA packets.
mroute6d_enable="NO" # Do IPv6 multicast routing.
mroute6d_program="/usr/local/sbin/pim6dd" # Name of IPv6 multicast
# routing daemon. You need to
# install it from package or
# port.
mroute6d_flags="" # Flags to IPv6 multicast routing daemon.
stf_interface_ipv4addr="" # Local IPv4 addr for 6to4 IPv6 over IPv4
# tunneling interface. Specify this entry
# to enable 6to4 interface.
stf_interface_ipv4plen="0" # Prefix length for 6to4 IPv4 addr,
# to limit peer addr range. Effective value
# is 0-31.
stf_interface_ipv6_ifid="0:0:0:1" # IPv6 interface id for stf0.
# If you like, you can set "AUTO" for this.
stf_interface_ipv6_slaid="0000" # IPv6 Site Level Aggregator for stf0
ipv6_faith_prefix="NO" # Set faith prefix to enable a FAITH
# IPv6-to-IPv4 TCP translator. You also need
# faithd(8) setup.
ipv6_ipv4mapping="NO" # Set to "YES" to enable IPv4 mapped IPv6 addr
# communication. (like ::ffff:a.b.c.d)
ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter,
# see /usr/src/contrib/ipfilter/rules
# for examples
ip6addrctl_enable="YES" # Set to YES to enable default address selection
ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration messages
ip6addrctl_policy="AUTO" # A pre-defined address selection policy
# (ipv4_prefer, ipv6_prefer, or AUTO)
##############################################################
### System console options #################################
##############################################################
keyboard="" # keyboard device to use (default /dev/kbd0).
keymap="NO" # keymap in /usr/share/syscons/keymaps/* (or NO).
keyrate="NO" # keyboard rate to: slow, normal, fast (or NO).
keybell="NO" # See kbdcontrol(1) for options. Use "off" to disable.
keychange="NO" # function keys default values (or NO).
cursor="NO" # cursor type {normal|blink|destructive} (or NO).
scrnmap="NO" # screen map in /usr/share/syscons/scrnmaps/* (or NO).
font8x16="NO" # font 8x16 from /usr/share/syscons/fonts/* (or NO).
font8x14="NO" # font 8x14 from /usr/share/syscons/fonts/* (or NO).
font8x8="NO" # font 8x8 from /usr/share/syscons/fonts/* (or NO).
blanktime="300" # blank time (in seconds) or "NO" to turn it off.
saver="NO" # screen saver: Uses /boot/kernel/${saver}_saver.ko
moused_nondefault_enable="YES" # Treat non-default mice as enabled unless
# specifically overriden in rc.conf(5).
moused_enable="NO" # Run the mouse daemon.
moused_type="auto" # See man page for rc.conf(5) for available settings.
moused_port="/dev/psm0" # Set to your mouse port.
moused_flags="" # Any additional flags to moused.
mousechar_start="NO" # if 0xd0-0xd3 default range is occupied in your
# language code table, specify alternative range
# start like mousechar_start=3, see vidcontrol(1)
allscreens_flags="" # Set this vidcontrol mode for all virtual screens
allscreens_kbdflags="" # Set this kbdcontrol mode for all virtual screens
##############################################################
### Mail Transfer Agent (MTA) options ######################
##############################################################
mta_start_script="/etc/rc.sendmail"
# Script to start your chosen MTA, called by /etc/rc.
# Settings for /etc/rc.sendmail and /etc/rc.d/sendmail:
sendmail_enable="NO" # Run the sendmail inbound daemon (YES/NO).
sendmail_pidfile="/var/run/sendmail.pid" # sendmail pid file
sendmail_procname="/usr/sbin/sendmail" # sendmail process name
sendmail_flags="-L sm-mta -bd -q30m" # Flags to sendmail (as a server)
sendmail_submit_enable="YES" # Start a localhost-only MTA for mail submission
sendmail_submit_flags="-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost"
# Flags for localhost-only MTA
sendmail_outbound_enable="YES" # Dequeue stuck mail (YES/NO).
sendmail_outbound_flags="-L sm-queue -q30m" # Flags to sendmail (outbound only)
sendmail_msp_queue_enable="YES" # Dequeue stuck clientmqueue mail (YES/NO).
sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m"
# Flags for sendmail_msp_queue daemon.
sendmail_rebuild_aliases="NO" # Run newaliases if necessary (YES/NO).
##############################################################
### Miscellaneous administrative options ###################
##############################################################
auditd_enable="NO" # Run the audit daemon.
auditd_program="/usr/sbin/auditd" # Path to the audit daemon.
auditd_flags="" # Which options to pass to the audit daemon.
auditdistd_enable="NO" # Run the audit daemon.
auditdistd_program="/usr/sbin/auditdistd" # Path to the auditdistd daemon.
auditdistd_flags="" # Which options to pass to the auditdistd daemon.
cron_enable="YES" # Run the periodic job daemon.
cron_program="/usr/sbin/cron" # Which cron executable to run (if enabled).
cron_dst="YES" # Handle DST transitions intelligently (YES/NO)
cron_flags="" # Which options to pass to the cron daemon.
lpd_enable="NO" # Run the line printer daemon.
lpd_program="/usr/sbin/lpd" # path to lpd, if you want a different one.
lpd_flags="" # Flags to lpd (if enabled).
nscd_enable="NO" # Run the nsswitch caching daemon.
chkprintcap_enable="NO" # Run chkprintcap(8) before running lpd.
chkprintcap_flags="-d" # Create missing directories by default.
dumpdev="AUTO" # Device to crashdump to (device name, AUTO, or NO).
dumpdir="/var/crash" # Directory where crash dumps are to be stored
savecore_flags="-m 10" # Used if dumpdev is enabled above, and present.
# By default, only the 10 most recent kernel dumps
# are saved.
crashinfo_enable="YES" # Automatically generate crash dump summary.
crashinfo_program="/usr/sbin/crashinfo" # Script to generate crash dump summary.
quota_enable="NO" # turn on quotas on startup (or NO).
check_quotas="YES" # Check quotas on startup (or NO).
quotaon_flags="-a" # Turn quotas on for all file systems (if enabled)
quotaoff_flags="-a" # Turn quotas off for all file systems at shutdown
quotacheck_flags="-a" # Check all file system quotas (if enabled)
accounting_enable="NO" # Turn on process accounting (or NO).
ibcs2_enable="NO" # Ibcs2 (SCO) emulation loaded at startup (or NO).
ibcs2_loaders="coff" # List of additional Ibcs2 loaders (or NO).
# Emulation/compatibility services provided by /etc/rc.d/abi
sysvipc_enable="NO" # Load System V IPC primitives at startup (or NO).
linux_enable="NO" # Linux binary compatibility loaded at startup (or NO).
svr4_enable="NO" # SysVR4 emulation loaded at startup (or NO).
clear_tmp_enable="NO" # Clear /tmp at startup.
clear_tmp_X="YES" # Clear and recreate X11-related directories in /tmp
ldconfig_insecure="NO" # Set to YES to disable ldconfig security checks
ldconfig_paths="/usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg"
# shared library search paths
ldconfig32_paths="/usr/lib32" # 32-bit compatibility shared library search paths
ldconfig_paths_aout="/usr/lib/compat/aout /usr/local/lib/aout"
# a.out shared library search paths
ldconfig_local_dirs="/usr/local/libdata/ldconfig"
# Local directories with ldconfig configuration files.
ldconfig_local32_dirs="/usr/local/libdata/ldconfig32"
# Local directories with 32-bit compatibility ldconfig
# configuration files.
kern_securelevel_enable="NO" # kernel security level (see security(7))
kern_securelevel="-1" # range: -1..3 ; `-1' is the most insecure
# Note that setting securelevel to 0 will result
# in the system booting with securelevel set to 1, as
# init(8) will raise the level when rc(8) completes.
update_motd="YES" # update version info in /etc/motd (or NO)
entropy_file="/entropy" # Set to NO to disable caching entropy through reboots.
# /var/db/entropy-file is preferred if / is not avail.
entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron.
entropy_save_sz="2048" # Size of the entropy cache files.
entropy_save_num="8" # Number of entropy cache files to save.
harvest_interrupt="YES" # Entropy device harvests interrupt randomness
harvest_ethernet="YES" # Entropy device harvests ethernet randomness
harvest_p_to_p="YES" # Entropy device harvests point-to-point randomness
harvest_swi="YES" # Entropy device harvests internal SWI randomness
dmesg_enable="YES" # Save dmesg(8) to /var/run/dmesg.boot
watchdogd_enable="NO" # Start the software watchdog daemon
watchdogd_flags="" # Flags to watchdogd (if enabled)
devfs_rulesets="/etc/defaults/devfs.rules /etc/devfs.rules" # Files containing
# devfs(8) rules.
devfs_system_ruleset="" # The name (NOT number) of a ruleset to apply to /dev
devfs_set_rulesets="" # A list of /mount/dev=ruleset_name settings to
# apply (must be mounted already, i.e. fstab(5))
devfs_load_rulesets="NO" # Enable to always load the default rulesets
performance_cx_lowest="HIGH" # Online CPU idle state
performance_cpu_freq="NONE" # Online CPU frequency
economy_cx_lowest="HIGH" # Offline CPU idle state
economy_cpu_freq="NONE" # Offline CPU frequency
virecover_enable="YES" # Perform housekeeping for the vi(1) editor
ugidfw_enable="NO" # Load mac_bsdextended(4) rules on boot
bsdextended_script="/etc/rc.bsdextended" # Default mac_bsdextended(4)
# ruleset file.
newsyslog_enable="YES" # Run newsyslog at startup.
newsyslog_flags="-CN" # Newsyslog flags to create marked files
mixer_enable="YES" # Run the sound mixer.
opensm_enable="NO" # Opensm(8) for infiniband devices defaults to off
##############################################################
### Jail Configuration (see rc.conf(5) manual page) ##########
##############################################################
jail_enable="NO" # Set to NO to disable starting of any jails
jail_parallel_start="NO" # Start jails in the background
jail_list="" # Space separated list of names of jails
##############################################################
### Define source_rc_confs, the mechanism used by /etc/rc.* ##
### scripts to source rc_conf_files overrides safely. ##
##############################################################
if [ -z "${source_rc_confs_defined}" ]; then
source_rc_confs_defined=yes
source_rc_confs() {
local i sourced_files
for i in ${rc_conf_files}; do
case ${sourced_files} in
*:$i:*)
;;
*)
sourced_files="${sourced_files}:$i:"
if [ -r $i ]; then
. $i
fi
;;
esac
done
}
fi
Reference in New Issue View Git Blame Copy Permalink