1997-04-27 03:59:19 +00:00
|
|
|
#!/bin/sh
|
|
|
|
|
2001-11-28 08:52:35 +00:00
|
|
|
# This is rc.conf - a file full of useful variables that you can set
|
1999-02-09 22:15:18 +00:00
|
|
|
# to change the default startup behavior of your system. You should
|
|
|
|
# not edit this file! Put any overrides into one of the ${rc_conf_files}
|
|
|
|
# instead and you will be able to update these defaults later without
|
|
|
|
# spamming your local configuration information.
|
1997-04-27 03:59:19 +00:00
|
|
|
#
|
2000-04-27 08:43:49 +00:00
|
|
|
# The ${rc_conf_files} files should only contain values which override
|
|
|
|
# values set in this file. This eases the upgrade path when defaults
|
|
|
|
# are changed and new features are added.
|
1999-12-21 10:46:41 +00:00
|
|
|
#
|
1997-04-28 10:14:45 +00:00
|
|
|
# All arguments must be in double or single quotes.
|
|
|
|
#
|
2005-01-24 21:52:32 +00:00
|
|
|
# For a more detailed explanation of all the rc.conf variables, please
|
|
|
|
# refer to the rc.conf(5) manual page.
|
|
|
|
#
|
1999-08-27 23:37:10 +00:00
|
|
|
# $FreeBSD$
|
1997-04-27 03:59:19 +00:00
|
|
|
|
|
|
|
##############################################################
|
1999-06-27 22:12:35 +00:00
|
|
|
### Important initial Boot-time options ####################
|
1997-04-27 03:59:19 +00:00
|
|
|
##############################################################
|
|
|
|
|
2003-01-14 15:50:17 +00:00
|
|
|
rc_debug="NO" # Set to YES to enable debugging output from rc.d
|
2003-08-20 06:50:34 +00:00
|
|
|
rc_info="NO" # Enables display of informational messages at boot.
|
2002-06-13 22:27:31 +00:00
|
|
|
rcshutdown_timeout="30" # Seconds to wait before terminating rc.shutdown
|
2005-12-10 20:21:46 +00:00
|
|
|
early_late_divider="mountcritlocal" # Script that separates early/late
|
|
|
|
# stages of the boot process. Make sure you know
|
|
|
|
# the ramifications if you change this.
|
|
|
|
# See rc.conf(5) for more details.
|
|
|
|
|
1997-04-28 10:14:45 +00:00
|
|
|
swapfile="NO" # Set to name of swapfile if aux swapfile desired.
|
1999-07-12 17:20:29 +00:00
|
|
|
apm_enable="NO" # Set to YES to enable APM BIOS functions (or NO).
|
|
|
|
apmd_enable="NO" # Run apmd to handle APM event from userland.
|
|
|
|
apmd_flags="" # Flags to apmd (if enabled).
|
2004-06-30 15:58:46 +00:00
|
|
|
devd_enable="YES" # Run devd, to trigger programs on device tree changes.
|
2005-11-24 14:39:41 +00:00
|
|
|
devd_flags="" # Additional flags for devd(8).
|
2003-03-17 23:15:53 +00:00
|
|
|
kldxref_enable="NO" # Build linker.hints files with kldxref(8).
|
|
|
|
kldxref_clobber="NO" # Overwrite old linker.hints at boot.
|
|
|
|
kldxref_module_path="" # Override kern.module_path. A ';'-delimited list.
|
2005-02-26 21:19:35 +00:00
|
|
|
powerd_enable="NO" # Run powerd to lower our power usage.
|
|
|
|
powerd_flags="" # Flags to powerd (if enabled).
|
2005-06-07 04:49:12 +00:00
|
|
|
removable_route_flush="YES" # Flush routes when removing an interface
|
2004-03-23 23:22:35 +00:00
|
|
|
tmpmfs="AUTO" # Set to YES to always create an mfs /tmp, NO to never
|
|
|
|
tmpsize="20m" # Size of mfs /tmp if created
|
2005-08-24 16:25:47 +00:00
|
|
|
tmpmfs_flags="-S -M" # Extra mdmfs options for the mfs /tmp
|
2004-03-23 23:22:35 +00:00
|
|
|
varmfs="AUTO" # Set to YES to always create an mfs /var, NO to never
|
|
|
|
varsize="32m" # Size of mfs /var if created
|
2005-08-24 16:25:47 +00:00
|
|
|
varmfs_flags="-S -M" # Extra mount options for the mfs /var
|
2004-03-23 23:22:35 +00:00
|
|
|
populate_var="AUTO" # Set to YES to always (re)populate /var, NO to never
|
2005-12-19 10:57:00 +00:00
|
|
|
cleanvar_enable="YES" # Clean the /var directory
|
2002-04-11 08:48:52 +00:00
|
|
|
local_startup="/usr/local/etc/rc.d /usr/X11R6/etc/rc.d" # startup script dirs.
|
2001-07-17 14:33:52 +00:00
|
|
|
script_name_sep=" " # Change if your startup scripts' names contain spaces
|
1999-02-09 22:15:18 +00:00
|
|
|
rc_conf_files="/etc/rc.conf /etc/rc.conf.local"
|
2003-09-18 09:59:37 +00:00
|
|
|
|
|
|
|
# Experimental - test before enabling
|
|
|
|
gbde_autoattach_all="NO" # YES automatically mounts gbde devices from fstab
|
|
|
|
gbde_devices="NO" # Devices to automatically attach (list, or AUTO)
|
2004-07-18 18:01:48 +00:00
|
|
|
gbde_attach_attempts="3" # Number of times to attempt attaching gbde devices
|
|
|
|
gbde_lockdir="/etc" # Where to look for gbde lockfiles
|
2003-09-18 09:59:37 +00:00
|
|
|
|
2005-08-14 18:02:22 +00:00
|
|
|
# GELI disk encryption configuration.
|
|
|
|
geli_devices="" # List of devices to automatically attach in addition to
|
|
|
|
# GELI devices listed in /etc/fstab.
|
|
|
|
geli_tries="" # Number of times to attempt attaching geli device.
|
|
|
|
# If empty, kern.geom.eli.tries will be used.
|
|
|
|
geli_default_flags="" # Default flags for geli(8).
|
|
|
|
geli_autodetach="YES" # Automatically detach on last close.
|
|
|
|
# Providers are marked as such when all file systems are
|
|
|
|
# mounted.
|
|
|
|
# Example use.
|
|
|
|
#geli_devices="da1 mirror/home"
|
|
|
|
#geli_da1_flags="-p -k /etc/geli/da1.keys"
|
|
|
|
#geli_da1_autodetach="NO"
|
|
|
|
#geli_mirror_home_flags="-k /etc/geli/home.keys"
|
|
|
|
|
2006-06-07 17:14:27 +00:00
|
|
|
geli_swap_flags="-e aes -l 256 -s 4096 -d" # Options for GELI-encrypted
|
2005-08-14 18:02:22 +00:00
|
|
|
# swap partitions.
|
2005-08-05 23:38:51 +00:00
|
|
|
|
2004-10-20 16:58:28 +00:00
|
|
|
root_rw_mount="YES" # Set to NO to inhibit remounting root read-write.
|
2001-11-28 08:52:35 +00:00
|
|
|
fsck_y_enable="NO" # Set to YES to do fsck -y if the initial preen fails.
|
2001-05-22 00:05:48 +00:00
|
|
|
background_fsck="YES" # Attempt to run fsck in the background where possible.
|
2002-12-18 07:21:31 +00:00
|
|
|
background_fsck_delay="60" # Time to wait (seconds) before starting the fsck.
|
2004-12-01 22:05:50 +00:00
|
|
|
netfs_types="nfs:NFS nfs4:NFS4 smbfs:SMB portalfs:PORTAL nwfs:NWFS" # Net filesystems.
|
2001-12-29 19:42:55 +00:00
|
|
|
extra_netfs_types="NO" # List of network extra filesystem types for delayed
|
|
|
|
# mount at startup (or NO).
|
1997-04-27 03:59:19 +00:00
|
|
|
|
|
|
|
##############################################################
|
|
|
|
### Network configuration sub-section ######################
|
|
|
|
##############################################################
|
|
|
|
|
2000-08-17 06:04:13 +00:00
|
|
|
### Basic network and firewall/security options: ###
|
1999-07-18 09:58:01 +00:00
|
|
|
hostname="" # Set this!
|
1997-04-28 10:14:45 +00:00
|
|
|
nisdomainname="NO" # Set to NIS domain if using NIS (or NO).
|
2003-06-07 10:31:17 +00:00
|
|
|
dhclient_program="/sbin/dhclient" # Path to dhcp client program.
|
|
|
|
dhclient_flags="" # Additional flags to pass to dhcp client.
|
2003-07-28 13:09:00 +00:00
|
|
|
background_dhclient="NO" # Start dhcp client in the background.
|
2006-04-13 18:34:14 +00:00
|
|
|
synchronous_dhclient="YES" # Start dhclient directly on configured
|
2006-04-13 06:50:46 +00:00
|
|
|
# interfaces during startup.
|
1997-09-11 10:59:02 +00:00
|
|
|
firewall_enable="NO" # Set to YES to enable firewall functionality
|
1999-04-10 10:56:58 +00:00
|
|
|
firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
|
1997-09-11 10:59:02 +00:00
|
|
|
firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall)
|
|
|
|
firewall_quiet="NO" # Set to YES to suppress rule display
|
2001-11-28 08:52:35 +00:00
|
|
|
firewall_logging="NO" # Set to YES to enable events logging
|
2000-02-06 19:25:00 +00:00
|
|
|
firewall_flags="" # Flags passed to ipfw when type is a file
|
2000-06-22 17:40:53 +00:00
|
|
|
ip_portrange_first="NO" # Set first dynamically allocated port
|
|
|
|
ip_portrange_last="NO" # Set last dynamically allocated port
|
2003-11-28 17:28:42 +00:00
|
|
|
ike_enable="NO" # Enable IKE daemon (usually racoon or isakmpd)
|
|
|
|
ike_program="/usr/local/sbin/isakmpd" # Path to IKE daemon
|
|
|
|
ike_flags="" # Additional flags for IKE daemon
|
2000-06-22 17:40:53 +00:00
|
|
|
ipsec_enable="NO" # Set to YES to run setkey on ipsec_file
|
|
|
|
ipsec_file="/etc/ipsec.conf" # Name of config file for setkey
|
1999-03-24 10:27:46 +00:00
|
|
|
natd_program="/sbin/natd" # path to natd, if you want a different one.
|
2001-11-28 08:52:35 +00:00
|
|
|
natd_enable="NO" # Enable natd (if firewall_enable == YES).
|
2002-02-20 10:31:01 +00:00
|
|
|
natd_interface="" # Public interface or IPaddress to use.
|
2001-11-28 08:52:35 +00:00
|
|
|
natd_flags="" # Additional flags for natd.
|
2000-10-06 12:24:45 +00:00
|
|
|
ipfilter_enable="NO" # Set to YES to enable ipfilter functionality
|
2001-11-24 15:36:30 +00:00
|
|
|
ipfilter_program="/sbin/ipf" # where the ipfilter program lives
|
2000-10-06 12:24:45 +00:00
|
|
|
ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see
|
|
|
|
# /usr/src/contrib/ipfilter/rules for examples
|
2001-11-24 15:36:30 +00:00
|
|
|
ipfilter_flags="" # additional flags for ipfilter
|
|
|
|
ipnat_enable="NO" # Set to YES to enable ipnat functionality
|
|
|
|
ipnat_program="/sbin/ipnat" # where the ipnat program lives
|
2000-10-06 12:24:45 +00:00
|
|
|
ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
|
|
|
|
ipnat_flags="" # additional flags for ipnat
|
2001-11-24 15:36:30 +00:00
|
|
|
ipmon_enable="NO" # Set to YES for ipmon; needs ipfilter or ipnat
|
|
|
|
ipmon_program="/sbin/ipmon" # where the ipfilter monitor program lives
|
|
|
|
ipmon_flags="-Ds" # typically "-Ds" or "-D /var/log/ipflog"
|
2001-11-28 08:52:35 +00:00
|
|
|
ipfs_enable="NO" # Set to YES to enable saving and restoring
|
2001-10-20 04:33:02 +00:00
|
|
|
# of state tables at shutdown and boot
|
|
|
|
ipfs_program="/sbin/ipfs" # where the ipfs program lives
|
2001-11-24 15:36:30 +00:00
|
|
|
ipfs_flags="" # additional flags for ipfs
|
2004-03-23 22:30:15 +00:00
|
|
|
pf_enable="NO" # Set to YES to enable packet filter (pf)
|
|
|
|
pf_rules="/etc/pf.conf" # rules definition file for pf
|
|
|
|
pf_program="/sbin/pfctl" # where the pfctl program lives
|
|
|
|
pf_flags="" # additional flags for pfctl
|
2004-04-02 19:25:27 +00:00
|
|
|
pflog_enable="NO" # Set to YES to enable packet filter logging
|
2004-07-27 00:28:16 +00:00
|
|
|
pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
|
2004-04-02 19:25:27 +00:00
|
|
|
pflog_program="/sbin/pflogd" # where the pflogd program lives
|
|
|
|
pflog_flags="" # additional flags for pflogd
|
2005-10-02 18:59:02 +00:00
|
|
|
pfsync_enable="NO" # Expose pf state to other hosts for syncing
|
|
|
|
pfsync_syncdev="" # Interface for pfsync to work through
|
|
|
|
pfsync_ifconfig="" # Additional options to ifconfig(8) for pfsync
|
2001-05-25 01:46:39 +00:00
|
|
|
tcp_extensions="YES" # Set to NO to turn off RFC1323 extensions.
|
2002-01-26 09:05:13 +00:00
|
|
|
log_in_vain="0" # >=1 to log connects to ports w/o listeners.
|
1999-08-14 03:42:27 +00:00
|
|
|
tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO).
|
2002-04-27 06:24:58 +00:00
|
|
|
# For the following option you need to have TCP_DROP_SYNFIN set in your
|
|
|
|
# kernel. Please refer to LINT and NOTES for details.
|
1999-09-12 17:22:08 +00:00
|
|
|
tcp_drop_synfin="NO" # Set to YES to drop TCP packets with SYN+FIN
|
2000-05-18 19:02:47 +00:00
|
|
|
# NOTE: this violates the TCP specification
|
2002-04-27 06:24:58 +00:00
|
|
|
icmp_drop_redirect="NO" # Set to YES to ignore ICMP REDIRECT packets
|
1999-08-10 09:45:33 +00:00
|
|
|
icmp_log_redirect="NO" # Set to YES to log ICMP REDIRECT packets
|
1999-07-08 18:56:04 +00:00
|
|
|
network_interfaces="auto" # List of network interfaces (or "auto").
|
2001-09-19 21:27:27 +00:00
|
|
|
cloned_interfaces="" # List of cloned network interfaces to create.
|
|
|
|
#cloned_interfaces="gif0 gif1 gif2 gif3" # Pre-cloning GENERIC config.
|
1997-04-27 03:59:19 +00:00
|
|
|
ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.
|
1997-05-19 07:46:51 +00:00
|
|
|
#ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry.
|
2000-08-15 15:09:34 +00:00
|
|
|
#ifconfig_ed0_ipx="ipx 0x00010010" # Sample IPX address family entry.
|
2004-10-30 13:44:06 +00:00
|
|
|
#ifconfig_fxp0_name="net0" # Change interface name from fxp0 to net0.
|
2005-11-14 23:34:50 +00:00
|
|
|
#ipv4_addrs_fxp0="192.168.0.1/24 192.168.1.1-5/28" # example IPv4 address entry.
|
1999-01-13 17:32:37 +00:00
|
|
|
#
|
2006-06-01 11:01:54 +00:00
|
|
|
#autobridge_interfaces="bridge0" # List of bridges to check
|
|
|
|
#autobridge_bridge0="tap* vlan0" # Interface glob to automatically add to the bridge
|
|
|
|
#
|
1999-01-13 17:32:37 +00:00
|
|
|
# If you have any sppp(4) interfaces above, you might also want to set
|
|
|
|
# the following parameters. Refer to spppcontrol(8) for their meaning.
|
|
|
|
sppp_interfaces="" # List of sppp interfaces.
|
|
|
|
#sppp_interfaces="isp0" # example: sppp over ISDN
|
|
|
|
#spppconfig_isp0="authproto=chap myauthname=foo myauthsecret='top secret' hisauthname=some-gw hisauthsecret='another secret'"
|
2001-06-03 12:26:56 +00:00
|
|
|
gif_interfaces="NO" # List of GIF tunnels (or "NO").
|
|
|
|
#gif_interfaces="gif0 gif1" # Examples typically for a router.
|
|
|
|
# Choose correct tunnel addrs.
|
|
|
|
#gifconfig_gif0="10.1.1.1 10.1.2.1" # Examples typically for a router.
|
|
|
|
#gifconfig_gif1="10.1.1.2 10.1.2.2" # Examples typically for a router.
|
1997-04-27 03:59:19 +00:00
|
|
|
|
1999-11-24 10:44:47 +00:00
|
|
|
# User ppp configuration.
|
1999-07-26 10:49:37 +00:00
|
|
|
ppp_enable="NO" # Start user-ppp (or NO).
|
2004-12-15 12:39:28 +00:00
|
|
|
ppp_program="/usr/sbin/ppp" # Path to user-ppp program.
|
1999-07-26 10:49:37 +00:00
|
|
|
ppp_mode="auto" # Choice of "auto", "ddial", "direct" or "dedicated".
|
|
|
|
# For details see man page for ppp(8). Default is auto.
|
1999-08-22 23:26:05 +00:00
|
|
|
ppp_nat="YES" # Use PPP's internal network address translation or NO.
|
1999-07-26 10:49:37 +00:00
|
|
|
ppp_profile="papchap" # Which profile to use from /etc/ppp/ppp.conf.
|
2000-08-10 00:13:02 +00:00
|
|
|
ppp_user="root" # Which user to run ppp as
|
1999-07-26 10:49:37 +00:00
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
### Network daemon (miscellaneous) ###
|
2006-02-03 01:35:36 +00:00
|
|
|
hostapd_enable="NO" # Run hostap daemon.
|
1997-04-28 10:14:45 +00:00
|
|
|
syslogd_enable="YES" # Run syslog daemon (or NO).
|
2001-06-28 03:32:10 +00:00
|
|
|
syslogd_program="/usr/sbin/syslogd" # path to syslogd, if you want a different one.
|
2000-03-20 19:53:56 +00:00
|
|
|
syslogd_flags="-s" # Flags to syslogd (if enabled).
|
2000-07-28 22:45:36 +00:00
|
|
|
inetd_enable="NO" # Run the network daemon dispatcher (YES/NO).
|
2001-06-28 03:32:10 +00:00
|
|
|
inetd_program="/usr/sbin/inetd" # path to inetd, if you want a different one.
|
2003-09-15 16:44:24 +00:00
|
|
|
inetd_flags="-wW -C 60" # Optional flags to inetd
|
1998-12-19 07:25:56 +00:00
|
|
|
#
|
|
|
|
# named. It may be possible to run named in a sandbox, man security for
|
|
|
|
# details.
|
|
|
|
#
|
1997-04-28 10:14:45 +00:00
|
|
|
named_enable="NO" # Run named, the DNS server (or NO).
|
2002-04-21 08:32:35 +00:00
|
|
|
named_program="/usr/sbin/named" # path to named, if you want a different one.
|
Overhaul the named boot script:
1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work
2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named
3. Replace the call to set rcvar with what that function would output,
and generally reduce indirection ($name -> named) since it's highly
unlikely the name of the named process or service will change any time soon.
4. Resort the order the variables at the top of the file to a more
traditional format, and remove a spurious required_dirs from the top, as it
works better after load_rc_config.
5. We do not want the default reload method with named, so define a simple
but appropriate substitute using rndc. If I were writing this script for
the first time I would not include this at all, since it's preferable to
control a running daemon with rndc to start with, but given that this is
already here, let's do it right. I hope that future generations will
however resist the tempation to add reconfig to extra_commands.
6. By the same token, we want to use rndc to shut down named, but given
that by defining a stop function we lose the "find the process by its
pid file in an emergency" goodness of rc.subr, try to do something useful
in the event that rndc is not available, and keep the user informed.
7. Replace some "test -f" with "test -r" to handle the unlikely event
that the relevant file exists, but is unreadable.
8. Twiddle whitespace in a few areas, remove a spurious blank line,
a bogus double space, and try to do better indenting.
9. Improve generation of the rndc.key file significantly
a. If for some reason a user has an rndc.conf file, assume that they
did that on purpose, and hence know what they are doing, so leave them alone.
b. Introduce a named_uid configuration variable so that the user which owns
the rndc.key file and the user named runs as always match, and is more
easily configurable. This should dramatically reduce problems with rndc.
c. Also test that the rndc.key file size is greater than zero, rather than
simply that the file exists. I have seen at least one user report this exact
problem, and although neither of us is sure where the empty file came from,
the fix is simple, so include it.
d. Rather than try to create an rndc.key file in both /etc/namedb and the
chroot'ed /etc/namedb, assume that they are be the same (which they should
be), and only create the file in the chroot'ed version of the directory.
This partially addresses the problem described in conf/73929, but I have
not yet finished thinking about the PREFIX issue that PR also raises.
As a result of introducing the named_uid knob, the default named_flags
are now empty.
Update defaults/rc.conf and rc.conf(5) to reflect these changes.
2006-02-13 08:45:51 +00:00
|
|
|
#named_flags="" # Flags for named
|
2004-09-24 22:47:10 +00:00
|
|
|
named_pidfile="/var/run/named/pid" # Must set this in named.conf as well
|
Overhaul the named boot script:
1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work
2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named
3. Replace the call to set rcvar with what that function would output,
and generally reduce indirection ($name -> named) since it's highly
unlikely the name of the named process or service will change any time soon.
4. Resort the order the variables at the top of the file to a more
traditional format, and remove a spurious required_dirs from the top, as it
works better after load_rc_config.
5. We do not want the default reload method with named, so define a simple
but appropriate substitute using rndc. If I were writing this script for
the first time I would not include this at all, since it's preferable to
control a running daemon with rndc to start with, but given that this is
already here, let's do it right. I hope that future generations will
however resist the tempation to add reconfig to extra_commands.
6. By the same token, we want to use rndc to shut down named, but given
that by defining a stop function we lose the "find the process by its
pid file in an emergency" goodness of rc.subr, try to do something useful
in the event that rndc is not available, and keep the user informed.
7. Replace some "test -f" with "test -r" to handle the unlikely event
that the relevant file exists, but is unreadable.
8. Twiddle whitespace in a few areas, remove a spurious blank line,
a bogus double space, and try to do better indenting.
9. Improve generation of the rndc.key file significantly
a. If for some reason a user has an rndc.conf file, assume that they
did that on purpose, and hence know what they are doing, so leave them alone.
b. Introduce a named_uid configuration variable so that the user which owns
the rndc.key file and the user named runs as always match, and is more
easily configurable. This should dramatically reduce problems with rndc.
c. Also test that the rndc.key file size is greater than zero, rather than
simply that the file exists. I have seen at least one user report this exact
problem, and although neither of us is sure where the empty file came from,
the fix is simple, so include it.
d. Rather than try to create an rndc.key file in both /etc/namedb and the
chroot'ed /etc/namedb, assume that they are be the same (which they should
be), and only create the file in the chroot'ed version of the directory.
This partially addresses the problem described in conf/73929, but I have
not yet finished thinking about the PREFIX issue that PR also raises.
As a result of introducing the named_uid knob, the default named_flags
are now empty.
Update defaults/rc.conf and rc.conf(5) to reflect these changes.
2006-02-13 08:45:51 +00:00
|
|
|
named_uid="bind" # User to run named as
|
2004-09-28 09:46:00 +00:00
|
|
|
named_chrootdir="/var/named" # Chroot directory (or "" not to auto-chroot it)
|
2002-06-13 22:27:31 +00:00
|
|
|
named_chroot_autoupdate="YES" # Automatically install/update chrooted
|
|
|
|
# components of named. See /etc/rc.d/named.
|
2004-09-24 04:45:16 +00:00
|
|
|
named_symlink_enable="YES" # Symlink the chrooted pid file
|
1998-12-19 07:25:56 +00:00
|
|
|
|
2001-07-28 19:57:57 +00:00
|
|
|
#
|
|
|
|
# kerberos. Do not run the admin daemons on slave servers
|
|
|
|
#
|
|
|
|
kerberos5_server_enable="NO" # Run a kerberos 5 master server (or NO).
|
|
|
|
kerberos5_server="/usr/libexec/kdc" # path to kerberos 5 KDC
|
2005-09-20 11:13:28 +00:00
|
|
|
kerberos5_server_flags="" # Additional flags to the kerberos 5 server
|
2001-07-28 19:57:57 +00:00
|
|
|
kadmind5_server_enable="NO" # Run kadmind (or NO)
|
2003-04-30 20:42:41 +00:00
|
|
|
kadmind5_server="/usr/libexec/kadmind" # path to kerberos 5 admin daemon
|
2003-04-30 20:58:49 +00:00
|
|
|
kpasswdd_server_enable="NO" # Run kpasswdd (or NO)
|
|
|
|
kpasswdd_server="/usr/libexec/kpasswdd" # path to kerberos 5 passwd daemon
|
2001-07-28 19:57:57 +00:00
|
|
|
|
1997-04-28 10:14:45 +00:00
|
|
|
rwhod_enable="NO" # Run the rwho daemon (or NO).
|
1999-01-03 22:19:23 +00:00
|
|
|
rwhod_flags="" # Flags for rwhod
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
rarpd_enable="NO" # Run rarpd (or NO).
|
|
|
|
rarpd_flags="" # Flags to rarpd.
|
2002-09-05 20:14:46 +00:00
|
|
|
bootparamd_enable="NO" # Run bootparamd (or NO).
|
|
|
|
bootparamd_flags="" # Flags to bootparamd
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
pppoed_enable="NO" # Run the PPP over Ethernet daemon.
|
|
|
|
pppoed_provider="*" # Provider and ppp(8) config file entry.
|
|
|
|
pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled).
|
|
|
|
pppoed_interface="fxp0" # The interface that pppoed runs on.
|
2001-11-28 08:52:35 +00:00
|
|
|
sshd_enable="NO" # Enable sshd
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one.
|
2001-11-28 08:52:35 +00:00
|
|
|
sshd_flags="" # Additional flags for sshd.
|
2006-01-21 18:08:16 +00:00
|
|
|
ftpd_enable="NO" # Enable stand-alone ftpd.
|
|
|
|
ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one.
|
|
|
|
ftpd_flags="" # Additional flags to stand-alone ftpd.
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2002-08-14 05:37:15 +00:00
|
|
|
### Network daemon (NFS): All need rpcbind_enable="YES" ###
|
1997-04-28 10:14:45 +00:00
|
|
|
amd_enable="NO" # Run amd service with $amd_flags (or NO).
|
2006-04-11 09:02:07 +00:00
|
|
|
amd_program="/usr/sbin/amd" # path to amd, if you want a different one.
|
2000-09-01 01:08:52 +00:00
|
|
|
amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map"
|
1998-04-26 06:32:13 +00:00
|
|
|
amd_map_program="NO" # Can be set to "ypcat -k amd.master"
|
1997-04-28 10:14:45 +00:00
|
|
|
nfs_client_enable="NO" # This host is an NFS client (or NO).
|
2006-05-24 00:06:14 +00:00
|
|
|
nfs_access_cache="60" # Client cache timeout in seconds
|
1997-04-28 10:14:45 +00:00
|
|
|
nfs_server_enable="NO" # This host is an NFS server (or NO).
|
1998-05-01 13:45:04 +00:00
|
|
|
nfs_server_flags="-u -t -n 4" # Flags to nfsd (if enabled).
|
2002-08-14 05:37:15 +00:00
|
|
|
mountd_enable="NO" # Run mountd (or NO).
|
1997-10-12 20:37:20 +00:00
|
|
|
mountd_flags="-r" # Flags to mountd (if NFS server enabled).
|
2000-07-23 11:31:09 +00:00
|
|
|
weak_mountd_authentication="NO" # Allow non-root mount requests to be served.
|
1997-04-28 10:14:45 +00:00
|
|
|
nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO).
|
2003-02-08 20:55:56 +00:00
|
|
|
nfs_bufpackets="" # bufspace (in packets) for client
|
2001-10-18 19:37:57 +00:00
|
|
|
rpc_lockd_enable="NO" # Run NFS rpc.lockd needed for client/server.
|
|
|
|
rpc_statd_enable="NO" # Run NFS rpc.statd needed for client/server.
|
2002-08-14 05:37:15 +00:00
|
|
|
rpcbind_enable="NO" # Run the portmapper service (YES/NO).
|
|
|
|
rpcbind_program="/usr/sbin/rpcbind" # path to rpcbind, if you want a different one.
|
|
|
|
rpcbind_flags="" # Flags to rpcbind (if enabled).
|
1998-04-12 09:47:43 +00:00
|
|
|
rpc_ypupdated_enable="NO" # Run if NIS master and SecureRPC (or NO).
|
|
|
|
keyserv_enable="NO" # Run the SecureRPC keyserver (or NO).
|
|
|
|
keyserv_flags="" # Flags to keyserv (if enabled).
|
1997-04-27 03:59:19 +00:00
|
|
|
|
|
|
|
### Network Time Services options: ###
|
1997-06-02 02:58:08 +00:00
|
|
|
timed_enable="NO" # Run the time daemon (or NO).
|
1997-04-27 03:59:19 +00:00
|
|
|
timed_flags="" # Flags to timed (if enabled).
|
2004-09-15 01:08:33 +00:00
|
|
|
ntpdate_enable="NO" # Run ntpdate to sync time on boot (or NO).
|
|
|
|
ntpdate_program="/usr/sbin/ntpdate" # path to ntpdate, if you want a different one.
|
|
|
|
ntpdate_flags="-b" # Flags to ntpdate (if enabled).
|
2006-07-20 10:07:34 +00:00
|
|
|
ntpdate_config="/etc/ntp.conf" # ntpdate(8) configuration file
|
|
|
|
ntpdate_hosts="" # Whitespace-separated list of ntpdate(8) servers.
|
2002-08-14 05:37:15 +00:00
|
|
|
ntpd_enable="NO" # Run ntpd Network Time Protocol (or NO).
|
|
|
|
ntpd_program="/usr/sbin/ntpd" # path to ntpd, if you want a different one.
|
2006-04-18 15:02:24 +00:00
|
|
|
ntpd_config="/etc/ntp.conf" # ntpd(8) configuration file
|
2004-09-15 01:08:33 +00:00
|
|
|
ntpd_sync_on_start="NO" # Sync time on ntpd startup, even if offset is high
|
2003-10-03 21:33:40 +00:00
|
|
|
ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift"
|
|
|
|
# Flags to ntpd (if enabled).
|
1997-04-27 03:59:19 +00:00
|
|
|
|
2002-08-14 05:37:15 +00:00
|
|
|
# Network Information Services (NIS) options: All need rpcbind_enable="YES" ###
|
1997-06-24 22:36:42 +00:00
|
|
|
nis_client_enable="NO" # We're an NIS client (or NO).
|
1997-04-27 03:59:19 +00:00
|
|
|
nis_client_flags="" # Flags to ypbind (if enabled).
|
1997-04-28 10:14:45 +00:00
|
|
|
nis_ypset_enable="NO" # Run ypset at boot time (or NO).
|
1997-04-27 03:59:19 +00:00
|
|
|
nis_ypset_flags="" # Flags to ypset (if enabled).
|
1997-06-24 22:36:42 +00:00
|
|
|
nis_server_enable="NO" # We're an NIS server (or NO).
|
1997-04-27 03:59:19 +00:00
|
|
|
nis_server_flags="" # Flags to ypserv (if enabled).
|
1997-04-28 10:14:45 +00:00
|
|
|
nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO).
|
1997-04-27 03:59:19 +00:00
|
|
|
nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled).
|
1997-05-05 09:32:34 +00:00
|
|
|
nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or NO).
|
|
|
|
nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled).
|
1997-04-27 03:59:19 +00:00
|
|
|
|
2005-04-17 10:47:58 +00:00
|
|
|
### SNMP daemon ###
|
|
|
|
# Be sure to understand the security implications of running SNMP v1/v2
|
|
|
|
# in your network.
|
|
|
|
bsnmpd_enable="NO" # Run the SNMP daemon (or NO).
|
|
|
|
bsnmpd_flags="" # Flags for bsnmpd.
|
|
|
|
|
1997-04-27 03:59:19 +00:00
|
|
|
### Network routing options: ###
|
1997-04-28 10:14:45 +00:00
|
|
|
defaultrouter="NO" # Set to default gateway (or NO).
|
1997-04-27 03:59:19 +00:00
|
|
|
static_routes="" # Set to static route list (or leave empty).
|
2003-08-14 15:27:32 +00:00
|
|
|
natm_static_routes="" # Set to static route list for NATM (or leave empty).
|
1997-04-28 10:14:45 +00:00
|
|
|
gateway_enable="NO" # Set to YES if this host will be a gateway.
|
1998-09-23 04:42:02 +00:00
|
|
|
router_enable="NO" # Set to YES to enable a routing daemon.
|
2002-04-21 08:32:35 +00:00
|
|
|
router="/sbin/routed" # Name of routing daemon to use if enabled.
|
1997-04-28 10:14:45 +00:00
|
|
|
router_flags="-q" # Flags for routing daemon.
|
1997-06-24 22:36:42 +00:00
|
|
|
mrouted_enable="NO" # Do multicast routing (see /etc/mrouted.conf).
|
1997-10-31 01:58:53 +00:00
|
|
|
mrouted_flags="" # Flags for multicast routing daemon.
|
1997-04-28 10:14:45 +00:00
|
|
|
ipxgateway_enable="NO" # Set to YES to enable IPX routing.
|
|
|
|
ipxrouted_enable="NO" # Set to YES to run the IPX routing daemon.
|
1997-04-27 03:59:19 +00:00
|
|
|
ipxrouted_flags="" # Flags for IPX routing daemon.
|
2001-11-28 08:52:35 +00:00
|
|
|
arpproxy_all="NO" # replaces obsolete kernel option ARP_PROXYALL.
|
1998-08-10 19:53:22 +00:00
|
|
|
forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES")
|
1998-02-16 19:21:32 +00:00
|
|
|
accept_sourceroute="NO" # accept source routed packets to us
|
1997-04-27 03:59:19 +00:00
|
|
|
|
1998-10-06 19:24:31 +00:00
|
|
|
### ATM interface options: ###
|
|
|
|
atm_enable="NO" # Configure ATM interfaces (or NO).
|
|
|
|
#atm_netif_hea0="atm 1" # Network interfaces for physical interface.
|
|
|
|
#atm_sigmgr_hea0="uni31" # Signalling manager for physical interface.
|
|
|
|
#atm_prefix_hea0="ILMI" # NSAP prefix (UNI interfaces only) (or ILMI).
|
|
|
|
#atm_macaddr_hea0="NO" # Override physical MAC address (or NO).
|
|
|
|
#atm_arpserver_atm0="0x47.0005.80.999999.9999.9999.9999.999999999999.00" # ATMARP server address (or local).
|
|
|
|
#atm_scsparp_atm0="NO" # Run SCSP/ATMARP on network interface (or NO).
|
|
|
|
atm_pvcs="" # Set to PVC list (or leave empty).
|
|
|
|
atm_arps="" # Set to permanent ARP list (or leave empty).
|
|
|
|
|
2001-07-23 14:24:31 +00:00
|
|
|
### ISDN interface options: (see also: /usr/share/examples/isdn) ###
|
1999-01-13 08:20:55 +00:00
|
|
|
isdn_enable="NO" # Enable the ISDN subsystem (or NO).
|
2001-07-23 14:24:31 +00:00
|
|
|
isdn_fsdev="NO" # Output device for fullscreen mode (or NO for daemon mode).
|
1999-01-13 08:20:55 +00:00
|
|
|
isdn_flags="-dn -d0x1f9" # Flags for isdnd
|
2001-04-24 20:02:31 +00:00
|
|
|
isdn_ttype="cons25" # terminal type for fullscreen mode
|
2001-05-14 20:51:10 +00:00
|
|
|
isdn_screenflags="NO" # screenflags for ${isdn_fsdev}
|
1999-01-13 08:20:55 +00:00
|
|
|
isdn_trace="NO" # Enable the ISDN trace subsystem (or NO).
|
|
|
|
isdn_traceflags="-f /var/tmp/isdntrace0" # Flags for isdntrace
|
|
|
|
|
2005-10-11 19:16:48 +00:00
|
|
|
### Bluetooth ###
|
|
|
|
hcsecd_enable="NO" # Enable hcsecd(8) (or NO)
|
|
|
|
hcsecd_config="/etc/bluetooth/hcsecd.conf" # hcsecd(8) configuration file
|
|
|
|
|
|
|
|
sdpd_enable="NO" # Enable sdpd(8) (or NO)
|
|
|
|
sdpd_control="/var/run/sdp" # sdpd(8) control socket
|
2005-11-22 18:51:43 +00:00
|
|
|
sdpd_groupname="nobody" # set spdp(8) user/group to run as after
|
|
|
|
sdpd_username="nobody" # it initializes
|
2005-10-11 19:16:48 +00:00
|
|
|
|
1998-09-15 10:49:03 +00:00
|
|
|
### Miscellaneous network options: ###
|
|
|
|
icmp_bmcastecho="NO" # respond to broadcast ping packets
|
|
|
|
|
2000-02-23 18:05:58 +00:00
|
|
|
### IPv6 options: ###
|
|
|
|
ipv6_enable="NO" # Set to YES to set up for IPv6.
|
|
|
|
ipv6_network_interfaces="auto" # List of network interfaces (or "auto").
|
2000-10-29 19:59:05 +00:00
|
|
|
ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO).
|
2001-12-06 20:44:14 +00:00
|
|
|
#ipv6_defaultrouter="2002:c058:6301::" # Use this for 6to4 (RFC 3068)
|
2000-03-12 20:35:54 +00:00
|
|
|
ipv6_static_routes="" # Set to static route list (or leave empty).
|
|
|
|
#ipv6_static_routes="xxx" # An example to set fec0:0000:0000:0006::/64
|
|
|
|
# route toward loopback interface.
|
|
|
|
#ipv6_route_xxx="fec0:0000:0000:0006:: -prefixlen 64 ::1"
|
2000-02-23 18:05:58 +00:00
|
|
|
ipv6_gateway_enable="NO" # Set to YES if this host will be a gateway.
|
|
|
|
ipv6_router_enable="NO" # Set to YES to enable an IPv6 routing daemon.
|
|
|
|
ipv6_router="/usr/sbin/route6d" # Name of IPv6 routing daemon.
|
|
|
|
ipv6_router_flags="" # Flags to IPv6 routing daemon.
|
|
|
|
#ipv6_router_flags="-l" # Example for route6d with only IPv6 site local
|
|
|
|
# addrs.
|
2002-07-18 05:00:16 +00:00
|
|
|
#ipv6_router_flags="-q" # If you want to run a routing daemon on an end
|
|
|
|
# node, you should stop advertisement.
|
2000-10-29 19:59:05 +00:00
|
|
|
#ipv6_network_interfaces="ed0 ep0" # Examples for router
|
|
|
|
# or static configuration for end node.
|
2000-02-23 18:05:58 +00:00
|
|
|
# Choose correct prefix value.
|
|
|
|
#ipv6_prefix_ed0="fec0:0000:0000:0001 fec0:0000:0000:0002" # Examples for rtr.
|
|
|
|
#ipv6_prefix_ep0="fec0:0000:0000:0003 fec0:0000:0000:0004" # Examples for rtr.
|
2001-03-18 16:07:21 +00:00
|
|
|
#ipv6_ifconfig_ed0="fec0:0:0:5::1 prefixlen 64" # Sample manual assign entry
|
|
|
|
#ipv6_ifconfig_ed0_alias0="fec0:0:0:5::2 prefixlen 64" # Sample alias entry.
|
2001-06-28 21:45:47 +00:00
|
|
|
ipv6_default_interface="NO" # Default output interface for scoped addrs.
|
2000-02-23 18:05:58 +00:00
|
|
|
# Now this works only for IPv6 link local
|
|
|
|
# multicast addrs.
|
2003-08-08 17:43:58 +00:00
|
|
|
rtsol_flags="" # Flags to IPv6 router solicitation.
|
2001-06-20 13:17:07 +00:00
|
|
|
rtadvd_enable="NO" # Set to YES to enable an IPv6 router
|
2000-03-12 20:35:54 +00:00
|
|
|
# advertisement daemon. If set to YES,
|
|
|
|
# this router becomes a possible candidate
|
|
|
|
# IPv6 default router for local subnets.
|
2001-01-25 13:05:50 +00:00
|
|
|
rtadvd_interfaces="" # Interfaces rtadvd sends RA packets.
|
2000-02-23 18:05:58 +00:00
|
|
|
mroute6d_enable="NO" # Do IPv6 multicast routing.
|
2001-10-03 16:15:59 +00:00
|
|
|
mroute6d_program="/usr/local/sbin/pim6dd" # Name of IPv6 multicast
|
|
|
|
# routing daemon. You need to
|
|
|
|
# install it from package or
|
|
|
|
# port.
|
2000-02-23 18:05:58 +00:00
|
|
|
mroute6d_flags="" # Flags to IPv6 multicast routing daemon.
|
2000-03-12 20:35:54 +00:00
|
|
|
stf_interface_ipv4addr="" # Local IPv4 addr for 6to4 IPv6 over IPv4
|
|
|
|
# tunneling interface. Specify this entry
|
|
|
|
# to enable 6to4 interface.
|
|
|
|
stf_interface_ipv4plen="0" # Prefix length for 6to4 IPv4 addr,
|
|
|
|
# to limit peer addr range. Effective value
|
|
|
|
# is 0-31.
|
|
|
|
stf_interface_ipv6_ifid="0:0:0:1" # IPv6 interface id for stf0.
|
|
|
|
# If you like, you can set "AUTO" for this.
|
|
|
|
stf_interface_ipv6_slaid="0000" # IPv6 Site Level Aggregator for stf0
|
2001-06-19 19:27:51 +00:00
|
|
|
ipv6_faith_prefix="NO" # Set faith prefix to enable a FAITH
|
|
|
|
# IPv6-to-IPv4 TCP translator. You also need
|
|
|
|
# faithd(8) setup.
|
2002-07-25 15:44:01 +00:00
|
|
|
ipv6_ipv4mapping="NO" # Set to "YES" to enable IPv4 mapped IPv6 addr
|
2000-03-28 17:39:53 +00:00
|
|
|
# communication. (like ::ffff:a.b.c.d)
|
2000-10-29 19:59:05 +00:00
|
|
|
ipv6_firewall_enable="NO" # Set to YES to enable IPv6 firewall
|
|
|
|
# functionality
|
|
|
|
ipv6_firewall_script="/etc/rc.firewall6" # Which script to run to set up the IPv6 firewall
|
|
|
|
ipv6_firewall_type="UNKNOWN" # IPv6 Firewall type (see /etc/rc.firewall6)
|
|
|
|
ipv6_firewall_quiet="NO" # Set to YES to suppress rule display
|
|
|
|
ipv6_firewall_logging="NO" # Set to YES to enable events logging
|
|
|
|
ipv6_firewall_flags="" # Flags passed to ip6fw when type is a file
|
2002-11-02 08:21:26 +00:00
|
|
|
ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter,
|
|
|
|
# see /usr/src/contrib/ipfilter/rules
|
|
|
|
# for examples
|
2004-06-02 09:58:18 +00:00
|
|
|
ip6addrctl_enable="NO" # Set to YES to enable default address selection
|
2004-06-02 09:39:49 +00:00
|
|
|
ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration messages
|
1997-04-27 03:59:19 +00:00
|
|
|
|
|
|
|
##############################################################
|
|
|
|
### System console options #################################
|
|
|
|
##############################################################
|
|
|
|
|
2004-06-18 20:09:30 +00:00
|
|
|
keyboard="" # keyboard device to use (default /dev/kbd0).
|
1997-04-28 10:14:45 +00:00
|
|
|
keymap="NO" # keymap in /usr/share/syscons/keymaps/* (or NO).
|
|
|
|
keyrate="NO" # keyboard rate to: slow, normal, fast (or NO).
|
2003-03-15 08:14:42 +00:00
|
|
|
keybell="NO" # See kbdcontrol(1) for options. Use "off" to disable.
|
1997-04-28 10:14:45 +00:00
|
|
|
keychange="NO" # function keys default values (or NO).
|
|
|
|
cursor="NO" # cursor type {normal|blink|destructive} (or NO).
|
|
|
|
scrnmap="NO" # screen map in /usr/share/syscons/scrnmaps/* (or NO).
|
|
|
|
font8x16="NO" # font 8x16 from /usr/share/syscons/fonts/* (or NO).
|
|
|
|
font8x14="NO" # font 8x14 from /usr/share/syscons/fonts/* (or NO).
|
|
|
|
font8x8="NO" # font 8x8 from /usr/share/syscons/fonts/* (or NO).
|
1998-06-23 03:09:26 +00:00
|
|
|
blanktime="300" # blank time (in seconds) or "NO" to turn it off.
|
2002-04-06 18:02:52 +00:00
|
|
|
saver="NO" # screen saver: Uses /boot/kernel/${saver}_saver.ko
|
Do a better job of supporting more than one mouse device
on the system.
To start/stop/check on a specific device give the device name as
the second argument to the script:
# /etc/rc.d/moused start ums0
To use different rc.conf(5) knobs with different mice use the device
name as part of the knob. For example, if the mouse device is ums0, then:
moused_ums0_enable=yes
moused_ums0_flags="-z 4"
moused_ums0_port="/dev/ums0"
Starting rc.d/moused without the device argument will use the standard
moused_* flags. So, this commit should not disrupt or change current usage.
To preserve current behaviour with respect to usb mice, which appear
automatically when inserted, there is a new knob, moused_nondefault_enable,
which will treat any devices without rc.conf knobs as enabled.
To minimize knobs in /etc/rc.conf, the device file and pid file are
auto-computed, so that in the typical case for a usb mouse you don't
need to add anything extra in /etc/rc.conf to get it working.
Additionally, this updates /etc/usbd.conf to use the rc.d/moused script so
people don't have to modify it to configure their usb mouse anymore.
MFC after: 1 month
2004-11-01 18:05:41 +00:00
|
|
|
moused_nondefault_enable="YES" # Treat non-default mice as enabled unless
|
|
|
|
# specifically overriden in rc.conf(5).
|
1998-03-07 09:02:08 +00:00
|
|
|
moused_enable="NO" # Run the mouse daemon.
|
|
|
|
moused_type="auto" # See man page for rc.conf(5) for available settings.
|
2001-11-28 08:52:35 +00:00
|
|
|
moused_port="/dev/psm0" # Set to your mouse port.
|
1997-05-19 07:46:51 +00:00
|
|
|
moused_flags="" # Any additional flags to moused.
|
2002-11-15 08:26:36 +00:00
|
|
|
mousechar_start="NO" # if 0xd0-0xd3 default range is occupied in your
|
2001-04-19 14:53:47 +00:00
|
|
|
# language code table, specify alternative range
|
|
|
|
# start like mousechar_start=3, see vidcontrol(1)
|
1998-04-02 15:33:49 +00:00
|
|
|
allscreens_flags="" # Set this vidcontrol mode for all virtual screens
|
2001-04-28 20:56:53 +00:00
|
|
|
allscreens_kbdflags="" # Set this kbdcontrol mode for all virtual screens
|
1997-04-27 03:59:19 +00:00
|
|
|
|
|
|
|
##############################################################
|
2002-04-05 02:30:49 +00:00
|
|
|
### Mail Transfer Agent (MTA) options ######################
|
1997-04-27 03:59:19 +00:00
|
|
|
##############################################################
|
|
|
|
|
2002-04-05 02:30:49 +00:00
|
|
|
mta_start_script="/etc/rc.sendmail"
|
|
|
|
# Script to start your chosen MTA, called by /etc/rc.
|
2004-04-05 16:22:14 +00:00
|
|
|
# Settings for /etc/rc.sendmail and /etc/rc.d/sendmail:
|
2002-09-03 22:15:57 +00:00
|
|
|
sendmail_enable="NO" # Run the sendmail inbound daemon (YES/NO).
|
2004-04-05 16:22:14 +00:00
|
|
|
sendmail_pidfile="/var/run/sendmail.pid" # sendmail pid file
|
|
|
|
sendmail_procname="/usr/sbin/sendmail" # sendmail process name
|
2002-02-17 22:19:14 +00:00
|
|
|
sendmail_flags="-L sm-mta -bd -q30m" # Flags to sendmail (as a server)
|
2002-03-28 03:29:22 +00:00
|
|
|
sendmail_submit_enable="YES" # Start a localhost-only MTA for mail submission
|
|
|
|
sendmail_submit_flags="-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost"
|
|
|
|
# Flags for localhost-only MTA
|
2001-03-13 05:53:16 +00:00
|
|
|
sendmail_outbound_enable="YES" # Dequeue stuck mail (YES/NO).
|
2002-02-17 22:19:14 +00:00
|
|
|
sendmail_outbound_flags="-L sm-queue -q30m" # Flags to sendmail (outbound only)
|
|
|
|
sendmail_msp_queue_enable="YES" # Dequeue stuck clientmqueue mail (YES/NO).
|
|
|
|
sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m"
|
2002-03-28 03:29:22 +00:00
|
|
|
# Flags for sendmail_msp_queue daemon.
|
2002-04-05 02:30:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
##############################################################
|
|
|
|
### Miscellaneous administrative options ###################
|
|
|
|
##############################################################
|
|
|
|
|
2006-02-02 10:02:19 +00:00
|
|
|
auditd_enable="NO" # Run the audit daemon.
|
|
|
|
auditd_flags="" # Which options to pass to the audit daemon.
|
2006-04-28 12:03:38 +00:00
|
|
|
cached_enable="NO" # Run the nsswitch caching daemon.
|
2002-04-05 02:30:49 +00:00
|
|
|
cron_enable="YES" # Run the periodic job daemon.
|
|
|
|
cron_program="/usr/sbin/cron" # Which cron executable to run (if enabled).
|
2003-12-25 23:29:19 +00:00
|
|
|
cron_dst="YES" # Handle DST transitions intelligently (YES/NO)
|
2002-04-05 02:30:49 +00:00
|
|
|
cron_flags="" # Which options to pass to the cron daemon.
|
|
|
|
lpd_enable="NO" # Run the line printer daemon.
|
|
|
|
lpd_program="/usr/sbin/lpd" # path to lpd, if you want a different one.
|
|
|
|
lpd_flags="" # Flags to lpd (if enabled).
|
2005-03-02 02:46:47 +00:00
|
|
|
chkprintcap_enable="NO" # Run chkprintcap(8) before running lpd.
|
|
|
|
chkprintcap_flags="-d" # Create missing directories by default.
|
2005-06-07 15:22:08 +00:00
|
|
|
dumpdev="AUTO" # Device to crashdump to (device name, AUTO, or NO).
|
2001-10-09 18:40:00 +00:00
|
|
|
dumpdir="/var/crash" # Directory where crash dumps are to be stored
|
2001-11-28 08:52:35 +00:00
|
|
|
savecore_flags="" # Used if dumpdev is enabled above, and present.
|
|
|
|
enable_quotas="NO" # turn on quotas on startup (or NO).
|
1999-09-06 20:22:40 +00:00
|
|
|
check_quotas="YES" # Check quotas on startup (or NO).
|
1997-05-19 03:20:22 +00:00
|
|
|
accounting_enable="NO" # Turn on process accounting (or NO).
|
1997-04-28 10:14:45 +00:00
|
|
|
ibcs2_enable="NO" # Ibcs2 (SCO) emulation loaded at startup (or NO).
|
2001-02-28 22:28:00 +00:00
|
|
|
ibcs2_loaders="coff" # List of additional Ibcs2 loaders (or NO).
|
2005-12-19 10:57:00 +00:00
|
|
|
|
|
|
|
# Emulation/compatibility services provided by /etc/rc.d/abi
|
2001-01-16 20:05:05 +00:00
|
|
|
sysvipc_enable="NO" # Load System V IPC primitives at startup (or NO).
|
1999-09-15 02:25:13 +00:00
|
|
|
linux_enable="NO" # Linux binary compatibility loaded at startup (or NO).
|
1999-01-30 07:22:29 +00:00
|
|
|
svr4_enable="NO" # SysVR4 emulation loaded at startup (or NO).
|
2005-12-19 10:57:00 +00:00
|
|
|
|
1997-11-16 12:52:17 +00:00
|
|
|
clear_tmp_enable="NO" # Clear /tmp at startup.
|
2005-12-20 20:36:48 +00:00
|
|
|
clear_tmp_X="YES" # Clear and recreate X11-related directories in /tmp
|
2000-08-11 03:26:30 +00:00
|
|
|
ldconfig_insecure="NO" # Set to YES to disable ldconfig security checks
|
2004-10-13 07:12:14 +00:00
|
|
|
ldconfig_paths="/usr/lib/compat /usr/X11R6/lib /usr/local/lib /usr/local/lib/compat/pkg"
|
1999-01-10 22:06:22 +00:00
|
|
|
# shared library search paths
|
2006-02-13 21:10:03 +00:00
|
|
|
ldconfig32_paths="/usr/lib32" # 32-bit compatibility shared library search paths
|
1999-01-10 22:06:22 +00:00
|
|
|
ldconfig_paths_aout="/usr/lib/compat/aout /usr/X11R6/lib/aout /usr/local/lib/aout"
|
|
|
|
# a.out shared library search paths
|
2006-01-08 10:15:31 +00:00
|
|
|
ldconfig_local_dirs="/usr/local/libdata/ldconfig /usr/X11R6/libdata/ldconfig"
|
|
|
|
# Local directories with ldconfig configuration files.
|
|
|
|
ldconfig_local32_dirs="/usr/local/libdata/ldconfig32 /usr/X11R6/libdata/ldconfig32"
|
|
|
|
# Local directories with 32-bit compatibility ldconfig
|
|
|
|
# configuration files.
|
2001-11-28 08:52:35 +00:00
|
|
|
kern_securelevel_enable="NO" # kernel security level (see init(8)),
|
1998-12-16 17:14:16 +00:00
|
|
|
kern_securelevel="-1" # range: -1..3 ; `-1' is the most insecure
|
2005-07-21 15:17:54 +00:00
|
|
|
# Note that setting securelevel to 0 will result
|
|
|
|
# in the system booting with securelevel set to 1, as
|
|
|
|
# init(8) will raise the level when rc(8) completes.
|
1998-12-12 23:04:21 +00:00
|
|
|
update_motd="YES" # update version info in /etc/motd (or NO)
|
2001-11-28 08:52:35 +00:00
|
|
|
entropy_file="/entropy" # Set to NO to disable caching entropy through reboots.
|
2005-04-11 02:45:05 +00:00
|
|
|
# /var/db/entropy-file is preferred if / is not avail.
|
2001-01-14 07:18:31 +00:00
|
|
|
entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron.
|
2001-11-28 08:52:35 +00:00
|
|
|
entropy_save_sz="2048" # Size of the entropy cache files.
|
|
|
|
entropy_save_num="8" # Number of entropy cache files to save.
|
|
|
|
harvest_interrupt="YES" # Entropy device harvests interrupt randomness
|
|
|
|
harvest_ethernet="YES" # Entropy device harvests ethernet randomness
|
|
|
|
harvest_p_to_p="YES" # Entropy device harvests point-to-point randomness
|
2002-06-13 22:27:31 +00:00
|
|
|
dmesg_enable="YES" # Save dmesg(8) to /var/run/dmesg.boot
|
2003-06-26 09:50:52 +00:00
|
|
|
watchdogd_enable="NO" # Start the software watchdog daemon
|
2003-08-20 06:15:18 +00:00
|
|
|
devfs_rulesets="/etc/defaults/devfs.rules /etc/devfs.rules" # Files containing
|
|
|
|
# devfs(8) rules.
|
|
|
|
devfs_system_ruleset="" # The name of a ruleset to apply to /dev
|
2004-04-10 22:13:27 +00:00
|
|
|
devfs_set_rulesets="" # A list of /mount/dev=ruleset_name settings to
|
|
|
|
# apply (must be mounted already, i.e. fstab(5))
|
2006-01-29 05:51:58 +00:00
|
|
|
performance_cx_lowest="LOW" # Online CPU idle state
|
2005-07-22 00:38:55 +00:00
|
|
|
performance_cpu_freq="NONE" # Online CPU frequency
|
2006-01-29 05:51:58 +00:00
|
|
|
economy_cx_lowest="LOW" # Offline CPU idle state
|
2005-07-22 00:38:55 +00:00
|
|
|
economy_cpu_freq="NONE" # Offline CPU frequency
|
2004-03-03 15:21:01 +00:00
|
|
|
virecover_enable="YES" # Perform housekeeping for the vi(1) editor
|
2004-09-29 07:07:43 +00:00
|
|
|
ugidfw_enable="NO" # Load mac_bsdextended(4) rules on boot
|
2004-09-29 00:12:28 +00:00
|
|
|
bsdextended_script="/etc/rc.bsdextended" # Default mac_bsdextended(4)
|
|
|
|
# ruleset file.
|
2005-03-02 00:40:55 +00:00
|
|
|
newsyslog_enable="YES" # Run newsyslog at startup.
|
|
|
|
newsyslog_flags="-CN" # Newsyslog flags to create marked files
|
2003-08-20 06:15:18 +00:00
|
|
|
|
2003-08-24 06:29:32 +00:00
|
|
|
##############################################################
|
|
|
|
### Jail Configuration #######################################
|
|
|
|
##############################################################
|
|
|
|
jail_enable="NO" # Set to NO to disable starting of any jails
|
|
|
|
jail_list="" # Space separated list of names of jails
|
|
|
|
jail_set_hostname_allow="YES" # Allow root user in a jail to change its hostname
|
|
|
|
jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail
|
|
|
|
jail_sysvipc_allow="NO" # Allow SystemV IPC use from within a jail
|
|
|
|
|
|
|
|
#
|
|
|
|
# To use rc's built-in jail infrastructure create entries for
|
|
|
|
# each jail, specified in jail_list, with the following variables.
|
2006-05-11 14:23:43 +00:00
|
|
|
# NOTES:
|
|
|
|
# - replace 'example' with the jail's name.
|
|
|
|
# - except rootdir, hostname and ip, all of the following variables may be made
|
|
|
|
# global jail variables if you don't specify a jail name (ie. jail_interface).
|
2003-08-24 06:29:32 +00:00
|
|
|
#
|
|
|
|
#jail_example_rootdir="/usr/jail/default" # Jail's root directory
|
|
|
|
#jail_example_hostname="default.domain.com" # Jail's hostname
|
|
|
|
#jail_example_ip="192.168.0.10" # Jail's IP number
|
2006-05-11 14:23:43 +00:00
|
|
|
#jail_example_interface="" # Interface to create the IP alias on
|
2004-12-14 14:36:35 +00:00
|
|
|
#jail_example_exec_start="/bin/sh /etc/rc" # command to execute in jail for starting
|
2006-05-30 16:20:48 +00:00
|
|
|
#jail_example_exec_afterstart0="/bin/sh command" # command to execute after the one for
|
|
|
|
# starting the jail. More than one can be
|
|
|
|
# specified using a trailing number
|
2004-12-14 14:36:35 +00:00
|
|
|
#jail_example_exec_stop="/bin/sh /etc/rc.shutdown" # command to execute in jail for stopping
|
2003-08-24 06:29:32 +00:00
|
|
|
#jail_example_devfs_enable="NO" # mount devfs in the jail
|
|
|
|
#jail_example_fdescfs_enable="NO" # mount fdescfs in the jail
|
|
|
|
#jail_example_procfs_enable="NO" # mount procfs in jail
|
2004-11-23 20:09:58 +00:00
|
|
|
#jail_example_mount_enable="NO" # mount/umount jail's fs
|
2004-02-02 13:27:41 +00:00
|
|
|
#jail_example_devfs_ruleset="ruleset_name" # devfs ruleset to apply to jail
|
2004-11-23 20:09:58 +00:00
|
|
|
#jail_example_fstab="" # fstab(5) for mount/umount
|
2005-06-26 16:30:20 +00:00
|
|
|
#jail_example_flags="-l -U root" # flags for jail(8)
|
1997-05-24 11:29:59 +00:00
|
|
|
|
|
|
|
##############################################################
|
2000-04-27 08:43:49 +00:00
|
|
|
### Define source_rc_confs, the mechanism used by /etc/rc.* ##
|
|
|
|
### scripts to source rc_conf_files overrides safely. ##
|
1997-05-24 11:29:59 +00:00
|
|
|
##############################################################
|
1999-01-25 18:24:46 +00:00
|
|
|
|
2000-04-27 08:43:49 +00:00
|
|
|
if [ -z "${source_rc_confs_defined}" ]; then
|
2001-11-28 08:52:35 +00:00
|
|
|
source_rc_confs_defined=yes
|
|
|
|
source_rc_confs () {
|
|
|
|
local i sourced_files
|
|
|
|
for i in ${rc_conf_files}; do
|
|
|
|
case ${sourced_files} in
|
|
|
|
*:$i:*)
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
sourced_files="${sourced_files}:$i:"
|
|
|
|
if [ -r $i ]; then
|
|
|
|
. $i
|
|
|
|
fi
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
done
|
|
|
|
}
|
2000-04-27 08:43:49 +00:00
|
|
|
fi
|