Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
RC.CONF(5)		  FreeBSD File Formats Manual		    RC.CONF(5)

NAME
     rc.conf --	system configuration information

DESCRIPTION
     The file rc.conf contains descriptive information about the local host
     name, configuration details for any potential network interfaces and
     which services should be started up at system initial boot	time.  In new
     installations, the	rc.conf	file is	generally initialized by the system
     installation utility.

     The purpose of rc.conf is not to run commands or perform system startup
     actions directly.	Instead, it is included	by the various generic startup
     scripts in	/etc which conditionalize their	internal actions according to
     the settings found	there.

     The /etc/rc.conf file is included from the	file /etc/defaults/rc.conf,
     which specifies the default settings for all the available	options.
     Options need only be specified in /etc/rc.conf when the system adminis-
     trator wishes to override these defaults.	The file /etc/rc.conf.local is
     used to override settings in /etc/rc.conf for historical reasons.

     In	addition to /etc/rc.conf.local you can also place smaller configura-
     tion files	for each rc(8) script in the /etc/rc.conf.d directory or
     <dir>/rc.conf.d directories specified in local_startup, which will	be
     included by the load_rc_config function.  For jail	configurations you
     could use the file	/etc/rc.conf.d/jail to store jail specific configura-
     tion options.  If local_startup contains /usr/local/etc/rc.d and
     /opt/conf,	/usr/local/rc.conf.d/jail and /opt/conf/rc.conf.d/jail will be
     loaded.  If <dir>/rc.conf.d/<name>	is a directory,	all of files in	the
     directory will be loaded.	Also see the rc_conf_files variable below.

     Options are set with ``name=value'' assignments that use sh(1) syntax.
     The following list	provides a name	and short description for each vari-
     able that can be set in the rc.conf file:

     rc_debug	 (bool)	If set to ``YES'', enable output of debug messages
		 from rc scripts.  This	variable can be	helpful	in diagnosing
		 mistakes when editing or integrating new scripts.  Beware
		 that this produces copious output to the terminal and
		 syslog(3).

     rc_info	 (bool)	If set to ``NO'', disable informational	messages from
		 the rc	scripts.  Informational	messages are displayed when a
		 condition that	is not serious enough to warrant a warning or
		 an error occurs.

     rc_startmsgs
		 (bool)	If set to ``YES'', show	``Starting foo:'' when fast-
		 start is used (e.g., at boot time).

     early_late_divider
		 (str) The name	of the script that should be used as the
		 delimiter between the ``early'' and ``late'' stages of	the
		 boot process.	The early stage	should contain all the ser-
		 vices needed to get the disks (local or remote) mounted so
		 that the late stage can include scripts contained in the
		 directories listed in the local_startup variable (see below).
		 Thus, the two likely candidates for this value	are
		 mountcritlocal	for the	typical	system,	and mountcritremote if
		 the system needs remote file systems mounted to get access to
		 the local_startup directories;	for example when /usr/local is
		 NFS mounted.  For rc.conf within a jail(8) NETWORKING is
		 likely	to be an appropriate value.  Extreme care should be
		 taken when changing this value, and before changing it	one
		 should	ensure that there are adequate provisions to recover
		 from a	failed boot (such as physical contact with the
		 machine, or reliable remote console access).

     always_force_depends
		 (bool)	Various	rc.d scripts use the force_depend function to
		 check whether required	services are already running, and to
		 start them if necessary.  By default during boot time this
		 check is bypassed if the required service is enabled in
		 /etc/rc.conf[.local].	Setting	this option will bypass	that
		 check at boot time and	always test whether or not the service
		 is actually running.  Enabling	this option is likely to
		 increase your boot time if services are enabled that utilize
		 the force_depend check.

     <name>_chroot
		 (str) chroot to this directory	before running the service.

     <name>_user
		 (str) Run the service under this user account.

     <name>_group
		 (str) Run the chrooted	service	under this system group.
		 Unlike	the _user setting, this	setting	has no effect if the
		 service is not	chrooted.

     <name>_fib	 (int) The setfib(1) value to run the service under.

     <name>_nice
		 (int) The nice(1) value to run	the service under.

     apm_enable	 (bool)	If set to ``YES'', enable support for Automatic	Power
		 Management with the apm(8) command.

     apmd_enable
		 (bool)	Run apmd(8) to handle APM event	from userland.	This
		 also enables support for APM.

     apmd_flags	 (str) If apmd_enable is set to	``YES'', these are the flags
		 to pass to the	apmd(8)	daemon.

     devd_enable
		 (bool)	Run devd(8) to handle device added, removed or unknown
		 events	from the kernel.

     ddb_enable	 (bool)	Run ddb(8) to install ddb(4) scripts at	boot time.

     ddb_config	 (str) Configuration file for ddb(8).  Default /etc/ddb.conf.

     kld_list	 (str) A list of kernel	modules	to load	right after the	local
		 disks are mounted.  Loading modules at	this point in the boot
		 process is much faster	than doing it via /boot/loader.conf
		 for those modules not necessary for mounting local disk.

     kldxref_enable
		 (bool)	Set to ``NO'' by default.  Set to ``YES'' to automati-
		 cally rebuild linker.hints files with kldxref(8) at boot
		 time.

     kldxref_clobber
		 (bool)	Set to ``NO'' by default.  If kldxref_enable is	true,
		 setting to ``YES'' will overwrite existing linker.hints files
		 at boot time.	Otherwise, only	missing	linker.hints files are
		 generated.

     kldxref_module_path
		 (str) Empty by	default.  A semi-colon (`;') delimited list of
		 paths containing kld(4) modules.  If empty, the contents of
		 the kern.module_path sysctl(8)	are used.

     powerd_enable
		 (bool)	If set to ``YES'', enable the system power control
		 facility with the powerd(8) daemon.

     powerd_flags
		 (str) If powerd_enable	is set to ``YES'', these are the flags
		 to pass to the	powerd(8) daemon.

     tmpmfs	 Controls the creation of a /tmp memory	file system.  Always
		 happens if set	to ``YES'' and never happens if	set to ``NO''.
		 If set	to anything else, a memory file	system is created if
		 /tmp is not writable.

     tmpsize	 Controls the size of a	created	/tmp memory file system.

     tmpmfs_flags
		 Extra options passed to the mdmfs(8) utility when the memory
		 file system for /tmp is created.  The default is ``-S'',
		 which inhibits	the use	of softupdates on /tmp so that file
		 system	space is freed without delay after file	truncation or
		 deletion.  See	mdmfs(8) for other options you can use in
		 tmpmfs_flags.

     varmfs	 Controls the creation of a /var memory	file system.  Always
		 happens if set	to ``YES'' and never happens if	set to ``NO''.
		 If set	to anything else, a memory file	system is created if
		 /var is not writable.

     varsize	 Controls the size of a	created	/var memory file system.

     varmfs_flags
		 Extra options passed to the mdmfs(8) utility when the memory
		 file system for /var is created.  The default is ``-S'',
		 which inhibits	the use	of softupdates on /var so that file
		 system	space is freed without delay after file	truncation or
		 deletion.  See	mdmfs(8) for other options you can use in
		 varmfs_flags.

     populate_var
		 Controls the automatic	population of the /var file system.
		 Always	happens	if set to ``YES'' and never happens if set to
		 ``NO''.  If set to anything else, a memory file system	is
		 created if /var is not	writable.  Note	that this process
		 requires access to certain commands in	/usr before /usr is
		 mounted on normal systems.

     cleanvar_enable
		 (bool)	Clean the /var directory.

     local_startup
		 (str) List of directories to search for startup script	files.

     script_name_sep
		 (str) The field separator to use for breaking down the	list
		 of startup script files into individual filenames.  The
		 default is a space.  It is not	necessary to change this
		 unless	there are startup scripts with names containing	spa-
		 ces.

     hostapd_enable
		 (bool)	Set to ``YES'' to start	hostapd(8) at system boot
		 time.

     hostname	 (str) The fully qualified domain name (FQDN) of this host on
		 the network.  This should almost certainly be set to some-
		 thing meaningful, even	if there is no network connection.  If
		 dhclient(8) is	used to	set the	hostname via DHCP, this	vari-
		 able should be	set to an empty	string.	 If this value remains
		 unset when the	system is done booting your console login will
		 display the default hostname of ``Amnesiac''.

     nisdomainname
		 (str) The NIS domain name of this host, or ``NO'' if NIS is
		 not used.

     dhclient_program
		 (str) Path to the DHCP	client program (/sbin/dhclient,	the
		 OpenBSD DHCP client, is the default).

     dhclient_flags
		 (str) Additional flags	to pass	to the DHCP client program.
		 For the OpenBSD DHCP client, see the dhclient(8) manpage for
		 a description of the command line options available.

     dhclient_flags_<iface>
		 Additional flags to pass to the DHCP client program running
		 on iface only.	 When specified, this variable overrides
		 dhclient_flags.

     background_dhclient
		 (bool)	Set to ``YES'' to start	the DHCP client	in background.
		 This can cause	trouble	with applications depending on a work-
		 ing network, but it will provide a faster startup in many
		 cases.

     background_dhclient_<iface>
		 When specified, this variable overrides the
		 background_dhclient variable for interface iface only.

     synchronous_dhclient
		 (bool)	Set to ``YES'' to start	dhclient(8) synchronously at
		 startup.  This	behavior can be	overridden on a	per-interface
		 basis by replacing the	``DHCP'' keyword in the
		 ifconfig_<interface> variable with ``SYNCDHCP'' or
		 ``NOSYNCDHCP''.

     defaultroute_delay
		 (int) When set	to a positive value, wait up to	this long
		 after configuring DHCP	interfaces at startup to give the
		 interfaces time to receive a lease.

     firewall_enable
		 (bool)	Set to ``YES'' to load firewall	rules at startup.  If
		 the kernel was	not built with options IPFIREWALL, the ipfw.ko
		 kernel	module will be loaded.	See also ipfilter_enable.

     firewall_script
		 (str) This variable specifies the full	path to	the firewall
		 script	to run.	 The default is	/etc/rc.firewall.

     firewall_type
		 (str) Names the firewall type from the	selection in
		 /etc/rc.firewall, or the file which contains the local	fire-
		 wall ruleset.	Valid selections from /etc/rc.firewall are:

		 open	 unrestricted IP access
		 closed	 all IP	services disabled, except via ``lo0''
		 client	 basic protection for a	workstation
		 simple	 basic protection for a	LAN.

		 If a filename is specified, the full path must	be given.

     firewall_quiet
		 (bool)	Set to ``YES'' to disable the display of firewall
		 rules on the console during boot.

     firewall_logging
		 (bool)	Set to ``YES'' to enable firewall event	logging.  This
		 is equivalent to the IPFIREWALL_VERBOSE kernel	option.

     firewall_logif
		 (bool)	Set to ``YES'' to create pseudo	interface ipfw0	for
		 logging.  For more details, see ipfw(8) manual	page.

     firewall_flags
		 (str) Flags passed to ipfw(8) if firewall_type	specifies a
		 filename.

     firewall_coscripts
		 (str) List of executables and/or rc scripts to	run after
		 firewall starts/stops.	 Default is empty.

     firewall_nat_enable
		 (bool)	The ipfw(8) equivalent of natd_enable.	Setting	this
		 to ``YES'' enables kernel NAT.	 firewall_enable must also be
		 set to	``YES''.

     firewall_nat_interface
		 (str) The ipfw(8) equivalent of natd_interface.  This is the
		 name of the public interface or IP address on which kernel
		 NAT should run.

     firewall_nat_flags
		 (str) Additional configuration	parameters for kernel NAT
		 should	be placed here.

     dummynet_enable
		 (bool)	Setting	this to	``YES''	will automatically load	the
		 dummynet(4) module if firewall_enable is also set to ``YES''.

     natd_program
		 (str) Path to natd(8).

     natd_enable
		 (bool)	Set to ``YES'' to enable natd(8).  firewall_enable
		 must also be set to ``YES'', and divert(4) sockets must be
		 enabled in the	kernel.	 If the	kernel was not built with
		 options IPDIVERT, the ipdivert.ko kernel module will be
		 loaded.

     natd_interface
		 (str) This is the name	of the public interface	on which
		 natd(8) should	run.  The interface may	be given as an inter-
		 face name or as an IP address.

     natd_flags	 (str) Additional natd(8) flags	should be placed here.	The -n
		 or -a flag is automatically added with	the above
		 natd_interface	as an argument.

     ipfilter_enable
		 (bool)	Set to ``NO'' by default.  Setting this	to ``YES''
		 enables ipf(8)	packet filtering.

		 Typical usage will require putting

		 ipfilter_enable="YES"
		 ipnat_enable="YES"
		 ipmon_enable="YES"
		 ipfs_enable="YES"

		 into /etc/rc.conf and editing /etc/ipf.rules and
		 /etc/ipnat.rules appropriately.

		 Note that ipfilter_enable and ipnat_enable can	be enabled
		 independently.	 ipmon_enable and ipfs_enable both require at
		 least one of ipfilter_enable and ipnat_enable to be enabled.

		 Having

		 options IPFILTER
		 options IPFILTER_LOG
		 options IPFILTER_DEFAULT_BLOCK

		 in the	kernel configuration file is a good idea, too.

     ipfilter_program
		 (str) Path to ipf(8) (default /sbin/ipf).

     ipfilter_rules
		 (str) Set to /etc/ipf.rules by	default.  This variable	con-
		 tains the name	of the filter rule definition file.  The file
		 is expected to	be readable for	the ipf(8) command to execute.

     ipv6_ipfilter_rules
		 (str) Set to /etc/ipf6.rules by default.  This	variable con-
		 tains the IPv6	filter rule definition file.  The file is
		 expected to be	readable for the ipf(8)	command	to execute.

     ipfilter_flags
		 (str) Empty by	default.  This variable	contains flags passed
		 to the	ipf(8) program.

     ipnat_enable
		 (bool)	Set to ``NO'' by default.  Set it to ``YES'' to	enable
		 ipnat(8) network address translation.	See ipfilter_enable
		 for a detailed	discussion.

     ipnat_program
		 (str) Path to ipnat(8)	(default /sbin/ipnat).

     ipnat_rules
		 (str) Set to /etc/ipnat.rules by default.  This variable con-
		 tains the name	of the file holding the	network	address	trans-
		 lation	definition.  This file is expected to be readable for
		 the ipnat(8) command to execute.

     ipnat_flags
		 (str) Empty by	default.  This variable	contains flags passed
		 to the	ipnat(8) program.

     ipmon_enable
		 (bool)	Set to ``NO'' by default.  Set it to ``YES'' to	enable
		 ipmon(8) monitoring (logging ipf(8) and ipnat(8) events).
		 Setting this variable needs setting ipfilter_enable or
		 ipnat_enable too.  See	ipfilter_enable	for a detailed discus-
		 sion.

     ipmon_program
		 (str) Path to ipmon(8)	(default /sbin/ipmon).

     ipmon_flags
		 (str) Set to ``-Ds'' by default.  This	variable contains
		 flags passed to the ipmon(8) program.	Another	typical	exam-
		 ple would be ``-D /var/log/ipflog'' to	have ipmon(8) log
		 directly to a file bypassing syslogd(8).  Make	sure to	adjust
		 /etc/newsyslog.conf in	such case like this:

		 /var/log/ipflog  640  10  100	*  Z  /var/run/ipmon.pid

     ipfs_enable
		 (bool)	Set to ``NO'' by default.  Set it to ``YES'' to	enable
		 ipfs(8) saving	the filter and NAT state tables	during shut-
		 down and reloading them during	startup	again.	Setting	this
		 variable needs	setting	ipfilter_enable	or ipnat_enable	to
		 ``YES'' too.  See ipfilter_enable for a detailed discussion.
		 Note that if kern_securelevel is set to 3, ipfs_enable	cannot
		 be used because the raised securelevel	will prevent ipfs(8)
		 from saving the state tables at shutdown time.

     ipfs_program
		 (str) Path to ipfs(8) (default	/sbin/ipfs).

     ipfs_flags	 (str) Empty by	default.  This variable	contains flags passed
		 to the	ipfs(8)	program.

     pf_enable	 (bool)	Set to ``NO'' by default.  Setting this	to ``YES''
		 enables pf(4) packet filtering.

		 Typical usage will require putting

		       pf_enable="YES"

		 into /etc/rc.conf and editing /etc/pf.conf appropriately.
		 Adding

		       device pf

		 builds	support	for pf(4) into the kernel, otherwise the ker-
		 nel module will be loaded.

     pf_rules	 (str) Path to pf(4) ruleset configuration file	(default
		 /etc/pf.conf).

     pf_program	 (str) Path to pfctl(8)	(default /sbin/pfctl).

     pf_flags	 (str) If pf_enable is set to ``YES'', these flags are passed
		 to the	pfctl(8) program when loading the ruleset.

     pflog_enable
		 (bool)	Set to ``NO'' by default.  Setting this	to ``YES''
		 enables pflogd(8) which logs packets from the pf(4) packet
		 filter.

     pflog_logfile
		 (str) If pflog_enable is set to ``YES'' this controls where
		 pflogd(8) stores the logfile (default /var/log/pflog).	 Check
		 /etc/newsyslog.conf to	adjust logfile rotation	for this.

     pflog_program
		 (str) Path to pflogd(8) (default /sbin/pflogd).

     pflog_flags
		 (str) Empty by	default.  This variable	contains additional
		 flags passed to the pflogd(8) program.

     pflog_instances
		 (str) If logging to more than one pflog(4) interface is
		 desired, pflog_instances is set to the	list of	pflogd(8)
		 instances that	should be started at system boot time. If
		 pflog_instances is set, for each whitespace-seperated element
		 in the	list, <element>_dev and	<element>_logfile elements are
		 assumed to exist.  <element>_dev must contain the pflog(4)
		 interface to be watched by the	named pflogd(8)	instance.
		 <element>_logfile must	contain	the name of the	logfile	that
		 will be used by the pflogd(8) instance.

     ftpproxy_enable
		 (bool)	Set to ``NO'' by default.  Setting this	to ``YES''
		 enables ftp-proxy(8) which supports the pf(4) packet filter
		 in translating	ftp connections.

     ftpproxy_flags
		 (str) Empty by	default.  This variable	contains additional
		 flags passed to the ftp-proxy(8) program.

     ftpproxy_instances
		 (str) Empty by	default. If multiple instances of ftp-proxy(8)
		 are desired at	boot time, ftpproxy_instances should contain a
		 whitespace-seperated list of instance names. For each element
		 in the	list, a	variable named <element>_flags should be
		 defined, containing the command-line flags to be passed to
		 the ftp-proxy(8) instance.

     pfsync_enable
		 (bool)	Set to ``NO'' by default.  Setting this	to ``YES''
		 enables exposing pf(4)	state changes to other hosts over the
		 network by means of pfsync(4).	 The pfsync_syncdev variable
		 must also be set then.

     pfsync_syncdev
		 (str) Empty by	default.  This variable	specifies the name of
		 the network interface pfsync(4) should	operate	through.  It
		 must be set accordingly if pfsync_enable is set to ``YES''.

     pfsync_syncpeer
		 (str) Empty by	default.  This variable	is optional.  By
		 default, state	change messages	are sent out on	the synchroni-
		 sation	interface using	IP multicast packets.  The protocol is
		 IP protocol 240, PFSYNC, and the multicast group used is
		 224.0.0.240.  When a peer address is specified	using the
		 pfsync_syncpeer option, the peer address is used as a desti-
		 nation	for the	pfsync traffic,	and the	traffic	can then be
		 protected using ipsec(4).  See	the pfsync(4) manpage for more
		 details about using ipsec(4) with pfsync(4) interfaces.

     pfsync_ifconfig
		 (str) Empty by	default.  This variable	can contain additional
		 options to be passed to the ifconfig(8) command used to set
		 up pfsync(4).

     tcp_extensions
		 (bool)	Set to ``YES'' by default.  Setting this to ``NO''
		 disables certain TCP options as described by RFC 1323.	 Set-
		 ting this to ``NO'' might help	remedy such problems with con-
		 nections as randomly hanging or other weird behavior.	Some
		 network devices are known to be broken	with respect to	these
		 options.

     log_in_vain
		 (int) Set to 0	by default.  The sysctl(8) variables,
		 net.inet.tcp.log_in_vain and net.inet.udp.log_in_vain,	as
		 described in tcp(4) and udp(4), are set to the	given value.

     tcp_keepalive
		 (bool)	Set to ``YES'' by default.  Setting to ``NO'' will
		 disable probing idle TCP connections to verify	that the peer
		 is still up and reachable.

     tcp_drop_synfin
		 (bool)	Set to ``NO'' by default.  Setting to ``YES'' will
		 cause the kernel to ignore TCP	frames that have both the SYN
		 and FIN flags set.  This prevents OS fingerprinting, but may
		 break some legitimate applications.

     icmp_drop_redirect
		 (bool)	Set to ``NO'' by default.  Setting to ``YES'' will
		 cause the kernel to ignore ICMP REDIRECT packets.  Refer to
		 icmp(4) for more information.

     icmp_log_redirect
		 (bool)	Set to ``NO'' by default.  Setting to ``YES'' will
		 cause the kernel to log ICMP REDIRECT packets.	 Note that the
		 log messages are not rate-limited, so this option should only
		 be used for troubleshooting networks.	Refer to icmp(4) for
		 more information.

     icmp_bmcastecho
		 (bool)	Set to ``YES'' to respond to broadcast or multicast
		 ICMP ping packets.  Refer to icmp(4) for more information.

     ip_portrange_first
		 (int) If not set to ``NO'', this is the first port in the
		 default portrange.  Refer to ip(4) for	more information.

     ip_portrange_last
		 (int) If not set to ``NO'', this is the last port in the
		 default portrange.  Refer to ip(4) for	more information.

     network_interfaces
		 (str) Set to the list of network interfaces to	configure on
		 this host or ``AUTO'' (the default) for all current inter-
		 faces.	 Setting the network_interfaces	variable to anything
		 other than the	default	is deprecated.	Interfaces that	the
		 administrator wishes to store configuration for, but not
		 start at boot should be configured with the ``NOAUTO''	key-
		 word in their ifconfig_<interface> variables as described
		 below.

		 An ifconfig_<interface> variable is also assumed to exist for
		 each value of interface.  When	an interface name contains any
		 of the	characters ``.-/+'' they are translated	to ``_''
		 before	lookup.	 The variable can contain arguments to
		 ifconfig(8), as well as special case-insensitive keywords
		 described below.  Such	keywords are removed before passing
		 the value to ifconfig(8) while	the order of the other argu-
		 ments is preserved.

		 It is possible	to add IP alias	entries	using ifconfig(8) syn-
		 tax with the address family keyword such as inet.  Assuming
		 that the interface in question	was ed0, it might look some-
		 thing like this:

		 ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
		 ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"

		 It also possible to configure multiple	IP addresses in	Class-
		 less Inter-Domain Routing (CIDR) address notation, whose each
		 address component can be a range like inet 192.0.2.5-23/24 or
		 inet6 2001:db8:1-f::1/64.  This notation allows address and
		 prefix	length part only, not the other	address	modifiers.
		 Note that the maximum number of the generated addresses from
		 a range specification is limited to an	integer	value speci-
		 fied in netif_ipexpand_max in rc.conf(5) because a small typo
		 can unexpectedly generate a large number of addresses.	 The
		 default value is 2048.	 It can	be increased by	adding the
		 following line	into rc.conf(5):

		 netif_ipexpand_max="4096"

		 In the	case of	192.0.2.5-23/24, the address 192.0.2.5 will be
		 configured with the netmask /24 and the addresses 192.0.2.6
		 to 192.0.2.23 with the	non-conflicting	netmask	/32 as
		 explained in the ifconfig(8) alias section.  Note that	this
		 special netmask handling is only for inet, not	for the	other
		 address families such as inet6.

		 With the interface in question	being ed0, an example could
		 look like:

		 ifconfig_ed0_alias2="inet 192.0.2.129/27"
		 ifconfig_ed0_alias3="inet 192.0.2.1-5/28"

		 and so	on.

		 Note that ipv4_addrs_<interface> variable was supported for
		 IPv4 CIDR address notation.  It is now	deprecated because the
		 functionality was integrated into
		 ifconfig_<interface>_alias<n> though ipv4_addrs_<interface>
		 is still supported for	backward compatibility.

		 For each ifconfig_<interface>_alias<n>	entry with an address
		 family	keyword, its contents are passed to ifconfig(8).  Exe-
		 cution	stops at the first unsuccessful	access,	so if some-
		 thing like this is present:

		 ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
		 ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
		 ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
		 ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"

		 Then note that	alias4 would not be added since	the search
		 would stop with the missing ``alias3''	entry.	Because	of
		 this difficult	to manage behavior, there is
		 ifconfig_<interface>_aliases variable,	which has the same
		 functionality as ifconfig_<interface>_alias<n>	and can	have
		 all of	entries	in a variable like the following:

		 ifconfig_ed0_aliases="\
			 inet 127.0.0.251 netmask 0xffffffff \
			 inet 127.0.0.252 netmask 0xffffffff \
			 inet 127.0.0.253 netmask 0xffffffff \
			 inet 127.0.0.254 netmask 0xffffffff"

		 It also supports CIDR notation.

		 If the	/etc/start_if.<interface> file is present, it is read
		 and executed by the sh(1) interpreter before configuring the
		 interface as specified	in the ifconfig_<interface> and
		 ifconfig_<interface>_alias<n> variables.

		 If a vlans_<interface>	variable is set, a vlan(4) interface
		 will be created for each item in the list with	the vlandev
		 argument set to interface.  If	a vlan interface's name	is a
		 number, then that number is used as the vlan tag and the new
		 vlan interface	is named interface.tag.	 Otherwise, the	vlan
		 tag must be specified via a vlan parameter in the
		 create_args_<interface> variable.

		 To create a vlan device named em0.101 on em0 with the vlan
		 tag 101 and the optional the IPv4 address 192.0.2.1/24:

		 vlans_em0="101"
		 ifconfig_em0_101="inet	192.0.2.1/24"

		 To create a vlan device named myvlan on em0 with the vlan tag
		 102:

		 vlans_em0="myvlan"
		 create_args_myvlan="vlan 102"

		 If a wlans_<interface>	variable is set, an wlan(4) interface
		 will be created for each item in the list with	the wlandev
		 argument set to interface.  Further wlan cloning arguments
		 may be	passed to the ifconfig(8) create command by setting
		 the create_args_<interface> variable.	One or more wlan(4)
		 devices must be created for each wireless devices as of
		 FreeBSD 8.0.  Debugging flags for wlan(4) devices as set by
		 wlandebug(8) may be specified with an wlandebug_<interface>
		 variable.  The	contents of this variable will be passed
		 directly to wlandebug(8).

		 If the	ifconfig_<interface> contains the keyword ``NOAUTO''
		 then the interface will not be	configured at boot or by
		 /etc/pccard_ether when	network_interfaces is set to ``AUTO''.

		 It is possible	to bring up an interface with DHCP by adding
		 ``DHCP'' to the ifconfig_<interface> variable.	 For instance,
		 to initialize the ed0 device via DHCP,	it is possible to use
		 something like:

		 ifconfig_ed0="DHCP"

		 If you	want to	configure your wireless	interface with
		 wpa_supplicant(8) for use with	WPA, EAP/LEAP or WEP, you need
		 to add	``WPA''	to the ifconfig_<interface> variable.

		 On the	other hand, if you want	to configure your wireless
		 interface with	hostapd(8), you	need to	add ``HOSTAP'' to the
		 ifconfig_<interface> variable.	 hostapd(8) will use the set-
		 tings from /etc/hostapd-<interface>.conf

		 Finally, you can add ifconfig(8) options in this variable, in
		 addition to the /etc/start_if.<interface> file.  For
		 instance, to configure	an ath(4) wireless device in station
		 mode with an address obtained via DHCP, using WPA authentica-
		 tion and 802.11b mode,	it is possible to use something	like:

		 wlans_ath0="wlan0"
		 ifconfig_wlan0="DHCP WPA mode 11b"

		 In addition to	the ifconfig_<interface> form, a fallback
		 variable ifconfig_DEFAULT may be configured.  It will be used
		 for all interfaces with no ifconfig_<interface> variable.
		 This is intended to replace the no longer supported
		 pccard_ifconfig variable.

		 It is also possible to	rename an interface by doing:

		 ifconfig_ed0_name="net0"
		 ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"

     ipv6_enable
		 (bool)	This variable is deprecated.  Use
		 ifconfig_<interface>_ipv6 and ipv6_activate_all_interfaces if
		 necessary.

		 If the	variable is ``YES'', ``inet6 accept_rtadv'' is added
		 to all	of ifconfig_<interface>_ipv6 and the
		 ipv6_activate_all_interfaces is defined as ``YES''.

     ipv6_prefer
		 (bool)	This variable is deprecated.  Use ip6addrctl_policy
		 instead.

		 If the	variable is ``YES'', the default address selection
		 policy	table set by ip6addrctl(8) will	be IPv6-preferred.

		 If the	variable is ``NO'', the	default	address	selection pol-
		 icy table set by ip6addrctl(8)	will be	IPv4-preferred.

     ipv6_activate_all_interfaces
		 (bool)	This controls initial configuration on IPv6-capable
		 interfaces with no corresponding ifconfig_<interface>_ipv6
		 variable.  Note that it is not	always necessary to set	this
		 variable to ``YES'' to	use IPv6 functionality on FreeBSD.  In
		 most cases, just configuring ifconfig_<interface>_ipv6	vari-
		 ables works.

		 If the	variable is ``NO'', all	interfaces which do not	have a
		 corresponding ifconfig_<interface>_ipv6 variable will be
		 marked	as ``IFDISABLED'' at creation.	This means that	all of
		 IPv6 functionality on that interface is completely disabled
		 to enforce a security policy.	If the variable	is set to
		 ``YES'', the flag will	be cleared on all of the interfaces.

		 In most cases,	just defining an ifconfig_<interface>_ipv6 for
		 an IPv6-capable interface should be sufficient.  However, if
		 an interface is added dynamically (by some tunneling
		 protocols such	as PPP,	for example), it is often difficult to
		 define	the variable in	advance.  In such a case, configuring
		 the ``IFDISABLED'' flag can be	disabled by setting this vari-
		 able to ``YES''.

		 For more details of the ``IFDISABLED''	flag and keywords
		 ``inet6 ifdisabled'', see ifconfig(8).

		 Default is ``NO''.

     ipv6_privacy
		 (bool)	If the variable	is ``YES'' privacy addresses will be
		 generated for each IPv6 interface as described	in RFC 4941.

     ipv6_network_interfaces
		 (str) This is the IPv6	equivalent of network_interfaces.
		 Normally manual configuration of this variable	is not needed.

     ipv6_cpe_wanif
		 (str) If the variable is set to an interface name, the
		 ifconfig(8) options ``inet6 -no_radr accept_rtadv'' will be
		 added to the specified	interface automatically	before evalu-
		 ating ifconfig_<interface>_ipv6, and two sysctl(8) variables
		 net.inet6.ip6.rfc6204w3 and net.inet6.ip6.no_radr will	be set
		 to 1.

		 This means the	specified interface will accept	ICMPv6 Router
		 Advertisement messages	on that	link and add the discovered
		 routers into the Default Router List.	While the other	inter-
		 faces can still accept	RA messages if the ``inet6
		 accept_rtadv''	option is specified, adding routes into	the
		 Default Router	List will be disabled by ``inet6 no_radr''
		 option	by default.  See ifconfig(8) for more details.

		 Note that ICMPv6 Router Advertisement messages	will be
		 accepted even when net.inet6.ip6.forwarding is	1 (packet
		 forwarding is enabled)	when net.inet6.ip6.rfc6204w3 is	set to
		 1.

		 Default is ``NO''.

     ifconfig_<interface>_ipv6
		 (str) IPv6 functionality on an	interface should be configured
		 by ifconfig_<interface>_ipv6, instead of setting ifconfig
		 parameters in ifconfig_<interface>.  If this variable is
		 empty,	all of IPv6 configurations on the specified interface
		 by other variables such as ipv6_prefix_<<