 @@ -1,545 +1,578 @@
 #!/bin/sh
+#
-# $NetBSD: network,v 1.71 2016/03/06 18:50:06 christos Exp $
+# $NetBSD: network,v 1.71.8.1 2020/04/23 13:43:42 martin Exp $
+#
 # PROVIDE: network
 # REQUIRE: ipfilter ipsec mountcritlocal root tty sysctl
 # BEFORE:  NETWORKING
 $_rc_subr_loaded . /etc/rc.subr
 name="network"
 start_cmd="network_start"
 stop_cmd="network_stop"
 nl='
 ' # a newline
 intmissing()
+{
 	local int="$1"
 	shift
 	for i; do
 		if [ "$int" = "$i" ]; then
 			return 1
 		fi
 	done
 	return 0
+}
 have_inet6()
+{
 	/sbin/ifconfig lo0 inet6 >/dev/null 2>&1
+}
 network_start()
+{
 	# set hostname, turn on network
+	#
 	echo "Starting network."
 	network_start_hostname
 	network_start_domainname
 	network_start_loopback
 	have_inet6 &&
 	network_start_ipv6_route
 	[ "$net_interfaces" != NO ] &&
 	network_start_interfaces
 	network_start_aliases
 	network_start_defaultroute
 	network_start_defaultroute6
 	have_inet6 &&
 	network_start_ipv6_autoconf
 	network_wait_dad
 	network_start_resolv
 	network_start_local
+}
 network_start_hostname()
+{
 	# If $hostname is set, use it for my Internet name,
 	# otherwise use /etc/myname
+	#
 	if [ -z "$hostname" ] && [ -f /etc/myname ]; then
 		hostname=$(kat /etc/myname)
 	fi
 	if [ -n "$hostname" ]; then
 		echo "Hostname: $hostname"
 		hostname $hostname
 	else
 		# Don't warn about it if we're going to run
 		# DHCP later, as we will probably get the
 		# hostname at that time.
+		#
 		if ! checkyesno dhclient && ! checkyesno dhcpcd && \
 			[ -z "$(hostname)" ]
 		then
 			warn "\$hostname not set."
 		fi
 	fi
+}
 network_start_domainname()
+{
 	# Check $domainname first, then /etc/defaultdomain,
 	# for NIS/YP domain name
+	#
 	if [ -z "$domainname" ] && [ -f /etc/defaultdomain ]; then
 		domainname=$(kat /etc/defaultdomain)
 	fi
 	if [ -n "$domainname" ]; then
 		echo "NIS domainname: $domainname"
 		domainname $domainname
 	fi
 	# Flush all routes just to make sure it is clean
 	if checkyesno flushroutes; then
 		/sbin/route -qn flush
 	fi
+}
 network_start_loopback()
+{
 	# Set the address for the first loopback interface, so that the
 	# auto-route from a newly configured interface's address to lo0
 	# works correctly.
+	#
 	# NOTE: obscure networking problems will occur if lo0 isn't configured.
+	#
 	/sbin/ifconfig lo0 inet 127.0.0.1
 	# According to RFC1122, 127.0.0.0/8 must not leave the node.
+	#
 	/sbin/route -q add -inet 127.0.0.0 -netmask 0xff000000 127.0.0.1 -reject
+}
 network_start_ipv6_route()
+{
 	# IPv6 routing setups, and host/router mode selection.
+	#
 	# We have IPv6 support in kernel.
 	# disallow link-local unicast dest without outgoing scope
 	# identifiers.
+	#
 	/sbin/route -q add -inet6 fe80:: -prefixlen 10 ::1 -reject
 	# disallow the use of the RFC3849 documentation address
+	#
 	/sbin/route -q add -inet6 2001:db8:: -prefixlen 32 ::1 -reject
 	# IPv6 site-local scoped address prefix (fec0::/10)
 	# has been deprecated by RFC3879.
+	#
 	if [ -n "$ip6sitelocal" ]; then
 		warn "\$ip6sitelocal is no longer valid"
 	fi
 	# disallow "internal" addresses to appear on the wire.
+	#
 	/sbin/route -q add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
 	# disallow packets to malicious IPv4 compatible prefix
+	#
 	/sbin/route -q add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject
 	/sbin/route -q add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject
 	/sbin/route -q add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject
 	/sbin/route -q add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject
 	# disallow packets to malicious 6to4 prefix
+	#
 	/sbin/route -q add -inet6 2002:e000:: -prefixlen 20 ::1 -reject
 	/sbin/route -q add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject
 	/sbin/route -q add -inet6 2002:0000:: -prefixlen 24 ::1 -reject
 	/sbin/route -q add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject
 	# Completely disallow packets to IPv4 compatible prefix.
 	# This may conflict with RFC1933 under following circumstances:
 	# (1) An IPv6-only KAME node tries to originate packets to IPv4
 	#     compatible destination.  The KAME node has no IPv4
 	#     compatible support.  Under RFC1933, it should transmit
 	#     native IPv6 packets toward IPv4 compatible destination,
 	#     hoping it would reach a router that forwards the packet
 	#     toward auto-tunnel interface.
 	# (2) An IPv6-only node originates a packet to IPv4 compatible
 	#     destination.  A KAME node is acting as an IPv6 router, and
 	#     asked to forward it.
 	# Due to rare use of IPv4 compatible address, and security
 	# issues with it, we disable it by default.
+	#
 	/sbin/route -q add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
 	/sbin/sysctl -qw net.inet6.ip6.forwarding=0
 	/sbin/sysctl -qw net.inet6.ip6.accept_rtadv=0
 	case $ip6mode in
 	router)
 		echo 'IPv6 mode: router'
 		/sbin/sysctl -qw net.inet6.ip6.forwarding=1
 		# disallow unique-local unicast forwarding without
 		# explicit configuration.
 		if ! checkyesno ip6uniquelocal; then
 			/sbin/route -q add -inet6 fc00:: -prefixlen 7 \
 			    ::1 -reject
 		fi
 		;;
 	autohost)
 		echo 'IPv6 mode: autoconfigured host'
 		/sbin/sysctl -qw net.inet6.ip6.accept_rtadv=1
 		;;
 	host)
 		echo 'IPv6 mode: host'
 		;;
 	*)	warn "invalid \$ip6mode value "\"$ip6mode\"
 		;;
 	esac
+}
 network_start_interfaces()
+{
 	# Configure all of the network interfaces listed in $net_interfaces;
 	# if $auto_ifconfig is YES, grab all interfaces from ifconfig.
 	# In the following, "xxN" stands in for interface names, like "le0".
+	#
 	# For any interfaces that has an $ifconfig_xxN variable
 	# associated, we break it into lines using ';' as a separator,
 	# then process it just like the contents of an /etc/ifconfig.xxN
 	# file.
+	#
 	# For each line from the $ifconfig_xxN variable or the
 	# /etc/ifconfig.xxN file, we ignore comments and blank lines,
 	# treat lines beginning with "!" as commands to execute, treat
 	# "dhcp" as a special case to invoke dhcpcd, and for any other
 	# line we run "ifconfig xxN", using each line of the file as the
 	# arguments for a separate "ifconfig" invocation.
+	#
 	# In order to configure an interface reasonably, you at the very least
 	# need to specify "[addr_family] [hostname]" (e.g "inet my.domain.org"),
 	# and probably a netmask (as in "netmask 0xffffffe0"). You will
 	# frequently need to specify a media type, as in "media UTP", for
 	# interface cards with multiple media connections that do not
 	# autoconfigure. See the ifconfig manual page for details.
+	#
 	# Note that /etc/ifconfig.xxN takes multiple lines.  The following
 	# configuration is possible:
 	#	inet 10.1.1.1 netmask 0xffffff00
 	#	inet 10.1.1.2 netmask 0xffffff00 alias
 	#	inet6 2001:db8::1 prefixlen 64 alias
+	#
 	# You can put shell script fragment into /etc/ifconfig.xxN by
 	# starting a line with "!".  Refer to ifconfig.if(5) for details.
+	#
 	ifaces="$(/sbin/ifconfig -l)"
 	if checkyesno auto_ifconfig; then
 		tmp="$ifaces"
 		for cloner in $(/sbin/ifconfig -C); do
 			for int in /etc/ifconfig.${cloner}[0-9]*; do
 				[ ! -f $int ] && break
 				tmp="$tmp ${int##*.}"
 			done
 		done
 	else
 		tmp="$net_interfaces"
 	fi
 	echo -n 'Configuring network interfaces:'
 	for int in $tmp; do
 		eval argslist=\$ifconfig_$int
 		# Skip interfaces that do not have explicit
 		# configuration information.  If auto_ifconfig is
 		# false then also warn about such interfaces.
+		#
 		if [ -z "$argslist" ] && ! [ -f /etc/ifconfig.$int ]
 		then
 			if ! checkyesno auto_ifconfig; then
 				echo
 				warn \
 		"/etc/ifconfig.$int missing and ifconfig_$int not set;"
 				warn "interface $int not configured."
 			fi
 			continue
 		fi
 		echo -n " $int"
 		# Create the interface if necessary.
 		# If the interface did not exist before,
 		# then also resync ipf(4).
+		#
 		if intmissing $int $ifaces; then
 			if /sbin/ifconfig $int create && \
 			   checkyesno ipfilter; then
 				/sbin/ipf -y >/dev/null
 			fi
 		fi
 		# If $ifconfig_xxN is empty, then use
 		# /etc/ifconfig.xxN, which we know exists due to
 		# an earlier test.
+		#
 		# If $ifconfig_xxN is non-empty and contains a
 		# newline, then just use it as is.  (This allows
 		# semicolons through unmolested.)
+		#
 		# If $ifconfig_xxN is non-empty and does not
 		# contain a newline, then convert all semicolons
 		# to newlines.
+		#
 		case "$argslist" in
 		'')
 			cat /etc/ifconfig.$int
 			;;
 		*"${nl}"*)
 			echo "$argslist"
 			;;
 		*)
+			(
 				set -o noglob
 				IFS=';'; set -- $argslist
 				#echo >&2 "[$#] [$1] [$2] [$3] [$4]"
 				IFS="$nl"; echo "$*"
+			)
 			;;
 		esac |
 		collapse_backslash_newline |
 		while read -r args; do
 			case "$args" in
 			''|"#"*|create)
 				;;
 			"!"*)
 				# Run arbitrary command in a subshell.
 				( eval "${args#*!}" )
 				;;
 			dhcp)
 				if ! checkyesno dhcpcd; then
 					/sbin/dhcpcd -n \
 						${dhcpcd_flags} $int
 				fi
 				;;
 			*)
 				# Pass args to ifconfig.  Note
 				# that args may contain embedded
 				# shell metacharacters, such as
 				# "ssid 'foo;*>bar'". We eval
 				# one more time so that things
 				# like ssid "Columbia University" work.
+				(
 					set -o noglob
 					eval set -- $args
 					#echo >&2 "[$#] [$1] [$2] [$3]"
 					/sbin/ifconfig $int "$@"
+				)
 				;;
 			esac
 		done
 		configured_interfaces="$configured_interfaces $int"
 	done
 	echo "."
+}
 network_start_aliases()
+{
 	echo -n "Adding interface aliases:"
 	# Check if each configured interface xxN has an $ifaliases_xxN variable
 	# associated, then configure additional IP addresses for that interface.
 	# The variable contains a list of "address netmask" pairs, with
 	# "netmask" set to "-" if the interface default netmask is to be used.
+	#
 	# Note that $ifaliases_xxN works only in certain cases and its
 	# use is not recommended.  Use /etc/ifconfig.xxN or multiple
 	# commands in $ifconfig_xxN instead.
+	#
 	for int in lo0 $configured_interfaces; do
 		eval args=\$ifaliases_$int
 		if [ -n "$args" ]; then
 			set -- $args
 			while [ $# -ge 2 ]; do
 				addr=$1 ; net=$2 ; shift 2
 				if [ "$net" = "-" ]; then
 					# for compatibility only, obsolete
 					/sbin/ifconfig $int inet alias $addr
 				else
 					/sbin/ifconfig $int inet alias $addr \
 					    netmask $net
 				fi
 				echo -n " $int:$addr"
 			done
 		fi
 	done
 	# /etc/ifaliases, if it exists, contains the names of additional IP
 	# addresses for each interface. It is formatted as a series of lines
 	# that contain
 	#	address interface netmask
+	#
 	# Note that /etc/ifaliases works only in certain cases and its
 	# use is not recommended.  Use /etc/ifconfig.xxN or multiple
 	# commands in $ifconfig_xxN instead.
+	#
 	if [ -f /etc/ifaliases ]; then
 		while read addr int net; do
 			if [ -z "$net" ]; then
 				# for compatibility only, obsolete
 				/sbin/ifconfig $int inet alias $addr
 			else
 				/sbin/ifconfig $int inet alias $addr netmask $net
 			fi
 		done < /etc/ifaliases
 	fi
 	echo "." # for "Adding interface aliases:"
+}
 network_start_defaultroute()
+{
 	# Check $defaultroute, then /etc/mygate, for the name or address
 	# of my IPv4 gateway host. If using a name, that name must be in
 	# /etc/hosts.
+	#
 	if [ -z "$defaultroute" ] && [ -f /etc/mygate ]; then
 		defaultroute=$(kat /etc/mygate)
 	fi
 	if [ -n "$defaultroute" ]; then
 		/sbin/route add default $defaultroute
 	fi
+}
 network_start_defaultroute6()
+{
 	# Check $defaultroute6, then /etc/mygate6, for the name or address
 	# of my IPv6 gateway host. If using a name, that name must be in
 	# /etc/hosts.  Note that the gateway host address must be a link-local
 	# address if it is not using an stf* interface.
+	#
 	if [ -z "$defaultroute6" ] && [ -f /etc/mygate6 ]; then
 		defaultroute6=$(kat /etc/mygate6)
 	fi
 	if [ -n "$defaultroute6" ]; then
 		if [ "$ip6mode" = "autohost" ]; then
 			echo
 			warn \
 	    "ip6mode is set to 'autohost' and a v6 default route is also set."
 		fi
 		/sbin/route add -inet6 default $defaultroute6
 	fi
+}
 network_start_ipv6_autoconf()
+{
 	# IPv6 interface autoconfiguration.
 	# dhcpcd will ensure DAD completes before forking
 	if checkyesnox rtsol && ! checkyesno dhcpcd; then
 		if [ "$ip6mode" = "autohost" ]; then
 			echo
 			warn "rtsol has been removed, " \
 			    "please configure dhcpcd in its place."
 		fi
 	fi
+}
 network_wait_dad()
+{
 	# Wait for the DAD flags to clear form all addresses.
 	if [ -n "$ifconfig_wait_dad_flags" ]; then
 		echo 'Waiting for DAD to complete for' \
 		    'statically configured addresses...'
 		ifconfig $ifconfig_wait_dad_flags
 	fi
+}
 network_start_resolv()
+{
 	resconf=
 	if [ -n "$dns_domain" ]; then
 		resconf="${resconf}domain $dns_domain$nl"
 	fi
 	if [ -n "$dns_search" ]; then
 		resconf="${resconf}search $dns_search$nl"
 	fi
 	for n in $dns_nameservers; do
 		resconf="${resconf}nameserver $n$nl"
 	done
 	if [ -n "$dns_sortlist" ]; then
 		resconf="${resconf}sortlist $dns_sortlist$nl"
 	fi
 	if [ -n "$dns_options" ]; then
 		resconf="${resconf}options $dns_options$nl"
 	fi
 	if [ -n "$resconf" ]; then
 		resconf="# Generated by /etc/rc.d/network$nl$resconf"
 		echo 'Configuring resolv.conf'
 		printf %s "$resconf" | resolvconf -m "${dns_metric:-0}" -a network
 	fi
+}
 network_start_local()
+{
 	# XXX this must die
 	if [ -s /etc/netstart.local ]; then
 		sh /etc/netstart.local start
 	fi
+}
 network_stop()
+{
 	echo "Stopping network."
 	network_stop_local
 	network_stop_resolv
 	network_stop_aliases
 	[ "$net_interfaces" != NO ] &&
 	network_stop_interfaces
 	network_stop_route
+}
 network_stop_local()
+{
 	# XXX this must die
 	if [ -s /etc/netstart.local ]; then
 		sh /etc/netstart.local stop
 	fi
+}
 network_stop_resolv()
+{
 	resolvconf -f -d network
+}
 network_stop_aliases()
+{
 	echo "Deleting aliases."
 	if [ -f /etc/ifaliases ]; then
 		while read addr int net; do
 			/sbin/ifconfig $int inet delete $addr
 		done < /etc/ifaliases
 	fi
 	for int in $(/sbin/ifconfig -lu); do
 		eval args=\$ifaliases_$int
 		if [ -n "$args" ]; then
 			set -- $args
 			while [ $# -ge 2 ]; do
 				addr=$1 ; net=$2 ; shift 2
 				/sbin/ifconfig $int inet delete $addr
 			done
 		fi
 	done
+}
 network_stop_interfaces()
+{
 	# down interfaces
+	#
 	echo -n 'Downing network interfaces:'
 	if checkyesno auto_ifconfig; then
 		tmp=$(/sbin/ifconfig -l)
 	else
 		tmp="$net_interfaces"
 	fi
 	for int in $tmp; do
 		eval args=\$ifconfig_$int
 		if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then
 			echo -n " $int"
 			if [ -f /var/run/dhcpcd-$int.pid ]; then
 				/sbin/dhcpcd -k $int 2> /dev/null
 			fi
 			/sbin/ifconfig $int down
 			if /sbin/ifconfig $int destroy 2>/dev/null && \
 			   checkyesno ipfilter; then
 				# resync ipf(4)
 				/sbin/ipf -y >/dev/null
 			fi
 		fi
 	done
 	echo "."
+}
 network_stop_route()
+{
 	# flush routes
+	#
 	/sbin/route -qn flush
+}
 load_rc_config $name
 load_rc_config_var dhclient dhclient
 load_rc_config_var dhcpcd dhcpcd
 load_rc_config_var ipfilter ipfilter
 run_rc_command "$1"

 @@ -1,1250 +1,1274 @@
-.\"	$NetBSD: rc.conf.5,v 1.166.6.1 2019/05/14 11:33:43 martin Exp $
+.\"	$NetBSD: rc.conf.5,v 1.166.6.2 2020/04/23 13:43:42 martin Exp $
 .\"
 .\" Copyright (c) 1996 Matthew R. Green
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 .\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
 .\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 .\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
 .\" Copyright (c) 1997 Curt J. Sampson
 .\" Copyright (c) 1997 Michael W. Long
 .\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This document is derived from works contributed to The NetBSD Foundation
 .\" by Luke Mewburn.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\" 3. The name of the author may not be used to endorse or promote products
 .\"    derived from this software without specific prior written permission.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 .\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
 .\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 .\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd May 14, 2019
+.Dd April 23, 2020
 .Dt RC.CONF 5
 .Os
 .Sh NAME
 .Nm rc.conf
 .Nd system startup configuration file
 .Sh DESCRIPTION
 The
 .Nm
 file specifies which services are enabled during system startup by
 the startup scripts invoked by
 .Pa /etc/rc
 (see
 .Xr rc 8 ) ,
 and the shutdown scripts invoked by
 .Pa /etc/rc.shutdown .
 The
 .Nm
 file is a shell script that is sourced by
 .Xr rc 8 ,
 meaning that
 .Nm
 must contain valid shell commands.
 .Pp
 Listed below are the standard
 .Nm
 variables that may be set, the values to which each may be set,
 a brief description of what each variable does, and a reference to
 relevant manual pages.
 Third party packages may test for additional variables.
 .Pp
 By default,
 .Nm
 reads
 .Pa /etc/defaults/rc.conf
 (if it is readable)
 to obtain default values for various variables, and the end-user
 may override these by appending appropriate entries to the end of
 .Nm .
 .Pp
 .Xr rc.d 8
 scripts that use
 .Ic load_rc_config
 from
 .Xr rc.subr 8
 also support sourcing an optional end-user provided per-script override
 file
 .Pa /etc/rc.conf.d/ Ns Ar service ,
 (where
 .Ar service
 is the contents of the
 .Sy name
 variable in the
 .Xr rc.d 8
 script).
 This may contain variable overrides, including allowing the end-user
 to override various
 .Ic run_rc_command
 .Xr rc.d 8
 control variables, and thus changing the operation of the script
 without requiring editing of the script.
 .Ss Variable naming conventions and data types
 Most variables are one of two types: enabling variables or flags
 variables.
 Enabling variables, such as
 .Sy inetd ,
 are generally named after the program or the system they enable,
 and have boolean values (specified using
 .Sq Ic YES ,
 .Sq Ic TRUE ,
 .Sq Ic ON
 or
 .Sq Ic 1
 for true, and
 .Sq Ic NO ,
 .Sq Ic FALSE ,
 .Sq Ic OFF
 or
 .Sq Ic 0
 for false, with the values being case insensitive).
 Flags variables, such as
 .Sy inetd_flags
 have the same name with "_flags" appended, and determine what
 arguments are passed to the program if it is enabled.
 .Pp
 If a variable that
 .Xr rc 8
 expects to be set is not set, or the value is not one of the allowed
 values, a warning will be printed.
 .Ss Overall control
 .Bl -tag -width net_interfaces
 .It Sy do_rcshutdown
 Boolean value.
 If false,
 .Xr shutdown 8
 will not run
 .Pa /etc/rc.shutdown .
 .It Sy rcshutdown_rcorder_flags
 A string.
 Extra arguments to the
 .Xr rcorder 8
 run by
 .Pa /etc/rc.shutdown .
 .It Sy rcshutdown_timeout
 A number.
 If non-blank, use this as the number of seconds to run a watchdog timer for
 which will terminate
 .Pa /etc/rc.shutdown
 if the timer expires before the shutdown script completes.
 .It Sy rc_configured
 Boolean value.
 If false then the system will drop into single-user mode during boot.
 .It Sy rc_fast_and_loose
 If set to a non-empty string,
 each script in
 .Pa /etc/rc.d
 will be executed in the current shell rather than a sub shell.
 This may be faster on slow machines that have an expensive
 .Xr fork 2
 operation.
 .Bl -hang
 .It Em Note :
 Use this at your own risk!
 A rogue command or script may inadvertently prevent boot to multiuser.
 .El
 .It Sy rc_rcorder_flags
 A string.
 Extra arguments to the
 .Xr rcorder 8
 run by
 .Pa /etc/rc .
 .It Sy rc_directories
 A string.
 Space separated list of directories searched for rc scripts.
 The default is
 .Pa /etc/rc.d .
 All directories in
 .Ev rc_directories
 must be located in the root file system, otherwise they will be silently
 skipped.
 .It Sy rc_silent
 Boolean value.
 If true then the usual output is suppressed, and
 .Xr rc 8
 invokes the command specified in the
 .Va rc_silent_cmd
 variable once for each line of suppressed output.
 The default value of
 .Va rc_silent
 is set from the
 .Dv AB_SILENT
 flag in the kernel's
 .Va boothowto
 variable (see
 .Xr boot 8 ,
 .Xr reboot 2 ) .
 .It Sy rc_silent_cmd
 A command to be executed once per line of suppressed output, when
 .Va rc_silent
 is true.
 The default value of
 .Va rc_silent_cmd
 is
 .Dq twiddle ,
 which will display a spinning symbol instead of each line of output.
 Another useful value is
 .Dq \&: ,
 which will display nothing at all.
 .El
 .Ss Basic network configuration
 .Bl -tag -width net_interfaces
 .It Sy defaultroute
 A string.
 Default IPv4 network route.
 If empty or not set, then the contents of
 .Pa /etc/mygate
 (if it exists) are used.
 .It Sy defaultroute6
 A string.
 Default IPv6 network route.
 If empty or not set, then the contents of
 .Pa /etc/mygate6
 (if it exists) are used.
 .It Sy domainname
 A string.
 .Tn NIS
 (YP) domain of host.
 If empty or not set, then the contents of
 .Pa /etc/defaultdomain
 (if it exists) are used.
 .It Sy force_down_interfaces
 A space separated list of interface names.
 These interfaces will be configured down when going from multiuser to single-user
 mode or on system shutdown.
 .It Sy dns_domain
 A string.
 Sets domain in
 .Pa /etc/resolv.conf .
 .It Sy dns_search
 A string.
 Sets search in
 .Pa /etc/resolv.conf .
 .It Sy dns_nameservers
 A string of space seperated domain name servers.
 Sets nameserver for each value in
 .Pa /etc/resolv.conf .
 .It Sy dns_sortlist
 A string.
 Sets sortlist in
 .Pa /etc/resolv.conf .
 .It Sy dns_options
 A string.
 Sets options in
 .Pa /etc/resolv.conf .
 .It Sy dns_metric
 An unsigned integer.
 Sets the priority of the above DNS to other sources, lowest wins.
 Defaults to 0.
 .Pp
 This is important for some stateful interfaces, for example PPP over ISDN
 connections that cost money by connection time or PPPoE interfaces which
 have no direct means of noticing
 .Dq disconnect
 events.
 .Pp
 All active
 .Xr pppoe 4
 and
 .Xr ippp 4
 interfaces will be automatically added to this list.
 .It Sy hostname
 A string.
 Name of host.
 If empty or not set, then the contents of
 .Pa /etc/myname
 (if it exists) are used.
 .El
 .Ss Boottime file-system and swap configuration
 .Bl -tag -width net_interfaces
 .It Sy critical_filesystems_local
 A string.
 File systems mounted very early in the system boot before networking
 services are available.
 Usually
 .Pa /var
 is part of this, because it is needed by services such as
 .Xr dhcpcd 8
 which may be required to get the network operational.
 The default is
 .Dq "OPTIONAL:/var" ,
 where the
 .Dq "OPTIONAL:"
 prefix means that it's not an error if the file system is not
 present in
 .Xr fstab 5 .
 .It Sy critical_filesystems_remote
 A string.
 File systems such as
 .Pa /usr
 that may require network services to be available to mount,
 that must be available early in the system boot for general services to use.
 The default is
 .Dq "OPTIONAL:/usr" ,
 where the
 .Dq "OPTIONAL:"
 prefix means that it is not an error if the file system is not
 present in
 .Xr fstab 5 .
 .It Sy fsck_flags
 A string.
 A file system is checked with
 .Xr fsck 8
 during boot before mounting it.
 This option may be used to override the default command-line options
 passed to the
 .Xr fsck 8
 program.
 .Pp
 When set to
 .Fl y ,
 .Xr fsck 8
 assumes yes as the answer to all operator questions during file system checks.
 This might be important with hosts where the administrator does not have
 access to the console and an unsuccessful shutdown must not make the host
 unbootable even if the file system checks would fail in preen mode.
 .It Sy no_swap
 Boolean value.
 Should be true if you have deliberately configured your system with no swap.
 If false and no swap devices are configured, the system will warn you.
 .It Sy resize_root
 Boolean value.
 Set to true to have the system resize the root file system to fill its
 partition.
 Will only attempt to resize the root file system if it is of type ffs and does
 not have logging enabled.
 Defaults to false.
 .It Sy swapoff
 Boolean value.
 Remove block-type swap devices at shutdown time.
 Useful if swapping onto RAIDframe devices.
 .El
 .Ss Block device subsystems
 .Bl -tag -width net_interfaces
 .It Sy ccd
 Boolean value.
 Configures concatenated disk devices according to
 .Xr ccd.conf 5 .
 .It Sy cgd
 Boolean value.
 Configures cryptographic disk devices.
 Requires
 .Pa /etc/cgd/cgd.conf .
 See
 .Xr cgdconfig 8
 for additional details.
 .It Sy lvm
 Boolean value.
 Configures the logical volume manager.
 See
 .Xr lvm 8
 for additional details.
 .It Sy raidframe
 Boolean value.
 Configures
 .Xr raid 4 ,
 RAIDframe disk devices.
 See
 .Xr raidctl 8
 for additional details.
 .El
 .Ss One-time actions to perform or programs to run on boot-up
 .Bl -tag -width net_interfaces
 .It Sy accounting
 Boolean value.
 Enables process accounting with
 .Xr accton 8 .
 Requires
 .Pa /var/account/acct
 to exist.
 .It Sy clear_tmp
 Boolean value.
 Clear
 .Pa /tmp
 after reboot.
 .It Sy dmesg
 Boolean value.
 Create
 .Pa /var/run/dmesg.boot
 from the output of
 .Xr dmesg 8 .
 Passes
 .Sy dmesg_flags .
 .It Sy envsys
 Boolean value.
 Sets preferences for the environmental systems framework,
 .Xr envsys 4 .
 Requires
 .Pa /etc/envsys.conf ,
 which is described in
 .Xr envsys.conf 5 .
 .It Sy gpio
 Boolean value.
 Configure
 .Xr gpio 4
 devices.
 See
 .Xr gpio.conf 5 .
 .It Sy ldconfig
 Boolean value.
 Configures
 .Xr a.out 5
 runtime link editor directory cache.
 .It Sy mixerctl
 Boolean value.
 Read
 .Xr mixerctl.conf 5
 for how to set mixer values.
 List in
 .Sy mixerctl_mixers
 the devices whose settings are to be saved at shutdown and
 restored at start-up.
 .It Sy newsyslog
 Boolean value.
 Run
 .Nm newsyslog
 to trim log files before syslogd starts.
 Intended for laptop users.
 Passes
 .Sy newsyslog_flags .
 .It Sy per_user_tmp
 Boolean value.
 Enables a per-user
 .Pa /tmp
 directory.
 .Sy per_user_tmp_dir
 can be used to override the default location of the
 .Dq real
 temporary directories,
 .Dq Pa /private/tmp .
 See
 .Xr security 7
 for additional details.
 .It Sy quota
 Boolean value.
 Checks and enables quotas by running
 .Xr quotacheck 8
 and
 .Xr quotaon 8 .
 .It Sy random_seed
 Boolean value.
 During boot-up, runs the
 .Xr rndctl 8
 utility with the
 .Fl L
 flag to seed the random number subsystem from an entropy file.
 During shutdown, runs the
 .Xr rndctl 8
 utility with the
 .Fl S
 flag to save some random information to the entropy file.
 The entropy file name is specified by the
 .Sy random_file
 variable, and defaults to
 .Pa /var/db/entropy-file .
 The entropy file must be on a local file system that is writable early during
 boot-up (just after the file systems specified in
 .Sy critical_filesystems_local
 have been mounted), and correspondingly late during shutdown.
 .It Sy rndctl
 Boolean value.
 Runs the
 .Xr rndctl 8
 utility one or more times according to the specification in
 .Sy rndctl_flags .
 .Pp
 If
 .Sy rndctl_flags
 does not contain a semicolon
 .Pq Ql \&;
 then it is expected to contain zero or more flags,
 followed by one or more device or type names.
 The
 .Xr rndctl 8
 command will be executed once for each device or type name.
 If the specified flags do not include any of
 .Fl c , C , e ,
 or
 .Fl E ,
 then the flags
 .Fl c
 and
 .Fl e
 are added, to specify that entropy from the relevant device or type
 should be both collected and estimated.
 If the specified flags do not include either of
 .Fl d
 or
 .Fl t ,
 then the flag
 .Fl d
 is added, to specify that the non-flag arguments are device names,
 not type names.
 .Pp
 .Sy rndctl_flags
 may contain multiple semicolon-separated segments, in which each
 segment contains flags and device or type names as described above.
 This allows different flags to be associated with different
 device or type names.
 For example, given
 .Li rndctl_flags="wd0 wd1; -t tty; -c -t net" ,
 the following commands will be executed:
 .Li "rndctl -c -e -d wd0" ;
 .Li "rndctl -c -e -d wd1" ;
 .Li "rndctl -c -e -t tty" ;
 .Li "rndctl -c -t net" .
 .It Sy rtclocaltime
 Boolean value.
 Sets the real time clock to local time by adjusting the
 .Xr sysctl 7
 value of
 .Pa kern.rtc_offset .
 The offset from UTC is calculated automatically according
 to the time zone information in the file
 .Pa /etc/localtime .
 .It Sy savecore
 Boolean value.
 Runs the
 .Xr savecore 8
 utility.
 Passes
 .Sy savecore_flags .
 The directory where crash dumps are stored is specified by
 .Sy savecore_dir .
 The default setting is
 .Dq Pa /var/crash .
 .It Sy sysdb
 Boolean value.
 Builds various system databases, including
 .Pa /var/run/dev.cdb ,
 .Pa /etc/spwd.db ,
 .Pa /var/db/netgroup.db ,
 .Pa /var/db/services.cdb ,
 and entries for
 .Xr utmp 5 .
 .It Sy tpctl
 Boolean value.
 Run
 .Xr tpctl 8
 to calibrate touch panel device.
 Passes
 .Sy tpctl_flags .
 .It Sy update_motd
 Boolean value.
 Updates the
 .Nx
 version string in the
 .Pa /etc/motd
 file to reflect the version of the running kernel.
 See
 .Xr motd 5 .
 .It Sy virecover
 Boolean value.
 Send notification mail to users if any recoverable files exist in
 .Pa /var/tmp/vi.recover .
 Read
 .Xr virecover 8
 for more information.
 .It Sy wdogctl
 Boolean value.
 Configures watchdog timers.
 Passes
 .Sy wdogctl_flags .
 Refer to
 .Xr wdogctl 8
 for information on how to configure a timer.
 .El
 .Ss System security settings
 .Bl -tag -width net_interfaces
 .It Sy securelevel
 A number.
 The system securelevel is set to the specified value early
 in the boot process, before any external logins, or other programs
 that run users job, are started.
 If set to nothing, the default action is taken, as described in
 .Xr init 8
 and
 .Xr secmodel_securelevel 9 ,
 which contains definitive information about the system securelevel.
 Note that setting
 .Sy securelevel
 to 0 in
 .Nm
 will actually result in the system booting with securelevel set to 1, as
 .Xr init 8
 will raise the level when
 .Xr rc 8
 completes.
 .It Sy permit_nonalpha
 Boolean value.
 Allow passwords to include non-alpha characters, usually to allow
 NIS/YP netgroups.
 .It Sy veriexec
 Boolean value.
 Load Veriexec fingerprints during startup.
 Read
 .Xr veriexecctl 8
 for more information.
 .It Sy veriexec_strict
 A number.
 Controls the strict level of Veriexec.
 Level 0 is learning mode, used when building the signatures file.
 It will only output messages but will not enforce anything.
 Level 1 will only prevent access to files with a fingerprint
 mismatch.
 Level 2 will also deny writing to and removing of
 monitored files, as well as enforce access type (as specified in
 the signatures file).
 Level 3 will take a step further and prevent
 access to files that are not monitored.
 .It Sy veriexec_verbose
 A number.
 Controls the verbosity of Veriexec.
 Recommended operation is at level 0, verbose output (mostly used when
 building the signatures file) is at level 1.
 Level 2 is for debugging only and should not be used.
 .It Sy veriexec_flags
 A string.
 Flags to pass to the
 .Nm veriexecctl
 command.
 .It Sy smtoff
 Boolean value.
 Disables SMT (Simultaneous Multi-Threading).
 .El
 .Ss Networking startup
 .Bl -tag -width net_interfaces
 .It Sy altqd
 Boolean value.
 ALTQ configuration/monitoring daemon.
 Passes
 .Sy altqd_flags .
 .It Sy auto_ifconfig
 Boolean value.
 Sets the
 .Sy net_interfaces
 variable (see below) to the output of
 .Xr ifconfig 8
 with the
 .Dq Li -l
 flag and suppresses warnings about interfaces in this list that
 do not have an ifconfig file or variable.
 .It Sy dhclient
 Boolean value.
 Set true to configure some or all network interfaces using
 the ISC DHCP client.
 If you set
 .Sy dhclient
 true, then
 .Pa /var
 must be in
 .Sy critical_filesystems_local ,
 or
 .Pa /var
 must be on the root file system,
 or you must modify the
 .Sy dhclient_flags
 variable to direct the DHCP client to store the leases file
 in some other directory on the root file system.
 You must not provide ifconfig information or ifaliases
 information for any interface that is to be configured using the DHCP client.
 Interface aliases can be set up in the DHCP client configuration
 file if needed - see
 .Xr dhclient.conf 5
 for details.
 .Pp
 Passes
 .Sy dhclient_flags
 to the DHCP client.
 See
 .Xr dhclient 8
 for complete documentation.
 If you wish to configure all broadcast
 network interfaces using the DHCP client, you can leave this blank.
 To configure only specific interfaces, name the interfaces to be configured
 on the command line.
 .Pp
 If you must run the DHCP client before mounting critical file systems,
 then you should specify an alternate location for the DHCP client's lease
 file in the
 .Sy dhclient_flags
 variable - for example, "-lf /tmp/dhclient.leases".
 .It Sy dhcpcd
 Boolean value.
 Set true to configure some or all network interfaces using dhcpcd.
 If you set
 .Sy dhcpcd
 true, then
 .Pa /var
 must be in
 .Sy critical_filesystems_local ,
 or
 .Pa /var
 must be on the root file system.
 If you need to restrict dhcpcd to one or a number of interfaces,
 or need a separate configuration per interface,
 then this should be done in the configuration file - see
 .Xr dhcpcd.conf 5
 for details.
 dhcpcd presently ignores the
 .Sy wpa_supplicant
 variable in rc.conf and will start wpa_supplicant if a suitable
 wpa_supplicant.conf is found unless otherwise instructed in
 .Xr dhcpcd.conf 5 .
 .It Sy dhcpcd_flags
 Passes
 .Sy dhcpcd_flags
 to dhcpcd.
 See
 .Xr dhcpcd 8
 for complete documentation.
 .It Sy flushroutes
 Boolean value.
 Flushes the route table on networking startup.
 Useful when coming up to multiuser mode after going down to
 single-user mode.
 .It Sy ftp_proxy
 Boolean value.
 Runs
 .Xr ftp-proxy 8 ,
 the proxy daemon for the Internet File Transfer Protocol.
 .It Sy hostapd
 Boolean value.
 Runs
 .Xr hostapd 8 ,
 the authenticator for IEEE 802.11 networks.
 .It Sy ifaliases_*
 A string.
 List of
 .Sq Em "address netmask"
 pairs to configure additional network addresses for the given
 configured interface
 .Dq *
 (e.g.
 .Sy ifaliases_le0 ) .
 If
 .Em netmask
 is
 .Dq - ,
 then use the default netmask for the interface.
 .Pp
 .Sy ifaliases_*
 covers limited cases only and is considered unrecommended.
 We recommend using
 .Sy ifconfig_nnX
 variables or
 .Pa /etc/ifconfig.xxN
 files with multiple lines instead.
 .It Sy ifwatchd
 Boolean value.
 Monitor dynamic interfaces and perform actions upon address changes.
 Passes
 .Sy ifwatchd_flags .
 .It Sy ip6addrctl
 Boolean value.
 Fine grain control of address and routing priorities.
 .It Sy ip6addrctl_policy
 A string.
 Can be:
 .Bl -tag -width auto -compact
 .It Li auto
 automatically determine from system settings; will read priorities from
 .Pa /etc/ip6addrctl.conf
 or if that file does not exist it will default to IPv6 first, then IPv4.
 .It Li ipv4_prefer
 try IPv4 before IPv6.
 .It Li ipv6_prefer
 try IPv6 before IPv4.
 .El
 .It Sy ip6addrctl_verbose
 Boolean value.
 If set, print the resulting prefixes and priorities map.
 .It Sy ip6mode
 A string.
 An IPv6 node can be a router
 .Pq nodes that forward packet for others
 or a host
 .Pq nodes that do not forward .
 A host can be autoconfigured
 based on the information advertised by adjacent IPv6 routers.
 By setting
 .Sy ip6mode
 to
 .Dq Li router ,
 .Dq Li host ,
 or
 .Dq Li autohost ,
 you can configure your node as a router,
 a non-autoconfigured host, or an autoconfigured host.
 Invalid values will be ignored, and the node will be configured as
 a non-autoconfigured host.
 You may want to check
 .Sy rtsol
 and
 .Sy rtsold
 as well, if you set the variable to
 .Dq Li autohost .
 .It Sy ip6uniquelocal
 Boolean value.
 If
 .Sy ip6mode
 is equal to
 .Dq Li router ,
 and
 .Sy ip6uniquelocal
 is false,
 a reject route will be installed on boot to avoid misconfiguration relating
 to unique-local addresses.
 If
 .Sy ip6uniquelocal
 is true, the reject route won't be installed.
 .It Sy ipfilter
 Boolean value.
 Runs
 .Xr ipf 8
 to load in packet filter specifications from
 .Pa /etc/ipf.conf
 at network boot time, before any interfaces are configured.
 Passes
 .Sy ipfilter_flags .
 See
 .Xr ipf.conf 5 .
 .It Sy ipfs
 Boolean value.
 Runs
 .Xr ipfs 8
 to save and restore information for ipnat and ipfilter state tables.
 The information is stored in
 .Pa /var/db/ipf/ipstate.ipf
 and
 .Pa /var/db/ipf/ipnat.ipf .
 Passes
 .Sy ipfs_flags .
 .It Sy ipmon
 Boolean value.
 Runs
 .Xr ipmon 8
 to read
 .Xr ipf 8
 packet log information and log it to a file or the system log.
 Passes
 .Sy ipmon_flags .
 .It Sy ipmon_flags
 A string.
 Specifies arguments to supply to
 .Xr ipmon 8 .
 Defaults to
 .Dq Li -ns .
 A typical example would be
 .Dq Fl nD Pa /var/log/ipflog
 to have
 .Xr ipmon 8
 log directly to a file bypassing
 .Xr syslogd 8 .
 If the
 .Dq -D
 argument is used, remember to modify
 .Pa /etc/newsyslog.conf
 accordingly; for example:
 .Bd -literal
 /var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
 .Ed
 .It Sy ipnat
 Boolean value.
 Runs
 .Xr ipnat 8
 to load in the IP network address translation (NAT) rules from
 .Pa /etc/ipnat.conf
 at network boot time, before any interfaces are configured.
 See
 .Xr ipnat.conf 5 .
 .It Sy ipsec
 Boolean value.
 Runs
 .Xr setkey 8
 to load in IPsec manual keys and policies from
 .Pa /etc/ipsec.conf
 at network boot time, before any interfaces are configured.
 .It Sy net_interfaces
 A string.
 The list of network interfaces to be configured at boot time.
 For each interface "xxN", the system first looks for ifconfig
 parameters in the variable
 .Sy ifconfig_xxN ,
 and then in the file
 .Pa /etc/ifconfig.xxN .
 If
 .Sy auto_ifconfig
 is false, and neither the variable nor the file is found,
 a warning is printed.
 Information in either the variable or the file is parsed identically,
 except that, if an
 .Sy ifconfig_xxN
 variable contains a single line with embedded semicolons,
 then the value is split into multiple lines prior to further parsing,
 treating the semicolon as a line separator.
 .Pp
 One common case it to set the
 .Sy ifconfig_xxN
 variable to a set of arguments to be passed to an
 .Xr ifconfig 8
 command after the interface name.
 Refer to
 .Xr ifconfig.if 5
 for more details on
 .Pa /etc/ifconfig.xxN
 files, and note that the information there also applies to
 .Sy ifconfig_xxN
 variables (after the variables are split into lines).
 .It Sy ntpdate
 Boolean value.
 Runs
 .Xr ntpdate 8
 to set the system time from one of the hosts in
 .Sy ntpdate_hosts .
 If
 .Sy ntpdate_hosts
 is empty, it will attempt to find a list of hosts in
 .Pa /etc/ntp.conf .
 Passes
 .Sy ntpdate_flags .
 .It Sy pf
 Boolean value.
 Enable
 .Xr pf 4
 at network boot time:
 Load the initial configuration
 .Xr pf.boot.conf 5
 before the network is up.
 After the network has been configured, then load the final rule set
 .Xr pf.conf 5 .
 .It Sy pf_rules
 A string.
 The path of the
 .Xr pf.conf 5
 rule set that will be used when loading the final rule set.
 .It Sy pflogd
 Boolean value.
 Run
 .Xr pflogd 8
 for dumping packet filter logging information to a file.
 .It Sy ppp
 A boolean.
 Toggles starting
 .Xr pppd 8
 on startup.
 See
 .Sy ppp_peers
 below.
 .It Sy ppp_peers
 A string.
 If
 .Sy ppp
 is true and
 .Sy ppp_peers
 is not empty, then
 .Pa /etc/rc.d/ppp
 will check each word in
 .Sy ppp_peers
 for a corresponding ppp configuration file in
 .Pa /etc/ppp/peers
 and will call
 .Xr pppd 8
 with the
 .Dq call Sy peer
 option.
 .It Sy racoon
 Boolean value.
 Runs
 .Xr racoon 8 ,
 the IKE (ISAKMP/Oakley) key management daemon.
 .It Sy rtsol
 Boolean value.
 Run
 .Xr rtsol 8 ,
 router solicitation command for IPv6 hosts.
 On nomadic hosts like notebook computers, you may want to enable
 .Sy rtsold
 as well.
 Passes
 .Sy rtsol_flags .
 This is only for autoconfigured IPv6 hosts, so set
 .Sy ip6mode
 to
 .Dq Li autohost
 if you use it.
 .It Sy wpa_supplicant
 Boolean value.
 Run
 .Xr wpa_supplicant 8 ,
 WPA/802.11i Supplicant for wireless network devices.
 If you set
 .Sy wpa_supplicant
 true, then
 .Pa /usr
 must be in
 .Sy critical_filesystems_local ,
 or
 .Pa /usr
 must be on the root file system.
 dhcpcd ignores this variable, see the
 .Sy dhcpcd
 variable for details.
 .El
 .Ss Daemons required by other daemons
 .Bl -tag -width net_interfaces
 .It Sy inetd
 Boolean value.
 Runs the
 .Xr inetd 8
 daemon to start network server processes (as listed in
 .Pa /etc/inetd.conf )
 as necessary.
 Passes
 .Sy inetd_flags .
 The
 .Dq Li -l
 flag turns on libwrap connection logging.
 .It Sy rpcbind
 Boolean value.
 The
 .Xr rpcbind 8
 daemon is required for any
 .Xr rpc 3
 services.
 These include NFS,
 .Tn NIS ,
 .Xr rpc.bootparamd 8 ,
 .Xr rpc.rstatd 8 ,
 .Xr rpc.rusersd 8 ,
 and
 .Xr rpc.rwalld 8 .
 Passes
 .Sy rpcbind_flags .
 .El
 .Ss Commonly used daemons
 .Bl -tag -width net_interfaces
 .It Sy cron
 Boolean value.
 Run
 .Xr cron 8 .
 .It Sy ftpd
 Boolean value.
 Runs the
 .Xr ftpd 8
 daemon and passes
 .Sy ftpd_flags .
 .It Sy httpd
 Boolean value.
 Runs the
 .Xr httpd 8
 daemon and passes
 .Sy httpd_flags .
 .It Sy httpd_wwwdir
 A string.
 The
 .Xr httpd 8
 WWW root directory.
 Used only if
 .Sy httpd
 is true.
 The default setting is
 .Dq Pa /var/www .
 .It Sy httpd_wwwuser
 A string.
 If non-blank and
 .Sy httpd
 is true, run
 .Xr httpd 8
 and cause it to switch to the specified user after initialization.
 It is preferred to
 .Sy httpd_user
 because
 .Xr httpd 8
 is requiring extra privileges to start listening on default port 80.
 The default setting is
 .Dq Dv _httpd .
 .It Sy lpd
 Boolean value.
 Runs
 .Xr lpd 8
 and passes
 .Sy lpd_flags .
 The
 .Dq Li -l
 flag will turn on extra logging.
 .It Sy mdnsd
 Boolean value.
 Runs
 .Xr mdnsd 8 .
 .It Sy named
 Boolean value.
 Runs
 .Xr named 8
 and passes
 .Sy named_flags .
 .It Sy named_chrootdir
 A string.
 If non-blank and
 .Sy named
 is true, run
 .Xr named 8
 as the unprivileged user and group
 .Sq named ,
 .Xr chroot 2 Ns ed
 to
 .Sy named_chrootdir .
 .Sy named_chrootdir Ns Pa /var/run/log
 will be added to the list of log sockets that
 .Xr syslogd 8
 listens to.
 .It Sy ntpd
 Boolean value.
 Runs
 .Xr ntpd 8
 and passes
 .Sy ntpd_flags .
 .It Sy ntpd_chrootdir
 A string.
 If non-blank and
 .Sy ntpd
 is true, run
 .Xr ntpd 8
 as the unprivileged user and group
 .Sq ntpd ,
 .Xr chroot 2 Ns ed
 to
 .Sy ntpd_chrootdir .
 .Sy ntpd_chrootdir Ns Pa /var/run/log
 will be added to the list of log sockets that
 .Xr syslogd 8
 listens to.
 This option requires that the kernel has
 .Dl pseudo-device clockctl
 compiled in, and that
 .Pa /dev/clockctl
 is present.
 .It Sy postfix
 Boolean value.
 Starts
 .Xr postfix 1
 mail system.
 .It Sy sshd
 Boolean value.
 Runs
 .Xr sshd 8
 and passes
 .Sy sshd_flags .
 .It Sy syslogd
 Boolean value.
 Runs
 .Xr syslogd 8
 and passes
 .Sy syslogd_flags .
 .It Sy timed
 Boolean value.
 Runs
 .Xr timed 8
 and passes
 .Sy timed_flags .
 The
 .Dq Li -M
 option allows
 .Xr timed 8
 to be a master time source as well as a slave.
 If you are also running
 .Xr ntpd 8 ,
 only one machine running both should have the
 .Dq Li -M
 flag given to
 .Xr timed 8 .
 .El
 .Ss Routing daemons
 .Bl -tag -width net_interfaces
 .It Sy mrouted
 Boolean value.
 Runs
 .Xr mrouted 8 ,
 the DVMRP multicast routing protocol daemon.
 Passes
 .Sy mrouted_flags .
 .It Sy route6d
 Boolean value.
 Runs
 .Xr route6d 8 ,
 the RIPng routing protocol daemon for IPv6.
 Passes
 .Sy route6d_flags .
 .It Sy routed
 Boolean value.
 Runs
 .Xr routed 8 ,
 the RIP routing protocol daemon.
 Passes
 .Sy routed_flags .
 .\" This should be false
 .\" if
 .\" .Sy gated
 .\" is true.
 .It Sy rtsold
 Boolean value.
 Runs
 .Xr rtsold 8 ,
 the IPv6 router solicitation daemon.
 .Xr rtsold 8
 periodically transmits router solicitation packets
 to find IPv6 routers on the network.
 This configuration is mainly for nomadic hosts like notebook computers.
 Stationary hosts should work fine with just
 .Sy rtsol .
 Passes
 .Sy rtsold_flags .
 This is only for autoconfigured IPv6 hosts, so set
 .Sy ip6mode
 to
 .Dq Li autohost
 if you use it.
 .El
 .Ss Daemons used to boot other hosts over a network
 .Bl -tag -width net_interfaces
 .It Sy bootparamd
 Boolean value.
 Runs
 .Xr bootparamd 8 ,
 the boot parameter server, with
 .Sy bootparamd_flags
 as options.
 Used to boot
 .Nx
 and
 .Tn "SunOS 4.x"
 systems.
 .It Sy dhcpd
 Boolean value.
 Runs
 .Xr dhcpd 8 ,
 the Dynamic Host Configuration Protocol (DHCP) daemon,
 for assigning IP addresses to hosts and passing boot information.
 Passes
 .Sy dhcpd_flags .
 .It Sy dhcrelay
 Boolean value.
 Runs
 .Xr dhcrelay 8 .
 Passes
 .Sy dhcrelay_flags .
 .It Sy mopd
 Boolean value.