From 8a02bc705940232e6543ced417464920d04f07e5 Mon Sep 17 00:00:00 2001
From: Denis Peplin <den@FreeBSD.org>
Date: Fri, 4 Mar 2005 08:04:06 +0000
Subject: [PATCH] Add warning to describe relation between rc.conf
 firewall_logging variable and sysctl net.ip.fw.verbose variable; suggest to
 set net.inet.ip.fw.verbose_limit variable via sysctl.conf (it is impossible
 to set it via rc.conf variables).

Discussed with (and my English fixed by):	trhodes
---
 .../books/handbook/firewalls/chapter.sgml           | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml b/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml
index fd963406d5..cda83446fd 100644
--- a/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml
@@ -2163,6 +2163,19 @@ options    IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
       <para>Enable logging:</para>
 
       <programlisting>firewall_logging="YES"</programlisting>
+
+      <warning>
+	<para>The only thing that the <varname>firewall_logging</varname>
+	  variable will do is setting the
+	  <varname>net.inet.ip.fw.verbose</varname> sysctl variable to
+	  the value of <literal>1</literal> (see
+	  <xref linkend="firewalls-ipfw-enable">).  There is no
+	  <filename>rc.conf</filename> variable to set log limitations,
+	  but it can be set via sysctl variable, manually or
+	  from the <filename>/etc/sysctl.conf</filename> file:</para>
+
+	<programlisting>net.inet.ip.fw.verbose_limit=5</programlisting>
+      </warning>
     </sect2>
 
     <sect2 id="firewalls-ipfw-cmd">