diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.sgml b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
index a9f1e77fcd..149c379a7e 100644
--- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
@@ -3631,6 +3631,33 @@ user@unfirewalled.myserver.com's password: *******
+
+ File System Firewall Policy (mac_bsdextended)
+
+ File System Firewall Policy
+
+ Vendor: TrustedBSD Project
+ Module name: mac_bsdextended.ko
+ Kernel option: MAC_BSDEXTENDED
+ The File System Firewall Policy (&man.mac.bsdextended.4;)
+ provides an extension to the BSD file system permission model,
+ permitting the administrator to define a set of firewall-like
+ rules for limiting access to file system objects owned by
+ other users and groups. Managed using &man.ugidfw.8;, rules
+ may limits access to files and directories based on the uid
+ and gids of the process attempting the access, and the owner
+ and group of the target of the access attempt. All rules
+ are restrictive, so may be placed in any order. This policy
+ requires no prior configuration or labeling, and may be
+ appropriate in multi-user environments where mandatory limits
+ on inter-user data exchange are required. Caution should be
+ exercised in limiting access to files owned by the root or
+ other system user ids, as many useful programs and directories
+ are owned by these users. As with a network firewall,
+ improper application of file system firewall rules may render
+ the system unusable. New tools to manage the rule set may be
+ easily written using the &man.libugidfw.3; library.
+
Interface Silencing Policy (mac_ifoff)