- Use quote tags instead of " or '

- Use emphasis tags for *blah* words
- s/IPSec/IPsec/
- Add filename, option and command tags where needed.

en_US.ISO8859-1/books/handbook/security/chapter.sgml

@@ -3124,7 +3124,7 @@ Network #2            [ Internal Hosts ]
  
       <orderedlist>
         <listitem>
-          <para>Create a "virtual" network link between the two
+          <para>Create a <quote>virtual</quote> network link between the two
             networks, across the Internet.  Test it, using tools like
             &man.ping.8;, to make sure it works.</para>
         </listitem>
@@ -3182,7 +3182,7 @@ Network #2            [ Internal Hosts ]
       </orderedlist>
  
       <para>You can think of this as requiring a <quote>tunnel</quote>
-        between the two networks.  The two "tunnel mouths" are the IP
+        between the two networks.  The two <quote>tunnel mouths</quote> are the IP
         addresses <hostid role="ipaddr">A.B.C.D</hostid> and <hostid
         role="ipaddr">W.X.Y.Z</hostid>, and the tunnel must be told the
         addresses of the private IP addresses that will be allowed to pass
@@ -3245,7 +3245,7 @@ physical address inet A.B.C.D --&gt; W.X.Y.Z
         role="ipaddr">192.168.2.1</hostid>.</para>
  
       <para>This will also have added an entry to the routing table
-        on both machines, which you can examine with "netstat -rn".
+        on both machines, which you can examine with the command <command>netstat -rn</command>.
         This output is from the gateway host on network #1.</para>
  
       <screen>&prompt.root; netstat -rn
@@ -3391,7 +3391,7 @@ route_vpn="192.168.2.0 192.168.2.1 netmask 0xffffff00"
         <listitem>
           <para>There must be a mechanism for two hosts to agree on the
             encryption mechanism to use.  Once two hosts have agreed on
-            this mechanism there is said to be a "security association"
+            this mechanism there is said to be a <quote>security association</quote>
             between them.</para>
         </listitem>
         <listitem>
@@ -3459,27 +3459,27 @@ options IPSEC_ESP
          <filename>${PREFIX}/etc/racoon</filename>.  You should find a
          configuration file there, which should not need to be changed
          too much.  The other component of racoon's configuration,
-         which you will need to change, is the 'pre-shared
-         key'.</para>
+         which you will need to change, is the <quote>pre-shared
+         key</quote>.</para>
  
        <para>The default racoon configuration expects to find this in
-         the file ${PREFIX}/etc/racoon/psk.txt.  It is important to note
-         that the pre-shared key is *not* the key that will be used to
+         the file <filename>${PREFIX}/etc/racoon/psk.txt</filename>.  It is important to note
+         that the pre-shared key is <emphasis>not</emphasis> the key that will be used to
          encrypt your traffic across the VPN link, it is simply a token
          that allows the key management daemons to trust one another.</para>
 
        <para><filename>psk.txt</filename> contains a line for each
          remote site you are dealing with.  In this example, where there
-         are two sites, each psk.txt file will contain one line (because
+         are two sites, each <filename>psk.txt</filename> file will contain one line (because
          each end of the VPN is only dealing with one other end).</para>
  
        <para>On gateway host #1 this line should look like this:</para>
  
        <programlisting>W.X.Y.Z            secret</programlisting>
  
-       <para>That is, the *public* IP address of the remote end,
+       <para>That is, the <emphasis>public</emphasis> IP address of the remote end,
          whitespace, and a text string that provides the secret.
-         Obviously, you shouldn't use "secret" as your key -- the normal
+         Obviously, you shouldn't use <quote>secret</quote> as your key -- the normal
          rules for choosing a password apply.</para>
  
        <para>On gateway host #2 the line would look like this</para>
@@ -3631,7 +3631,7 @@ spdadd A.B.C.D/32 W.X.Y.Z/32 ipencap -P out ipsec esp/tunnel/A.B.C.D-W.X.Y.Z/req
        <para>The second line specifies how this packet will be
          encrypted.  <option>esp</option> is the protocol that will be
          used, while <option>tunnel</option> indicates that the packet
-         will be further encapsulated in an IPSec packet.  The repeated
+         will be further encapsulated in an IPsec packet.  The repeated
          use of <hostid role="ipaddr">A.B.C.D</hostid> and <hostid
          role="ipaddr">W.X.Y.Z</hostid> is used to select the security
          association to use, and the final <option>require</option>
@@ -3712,7 +3712,7 @@ ipfw add 1 allow ipencap from W.X.Y.Z to A.B.C.D
        <programlisting>XXX tcpdump output</programlisting>
  
        <para>Now, as you can see, &man.tcpdump.1; shows the ESP packets.  If
-         you try and examine them with the -s option you will see
+         you try and examine them with the <option>-s</option> option you will see
          (apparently) gibberish, because of the encryption.</para>
  
       <para>Congratulations.  You have just set up a VPN between two