sysctl variables should be marked up in <varname>, not <literal>.

svn path=/head/; revision=10345

en_US.ISO8859-1/books/handbook/security/chapter.sgml

@@ -1,7 +1,7 @@
 <!--
      The FreeBSD Documentation Project
 
-     $FreeBSD: doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v 1.68 2001/08/11 21:34:52 jim Exp $
+     $FreeBSD: doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v 1.69 2001/08/14 06:30:58 dd Exp $
 -->
 
 <chapter id="security">
@@ -496,7 +496,7 @@
 	device, on a running kernel.  To avoid these problems you have to
 	run the kernel at a higher secure level, at least securelevel 1.
 	The securelevel can be set with a <command>sysctl</command> on
-	the <literal>kern.securelevel</literal> variable.  Once you have
+	the <varname>kern.securelevel</varname> variable.  Once you have
 	set the securelevel to 1, write access to raw devices will be
 	denied and special chflags flags, such as <literal>schg</literal>,
 	will be enforced.  You must also ensure that the
@@ -714,7 +714,7 @@
 	port range on the firewall, to allow permissive-like operation,
 	without compromising your low ports.  Also take note that FreeBSD
 	allows you to control the range of port numbers used for dynamic
-	binding, via the various <literal>net.inet.ip.portrange</literal>
+	binding, via the various <varname>net.inet.ip.portrange</varname>
 	<command>sysctl</command>'s (<command>sysctl -a | fgrep
 	portrange</command>), which can also ease the complexity of your
 	firewall's configuration.  For example, you might use a normal
@@ -760,7 +760,7 @@
 	services.</para>
 
       <para>Spoofed packet attacks may also be used to overload the kernel
-	route cache.  Refer to the <literal>net.inet.ip.rtexpire</literal>,
+	route cache.  Refer to the <varname>net.inet.ip.rtexpire</varname>,
 	<literal>rtminexpire</literal>, and <literal>rtmaxcache</literal>
 	<command>sysctl</command> parameters.  A spoofed packet attack
 	that uses a random source IP will cause the kernel to generate a