From eda6e9701d37c21702a2ced5a36cc8b1efb34387 Mon Sep 17 00:00:00 2001 From: Dima Dorfman Date: Tue, 14 Aug 2001 06:43:35 +0000 Subject: [PATCH] sysctl variables should be marked up in , not . --- en_US.ISO8859-1/books/handbook/security/chapter.sgml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.sgml b/en_US.ISO8859-1/books/handbook/security/chapter.sgml index f8e65fbcc3..e5c25173b1 100644 --- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml @@ -1,7 +1,7 @@ @@ -496,7 +496,7 @@ device, on a running kernel. To avoid these problems you have to run the kernel at a higher secure level, at least securelevel 1. The securelevel can be set with a sysctl on - the kern.securelevel variable. Once you have + the kern.securelevel variable. Once you have set the securelevel to 1, write access to raw devices will be denied and special chflags flags, such as schg, will be enforced. You must also ensure that the @@ -714,7 +714,7 @@ port range on the firewall, to allow permissive-like operation, without compromising your low ports. Also take note that FreeBSD allows you to control the range of port numbers used for dynamic - binding, via the various net.inet.ip.portrange + binding, via the various net.inet.ip.portrange sysctl's (sysctl -a | fgrep portrange), which can also ease the complexity of your firewall's configuration. For example, you might use a normal @@ -760,7 +760,7 @@ services. Spoofed packet attacks may also be used to overload the kernel - route cache. Refer to the net.inet.ip.rtexpire, + route cache. Refer to the net.inet.ip.rtexpire, rtminexpire, and rtmaxcache sysctl parameters. A spoofed packet attack that uses a random source IP will cause the kernel to generate a