Fix reference (FreeBSD 3.0.1 -> FreeBSD 3.1), remove apparent typo,

and fix reference to sysctl(8).

PR:		docs/10428 docs/10482

1 files changed, 5 insertions, 4 deletions

diff --git a/share/man/man7/security.7 b/share/man/man7/security.7
index 42834c7..10bfa7d 100644
--- a/share/man/man7/security.7
+++ b/share/man/man7/security.7
@@ -2,7 +2,7 @@
 .\" the BSD Copyright as specified in the file "/usr/src/COPYRIGHT" in
 .\" the source tree.
 .\"
-.\"	$Id: security.7,v 1.5 1999/03/02 03:45:47 ghelmer Exp $
+.\"	$Id: security.7,v 1.6 1999/03/02 03:55:34 ghelmer Exp $
 .\"
 .Dd December 20, 1998
 .Dt SECURITY 7
@@ -484,7 +484,7 @@ feature of tcpwrappers for this reason.
 It is a very good idea to protect internal services from external access
 by firewalling them off at your border routers.  The idea here is to prevent
 saturation attacks from outside your LAN, not so much to protect internal 
-services from root network-based root compromise.  Always configure an exclusive
+services from network-based root compromise.  Always configure an exclusive
 firewall, i.e.
 .So
 firewall everything *except* ports A, B, C, D, and M-Z
@@ -560,7 +560,8 @@ less then rtminexpire.  There are two problems:  (1) The kernel does not react
 quickly enough when a lightly loaded server is suddenly attacked, and (2) The
 rtminexpire is not low enough for the kernel to survive a sustained attack.
 If your servers are connected to the internet via a T3 or better it may be 
-prudent to manually override both rtexpire and rtminexpire via sysctl(8).
+prudent to manually override both rtexpire and rtminexpire via
+.Xr sysctl 8 .
 Never set either parameter to zero
 .Pq unless you want to crash the machine :-) .
 Setting both parameters to 2 seconds should be sufficient to protect the route
@@ -585,5 +586,5 @@ manual page was originally written by
 .An Matthew Dillon
 and first appeared 
 in
-.Bx Free -3.0.1 ,
+.Fx 3.1 ,
 December 1998.