svn commit: r50359 - head/en_US.ISO8859-1/books/handbook/security

Sevan Janiyan sevan at
Sun Jun 11 15:53:35 UTC 2017

Author: sevan
Date: Sun Jun 11 15:53:33 2017
New Revision: 50359

  Add a note that FreeBSD 11 & newer have IPsec support enabled by default (no need to build a kernel).
  Set hostnames for different hosts before the &prompt.root; macro rather than in user input section.
  This resolves issue with double prompts in generated page.
  Approved by:	bcr (mentor)
  Differential Revision:


Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml
--- head/en_US.ISO8859-1/books/handbook/security/chapter.xml	Sun Jun 11 14:43:24 2017	(r50358)
+++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml	Sun Jun 11 15:53:33 2017	(r50359)
@@ -2127,8 +2127,9 @@ Connection closed by foreign host.</screen>
       information on the <acronym>IPsec</acronym> subsystem in
-    <para>To add <acronym>IPsec</acronym> support to the kernel, add
-      the following options to the custom kernel configuration file
+    <para><acronym>IPsec</acronym> support is enabled by default on &os;   11 and newer.
+      To add <acronym>IPsec</acronym> support to the kernel of older &os; releases,
+      add the following options to the custom kernel configuration file
       and rebuild the kernel using the instructions in <xref
@@ -2271,10 +2272,10 @@ round-trip min/avg/max/stddev = 28.106/94.594/154.524/
 	network.  The following commands will achieve this
-      <screen>&prompt.root; <userinput>corp-net# route add <replaceable></replaceable></userinput>
-&prompt.root; <userinput>corp-net# route add net <replaceable> gateway</replaceable></userinput>
-&prompt.root; <userinput>priv-net# route add <replaceable></replaceable></userinput>
-&prompt.root; <userinput>priv-net# route add host <replaceable> gateway</replaceable></userinput></screen>
+      <screen>corp-net&prompt.root; <userinput>route add <replaceable></replaceable></userinput>
+corp-net&prompt.root; <userinput>route add net <replaceable> gateway</replaceable></userinput>
+priv-net&prompt.root; <userinput>route add <replaceable></replaceable></userinput>
+priv-net&prompt.root; <userinput>route add host <replaceable> gateway</replaceable></userinput></screen>
       <para>At this point, internal machines should be reachable from
 	each gateway as well as from machines behind the gateways.

