diff --git a/usr/lib/sysctl.d/990-security-misc.conf b/usr/lib/sysctl.d/990-security-misc.conf
index 41f39e2..0acc577 100644
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@@ -7,20 +7,18 @@
 ## afterwards. See also:
 ## https://github.com/Kicksecure/security-misc/pull/135
 
+## Restricts the kernel log to root only.
+kernel.dmesg_restrict=1
+
 ## Disables coredumps. This setting may be overwritten by systemd so this may not be useful.
 ## security-misc also disables coredumps in other ways.
 kernel.core_pattern=|/bin/false
 
-## Restricts the kernel log to root only.
-kernel.dmesg_restrict=1
-
 ## Does not set coredump name to 'core' which is default. Defense in depth.
 kernel.core_uses_pid=1
 
-## A martian packet is a one with a source address which is blatantly wrong
-## Recommended to keep a log of these to identify these suspicious packets
-net.ipv4.conf.all.log_martians=1
-net.ipv4.conf.default.log_martians=1
+## Prevent setuid processes from creating coredumps.
+fs.suid_dumpable=0
 
 ## Don't allow writes to files that we don't own
 ## in world writable sticky directories, unless
@@ -40,10 +38,6 @@ fs.protected_regular=2
 fs.protected_symlinks=1
 fs.protected_hardlinks=1
 
-## Hardens the BPF JIT compiler and restricts it to root.
-kernel.unprivileged_bpf_disabled=1
-net.core.bpf_jit_harden=2
-
 ## Hides kernel addresses in various files in /proc.
 ## Kernel addresses can be very useful in certain exploits.
 ##
@@ -66,18 +60,24 @@ kernel.kptr_restrict=2
 ## sudo setcap cap_sys_ptrace=eip /usr/bin/wine-preloader
 kernel.yama.ptrace_scope=2
 
-## Prevent setuid processes from creating coredumps.
-fs.suid_dumpable=0
-
 ## Randomize the addresses for mmap base, heap, stack, and VDSO pages
 kernel.randomize_va_space=2
 
+## Hardens the BPF JIT compiler and restricts it to root.
+kernel.unprivileged_bpf_disabled=1
+net.core.bpf_jit_harden=2
+
 #### meta start
 #### project Kicksecure
 #### category networking and security
 #### description
 ## TCP/IP stack hardening
 
+## A martian packet is a one with a source address which is blatantly wrong
+## Recommended to keep a log of these to identify these suspicious packets
+net.ipv4.conf.all.log_martians=1
+net.ipv4.conf.default.log_martians=1
+
 ## Protects against time-wait assassination.
 ## It drops RST packets for sockets in the time-wait state.
 net.ipv4.tcp_rfc1337=1