From ad19547e73a52347010c4780128387d0acda3703 Mon Sep 17 00:00:00 2001
From: nicholasmanios <nicholas@manios.ca>
Date: Wed, 18 Mar 2020 15:55:32 -0400
Subject: [PATCH] updates, formatting

---
 aries/firewall/README.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/aries/firewall/README.md b/aries/firewall/README.md
index 40a37be..be2c957 100644
--- a/aries/firewall/README.md
+++ b/aries/firewall/README.md
@@ -1,2 +1,8 @@
 # Firewall (pf)
-The firewall of choice is pf as it is one of the top performing packet filters for FreeBSD.
\ No newline at end of file
+The firewall of choice is pf as it is one of the top performing packet filters for FreeBSD.
+
+## Rules
+Since I want this server to be as close a _router replacement_ as possible, I wanted to make adding hosts to a _port forward_ list simple. Since the firewall is NATing from public to private, `rdr` rules are included before the `pass` rules.
+
+## DNS Redirect
+I also wanted to ensure that this machine will be the only place that any device on my local network goes to for DNS lookup. To do this, I created a `/etc/pf_public_dns.table` IP table containing the most popular public DNS servers. Any device that tries to connect to one of these servers will get routed to my DNS server (located on the aries as well).
\ No newline at end of file