diff --git a/README.md b/README.md
index ce62ff0..3b5c801 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,30 @@ _Application firewalls_ cannot prevent all malicious code from connecting to the
 Sophisticated malicious code can subvert the _allowed_ connections to bypass the firewall.
 However, the firewall may alert the user of connection attempts by less sophisticated malicious code.
 
+The configuration settings for Subgraph Firewall are stored in /etc/sgfw.
+
+From /etc/sgfw/sgfw.conf:
+
+Log level specifies the level of verbosity of logging:
+
+		LogLevel = "NOTICE"
+    
+Log redaction this tells SGFW to write destination hostnames to system logs, or not:
+
+		LogRedact = true / false
+
+PromptExpanded controls the level of detail in the prompt:
+
+		PromptExpanded = true / false
+    
+PromptExpert enables or disables "export mode":
+
+		PromptExpert = true / false
+    
+Specifies the default rule action:
+
+		DefaultAction = "SESSION"
+
 Read more in the [Subgraph OS Handbook](https://subgraph.com/sgos-handbook/sgos_handbook.shtml#monitoring-outgoing-connections-with-subgraph-firewall).