From 13d2e049c7492cfdb7f7a9c45bbf74aef5b17b06 Mon Sep 17 00:00:00 2001
From: David Mirza Ahmad <dma@subgraph.com>
Date: Sun, 1 Oct 2017 18:25:03 +0000
Subject: [PATCH] Quick documentation on config file params

---
 README.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/README.md b/README.md
index ce62ff0..3b5c801 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,30 @@ _Application firewalls_ cannot prevent all malicious code from connecting to the
 Sophisticated malicious code can subvert the _allowed_ connections to bypass the firewall.
 However, the firewall may alert the user of connection attempts by less sophisticated malicious code.
 
+The configuration settings for Subgraph Firewall are stored in /etc/sgfw.
+
+From /etc/sgfw/sgfw.conf:
+
+Log level specifies the level of verbosity of logging:
+
+		LogLevel = "NOTICE"
+    
+Log redaction this tells SGFW to write destination hostnames to system logs, or not:
+
+		LogRedact = true / false
+
+PromptExpanded controls the level of detail in the prompt:
+
+		PromptExpanded = true / false
+    
+PromptExpert enables or disables "export mode":
+
+		PromptExpert = true / false
+    
+Specifies the default rule action:
+
+		DefaultAction = "SESSION"
+
 Read more in the [Subgraph OS Handbook](https://subgraph.com/sgos-handbook/sgos_handbook.shtml#monitoring-outgoing-connections-with-subgraph-firewall).