From 383ce5df9b42a67c82cef4bd01172e06553b49af Mon Sep 17 00:00:00 2001
From: xSmurf <xsmurf@users.noreply.github.com>
Date: Mon, 13 Mar 2017 15:02:07 +0000
Subject: [PATCH] Added handbook description to the readme, and link to
 documnetation

---
 README.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/README.md b/README.md
index a3214dc..16c32af 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,27 @@
 
 A desktop application firewall for Subgraph OS.
 
+**Subgraph Firewall** is an application firewall that is included in Subgraph OS.
+While most firewalls are designed to handle incoming network communications, an
+application firewall can handle outgoing network communications. **Subgraph Firewall**
+can apply policies to outgoing connections on a per-application basis.
+
+_Application firewalls_ are useful for monitoring unexpected connections from applications.
+For example, some applications may _phone home_ to the vendor's website.
+Often this activity is legitimate (non-malicious) but it still may violate the user's
+privacy or expectations of how the software operates.
+**Subgraph Firewall** gives users the choice to allow or deny these connections.
+
+Malicious code may also _phone home_ to a website or server that is operated by the
+hacker or malicious code author. Subgraph Firewall can also alert the user of these connections so that they can be denied.
+
+_Application firewalls_ cannot prevent all malicious code from connecting to the Internet.
+Sophisticated malicious code can subvert the _allowed_ connections to bypass the firewall.
+However, the firewall may alert the user of connection attempts by less sophisticated malicious code.
+
+View more documentation in the [Subgraph OS Handbook](https://subgraph.com/sgos-handbook/sgos_handbook.shtml#monitoring-outgoing-connections-with-subgraph-firewall).
+
+
 ## Building