Improve a bit the documentation

author: jvoisin 2018-01-12 10:55:50 +0100
committer: jvoisin 2018-01-12 10:55:50 +0100
commit: 5da0c0fa9351a758e28941a7d0b1755dd57fea9b (patch)
tree: 69981e9baf30548809f0c2794de9d1e2e03aee88
parent: 49a27fac20f757c158e5faa18a41337c5f33b17b (diff)
2 files changed, 5 insertions, 0 deletions
diff --git a/doc/source/config.rst b/doc/source/config.rst
index cf24b10..85e9da5 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -264,6 +264,8 @@ The whitelist comes before the black one: if a function is both whitelisted and
 blacklisted, it'll be allowed.
+.. _virtual-patching-config:
 Virtual-patching
 ----------------
diff --git a/doc/source/features.rst b/doc/source/features.rst
index 8ecf57d..86b81fd 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -273,6 +273,9 @@ disable them - at the risk of breaking critical features.
 Snuffleupagus allows the user to restrict usage of specific functions per file, or per
 file with a matching (sha256) hash, thus allowing the use of such functions **only** in the intended places.
+It can also restrict per `CIDR <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing>`__,
+to restrict execution to users on the LAN for example. There are a *lot*
+of different filters, so make sure to read the :ref:`corresponding documentation <virtual-patching-config>`.
 Furthermore, running the `following script <https://github.com/nbs-system/snuffleupagus/blob/master/scripts/generate_rules.php>`_  will generate an hash and line-based whitelist
 of dangerous functions, droping them everywhere else:
author	jvoisin	2018-01-12 10:55:50 +0100
committer	jvoisin	2018-01-12 10:55:50 +0100
commit	5da0c0fa9351a758e28941a7d0b1755dd57fea9b (patch)
tree	69981e9baf30548809f0c2794de9d1e2e03aee88
parent	49a27fac20f757c158e5faa18a41337c5f33b17b (diff)