From 5da0c0fa9351a758e28941a7d0b1755dd57fea9b Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Fri, 12 Jan 2018 10:55:50 +0100
Subject: Improve a bit the documentation

---
 doc/source/config.rst   | 2 ++
 doc/source/features.rst | 3 +++
 2 files changed, 5 insertions(+)

(limited to 'doc/source')

diff --git a/doc/source/config.rst b/doc/source/config.rst
index cf24b10..85e9da5 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -264,6 +264,8 @@ The whitelist comes before the black one: if a function is both whitelisted and
 blacklisted, it'll be allowed.
 
 
+.. _virtual-patching-config:
+
 Virtual-patching
 ----------------
 
diff --git a/doc/source/features.rst b/doc/source/features.rst
index 8ecf57d..86b81fd 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -273,6 +273,9 @@ disable them - at the risk of breaking critical features.
 
 Snuffleupagus allows the user to restrict usage of specific functions per file, or per
 file with a matching (sha256) hash, thus allowing the use of such functions **only** in the intended places.
+It can also restrict per `CIDR <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing>`__,
+to restrict execution to users on the LAN for example. There are a *lot*
+of different filters, so make sure to read the :ref:`corresponding documentation <virtual-patching-config>`.
 
 Furthermore, running the `following script <https://github.com/nbs-system/snuffleupagus/blob/master/scripts/generate_rules.php>`_  will generate an hash and line-based whitelist
 of dangerous functions, droping them everywhere else:
-- 
cgit v1.3