From 4536d0b693fd8ed1b48bbe2d03bc60eacc6c0ec5 Mon Sep 17 00:00:00 2001
From: awokd <34515595+awokd@users.noreply.github.com>
Date: Fri, 4 May 2018 11:05:28 +0000
Subject: [PATCH] clarify sys-firewall dispvm

---
 customization/dispvm-customization.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/customization/dispvm-customization.md b/customization/dispvm-customization.md
index 7816ab88..39160125 100644
--- a/customization/dispvm-customization.md
+++ b/customization/dispvm-customization.md
@@ -61,7 +61,8 @@ It is possible to change the settings for each new Disposable VM (DispVM). This
 
 You can use a static DispVM for `sys-*` as long as it is stateless.
 For example, a `sys-net` using DHCP or `sys-usb` will work.
-`sys-firewall` will also work unless you have custom rules set, because per VM rules are stored in a configuration file inside the firewall AppVM.
+In most cases `sys-firewall` will also work, even if you have configured AppVM firewall rules.
+The only exception is if you require something like VM to VM communication and have manually edited `iptables` or other items directly inside the firewall AppVM.
 
 To create one that has no PCI devices attached, such as for `sys-firewall`: