From 534db9655ce40f1b741d0ab33fed9f0a78b4d454 Mon Sep 17 00:00:00 2001
From: Ben Grande <ben.grande.b@gmail.com>
Date: Mon, 17 Jun 2024 21:46:21 +0200
Subject: [PATCH] doc: qusal proxy service requires configuration

Fixes: https://github.com/ben-grande/qusal/issues/61
---
 salt/dev/README.md     | 5 +++--
 salt/sys-net/README.md | 3 +++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/salt/dev/README.md b/salt/dev/README.md
index 2242e9e..9e3c2a1 100644
--- a/salt/dev/README.md
+++ b/salt/dev/README.md
@@ -46,5 +46,6 @@ The development qube `dev` can be used for:
   without direct network connection, you can open port to the desired SSH or
   HTTP server.
 
-As the qube has no netvm, configure the `qusal.ConnectTCP` service to allow
-for it to communicate with a remote repository for example.
+As the `dev` qube has no netvm, configure the Qrexec policy to allow or ask
+calls to the `qusal.ConnectTCP` RPC service, so the qube can communicate with
+a remote repository for example.
diff --git a/salt/sys-net/README.md b/salt/sys-net/README.md
index 9fffa6f..85a2b42 100644
--- a/salt/sys-net/README.md
+++ b/salt/sys-net/README.md
@@ -64,6 +64,9 @@ drivers. Check files/admin/firmware.txt.
 
 _Default policy_: every call is denied.
 
+As every call is denied by default, you need to add rules to you Qrexec policy
+for a call to occur. Some examples are represented below.
+
 Qube `dev` can ask to connect to `github.com:22` from `disp-sys-net`:
 ```qrexecpolicy
 qusal.ConnectTCP +github.com+22 dev @default ask target=disp-sys-net