diff --git a/daemon/References/macOS/etc/firewall.sh b/daemon/References/macOS/etc/firewall.sh
index 7dcf31b3..506246e9 100755
--- a/daemon/References/macOS/etc/firewall.sh
+++ b/daemon/References/macOS/etc/firewall.sh
@@ -10,6 +10,13 @@
 # Show table
 #   sudo pfctl -a "ivpn_firewall" -t ivpn_servers -T show
 #   sudo pfctl -a "ivpn_firewall" -t ivpn_exceptions -T show
+# Logging:
+#   sudo ifconfig pflog1 create         # create log interface
+#   sudo tcpdump -nnn -e -ttt -i pflog1 # start realtime monitoring in terminal
+#   Modify rules (example: "pass out log (all, to pflog1) from any to 8.8.8.8")
+# Restoring:
+#   sudo pfctl -d                       # disable PF
+#   sudo pfctl -f /etc/pf.conf          # load default OS rules set
 
 PATH=/sbin:/usr/sbin:$PATH