From 51877ef2ad42b79860c1f1fa0a915b8481531620 Mon Sep 17 00:00:00 2001
From: Craig Gumbley <craiggumbley@gmail.com>
Date: Tue, 22 Feb 2022 15:21:51 +0000
Subject: [PATCH] (SEC-994) Add section on duplicate rules

This commit adds a new section to inform users about how the module will behave when it encounters duplicate rules.

It also inclues a small bit of house keeping.
---
 README.md | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c6e17c6..0b5015c 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,10 @@
 4. [Usage - Configuration and customization options](#usage)
     * [Default rules - Setting up general configurations for all firewalls](#default-rules)
     * [Application-specific rules - Options for configuring and managing firewalls across applications](#application-specific-rules)
-    * [Additional ses for the firewall module](#other-rules)
+    * [Rule inversion](#rule-inversion)
+    * [Additional uses for the firewall module](#additional-uses-for-the-firewal-module)
+    * [Duplicate rule behaviour](#duplicate-rule-behaviour)
+    * [Additional information](#additional-information)
 5. [Reference - An under-the-hood peek at what the module is doing](#reference)
 6. [Limitations - OS compatibility, etc.](#limitations)
 7. [Firewall_multi - Arrays for certain parameters](#firewall_multi)
@@ -387,6 +390,18 @@ firewall {'666 for NFLOG':
 }
 ```
 
+### Duplicate rule behaviour
+
+In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This configuration is not supported by the firewall module.
+
+In the event of a duplicate rule, the module will display a warning message notifying the user that it has found a duplicate but will continue to update the resource.
+
+This behaviour is configurable via the `onduplicaterulebehaviour` parameter. Users can choose from the following actions:
+
+* `ignore` - The duplicate rule is ignored and any updates to the resource will continue unaffected.
+* `warn` - The duplicate rule is logged as a warning and any updates to the resource will continue unaffected.
+* `error` - The duplicate rule is logged as an error and any updates to the resource will be skipped.
+
 ### Additional information
 
 Access the inline documentation:
-- 
2.45.2