diff --git a/nflux.toml b/nflux.toml
index a821855..56d4b3b 100644
--- a/nflux.toml
+++ b/nflux.toml
@@ -8,9 +8,13 @@ log_type = "text"  # text or json. Defaults to text if not set
 # log_file = "/var/log/firewall.log"
 
 [ip_rules]
-# Fine-tuned rules for IP-based filtering
-"192.168.0.0/24" = { priority = 1, action = "deny", ports = [22], log = false, protocol = "tcp", description  = "Allow SSH from entire local subnet" }
-# "192.168.0.172/32" = { priority = 2, action = "deny", ports = [53], protocol = "udp", log = false, description = "Block UDP port" }
+# The /32 CIDR block is used to represent a single IP address rather than a range
+"192.168.0.174/32" = { priority = 1, action = "allow", ports = [22], protocol = "tcp", log = false, description = "Allow SSH for specific IP" }
+"192.168.0.0/24" = { priority = 2, action = "deny", ports = [22], protocol = "tcp", log = false, description = "Deny SSH for entire subnet" }
+
+
+
+# todo: ipv6 support
 # "2001:0db8:85a3:0000:0000:8a2e:0370:7334" = { action = "deny", ports = [80], protocol = "tcp" }
 
 # [icmp_rules]