From 197d380588bb8d1c6b36fe56349dcc9f38e04923 Mon Sep 17 00:00:00 2001
From: Tobias <tobias@tobiastime.xyz>
Date: Fri, 13 Mar 2026 09:55:40 +0000
Subject: [PATCH] Update README.md

---
 README.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/README.md b/README.md
index ca3ff9d..ce1c7ff 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,22 @@
 ## Description
 Simple minimalistic methodology to prevent specified Linux programs having access to the public Internet via iptables
 
+## Workflow
+
+```
+System applies no-internet iptables rule at boot
+        ↓
+User executes program
+        ↓
+Program is launched via sg with the group "no-internet"
+        ↓
+Newly created process inherits no-internet GID
+        ↓
+iptables matches packets from processes with the no-internet GID
+        ↓
+Outbound packets belonging to the program dropped
+```
+
 ## Getting Started
 
 ### Dependencies