diff --git a/pve-firewall.adoc b/pve-firewall.adoc
index 555e90e..69ababb 100644
--- a/pve-firewall.adoc
+++ b/pve-firewall.adoc
@@ -415,27 +415,22 @@ Logging of dropped packets is rate limited to 1 packet per second in order to
 reduce output to the log file.
 Further, only some dropped or rejected packets are logged for the standard rules.
 
+// TODO: describe standard/default rules and note which of them get logged
+
 In order to log packets filtered by user-defined firewall rules, it is possible
 to set a log-level parameter for each rule individually.
 This allows to log in a fine grained manner and independent of the log-level
-defined for the standard rules.
-In particular, each rule is logged independently from the log-level set for the
-standard rules in the firewall `Options`.
+defined for the standard rules in the firewall `Options`.
 
 The log level for the rule can also be set via the firewall configuration file by
 appending a `-log <loglevel>` to the selected rule.
-Here, `<loglevel>` is one of the following flags, attached to the log output:
+Here, `<loglevel>` is one of the following flags:
 `nolog, emerg, alert, crit, err, warning, notice, info, debug`
 
-For example:
+For example, the following two are ident:
 
 ----
 IN REJECT -p icmp -log nolog
-----
-
-is the same as
-
-----
 IN REJECT -p icmp
 ----