diff --git a/ESPFirewall/lib/Firewall/docs/api/api.tex b/ESPFirewall/lib/Firewall/docs/api/api.tex
index 279d983..c9a617f 100644
--- a/ESPFirewall/lib/Firewall/docs/api/api.tex
+++ b/ESPFirewall/lib/Firewall/docs/api/api.tex
@@ -1,6 +1,6 @@
 \section{API} \label{api}
 
-Managing the firewall rules can be done over a rest api. Available routes are following and can be retrieved by visiting the API (e.g. \verb|https://10.93.0.224:8080/api|) of the device.
+Managing the firewall rules can be done over a REST API\footnote{\href{https://www.ibm.com/cloud/learn/rest-apis}{What is a REST API}}. Available routes are following and can be retrieved by visiting the API (e.g. \verb|https://10.93.0.224:8080/api|) of the device.
 
 \lstset{style=json}
 \begin{lstlisting}
diff --git a/ESPFirewall/lib/Firewall/docs/firewall/firewall.tex b/ESPFirewall/lib/Firewall/docs/firewall/firewall.tex
index d8afbbe..5943822 100644
--- a/ESPFirewall/lib/Firewall/docs/firewall/firewall.tex
+++ b/ESPFirewall/lib/Firewall/docs/firewall/firewall.tex
@@ -1,5 +1,58 @@
 \section{Firewall}
 
+\subsection{Software Firewall}
+
+A software firewall is inspecting data that goes in and out of the device. It has to be installed on each device in the network. Therefore, can only protect one device at a time. Looking at already existing solutions for linux and other operating systems, rules and settings can be identified that need to be implemented for this firewall.
+
+\subsection{UFW (Uncomplicated Firewall)}
+
+To see how a firewall works, UFW was analyzed. A look at the table provides following information:
+
+\begin{figure}[H]
+    \begin{center} 
+        \includegraphics[width=0.6\textwidth]{ufw}
+        \caption{UFW}
+        \label{fig:UFW}
+    \end{center}
+\end{figure}
+
+A destination port on the device, the action of the firewall and the IP-Address from where the request originated can be setup. Also the protocol that the rule applies to, can be chosen with TCP or UDP.
+
+\newpage
+
 \subsection{Parameter}
 
+After analyzing existing solutions following firewall parameters were implemented:
+
+\lstset{style=c++}
+\begin{lstlisting}
+    typedef enum firewall_targets : uint8_t
+    {
+        TARGET_REJECT = 0,
+        TARGET_DROP = 1,
+        TARGET_ACCEPT = 2,
+    } firewall_target_t;
+
+    typedef enum firewall_protocols : uint8_t
+    {
+        PROTOCOL_TCP = 0,
+        PROTOCOL_UDP = 1,
+        PROTOCOL_ALL = 255,
+    } firewall_protocol_t;
+
+    static const uint8_t IPV4ADDRESS_LENGTH = 16;
+    typedef struct firewall_rules
+    {
+        uint8_t key;
+        char ip[IPV4ADDRESS_LENGTH];
+        uint32_t port_from;
+        uint32_t port_to;
+        firewall_protocol_t protocol;
+        firewall_target_t target;
+        struct firewall_rules *next;
+    } firewall_rule_t;
+\end{lstlisting}
+
+A port can be a maximum of 65565, therefore cannot be of type \verb|uint16_t| but \verb|uint32_t|. Target as well as protocol are enums for the available options. To block a range of ports, there is a \verb|port_from| and \verb|port_to|. The firewall will store all the rules as linked list to dynamically add and remove rules.
+
 \subsection{Benchmark}
diff --git a/ESPFirewall/lib/Firewall/docs/images/ufw.png b/ESPFirewall/lib/Firewall/docs/images/ufw.png
new file mode 100644
index 0000000..2e0ee60
Binary files /dev/null and b/ESPFirewall/lib/Firewall/docs/images/ufw.png differ
diff --git a/ESPFirewall/lib/Firewall/docs/main.tex b/ESPFirewall/lib/Firewall/docs/main.tex
index 9f9b2a1..f032eb6 100644
--- a/ESPFirewall/lib/Firewall/docs/main.tex
+++ b/ESPFirewall/lib/Firewall/docs/main.tex
@@ -29,7 +29,7 @@
 \lstdefinestyle{c++}{
    language=C++,
    directivestyle={\color{codepurple}},
-   emph={firewall_rule_t,uint8_t,fw,Firewall,API},
+   emph={firewall_rule_t,uint8_t,uint32_t,firewall_protocol_t,firewall_target_t,fw,Firewall,API},
    emphstyle={\color{codegreen}},
 }
 \lstdefinestyle{platform-io}{