Addressing review comments and typos

Fixes antrea-io#2626 Signed-off-by: Madhukar Krishnarao <krishnaraom@vmware.com>
madhukark · Aug 24, 2021 · ceeb4a5 · ceeb4a5
1 parent 2685866
commit ceeb4a5
Showing 1 changed file with 10 additions and 11 deletions.
diff --git a/docs/antrea-network-policy.md b/docs/antrea-network-policy.md
@@ -418,7 +418,7 @@ which drops all egress traffic initiated by any Pod in Namespaces that have `app
 `no-network-access-required`. Note that an empty `To` in the egress rule means that
 this rule matches all egress destinations.
 Egress `To` section also supports FQDN based filtering. This can be applied to exact FQDNs or
-wildcard expressions. More details can be found in the [FQDN](#fqdn-based-filtering) section
+wildcard expressions. More details can be found in the [FQDN](#fqdn-based-filtering) section.
 **Note**: The order in which the egress rules are specified matters, i.e., rules will
 be enforced in the order in which they are written.
 
@@ -484,8 +484,8 @@ an `appliedTo` must resolve to. More information on ClusterGroups can be found [
 since Pod IPs are ephemeral and unpredictable.
 
 **fqdn**: This selector is applicable only to the `to` section in an `egress` block. It is used to
-restrict `egress` access to Fully Qualified Domain Names (FQDN) specified either by exact name or
-wildcard expressions. More information can be found [here](#fqdn-based-filtering).
+select Fully Qualified Domain Names (FQDNs), specified either by exact name or wildcard
+expressions, when defining `egress` rules.
 
 ### Key differences from K8s NetworkPolicy
 
@@ -957,12 +957,12 @@ Pods from Namespace "kube-system" on TCP port 53.
 
 ## FQDN based filtering
 
-Antrea-native policy accepts a `fqdn` field to restrict egress access to the Fully
-Qualified Domain Names (FQDN) specified by exact name or wildcard matching patterns.
+Antrea-native policy accepts a `fqdn` field to select Fully Qualified Domain Names (FQDNs),
+specified either by exact name or wildcard expressions, when defining `egress` rules.
 
 The standard `Allow`, `Drop` and `Reject` actions apply to FQDN egress rules.
 
-An example FQDN based filtering could look like this:
+An example policy using FQDN based filtering could look like this:
 
 ```yaml
 apiVersion: crd.antrea.io/v1alpha1
@@ -980,13 +980,12 @@ spec:
     to:
       - fqdn: "*google.com"
 ```
+
 The above example drops all traffic destined to any FQDN that matches the wildchard
 expression `*google.com` originating from any Pod with `app` set to `client` across
-any Namespace. This feature only works at the L3/L4 level. DNS response packets will
-only be dropped if the client's requested FQDN is matched by a FQDN policy rule but
-the datapath reconciliation for that rule fails.
+any Namespace. This feature only works at the L3/L4 level.
 
-The FQDN based policy can also be applied to in-cluster based services.
+FQDN based policies can also select in-cluster based services.
 
 ```text
 kubectl get svc -o wide -A
@@ -1014,7 +1013,7 @@ spec:
   egress:
   - action: Drop
     to:
-      - fqdn: "db-svc.default.svc.cluster.local"
+      - fqdn: "db-svc.default.svc"
 ```
 
 In the example, when a client Pod talks to `db-svc` via ClusterIP, the traffic is dropped.