From d7635c5165f624cbb554c0e9526932dc4d115c79 Mon Sep 17 00:00:00 2001
From: m4sterbunny <harrie.bickle@consensys.net>
Date: Tue, 9 Jul 2024 16:20:13 +0100
Subject: [PATCH] updates howto too

Signed-off-by: m4sterbunny <harrie.bickle@consensys.net>
---
 .../public-networks/how-to/connect/manage-peers.md | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/docs/public-networks/how-to/connect/manage-peers.md b/docs/public-networks/how-to/connect/manage-peers.md
index 63831218b96..1e17d65d4d2 100644
--- a/docs/public-networks/how-to/connect/manage-peers.md
+++ b/docs/public-networks/how-to/connect/manage-peers.md
@@ -12,10 +12,12 @@ tags:
 Hyperledger Besu peer-to-peer (P2P) discovery happens periodically based on the number of peers in a
 network and the node's [peer limit](#limit-peers).
 
-The frequency of discovery isn't configurable, but you can
-[limit remote connections](#limit-remote-connections) in public networks and
-[randomly prioritize connections](../../reference/cli/options.md#random-peer-priority-enabled) in
-small, stable networks.
+The frequency of discovery isn't configurable, but you can:
+- [Limit remote connections](#limit-remote-connections) in public networks
+- [Allowlist peers by IP subnet](#allowlist-peers) to create a private network of peers across public 
+networks
+- [Randomly prioritize connections](../../reference/cli/options.md#random-peer-priority-enabled) in
+small, stable networks
 
 :::info
 You can use [`admin_addPeer`](../../reference/cli/options.md#admin_addpeer) to attempt a specific
@@ -70,6 +72,10 @@ You can limit peers to reduce the bandwidth, CPU time, and disk access Besu uses
 
 To reduce the maximum number of peers, use the [`--max-peers`](../../reference/cli/options.md#max-peers) option. The default is 25.
 
+## Allowlist peers
+
+You can can define specific IP subnets permitted to interact with the node using the [`--net-restrict`](../../reference/cli/options.md#net-restrict) configuration. This restricts access to only those peers whose IP addresses fall within the allowed subnets. This is particularly useful if you maintain a set of nodes and want to restrict which of those may connect to external nodes.
+
 ## Limit remote connections
 
 Prevent eclipse attacks when using [`--sync-mode`](../../reference/cli/options.md#sync-mode) and [`--fast-sync-min-peers`](../../reference/cli/options.md##sync-min-peers-fast-sync-min-peers) on public networks by enabling the [remote connection limits](../../reference/cli/options.md#remote-connections-limit-enabled).