diff --git a/README.md b/README.md
index 8cdbea9..608f913 100644
--- a/README.md
+++ b/README.md
@@ -1,40 +1,48 @@
 A simple anti-spam system for
 [question2answer](https://www.question2answer.org/qa/), using [the
-stopforumspam API](https://www.stopforumspam.com/usage) and
-[ufw](https://launchpad.net/ufw).
+stopforumspam API](https://www.stopforumspam.com/usage) and system firewall
+([pf](https://www.openbsd.org/faq/pf/filter.html) or
+[ufw](https://launchpad.net/ufw)).
 
 To deploy:
 
-* modify the configuration variables in the scripts
-* copy the scripts to `/usr/local/bin`
-* create the user
+1. Modify the configuration variables in the scripts as neede.
+
+2. Copy the scripts to `/usr/local/bin` (requires root):
+
+        install -m 755 -o root -g bin forumspam.sh /usr/local/bin/forumspam.sh
+        install -m 755 -o root -g bin q2a_usercheck.sh /usr/local/bin/q2a_usercheck.sh
+
+3. Create the user the scripts will run as:
 
         useradd -s /sbin/nologin _forumspam
 
-* if using `pf`:
-    * create appropriate permissions for the file:
+4. If using `pf`:
+
+Create appropriate permissions for the file:
 
         install -m 640 -o _forumspam -g wheel /dev/null /etc/pf-forumspam.txt
 
-    * add the following to `/etc/pf.conf`, preferably high up in the ruleset:
+Add the following to `/etc/pf.conf`, preferably high up in the ruleset:
 
         table <forumspam> persist file "/etc/pf-forumspam.txt"
         block in quick on egress from <forumspam>
         block out quick on egress to <forumspam>
 
-* set up sudo or doas:
-    * for doas:
-        * add the following to `/etc/doas.conf`:
+5. Give the `forumspam` user restrictive sudo or doas permissions:
+
+If using doas, add the following to `/etc/doas.conf`:
 
         permit nopass _forumspam cmd pfctl args -nf /etc/pf.conf
         permit nopass _forumspam cmd pfctl args -t forumspam -T replace -f /etc/pf-forumspam.txt
 
-    * for sudo:
-        * add to your sudo config file:
-          `Cmnd_Alias FIREWALL = /usr/sbin/ufw, /sbin/iptables`
-          and `_forumspam ALL = NOPASSWD: FIREWALL`
+If using sudo, add to your sudo config file:
 
-* register `q2a_usercheck.sh` as a systemd unit or rc script
+          _forumspam ALL = NOPASSWD: /usr/sbin/ufw
+
+Note: the path to `ufw` may be different depending on your linux distribution.
+
+6. Register `q2a_usercheck.sh` as a systemd unit or rc script.
 
 TODO:
 * also check against [botscout](http://botscout.com/api.htm)