OPNProxy - add network option to both policy types

source/vendor/deciso/opnproxy.rst

@@ -11,7 +11,8 @@ the :code:`OPNProxy` plugin addition offers this functionality at ease.
 Prerequisites
 ---------------------------
 
-Before installing and using this plugin, make sure your web proxy is configured and enabled including some sort of authentication.
+Before installing and using this plugin, make sure your web proxy is configured and enabled including some sort of authentication
+(unless network only authentication should be used).
 
 .. Note::
     To enable authentication, goto :menuselection:`Services->Web Proxy->Administration` then collapse "Forward Proxy" and
@@ -66,6 +67,28 @@ to import/add the users in OPNsense in order to user their authorisation setting
     (it's not possible to block no bump sites in full inspection mode)
 
 
+Authentication options
+---------------------------
+
+Every policy defined in this plugin can contain users/groups and/or networks, if one option is omitted from the
+input its being ignored, when both are specified, both should apply.
+
+.. image:: images/OPNproxy_policy_auth_selection.png
+    :width: 60%
+
+Example usage scenarios:
+
+* User :code:`X` from network :code:`Y` is not allowed to visit :code:`gambling` websites
+* All users from group :code:`Z` are not allowed to visit :code:`gambling` websites
+* All users in network :code:`Y` are allowed to visit the OPNsense website.
+* All users in network :code:`Y` are not allowed to visit :code:`gaming` websites. (two policies)
+
+.. Note::
+
+  When not using user based authentication (network only), the default policy is :code:`deny` so you would need to add
+  at least one policy accepting traffic in these cases.
+
+
 Policy types
 ---------------------------