diff --git a/labs/sec/ex-5_iptables.adoc b/labs/sec/ex-5_iptables.adoc
index 2afcae7..3dbe4e6 100644
--- a/labs/sec/ex-5_iptables.adoc
+++ b/labs/sec/ex-5_iptables.adoc
@@ -57,17 +57,17 @@ https://en.wikipedia.org/wiki/OpenVPN[More: wikipedia]
 [source,bash]
 ----
 #!/bin/bash
-IP=127.0.0.1                                            # Server IP
-P=1194                                                  # Server Port
-OVPN_SERVER='10.80.0.0/16'                              # VPN Network
+IP=127.0.0.1                                            # Server IP       // <1>
+P=1194                                                  # Server Port     // <2>
+OVPN_SERVER='10.80.0.0/16'                              # VPN Network     // <3>
 
-#vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/    # Dir to save data ** this must exist **
-vpn_data=$PWD/openvpn-services/
+#vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/   # Dir to save data ** this must exist **
+vpn_data=$PWD/openvpn-services/                                           // <4>
 if [ ! -d $vpn_data ]; then
  mkdir -p $vpn_data
 fi
 
-NAME=swarmlab-vpn-services                              # name of docker service
+NAME=swarmlab-vpn-services                              # name of docker service // <5>
 DOCKERnetwork=swarmlab-vpn-services-network             # docker network
 docker=registry.vlabs.uniwa.gr:5080/myownvpn            # docker image
 
@@ -87,23 +87,31 @@ docker network create --attachable=true --driver=bridge --subnet=172.50.0.0/16 -
 
 #run container        see ovpn_genconfig
 docker run --net=none -it -v $vpn_data:/etc/openvpn  -p 1194:1194 --rm $docker ovpn_genconfig  -u udp://$IP:1194 \
--N -d -c -p "route 172.50.20.0 255.255.255.0" -e "topology subnet" -s $OVPN_SERVER
+-N -d -c -p "route 172.50.20.0 255.255.255.0" -e "topology subnet" -s $OVPN_SERVER   // <6>
 
 # create pki          see ovpn_initpki 
-docker run --net=none -v $vpn_data:/etc/openvpn  --rm -it $docker ovpn_initpki
+docker run --net=none -v $vpn_data:/etc/openvpn  --rm -it $docker ovpn_initpki     // <7>
 
 #                     see ovpn_copy_server_files 
 #docker run --net=none -v $vpn_data:/etc/openvpn  --rm $docker ovpn_copy_server_files
 
 #create vpn           see --cap-add=NET_ADMIN
 sleep 1
-docker run --detach --name $NAME -v $vpn_data:/etc/openvpn --net=$DOCKERnetwork --ip=172.50.0.2 -p $P:1194/udp --cap-add=NET_ADMIN $docker
+docker run --detach --name $NAME -v $vpn_data:/etc/openvpn --net=$DOCKERnetwork --ip=172.50.0.2 -p $P:1194/udp --cap-add=NET_ADMIN $docker  // <8>
 
 sudo sysctl -w net.ipv4.ip_forward=1
 
 #show created
 docker ps
 ----
+<1> *localhost* inside of a container will resolve to the network stack of this container
+<2> Port 
+<3> Specify Addresses and Netmasks   for VPN Clients
+<4> Directory to mount data
+<5> Name of docker services
+<6> Create config
+<7> keys
+<8> Run docker vpn service 
 
 
 == Create user