Merge branch 'document-windows-hyperv-wsl-blocking-firewall-rules-fail-des-1450'

1 files changed, 6 insertions, 4 deletions

diff --git a/docs/known-issues.md b/docs/known-issues.md
index 73c8a6e2bc..40d1e34c63 100644
--- a/docs/known-issues.md
+++ b/docs/known-issues.md
@@ -190,15 +190,17 @@ exempted since the routing table will ensure that traffic is tunneled in that ca
 (see details below).
 
 There are certain limitations to this mitigation. First, the Hyper-V firewall is only available on
-*Windows 11 version 22H2 and above*, so it has no effect on earlier versions of Windows.
+_Windows 11 version 22H2 and above_, so it has no effect on earlier versions of Windows. The
+Hyper-V firewall profile must not be disabled, which can be inspected using the
+`Get-NetFirewallHyperVProfile` PowerShell command.
+
 Additionally, LAN traffic will never be blocked while connected, regardless of whether "Local
 network sharing" is enabled. Moreover, DNS leaks are more likely to occur.
 
-Your [WSL config] needs to enable the `firewall` setting for the Hyper-V firewall to be enabled.
-It is enabled by default.
-
 #### Linux under WSL2
 
+For the Hyper-V firewall to function, your [WSL config] must not disable the `firewall` setting.
+
 Network traffic from a Linux guest running under WSL2 always goes out the default route of
 the host machine without being inspected by the normal layers of WFP (the firewall on the
 Windows host that Mullvad use to prevent leaks). This means that if there is a VPN tunnel