From ec6e8b7c7437d3d5e2141a926dc6cecd80b3f253 Mon Sep 17 00:00:00 2001
From: Maddy <130055405+Maddy-Cloudflare@users.noreply.github.com>
Date: Tue, 17 Dec 2024 17:19:01 +0000
Subject: [PATCH] [Magic Firewall] Clarify DDOS mitigation traffic

---
 .../magic-firewall/best-practices/magic-transit-egress.mdx     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/content/docs/magic-firewall/best-practices/magic-transit-egress.mdx b/src/content/docs/magic-firewall/best-practices/magic-transit-egress.mdx
index cad6badd0e1eb6..3d24aa0bf8e38d 100644
--- a/src/content/docs/magic-firewall/best-practices/magic-transit-egress.mdx
+++ b/src/content/docs/magic-firewall/best-practices/magic-transit-egress.mdx
@@ -12,4 +12,5 @@ For Magic Transit egress traffic, consider the following information:
 
 * The Magic Firewall rules will apply to both Magic Transit ingress and egress traffic passing via Cloudflare.
 * Magic Firewall is not stateful for your Magic Transit egress traffic.
-* If you have a Magic Firewall "default drop" catchall rule for ingress traffic, you will need to add an earlier rule to permit traffic sourced from your Magic Transit prefix with the destination as **any** to allow outbound egress traffic.
+* Magic Firewall is not stateful in both directions after DDoS mitigations.
+* If you have a Magic Firewall "default drop" catchall rule for ingress traffic, you will need to add an earlier rule to permit traffic sourced from your Magic Transit prefix with the destination as **any** to allow outbound egress traffic.
\ No newline at end of file