Clarify the firewall and client authentication rules

site-cookbooks/kosmos-postgresql/README.md

@@ -36,6 +36,14 @@ to set up replication.
 #### Caveat
 
 [`firewall_rules`](https://github.com/chef-cookbooks/firewall/issues/134) and
-[`postgresql_access`](https://github.com/sous-chefs/postgresql/issues/648) need
-to be declared in recipes, not resources because of the way custom resources
-work currently in Chef
+[`postgresql_access`](https://github.com/sous-chefs/postgresql/issues/648) are
+declared in recipes, not resources because of the way custom resources
+work currently in Chef. See the `default.rb` and `replica.rb` recipes.
+
+The primary gives access to the `replication` db to the `replication` user
+connecting from a replica, and replicas to the primary. For more information
+about PostgreSQL client authentication, see the
+[official docs](https://www.postgresql.org/docs/12/auth-pg-hba-conf.html)
+
+The primary opens up the PostgreSQL port (5432 TCP) to replicas, and replicas
+to the primary.