diff --git a/qubes-rpc-policy/qubes.UpdatesProxy.policy b/qubes-rpc-policy/qubes.UpdatesProxy.policy
index 4c82de84..ff4f8434 100644
--- a/qubes-rpc-policy/qubes.UpdatesProxy.policy
+++ b/qubes-rpc-policy/qubes.UpdatesProxy.policy
@@ -3,7 +3,13 @@
 
 ## Please use a single # to start your custom comments
 
+# Upgrade all TemplateVMs through sys-whonix.
+#$type:TemplateVM $default allow,target=sys-whonix
+
+# Upgrade Whonix TemplateVMs through sys-whonix.
 $tag:whonix-updatevm $default allow,target=sys-whonix
+
+# Deny Whonix TemplateVMs using UpdatesProxy of any other VM.
 $tag:whonix-updatevm $anyvm deny
 
 # Default rule for all TemplateVMs - direct the connection to sys-net