Added note about combining dbfw blacklist and whitelist functionality

Added a small explanation and an excerpt from a configuraton file to
the dbfwfilter documentation. It demonstrates the use of both blacklist
and whitelist functionality in the same service.

Documentation/Filters/Database-Firewall-Filter.md

@@ -36,6 +36,34 @@ The database firewall filter has one mandatory parameter that defines the locati
 
 This parameter is optional and determines what action is taken when a query matches a rule. The value can be either `allow`, which allows all matching queries to proceed but blocks those that don't match, or `block`, which blocks all matching queries, or `ignore` which allows all queries to proceed.
 
+You can have both blacklist and whitelist functionality by configuring one filter
+with `action=allow` and another one with `action=block`. You can then use
+different rule files with each filter, one for blacklisting and another one
+for whitelisting. After this you only have to add both of these filters
+to a service in the following way.
+
+```
+[my-firewall-service]
+type=service
+servers=server1
+router=readconnroute
+user=maxuser
+passwd=maxpwd
+filters=dbfw-whitelist|dbfw-blacklist
+
+[dbfw-whitelist]
+type=filter
+module=dbfwfilter
+action=allow
+rules=/home/user/whitelist-rules.txt
+
+[dbfw-blacklist]
+type=filter
+module=dbfwfilter
+action=block
+rules=/home/user/blacklist-rules.txt
+```
+
 #### `log_match`
 
 Log all queries that match a rule. For the `any` matching mode, the name of