diff --git a/modules/net-vpc-firewall/README.md b/modules/net-vpc-firewall/README.md
index eb6912a7d..06cca4fb4 100644
--- a/modules/net-vpc-firewall/README.md
+++ b/modules/net-vpc-firewall/README.md
@@ -176,7 +176,7 @@ healthchecks:
|---|---|:---:|:---:|:---:|
| [network](variables.tf#L109) | Name of the network this set of firewall rules applies to. | string | ✓ | |
| [project_id](variables.tf#L114) | Project id of the project that holds the network. | string | ✓ | |
-| [default_rules_config](variables.tf#L17) | Optionally created convenience rules. Set the variable or individual members to null to disable. | object({…}) | | {} |
+| [default_rules_config](variables.tf#L17) | Optionally created convenience rules. Set the 'disabled' attribute to true, or individual rule attributes to empty lists to disable. | object({…}) | | {} |
| [egress_rules](variables.tf#L37) | List of egress rule definitions, default to deny action. | map(object({…})) | | {} |
| [factories_config](variables.tf#L60) | Paths to data files and folders that enable factory functionality. | object({…}) | | null |
| [ingress_rules](variables.tf#L69) | List of ingress rule definitions, default to allow action. | map(object({…})) | | {} |
diff --git a/modules/net-vpc-firewall/variables.tf b/modules/net-vpc-firewall/variables.tf
index 86aea9e2e..3e458acd8 100644
--- a/modules/net-vpc-firewall/variables.tf
+++ b/modules/net-vpc-firewall/variables.tf
@@ -15,7 +15,7 @@
*/
variable "default_rules_config" {
- description = "Optionally created convenience rules. Set the variable or individual members to null to disable."
+ description = "Optionally created convenience rules. Set the 'disabled' attribute to true, or individual rule attributes to empty lists to disable."
type = object({
admin_ranges = optional(list(string))
disabled = optional(bool, false)