diff --git a/README.md b/README.md
index d511ffb..c2d5bcc 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ Then create a script that performs the tasks below. This can be run by cron.
 1. Collect all IP addresses and ranges to block into a new file, say `autofw.badips`. It may be a good idea to filter out entries in the whitelist.
 1. Run `ufw insert 1 deny from $ip` for each entry in `autofw.badips`. The ufw tool will automatically ignore duplicates.
 1. Collect all blacklisted addresses using the following command:
-``ufw status verbose | grep DENY | awk '{print $4}' > autofw.blacklist``
+``ufw status verbose | grep "DENY IN" | awk '{print $4}' > autofw.blacklist``
 1. Run `./autofw > ufw.updates`.
 1. Run the `./ufw.updates` script.
 1. Finally run `ufw reload` to activate the new rules.