diff --git a/Makefile b/Makefile
index a8874cc..8d84670 100644
--- a/Makefile
+++ b/Makefile
@@ -17,6 +17,7 @@ clean:
 install: iblock
 	install -o root -g wheel iblock ${PREFIX}/sbin/
 	install -o root -g wheel iblock.rc /etc/rc.d/iblock
+	install -o root -g wheel iblock.8 ${PREFIX}/man/man8/
 
 test: clean iblock
 	@printf "hello\n" | nc -4 localhost 666
diff --git a/README.md b/README.md
index b2c39e4..e160584 100644
--- a/README.md
+++ b/README.md
@@ -51,8 +51,3 @@ rcctl set iblock flags -t another_table_name -p 5373
 Done! You can see IP banned using `pfctl -t iblocked -T show` and iblock will send blocked addresses to syslog.
 
 In the example I added a label to the block rule, you can use `pfctl -s labels` to view statistics from this rule, [see documentation for column meaning](https://man.openbsd.org/pfctl#s~8).
-
-
-# TODO
-
-- A proper man page
diff --git a/iblock.8 b/iblock.8
new file mode 100644
index 0000000..65c2617
--- /dev/null
+++ b/iblock.8
@@ -0,0 +1,30 @@
+.Dd $Mdocdate: September 03 2023 $
+.Dt iblock 8
+.Os
+.Sh NAME
+.Nm iblock
+.Nd add unwanted IP to pf table
+.Sh SYNOPSIS
+.Nm iblock
+.Op Fl t Ar table
+.Op Fl p Ar port
+.Sh DESCRIPTION
+.Nm
+is a program adding the client IP to a Packet Filter table.
+.Pp
+It is meant to be used to block scanner connecting on unused ports.
+Upon connection, the IP is added to a PF table and all established connections with this IP are killed.  You need to use a PF bloking rule using the table.
+
+.Sh OPTIONS
+.Bl -tag -width Ds
+.It Op Fl t Ar table
+Set the pf 
+.Ar table
+to add the detected IP.
+.It Op Fl p Ar port
+Set the listening
+.Ar port .
+.El
+.Sh DEPLOYMENT
+
+TODO