update np standard mode doc (#3211)

Pavani-Panakanti · Senthil Kumaran · web-flow · commit be150775b7f5 · 2025-02-21T10:52:07.000-08:00
Co-authored-by: Senthil Kumaran &lt;senthilx@amazon.com&gt;
diff --git a/README.md b/README.md
@@ -743,6 +743,8 @@ Default: `standard`
 
 Network Policy agent now supports two modes for Network Policy enforcement - Strict and Standard. By default, the Amazon VPC CNI plugin for Kubernetes configures network policies for pods in parallel with the pod provisioning. In the `standard` mode, until all of the policies are configured for the new pod, containers in the new pod will start with a default allow policy. A default allow policy means that all ingress and egress traffic is allowed to and from the new pods. However, in the `strict` mode, a new pod will start with a default deny policy and all Egress and Ingress connections will be blocked till Network Policies are configured. In Strict Mode, you must have a network policy defined for every pod in your cluster. Host Networking pods are exempted from this requirement.
 
+In standard mode, return traffic is always allowed for any packets that were initially sent under the default allow policy. However, once network policies are applied, the next outgoing packet will be evaluated against the active policies, and it will be allowed or denied accordingly.
+
 ### VPC CNI Feature Matrix
 
 
