diff --git a/homelab-documentation.md b/homelab-documentation.md
index 9e5f03e..2b33b20 100644
--- a/homelab-documentation.md
+++ b/homelab-documentation.md
@@ -95,10 +95,16 @@ NAT masquerade enabled for 10.5.0.0/24 → vmbr0
 
 ### Firewall Rules (INPUT on vmbr0)
 
+**Home IP (83.89.248.247) is whitelisted - always allowed.**
+
 | Protocol | Port | Action | Purpose |
 |----------|------|--------|---------|
-| TCP | 111 | DROP | Block portmapper from internet |
-| UDP | 111 | DROP | Block portmapper from internet |
+| ALL | * | ACCEPT | Allow home IP (83.89.248.247) |
+| TCP/UDP | 111 | DROP | Block portmapper from internet |
+| TCP/UDP | 53 | DROP | Block DNS (prevent amplification attacks) |
+| TCP | 3128 | DROP | Block spiceproxy |
+| TCP | 8006 | DROP | Block Proxmox UI (use home IP or Tailscale) |
+| TCP | 8008 | DROP | Block Proxmox console |
 
 Saved with: `netfilter-persistent save`
 
@@ -503,8 +509,16 @@ Personal company website
 
 ### Fail2ban
 
+**core.georgsen.dk (PVE host):**
+- Config: `/etc/fail2ban/jail.local`
+- Jail: sshd
+- Max retries: 5
+- Ban time: 24 hours
+- Whitelisted: 127.0.0.1, 10.5.0.0/24, 83.89.248.247
+
 **Forgejo (VMID 114):**
 - Config: `/etc/fail2ban/jail.local`
+- Jail: forgejo
 - Max retries: 5
 - Ban time: 24 hours
 - Log: `/var/lib/forgejo/log/forgejo.log`