diff --git a/CLAUDE.md b/CLAUDE.md
index 3ccc2c1..900d472 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -96,9 +96,21 @@ ssh mikkel@10.5.0.111  # dev container
 
 ## Security
 
+- **Home IP:** 83.89.248.247 (whitelisted everywhere)
 - **NPM Access List "home_only" (ID 1):** Restricts access to home IP only
   - Applied to: dns.georgsen.dk, dockge.georgsen.dk, pbs.georgsen.dk
-- **Fail2ban:** Running on Forgejo (bans after 5 failed attempts for 24h)
+- **Fail2ban:** Running on PVE host (core) and Forgejo
+  - SSH jail on core, forgejo jail on Forgejo
+  - Bans after 5 failed attempts for 24 hours
+  - Whitelisted: 127.0.0.1, 10.5.0.0/24, 83.89.248.247
+- **Firewall (core vmbr0):** Blocked ports: 53, 111, 3128, 8006, 8008 (home IP allowed)
+
+## Container Management
+
+**Update NPM:**
+```bash
+ssh root@10.5.0.1 'cd /opt/npm && docker compose pull && docker compose up -d'
+```
 
 ## User Preferences