From 6fe9fb2297f15de61b803322fc60b3c990a074b5 Mon Sep 17 00:00:00 2001
From: Mikkel Georgsen <msgeorgsen@gmail.com>
Date: Wed, 14 Jan 2026 14:15:59 +0000
Subject: [PATCH] Update CLAUDE.md with complete security info

Added firewall rules, Fail2ban on both core and Forgejo,
and NPM update command for quick reference.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 CLAUDE.md | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/CLAUDE.md b/CLAUDE.md
index 3ccc2c1..900d472 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -96,9 +96,21 @@ ssh mikkel@10.5.0.111  # dev container
 
 ## Security
 
+- **Home IP:** 83.89.248.247 (whitelisted everywhere)
 - **NPM Access List "home_only" (ID 1):** Restricts access to home IP only
   - Applied to: dns.georgsen.dk, dockge.georgsen.dk, pbs.georgsen.dk
-- **Fail2ban:** Running on Forgejo (bans after 5 failed attempts for 24h)
+- **Fail2ban:** Running on PVE host (core) and Forgejo
+  - SSH jail on core, forgejo jail on Forgejo
+  - Bans after 5 failed attempts for 24 hours
+  - Whitelisted: 127.0.0.1, 10.5.0.0/24, 83.89.248.247
+- **Firewall (core vmbr0):** Blocked ports: 53, 111, 3128, 8006, 8008 (home IP allowed)
+
+## Container Management
+
+**Update NPM:**
+```bash
+ssh root@10.5.0.1 'cd /opt/npm && docker compose pull && docker compose up -d'
+```
 
 ## User Preferences