diff --git a/homelab-documentation.md b/homelab-documentation.md
index 2636de5..9e5f03e 100644
--- a/homelab-documentation.md
+++ b/homelab-documentation.md
@@ -93,6 +93,15 @@ iface vmbr2 inet static
 
 NAT masquerade enabled for 10.5.0.0/24 → vmbr0
 
+### Firewall Rules (INPUT on vmbr0)
+
+| Protocol | Port | Action | Purpose |
+|----------|------|--------|---------|
+| TCP | 111 | DROP | Block portmapper from internet |
+| UDP | 111 | DROP | Block portmapper from internet |
+
+Saved with: `netfilter-persistent save`
+
 ### DHCP (dnsmasq)
 - Range: 10.5.0.100 - 10.5.0.200
 - Lease time: 24h