From 05989271ef4468da2abfb46d6a5c35398b1c2c43 Mon Sep 17 00:00:00 2001
From: Alex Szumko <szumkoal@protonmail.com>
Date: Fri, 19 Dec 2025 08:35:35 -0500
Subject: [PATCH] UFW Rules documentation

---
 README.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/README.md b/README.md
index 44d02cf..03895e4 100644
--- a/README.md
+++ b/README.md
@@ -47,3 +47,23 @@ This folder contains all of the services running on the Pi
 
 ## Adding Paths:
 1. Add path in NPM (must be on **`homelab`**)
+
+## UFW Settings
+```
+Logging: on (low)
+Default: deny (incoming), allow (outgoing), deny (routed)
+New profiles: skip
+
+To                         Action      From
+--                         ------      ----
+22/tcp                     ALLOW IN    192.168.0.0/24            # LAN ssh
+22/tcp on tailscale0       ALLOW IN    Anywhere                  # Tailscle ssh
+53,80,81,443,61208/tcp     ALLOW IN    192.168.0.0/24            # LAN Access, 53 -> Pihole, 61208 -> glances
+53,80,81,443,61208/udp     ALLOW IN    192.168.0.0/24            # LAN Access, 53 -> Pihole, 61208 -> glances
+53,80,81,443,61208/tcp on tailscale0 ALLOW IN    Anywhere        # Tailscale Access, 53 -> Pihole, 61208 -> glances
+53,80,81,443,61208/udp on tailscale0 ALLOW IN    Anywhere        # Tailscale Access, 53 -> Pihole, 61208 -> glances
+80/tcp                     ALLOW IN    172.16.0.0/12             # Docker networks (for calling pihole from NPM)
+22/tcp (v6) on tailscale0  ALLOW IN    Anywhere (v6)             # Tailscale ssh (IPv6)
+53,80,81,443,61208/tcp (v6) on tailscale0 ALLOW IN    Anywhere (v6)         # Tailscale Access (IPv6), 53 -> Pihole, 61208 -> glances
+53,80,81,443,61208/udp (v6) on tailscale0 ALLOW IN    Anywhere (v6) 	    # Tailscale Access (IPv6), 53 -> Pihole, 61208 -> glances
+```