diff --git a/_posts/2015-06-12-ufw.md b/_posts/2015-06-12-ufw.md
index a41f3fb..a4fa962 100644
--- a/_posts/2015-06-12-ufw.md
+++ b/_posts/2015-06-12-ufw.md
@@ -42,7 +42,7 @@ ufw allow from fe80::/10 to any port 631
 #ufw allow from 192.168.8.0/24 to any port 5353 proto udp
 ufw allow from fe80::/10 to any port 5353 proto udp
 #ufw allow from <static:Yggdrasil:IPv6> to any port 5900
-ufw allow from fe80::/10 to any port 9001
+ufw allow from fe80::/10 to any port 9001 proto udp
 ufw allow 60000:61000/udp
 ```
 
@@ -67,8 +67,8 @@ ufw allow 60000:61000/udp
 * 5353 UDP/mdns/Avahi — used for `.local` addresses.
 * 5900 — VNC port at least for `krfb kdrc` (KDE Remote Desktop server & client).
   I tend to only allow it from specific Yggdrasil address(es).
-* 9001 — [Yggdrasil](https://yggdrasil-network.github.io/) automatic peering
-  port only on link-local.
+* 9001/udp — [Yggdrasil](https://yggdrasil-network.github.io/) automatic
+  peering port only on link-local.
 * 60000:61000 UDP/mosh — I feel this is the most insecure part of this
   setup and there should be something bettter instead of this. As
   something evil could run and listen on these ports.