diff --git a/_posts/2015-06-12-ufw.md b/_posts/2015-06-12-ufw.md
index ae03455..5509b1e 100644
--- a/_posts/2015-06-12-ufw.md
+++ b/_posts/2015-06-12-ufw.md
@@ -24,6 +24,7 @@ systemctl enable ufw && systemctl start ufw
 ufw enable
 ufw reject 113/tcp
 ufw allow from 172.16.0.0/16 to any port 631
+ufw allow 3544/udp
 ufw allow from 172.16.0.0/16 to any port 5353 proto udp
 ufw allow from 173.16.0.0/16 to any port 9091 proto tcp
 ufw allow from 172.16.0.0/16 to any port 17500 proto tcp
@@ -31,11 +32,11 @@ ufw allow 60000:61000/udp
 ```
 
 * 22 TCP/ssh — Prevent more than 6 connections in 30 seconds to the SSH
-  port and it's the first command as you don't want to lock yourself out of
-  and it's the first command as you don't want to lock yourself out of
+  port and it's the first command as you don't want to lock yourself out
+  of it.
 * Deny incoming connections unless the port has been whitelisted.
-* Allow all outgoing connections, keeping list of authorized ports would be
-  too much for me.
+* Allow all outgoing connections, keeping list of authorized ports would
+  be too much for me.
 * Start ufw on boot and now (I am not sure if this step is required, but
   better safe than sorry).
 * Put the firewall in force.
@@ -45,8 +46,10 @@ ufw allow 60000:61000/udp
   allow this instead.
 * 631 both/cups — Allow access to cups for printer sharing from local
   network
-* 5353 UDP/mdns/Avahi — used for `.local` addresses and probably not needed
-  outside local network
+* 3544 udp/miredo — Sadly native IPv6 isn't everywhere, neither is 6rd
+  with every ISP or proper tunnel.
+* 5353 UDP/mdns/Avahi — used for `.local` addresses and probably not
+  needed outside local network
 * 9091 TCP/transmission web interface — also something I want to access
   from LAN. This seems risky too, but risks can be limited by only
   using this rule with static hosts.