diff --git a/_posts/2015-06-12-ufw.md b/_posts/2015-06-12-ufw.md
index cd1bb4c..57b0bff 100644
--- a/_posts/2015-06-12-ufw.md
+++ b/_posts/2015-06-12-ufw.md
@@ -17,40 +17,42 @@ network and with IPv6 your devices have public IPv6 addresses.
 This post first has list of commands, then explanations.
 
 ```
-ufw limit 22
+ufw limit 22/tcp
 ufw default deny incoming
 ufw default allow outgoing
 systemctl enable ufw && systemctl start ufw
 ufw enable
-ufw reject 113
+ufw reject 113/tcp
 ufw allow from 172.16.0.0/16 to any port 631
-ufw allow from 172.16.0.0/16 to any port 5353
-ufw allow from 172.16.0.0/16 to any port 9091
+ufw allow from 172.16.0.0/16 to any port 5353 proto udp
+ufw allow from 173.16.0.0/16 to any port 9091 proto tcp
 ufw allow from 172.16.0.0/16 to any port 17500 proto tcp
 ufw allow 60000:61000/udp
 ```
 
-* 22/ssh — Prevent more than 6 connections in 30 seconds to the SSH port
+* 22 TCP/ssh — Prevent more than 6 connections in 30 seconds to the SSH
+  port and it's the first command as you don't want to lock yourself out of
   and it's the first command as you don't want to lock yourself out of
-  your host when you enable the firewall.
 * Deny incoming connections unless the port has been whitelisted.
 * Allow all outgoing connections, keeping list of authorized ports would be
   too much for me.
 * Start ufw on boot and now (I am not sure if this step is required, but
   better safe than sorry).
 * Put the firewall in force.
-* 113/ident — Tell "Connection refused" to whoever tries to reach port 113.
-  This makes ident checking IRC servers connect faster as they don't have
-  to timeout. If you run shell server (for IRC purpouses) you should allow
-  this instead.
-* 631/cups — Allow access to cups for printer sharing from local network
-* 5353/mdns/Avahi — used for `.local` addresses and probably not needed
+* 113 TCP/ident — Tell "Connection refused" to whoever tries to reach port
+  113. This makes ident checking IRC servers connect faster as they don't
+  have to timeout. If you run shell server (for IRC purpouses) you should
+  allow this instead.
+* 631 both/cups — Allow access to cups for printer sharing from local
+  network
+* 5353 UDP/mdns/Avahi — used for `.local` addresses and probably not needed
   outside local network
-* 9091/transmission web interface — also something I want to access from
-  LAN.
+* 9091 TCP/transmission web interface — also something I want to access
+  from LAN. This seems risky too.
+    * Transmission file transfer uses TCP. Default port: 51413.
 * 17500 TCP/Dropbox LAN sync — which I use with desktops
-* 60000:61000/mosh — I feel this is the most insecure part of this setup
-  and there should be something bettter instead of this.
+* 60000:61000 UDP/mosh — I feel this is the most insecure part of this
+  setup and there should be something bettter instead of this.
 
 *If some host doesn't run some of the mentioned service, it's not open in
 the firewall.*