diff --git a/self_host/pi-hole/docker-compose.yml b/self_host/pi-hole/docker-compose.yml
index 3ebcef4f..1ad2325c 100644
--- a/self_host/pi-hole/docker-compose.yml
+++ b/self_host/pi-hole/docker-compose.yml
@@ -17,7 +17,8 @@ services:
       - FTLCONF_webserver_api_password=${WEBPASSWORD}
       - FTLCONF_webserver_interface_theme=${WEBTHEME:-default-dark}
       - FTLCONF_dns_upstreams=127.0.0.1#5335
-      - FTLCONF_dns_listeningMode=single
+      # - FTLCONF_dns_listeningMode=single
+      - FTLCONF_dns_listeningMode=all
       - FTLCONF_webserver_port=80
     volumes:
       - etc_pihole-unbound:/etc/pihole:rw
diff --git a/updates.txt b/updates.txt
index b9df72c3..0b136ee0 100755
--- a/updates.txt
+++ b/updates.txt
@@ -913,3 +913,13 @@ paru -Rs duf-git && doas pacman -S duf
 08/30/2025
 Install pwgen
 doas pacman -S pwgen
+
+09/05/2025
+Add security fields so pihole is not exposed to public:
+doas ufw default deny incoming (not necessary here, you already did this, but here for documentation purposes)
+doas ufw allow in on lo
+doas ufw deny in proto udp to any port 53
+doas ufw deny in proto tcp to any port 53
+doas ufw disable && doas ufw enable
+
+This is because of recent updates to pihole-unbound docker config file (re-run docker compose on this file)