From e487bd4755c7788f140bbecdabc1378bf636e7e9 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 3 Mar 2026 03:55:45 +0000
Subject: [PATCH 1/2] Initial plan


From 6e71659a0ea9277c799ab5d338fef6d092af2538 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 3 Mar 2026 03:56:22 +0000
Subject: [PATCH 2/2] fix: combine duplicate allowedTCPPorts into single list
 in firewall example

Co-authored-by: houseme <4829346+houseme@users.noreply.github.com>
---
 docs/SECURITY.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/SECURITY.md b/docs/SECURITY.md
index 1969917..136cec8 100644
--- a/docs/SECURITY.md
+++ b/docs/SECURITY.md
@@ -156,8 +156,7 @@ Restrict network access using NixOS firewall:
 ```nix
 networking.firewall = {
   enable = true;
-  allowedTCPPorts = [ 9000 ];  # API port
-  allowedTCPPorts = [ 9001 ];  # Console port (consider restricting to local only)
+  allowedTCPPorts = [ 9000 9001 ];  # API port and console port
 
   # Or use interfaces for more granular control
   interfaces.eth0.allowedTCPPorts = [ 9000 9001 ];