diff --git a/install/development/firewall.sh b/install/development/firewall.sh
index 3200c5cb..b58d3dfd 100644
--- a/install/development/firewall.sh
+++ b/install/development/firewall.sh
@@ -15,7 +15,7 @@ if ! command -v ufw &>/dev/null && -z "${OMARCHY_CHROOT_INSTALL:-}"; then
   sudo ufw allow 22/tcp
 
   # Allow Docker containers to use DNS on host
-  sudo ufw allow in proto udp from 172.16.0.0/12 to 172.17.0.1 port 53 comment allow-docker-dns
+  sudo ufw allow in proto udp from 172.16.0.0/12 to 172.17.0.1 port 53 comment 'allow-docker-dns'
 
   # Turn on the firewall
   sudo ufw --force enable
diff --git a/migrations/1755878717.sh b/migrations/1755878717.sh
new file mode 100644
index 00000000..fa7ffd8f
--- /dev/null
+++ b/migrations/1755878717.sh
@@ -0,0 +1,3 @@
+echo "Ensure Docker DNS requests are not blocked by ufw firewall"
+
+sudo ufw allow in proto udp from 172.16.0.0/12 to 172.17.0.1 port 53 comment 'allow-docker-dns'