From 6366dc1118cb6dc753c570e1671e47597ac95b2f Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@hey.com>
Date: Fri, 22 Aug 2025 18:08:18 +0200
Subject: [PATCH] Add migration to add firewall opening for docker DNS and fix
 comment

---
 install/development/firewall.sh | 2 +-
 migrations/1755878717.sh        | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 migrations/1755878717.sh

diff --git a/install/development/firewall.sh b/install/development/firewall.sh
index 3200c5cb..b58d3dfd 100644
--- a/install/development/firewall.sh
+++ b/install/development/firewall.sh
@@ -15,7 +15,7 @@ if ! command -v ufw &>/dev/null && -z "${OMARCHY_CHROOT_INSTALL:-}"; then
   sudo ufw allow 22/tcp
 
   # Allow Docker containers to use DNS on host
-  sudo ufw allow in proto udp from 172.16.0.0/12 to 172.17.0.1 port 53 comment allow-docker-dns
+  sudo ufw allow in proto udp from 172.16.0.0/12 to 172.17.0.1 port 53 comment 'allow-docker-dns'
 
   # Turn on the firewall
   sudo ufw --force enable
diff --git a/migrations/1755878717.sh b/migrations/1755878717.sh
new file mode 100644
index 00000000..fa7ffd8f
--- /dev/null
+++ b/migrations/1755878717.sh
@@ -0,0 +1,3 @@
+echo "Ensure Docker DNS requests are not blocked by ufw firewall"
+
+sudo ufw allow in proto udp from 172.16.0.0/12 to 172.17.0.1 port 53 comment 'allow-docker-dns'