diff --git a/host_vars/gw1.pyrocufflink.blue/squid.yml b/host_vars/gw1.pyrocufflink.blue/squid.yml
index 1f6882b..05ab766 100644
--- a/host_vars/gw1.pyrocufflink.blue/squid.yml
+++ b/host_vars/gw1.pyrocufflink.blue/squid.yml
@@ -9,6 +9,8 @@ squid_acl:
   - src 172.30.0.0/26
   kubernetes:
   - src 172.30.0.160/28
+  unifi_controller:
+  - src 172.30.0.242/32
   SSL_ports:
   - port 443
   Safe_ports:
@@ -36,6 +38,15 @@ squid_acl:
   - dstdomain rpm.grafana.com
   stripe_api:
   - dstdomain api.stripe.com
+  dockerhub:
+  - dstdomain registry-1.docker.io
+  - dstdomain docker.io
+  - dstdomain auth.docker.io
+  - dstdomain production.cloudflare.docker.com
+  linuxserverio:
+  - dstdomain lscr.io
+  - dstdomain ghcr.io
+  - dstdomain pkg-containers.githubusercontent.com
 
 squid_http_access:
 - 'deny !Safe_ports'
@@ -50,6 +61,8 @@ squid_http_access:
 - allow trusted kickstart
 - allow trusted dch_repo
 - allow kubernetes stripe_api
+- allow unifi_controller dockerhub
+- allow unifi_controller linuxserverio
 - deny all
 
 squid_cache_dir: