diff --git a/jellyfin.yml b/jellyfin.yml
index 20be14f..ccdbc99 100644
--- a/jellyfin.yml
+++ b/jellyfin.yml
@@ -90,7 +90,8 @@
                 - traefik.http.routers.jellyfin-{{ ansible_facts['hostname'] }}.rule=Host(`jellyfin.{{ ansible_facts['nodename'] }}`)
                 - traefik.http.routers.jellyfin-{{ ansible_facts['hostname'] }}.entrypoints=https
                 - traefik.http.routers.jellyfin-{{ ansible_facts['hostname'] }}.tls=true
-                - traefik.http.routers.jellyfin-{{ ansible_facts['hostname'] }}.middlewares=secHeaders@file
+                #  Access only from local IPs (no internet) - After Install jellyfin is "open" no bootstrap possible. and other sec aspects: https://github.com/jellyfin/jellyfin/issues/5415
+                - traefik.http.routers.jellyfin-{{ ansible_facts['hostname'] }}.middlewares=secHeaders@file,allowlocalipsonly@file
                 # Proxy to service-port
                 - traefik.http.services.jellyfin-{{ ansible_facts['hostname'] }}.loadbalancer.server.port=8096
                 - traefik.http.routers.jellyfin-{{ ansible_facts['hostname'] }}.service=jellyfin-{{ ansible_facts['hostname'] }}
@@ -98,6 +99,15 @@
                 - traefik.http.routers.jellyfin-{{ ansible_facts['hostname'] }}.tls.certresolver=letsencrypt
                 # Traefik network
                 - traefik.docker.network=traefik
+          # optional hardware acceleration
+          #    devices:
+          #      - /dev/dri:/dev/dri
+          #      - /dev/vcsm:/dev/vcsm
+          #      - /dev/vchiq:/dev/vchiq
+          #      - /dev/video10:/dev/video10
+          #      - /dev/video11:/dev/video11
+          #      - /dev/video12:/dev/video12
+
 
           networks:
             traefik: