diff --git a/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node..md b/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node..md
index 22ca74c..958e987 100644
--- a/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node..md
+++ b/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node..md
@@ -197,12 +197,14 @@ As long as you are using the standard ports. This port rules are defined in `/et
 Further explanations:
 Inbound traffic should allow following ports:
 * 1090/udp for the lokinet-router
-* 22022/tcp for oxend p2p
-* 22025/tcp for  quorum/blink communication
-* 22021/tcp for storage server: for remote clients to talk to service node
 * 22020/tcp for storage server: service nodes talking to other service nodes.
+* 22021/tcp for storage server: for remote clients to talk to service node
+* 22022/tcp for oxend p2p
+* 22025/tcp for quorum/blink communication
+
+Only for localhost (does not need to be externally accessible) 22023/tcp for lokid RPC
 
-Outgoing traffic should be allowed for all ports.
+Outgoing traffic should be allowed for all ports
 
 If you want to run a testnet node, following ports should be open for inbound traffic:
 * ports 38156, 38159/tcp for oxen-daemon