diff --git a/.env.example b/.env.example
index 69ee200..826a7e5 100644
--- a/.env.example
+++ b/.env.example
@@ -8,3 +8,7 @@ ENCRYPTION_KEY=CHANGE_ME_TO_A_VALID_FERNET_KEY
 
 # The local port that the web interface will bind to
 WEB_PORT=8814
+
+# Optional: The IP address or hostname of this Docker host to show in the Firewall Helper.
+# If not set, the hostname used to access the web interface will be used.
+# FIREWALL_HOST_IP=192.168.1.100
diff --git a/docker-compose.yml b/docker-compose.yml
index 1820e12..597192b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,4 +12,5 @@ services:
       - WEB_PASSWORD=${WEB_PASSWORD:-admin}
       # Generate a secure key using: python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
       - ENCRYPTION_KEY=${ENCRYPTION_KEY:-CHANGE_ME_TO_A_VALID_FERNET_KEY}
+      - FIREWALL_HOST_IP=${FIREWALL_HOST_IP:-}
     restart: unless-stopped
diff --git a/main.py b/main.py
index 266905a..eb1bb02 100644
--- a/main.py
+++ b/main.py
@@ -15,6 +15,7 @@ from cryptography.fernet import Fernet
 
 WEB_PASSWORD = os.getenv("WEB_PASSWORD", "admin")
 ENCRYPTION_KEY = os.getenv("ENCRYPTION_KEY")
+FIREWALL_HOST_IP = os.getenv("FIREWALL_HOST_IP")
 DB_PATH = "data/instances.db"
 
 if not ENCRYPTION_KEY or ENCRYPTION_KEY == "CHANGE_ME_TO_A_VALID_FERNET_KEY":
@@ -166,6 +167,10 @@ def create_instance(inst: InstanceCreate):
     conn.close()
     return {"status": "ok"}
 
+@app.get("/api/config")
+def get_config():
+    return {"firewall_host_ip": FIREWALL_HOST_IP}
+
 @app.delete("/api/instances/{id}")
 def delete_instance(id: int):
     conn = sqlite3.connect(DB_PATH)
diff --git a/static/app.js b/static/app.js
index e81466b..2f63caf 100644
--- a/static/app.js
+++ b/static/app.js
@@ -6,14 +6,31 @@ document.addEventListener('DOMContentLoaded', () => {
     const ufwCmd = document.getElementById('ufw-cmd');
     const iptablesCmd = document.getElementById('iptables-cmd');
 
+    let config = { firewall_host_ip: null };
+
     const updateFirewallCmds = () => {
         const port = portInput.value || '4646';
-        const hostIp = window.location.hostname;
+        const hostIp = config.firewall_host_ip || window.location.hostname;
         ufwCmd.textContent = `sudo ufw allow from ${hostIp} to any port ${port} proto tcp`;
         iptablesCmd.textContent = `sudo iptables -I INPUT -p tcp -s ${hostIp} --dport ${port} -j ACCEPT`;
     };
 
+    const fetchConfig = async () => {
+        try {
+            const res = await fetch('/api/config');
+            if (res.ok) {
+                config = await res.json();
+                updateFirewallCmds();
+            }
+        } catch (e) {
+            console.error('Failed to fetch config:', e);
+        }
+    };
+
     portInput.addEventListener('input', updateFirewallCmds);
+    
+    // Initial fetch of config and instances
+    fetchConfig();
     updateFirewallCmds();
 
     const fetchInstances = async () => {