diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index f1f9e16..e1d93b1 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -4,6 +4,10 @@
 
 ## 2025-12-28
 
+### Guest VLAN Media Access
+- Added firewall rules allowing Guest VLAN to access Jellyseerr (10.4.2.25) and Jellyfin (10.4.2.26)
+- Rules inserted before "Block Guest to LAN" to allow media streaming for guests
+
 ### Guest VLAN Internet Fix
 - Fixed Guest VLAN (10.4.30.0/24) having no internet access
 - Root cause: OPNsense DHCP and firewall rules referenced non-existent 10.4.2.129 for DNS
diff --git a/docs/DECISIONS.md b/docs/DECISIONS.md
index 760400f..b0c8a66 100644
--- a/docs/DECISIONS.md
+++ b/docs/DECISIONS.md
@@ -117,6 +117,7 @@ All DHCP served by OPNsense:
 | Rule | Source | Destination | Action |
 |------|--------|-------------|--------|
 | Allow DNS | IoT/Guest | 10.4.2.11:53 | Pass |
+| Allow Guest→Media | 10.4.30.0/24 | 10.4.2.25, 10.4.2.26 | Pass |
 | Block IoT→LAN | 10.4.20.0/24 | 10.4.2.0/24 | Block |
 | Block Guest→LAN | 10.4.30.0/24 | 10.4.2.0/24 | Block |
 | Block Guest→IoT | 10.4.30.0/24 | 10.4.20.0/24 | Block |