diff --git a/traefik/dynamic/access-control.yml b/traefik/dynamic/access-control.yml
new file mode 100755
index 0000000..d9ac956
--- /dev/null
+++ b/traefik/dynamic/access-control.yml
@@ -0,0 +1,12 @@
+# ==============================================================================
+# CONTROL DE ACCESO PERIMETRAL (WHITELIST)
+# ==============================================================================
+http:
+  middlewares:
+    whitelist-interna:
+      ipAllowList:
+        sourceRange:
+          - "127.0.0.1/32"
+          - "192.168.178.0/24"
+          - "100.64.0.0/10"
+          - "172.20.0.0/16"
diff --git a/traefik/dynamic/auth.yml b/traefik/dynamic/auth.yml
new file mode 100755
index 0000000..28d22ec
--- /dev/null
+++ b/traefik/dynamic/auth.yml
@@ -0,0 +1,9 @@
+# ==============================================================================
+# AUTENTICACIÓN PARA DASHBOARD Y SERVICIOS CRÍTICOS
+# ==============================================================================
+http:
+  middlewares:
+    auth-dashboard:
+      basicAuth:
+        users:
+          - "Ognir:$apr1$0.TPOwbF$mHoZOQE2xcdWDBN4VhcBe/"
diff --git a/traefik/dynamic/security-headers.yml b/traefik/dynamic/security-headers.yml
new file mode 100755
index 0000000..34b7850
--- /dev/null
+++ b/traefik/dynamic/security-headers.yml
@@ -0,0 +1,15 @@
+# ################################################################# #
+# MIDDLEWARE: SECURITY-HEADERS                                      #
+# ################################################################# #
+http:
+  middlewares:
+    security-headers:
+      headers:
+        forceSTSHeader: true
+        stsSeconds: 31536000
+        stsIncludeSubdomains: true
+        stsPreload: true
+        contentTypeNosniff: true
+        browserXssFilter: true
+        frameDeny: true
+        referrerPolicy: "same-origin"
diff --git a/whitelist.yml b/whitelist.yml
new file mode 100755
index 0000000..a79ff56
--- /dev/null
+++ b/whitelist.yml
@@ -0,0 +1,12 @@
+# ################################################################# #
+# MIDDLEWARE DE WHITELIST - ACCESO RESTRINGIDO OGNIRNAS             #
+# ################################################################# #
+http:
+  middlewares:
+    muro-seguro:
+      ipAllowList:
+        sourceRange:
+          - "127.0.0.1/32"        # Localhost (interno)
+          - "192.168.178.0/24"    # Tu red local de casa
+          - "100.64.0.0/10"       # Todo el rango de Tailscale
+          - "172.16.0.0/12"       # Redes internas de Docker