diff --git a/host/sync/configuration.nix b/host/sync/configuration.nix
index dc45ace..a0a6d81 100644
--- a/host/sync/configuration.nix
+++ b/host/sync/configuration.nix
@@ -4,4 +4,22 @@
 	];
 	myModules.caddy.enable = true;
 	myModules.fieldseeker-sync.enable = true;
+	networking = {
+		firewall = {
+			enable = true;
+			interfaces.ens3 = {
+				allowedUDPPorts = [ 22 80 443 ];
+				allowedTCPPorts = [ 22 80 443 ];
+			};
+			trustedInterfaces = [
+				"ens4"
+				"lo"
+			];
+		};
+		networkmanager.enable = false;
+		nftables = {
+			enable = true;
+		};
+		useNetworkd = true;
+	};
 }