diff --git a/modules/networking/firewall.nix b/modules/networking/firewall.nix
index 63fbebd..1ee64cd 100644
--- a/modules/networking/firewall.nix
+++ b/modules/networking/firewall.nix
@@ -1,6 +1,9 @@
-{
+{config, ...}: {
   networking.firewall = {
     enable = true;
     trustedInterfaces = ["eno1" "tailscale0"];
+    allowedUDPPorts = [config.services.tailscale.port];
+    allowedTCPPorts = [22];
+    checkReversePath = "loose";
   };
 }