diff --git a/hosts/tahani/adguardhome.nix b/hosts/tahani/adguardhome.nix
index 1e432ad..c4f4320 100644
--- a/hosts/tahani/adguardhome.nix
+++ b/hosts/tahani/adguardhome.nix
@@ -16,7 +16,42 @@
 				safe_search = {
 					enabled = false;
 				};
+				safebrowsing_enabled = true;
+				blocked_response_ttl = 10;
+				filters_update_interval = 24;
+				blocked_services = {
+					ids = [
+						"reddit"
+						"twitter"
+					];
+				};
 			};
+			filters = [
+				{
+					enabled = true;
+					url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/pro.txt";
+					name = "HaGeZi Multi PRO";
+					id = 1;
+				}
+				{
+					enabled = true;
+					url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/tif.txt";
+					name = "HaGeZi Threat Intelligence Feeds";
+					id = 2;
+				}
+				{
+					enabled = true;
+					url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/gambling.txt";
+					name = "HaGeZi Gambling";
+					id = 3;
+				}
+				{
+					enabled = true;
+					url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/nsfw.txt";
+					name = "HaGeZi NSFW";
+					id = 4;
+				}
+			];
 		};
 	};
 }
diff --git a/hosts/tahani/networking.nix b/hosts/tahani/networking.nix
index 16ef567..b816ffc 100644
--- a/hosts/tahani/networking.nix
+++ b/hosts/tahani/networking.nix
@@ -1,5 +1,5 @@
 {config, ...}: {
-	boot.kernel.sysctl."net.ipv4.conf.eno1.rp_filter" = 0;
+	services.tailscale.extraSetFlags = ["--accept-routes=false"];
 
 	networking = {
 		useDHCP = false;
@@ -14,14 +14,14 @@
 		firewall = {
 			enable = true;
 			trustedInterfaces = ["eno1" "tailscale0"];
-		allowedUDPPorts = [
-			53
-			config.services.tailscale.port
-		];
-		allowedTCPPorts = [
-			22
-			53
-		];
+			allowedUDPPorts = [
+				53
+				config.services.tailscale.port
+			];
+			allowedTCPPorts = [
+				22
+				53
+			];
 			checkReversePath = "loose";
 		};
 	};