diff --git a/nixos/features/nginx.nix b/nixos/features/nginx.nix
index baf8ed2..61d5812 100644
--- a/nixos/features/nginx.nix
+++ b/nixos/features/nginx.nix
@@ -1,7 +1,7 @@
 {pkgs, ...}: {
   services.nginx = {
     enable = true;
-    recommendedTlsSettings = true;
+    #recommendedTlsSettings = true;
     recommendedOptimisation = true;
     recommendedBrotliSettings = true;
     recommendedGzipSettings = true;
@@ -13,4 +13,10 @@
     acceptTerms = true;
     defaults.email = "acme@kat.cafe";
   };
+
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 80 443 ];
+    allowedUDPPorts = [ 443 ];
+  };
 }
diff --git a/nixos/features/podman.nix b/nixos/features/podman.nix
index e476c11..3e2db06 100644
--- a/nixos/features/podman.nix
+++ b/nixos/features/podman.nix
@@ -11,7 +11,7 @@
   };
 
   networking.firewall = {
-    # interfaces.podman0.allowedUDPPorts = [ 53 ];
+    interfaces.podman0.allowedUDPPorts = [ 53 ];
     trustedInterfaces = [ "podman0" ];
   };