diff --git a/configuration.nix b/configuration.nix
index a269b923..25087a3d 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -55,7 +55,7 @@
       enable = true;
       allowedTCPPorts = [  ];
       allowedUDPPorts = [  ];
-      trustedInterfaces = [ "tailscale0" ];
+      networking.interfaces.tailscale0.allowedTCPPorts = [ 22 ];
     };
   };
 
diff --git a/services/openssh.nix b/services/openssh.nix
index 130441bf..6dcadb2e 100644
--- a/services/openssh.nix
+++ b/services/openssh.nix
@@ -1,6 +1,7 @@
 { config, pkgs, ... }: {
   services.openssh = {
     enable = true;
+    openFirewall = false;
     settings = {
       LogLevel = "VERBOSE"; # Used for fail2ban monitoring
       PermitRootLogin = "no";