diff --git a/nixos/hosts/framework-server/default.nix b/nixos/hosts/framework-server/default.nix
index c89f02e7..9825c35e 100644
--- a/nixos/hosts/framework-server/default.nix
+++ b/nixos/hosts/framework-server/default.nix
@@ -11,6 +11,7 @@
     ./builder.nix
     ./wireguard.nix
     ./cron.nix
+    ./firewall.nix
   ];
 
     environment.systemPackages =  [
diff --git a/nixos/hosts/framework-server/firewall.nix b/nixos/hosts/framework-server/firewall.nix
new file mode 100644
index 00000000..4070cfa8
--- /dev/null
+++ b/nixos/hosts/framework-server/firewall.nix
@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }: {
+  networking.firewall.allowedUDPPorts = [
+    3478  # Headscale DERP UDP
+    10000 # Jitsi
+  ];
+  networking.firewall.allowedTCPPorts = [
+    80    # HTTP
+    443   # HTTPS
+    42420 # Vintage Story
+    25565 # Minecraft
+    1443  # Headscale DERP
+    4443  # jitsi-jvb
+    5222  # Jitsi
+    5347  # Jitsi
+    5280  # Jitsi
+  ];
+}