{ ... }: {
  networking = {
    firewall = {
      enable = true;
      allowedTCPPorts = [
        53   # DNS
        80    # HTTP
        443   # HTTPS
        42420 # Vintage Story
        25565 # Minecraft
        1443  # Headscale DERP (tcp)
        25   # Mailserver
        143  # Mailserver
        465  # Mailserver
        587  # Mailserver
        993  # Mailserver
        4190 # Mailserver
        5696 # dsm-kmip server
        3389 # RDP
        4443 # Jitsi
      ];
      allowedUDPPorts = [
        53    # DNS (udp)
        10000 # Jitsi Meet (udp)
        15636 # Enshrouded - Game
        15637 # Enshrouded - Query Port
      ];
    };
  };
}