diff --git a/modules/base.nix b/modules/base.nix
index d9882ba..e1e6793 100644
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -33,4 +33,6 @@
       };
     };
   };
+
+  firewall.enable = lib.mkDefault true;
 }
diff --git a/modules/openssh.nix b/modules/openssh.nix
index d05b702..ca49822 100644
--- a/modules/openssh.nix
+++ b/modules/openssh.nix
@@ -2,6 +2,7 @@
 {
   services.openssh = {
     enable = lib.mkDefault true;
+    openFirewall = lib.mkDefault true;
     fixPermissions = true;
     extraConfig = "StreamLocalBindUnlink yes";
 
diff --git a/systems/palatine-hill/networking.nix b/systems/palatine-hill/networking.nix
index 56556d7..7e8789f 100644
--- a/systems/palatine-hill/networking.nix
+++ b/systems/palatine-hill/networking.nix
@@ -9,7 +9,6 @@
 
   networking = {
     hostId = "dc2f9781";
-    firewall.enable = false;
   };
 
   systemd.network = {