diff --git a/lib/microvms.nix b/lib/microvms.nix
index 053450d..4fcf46d 100644
--- a/lib/microvms.nix
+++ b/lib/microvms.nix
@@ -72,7 +72,10 @@ rec {
           ];
         };
 
-        services.openssh.enable = true;
+        services.openssh = {
+          enable = true;
+          openFirewall = true;
+        };
         users.users.alice = {
           openssh.authorizedKeys.keys = [
             # photon