diff --git a/applications/firewall.nix b/applications/firewall.nix
index 45a2bde..c068ee8 100644
--- a/applications/firewall.nix
+++ b/applications/firewall.nix
@@ -16,6 +16,22 @@
           A list of routes to forward
         '';
       };
+
+      own_ip = lib.mkOption {
+        default = "127.0.0.1";
+        type = lib.types.str;
+        description = ''
+          IP of the firewall
+        '';
+      };
+
+      own_ports = lib.mkOption {
+        default = [ ];
+        type = lib.types.listOf lib.types.int;
+        description = ''
+          A list of ports for the machiene running the firewall
+        '';
+      };
     };
   };
 
@@ -57,8 +73,8 @@
       table ip filter {
         chain input {
           type filter hook input priority filter; policy accept;
-          tcp dport 22 counter packets 0 bytes 0 jump fail2ban-ssh
-          tcp dport 22 counter packets 0 bytes 0 accept
+          # for the host machiene
+          ${lib.strings.concatMapStrings (x: x + "\n") (map (port: "tcp dport ${toString port} counter packets 0 bytes 0 accept") config.skynet_firewall.own_ports)}
         }
 
         chain forward {
diff --git a/machines/test01.nix b/machines/test01.nix
index 179e441..924b5ca 100644
--- a/machines/test01.nix
+++ b/machines/test01.nix
@@ -12,6 +12,15 @@
 
   # this server is teh firewall
   skynet_firewall = {
+    # always good to know oneself
+    own_ip = "192.168.1.157";
+
+    # 443 is an ssh port now (heh)
+    own_ports = [
+      22
+      443
+    ];
+
     enable = true;
 
     # gonna have to get all the