diff --git a/nixos/loki.nix b/nixos/loki.nix
index 5a8ab4b..eb6fcf4 100644
--- a/nixos/loki.nix
+++ b/nixos/loki.nix
@@ -191,6 +191,22 @@
       };
     };
 
+  networking.firewall = {
+    enable = true;
+    allowPing = true;
+    allowedTCPPorts = [
+      445 # SAMBA
+      139 # SAMBA
+      8384 # SYNCTHING
+      8385 # SYNCTHING
+    ];
+    allowedUDPPorts = [
+      137 # SYNCTHING
+      138 # SYNCTHING
+    ];
+    extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
+  };
+
   virtualisation = {
     docker.enable = true;
     kvmgt.enable = true;