diff --git a/kitteh-node-1/agent.nix b/kitteh-node-1/agent.nix
index 8ddb5da..8c48df3 100644
--- a/kitteh-node-1/agent.nix
+++ b/kitteh-node-1/agent.nix
@@ -25,7 +25,6 @@ in {
     enable = true;
     settings = {
       PasswordAuthentication = false;
-      X11Forwarding = true;
     };
   };
 
@@ -55,5 +54,20 @@ in {
     bottom
   ];
 
+  # K3s settings
+  networking.firewall = {
+    enable = true;
+    
+    allowedTCPPorts = [
+      6443
+      2379
+      2380
+    ];
+
+    allowedUDPPorts = [
+      8472
+    ];
+  };
+
   system.stateVersion = "24.05";
 }
\ No newline at end of file
diff --git a/kitteh-node-1/server.nix b/kitteh-node-1/server.nix
index 6498d58..36a6703 100644
--- a/kitteh-node-1/server.nix
+++ b/kitteh-node-1/server.nix
@@ -24,7 +24,6 @@ in {
     enable = true;
     settings = {
       PasswordAuthentication = false;
-      X11Forwarding = true;
     };
   };
 
@@ -54,5 +53,29 @@ in {
     bottom
   ];
 
+  networking.firewall = {
+    enable = true;
+    
+    allowedTCPPorts = [
+      # Docker swarm
+      2377
+      7946
+      4789
+
+      # K3s
+      6443
+      2379
+      2380
+    ];
+
+    allowedUDPPorts = [
+      # Docker swarm
+      7946
+
+      # K3s
+      8472
+    ];
+  };
+
   system.stateVersion = "24.05";
 }
\ No newline at end of file
diff --git a/kitteh-node-2/agent.nix b/kitteh-node-2/agent.nix
index 63d65f8..5918c39 100644
--- a/kitteh-node-2/agent.nix
+++ b/kitteh-node-2/agent.nix
@@ -25,7 +25,6 @@ in {
     enable = true;
     settings = {
       PasswordAuthentication = false;
-      X11Forwarding = true;
     };
   };
 
@@ -55,5 +54,20 @@ in {
     bottom
   ];
 
+  # K3s settings
+  networking.firewall = {
+    enable = true;
+    
+    allowedTCPPorts = [
+      6443
+      2379
+      2380
+    ];
+
+    allowedUDPPorts = [
+      8472
+    ];
+  };
+
   system.stateVersion = "24.05";
 }
\ No newline at end of file
diff --git a/kitteh-node-2/server.nix b/kitteh-node-2/server.nix
index e759694..0b0365a 100644
--- a/kitteh-node-2/server.nix
+++ b/kitteh-node-2/server.nix
@@ -24,7 +24,6 @@ in {
     enable = true;
     settings = {
       PasswordAuthentication = false;
-      X11Forwarding = true;
     };
   };
 
@@ -54,5 +53,29 @@ in {
     bottom
   ];
 
+  networking.firewall = {
+    enable = true;
+    
+    allowedTCPPorts = [
+      # Docker swarm
+      2377
+      7946
+      4789
+
+      # K3s
+      6443
+      2379
+      2380
+    ];
+
+    allowedUDPPorts = [
+      # Docker swarm
+      7946
+
+      # K3s
+      8472
+    ];
+  };
+
   system.stateVersion = "24.05";
 }
\ No newline at end of file