diff --git a/hosts/darkgui-vps/config/self-host/firewall.nix b/hosts/darkgui-vps/config/self-host/firewall.nix
index 6368c7b..7088305 100644
--- a/hosts/darkgui-vps/config/self-host/firewall.nix
+++ b/hosts/darkgui-vps/config/self-host/firewall.nix
@@ -13,18 +13,14 @@
     allowedTCPPorts = [
       80
       443
+      5335
+      7777
     ];
-    allowedUDPPortRanges = [
-      {
-        from = 47998;
-        to = 48000;
-      }
-      {
-        from = 48002;
-        to = 48010;
-      }
+    allowedTCPPorts = [
+      5335
+      7777
     ];
-    trustedInterfaces = [ "tailscale0" ];
+    trustedInterfaces = [ "tailscale0" "docker0" ];
     allowedUDPPorts = [ config.services.tailscale.port ];
   };
 
diff --git a/hosts/darkgui-vps/config/self-host/self-host.nix b/hosts/darkgui-vps/config/self-host/self-host.nix
index 24ccfc5..d297a45 100644
--- a/hosts/darkgui-vps/config/self-host/self-host.nix
+++ b/hosts/darkgui-vps/config/self-host/self-host.nix
@@ -61,9 +61,16 @@
     settings = {
       server = {
         verbosity = 0;
-        interface = [ "0.0.0.0" ];
+        interface = [ "0.0.0.0" "127.0.0.1" ];
         port = 5335;
 
+        access-control = [
+          "127.0.0.0/8 allow"
+          "10.0.0.0/8 allow"
+          "172.16.0.0/12 allow"
+          "192.168.0.0/16 allow"
+        ];
+
         do-ip4 = "yes";
         do-udp = "yes";
         do-tcp = "yes";