{
  networking.firewall = {
    enable = true;
    allowedUDPPorts = [ 53 ];
    allowPing = false;

    allowedTCPPorts = [
      80
      443
    ];
  };
}