diff --git a/system/services/docker/pihole/default.nix b/system/services/docker/pihole/default.nix
index 92f749d..e4a7f18 100644
--- a/system/services/docker/pihole/default.nix
+++ b/system/services/docker/pihole/default.nix
@@ -7,6 +7,13 @@
 
     config = lib.mkIf (config.sysconfig.docker.pihole.enable && config.sysconfig.docker.enable) {
 
+        networking = {
+            firewall.interfaces."docker0" = {
+                allowedTCPPorts = [ 53 ];
+                allowedUDPPorts = [ 53 ];
+            };
+        };
+
         virtualisation.oci-containers.containers.pihole = {
             image = "pihole/pihole:latest";