diff --git a/config/nixos/common/server.nix b/config/nixos/common/server.nix
index 58d5863..13e72e0 100644
--- a/config/nixos/common/server.nix
+++ b/config/nixos/common/server.nix
@@ -36,6 +36,7 @@
 
       allowedUDPPorts = [
         51820 # WireGuard
+        53 # DNS
       ];
 
       # Internal ports
@@ -68,9 +69,6 @@
         # Allow established connections
         iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 
-        # Block WAN access to internal services
-        iptables -I INPUT -i enp39s0 ! -s 192.168.0.0/16 -j DROP
-
         # Allow internal network traffic
         iptables -A INPUT -i docker0 -j ACCEPT
         iptables -A INPUT -i tailscale0 -j ACCEPT