diff --git a/common/default.nix b/common/default.nix
index f07d754..e77ec8d 100644
--- a/common/default.nix
+++ b/common/default.nix
@@ -4,6 +4,7 @@
   imports = [
     ./users.nix
     ./motd.nix
+    ./firewall.nix
   ];
 
   nix = {
@@ -36,7 +37,6 @@
     execWheelOnly = true;
   };
 
-  networking.firewall.enable = false;
   services.openssh = {
     enable = true;
     settings = {
diff --git a/common/firewall.nix b/common/firewall.nix
new file mode 100644
index 0000000..0084719
--- /dev/null
+++ b/common/firewall.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, ... }:
+
+{
+  networking.firewall.enable = false;
+  networking.nftables = {
+    enable = true;
+    ruleset = ''
+      table inet filter {
+        chain input {
+          type filter hook input priority 0; policy accept;
+        }
+
+        chain forward {
+          type filter hook forward priority 0; policy accept
+        }
+
+        chain output {
+          type filter hook output priority 0; policy accept
+
+          # Block outgoing mail traffic
+          tcp dport {25, 465, 587} drop
+        }
+      }
+    '';
+  };
+}
diff --git a/hosts/jude.nix b/hosts/jude.nix
index e99778e..0988537 100644
--- a/hosts/jude.nix
+++ b/hosts/jude.nix
@@ -23,7 +23,6 @@
   time.timeZone = "America/Chicago";
   i18n.defaultLocale = "en_US.UTF-8";
   services.openssh.enable = true;
-  networking.firewall.enable = false;
 
   networking = {
     hostName = "jade";
diff --git a/hosts/nova.nix b/hosts/nova.nix
index c3ad0f8..f698280 100644
--- a/hosts/nova.nix
+++ b/hosts/nova.nix
@@ -23,7 +23,6 @@
   time.timeZone = "Europe/London";
   i18n.defaultLocale = "en_US.UTF-8";
   services.openssh.enable = true;
-  networking.firewall.enable = false;
 
   networking = {
     hostName = "nova";