diff --git a/nixos/modules/networking/default.nix b/nixos/modules/networking/default.nix
index 88505bb..de43ae5 100644
--- a/nixos/modules/networking/default.nix
+++ b/nixos/modules/networking/default.nix
@@ -52,8 +52,12 @@ in {
   config = {
     networking = {
       domain = "hyp";
-      # TODO: Enabling the firewall makes connectivity of LAN -> DMZ impossible...
-      firewall.enable = false;
+      firewall = {
+        enable = true;
+        checkReversePath = false;
+      };
+
+      nftables.enable = true;
       useDHCP = false;
     };
 
diff --git a/nixos/modules/networking/dmz/default.nix b/nixos/modules/networking/dmz/default.nix
index b73e5eb..b8314d4 100644
--- a/nixos/modules/networking/dmz/default.nix
+++ b/nixos/modules/networking/dmz/default.nix
@@ -22,8 +22,8 @@ in
 
   config = lib.mkIf cfg.enable {
     networking.firewall = {
-      allowedTCPPorts = [ 53 ];
-      allowedUDPPorts = [ 53 67 ];
+      allowedTCPPorts = [ 53 5353 ];
+      allowedUDPPorts = [ 53 67 5353 ];
     };
 
     services = {