diff --git a/network/files/firewall_rules.nft.j2 b/network/files/firewall_rules.nft.j2
new file mode 100644
index 0000000..1585d17
--- /dev/null
+++ b/network/files/firewall_rules.nft.j2
@@ -0,0 +1,11 @@
+## This file is managed by Ansible
+#!/usr/sbin/nft
+
+table inet filter {
+  chain input {
+    tcp dport 22 accept
+    {%- for port in ALLOWED_PORTS %}
+    tcp dport {{ port }} accept
+    {%- endfor %}
+  }
+}
diff --git a/network/files/network_interfaces b/network/files/network_interfaces
new file mode 100644
index 0000000..b7052eb
--- /dev/null
+++ b/network/files/network_interfaces
@@ -0,0 +1,8 @@
+auto eth0
+iface eth0 inet dhcp
+
+auto lo
+iface lo inet loopback
+iface lo inet static
+    address 127.0.0.2/8
+    broadcast 0.0.0.0
diff --git a/network/firewall.ansible.yml b/network/firewall.ansible.yml
new file mode 100644
index 0000000..13327b6
--- /dev/null
+++ b/network/firewall.ansible.yml
@@ -0,0 +1,28 @@
+- hosts: localhost
+  tasks:
+    - name: Install firewall packages
+      package:
+        name:
+          - nftables
+        state: present
+    - name: Create firewall rules directory
+      file:
+        state: directory
+        path: /etc/nftables.d
+        owner: root
+        group: root
+        mode: '0755'
+    - name: Firewall rules
+      template:
+        src: files/firewall_rules.nft.j2
+        dest: /etc/nftables.d/noveria.nft
+        owner: root
+        group: root
+        mode: '0600'
+      vars:
+        ALLOWED_PORTS: [80, 443, 25565, 51871]
+    - name: Enable nftables service
+      service:
+        name: nftables
+        state: started
+        enabled: true
diff --git a/network/init.ansible.yml b/network/init.ansible.yml
index 24ca4e1..86a6112 100644
--- a/network/init.ansible.yml
+++ b/network/init.ansible.yml
@@ -1 +1,16 @@
-- import_playbook:
+- import_playbook: firewall.ansible.yml
+
+- hosts: localhost
+  tasks:
+    - name: Populate interfaces
+      template:
+        src: files/network_interfaces
+        dest: /etc/network/interfaces
+        owner: root
+        group: root
+        mode: '0644'
+    - name: Enable networking service
+      service:
+        name: networking
+        state: started
+        enabled: true
diff --git a/top.ansible.yml b/top.ansible.yml
index 782c52c..64e2750 100644
--- a/top.ansible.yml
+++ b/top.ansible.yml
@@ -1,2 +1,4 @@
 - import_playbook: directories.ansible.yml
 - import_playbook: system/init.ansible.yml
+- import_playbook: network/init.ansible.yml
+- import_playbook: apps/init.ansible.yml