diff --git a/services/files/salt_noveria.conf b/services/files/salt_noveria.conf
index abbeff5..dd0a295 100644
--- a/services/files/salt_noveria.conf
+++ b/services/files/salt_noveria.conf
@@ -1,4 +1,5 @@
+state_verbose: False
 file_client: local
 file_roots:
   base:
-    - /srv/salt/salt-statetree
+    - /srv/salt
diff --git a/system/files/firewall_rules.v4.jinja b/system/files/firewall_rules.v4.jinja
new file mode 100644
index 0000000..e1b594c
--- /dev/null
+++ b/system/files/firewall_rules.v4.jinja
@@ -0,0 +1,23 @@
+# This file is managed by Saltstack. (State {{ STATE }})
+
+*filter
+
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+
+-A INPUT -i lo -j ACCEPT
+
+-A INPUT ! -i lo -d 127.0.0.0/8 -j DROP
+
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
+
+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+
+{% for port in ALLOWED_PORTS %}
+-A INPUT -p tcp --dport {{ port }} -j ACCEPT
+{% endfor %}
+
+COMMIT
diff --git a/system/firewall.sls b/system/firewall.sls
new file mode 100644
index 0000000..cf32ea6
--- /dev/null
+++ b/system/firewall.sls
@@ -0,0 +1,38 @@
+system_firewall_pkgs:
+  pkg.installed:
+    - pkgs:
+        - iptables
+
+system_firewall_rules:
+  file.managed:
+    - name: /etc/iptables/rules-save
+    - source: salt://{{ tpldir }}/files/firewall_rules.v4.jinja
+    - template: jinja
+    - context:
+        STATE: {{ sls }}
+        ALLOWED_PORTS: [442, 25565]
+    - user: root
+    - group: root
+    - mode: '0600'
+    - makedirs: true
+    - require:
+      - system_firewall_pkgs
+
+system_firewall_service_enable:
+  service.enabled:
+    - name: iptables
+    - require:
+      - system_firewall_pkgs
+      - system_firewall_rules
+
+system_firewall_service_reload:
+  service.running:
+    - name: iptables
+    - enable: true
+    - reload: true
+    - watch:
+      - file: /etc/iptables/rules-save
+    - require:
+      - system_firewall_pkgs
+      - system_firewall_service_reload
+  
diff --git a/system/packages.sls b/system/packages.sls
index bdf9621..e821510 100644
--- a/system/packages.sls
+++ b/system/packages.sls
@@ -5,11 +5,8 @@ system_packages_install:
     pkg.installed:
         - pkgs:
             - podman
-            - cockpit-podman
-            - podman-docker
-            - podman-compose
-            - mariadb-server
-            - java-latest-openjdk-headless
+            - mariadb
+            - openjdk17-jre-headless
             - jq
         - require:
             - system_btrfs_create_podman_data_dir