diff --git a/hosts/iron/configuration.nix b/hosts/iron/configuration.nix
index 5963afe..d2a78b8 100644
--- a/hosts/iron/configuration.nix
+++ b/hosts/iron/configuration.nix
@@ -77,12 +77,20 @@ with lib; {
         externalInterface = interfaces.wan;
         internalInterfaces = [
           interfaces.lan
+          "virbr0"
         ];
       };
 
-      firewall.extraForwardRules = ''
-        tcp flags syn tcp option maxseg size set rt mtu
-      '';
+      firewall = {
+        allowedTCPPorts = [ 5201 ];
+        extraForwardRules = ''
+          tcp flags syn tcp option maxseg size set rt mtu
+        '';
+        interfaces.virbr0 = {
+          allowedTCPPorts = [ 53 ];
+          allowedUDPPorts = [ 53 67 ];
+        };
+      };
     };
 
     services.radvd = {
@@ -225,5 +233,8 @@ with lib; {
       memoryPercent = 60;
       priority = 1;
     };
+
+
+    jalr.libvirt.enable = true;
   };
 }
diff --git a/hosts/iron/services/dnsmasq.nix b/hosts/iron/services/dnsmasq.nix
index 15d6710..b277cf4 100644
--- a/hosts/iron/services/dnsmasq.nix
+++ b/hosts/iron/services/dnsmasq.nix
@@ -8,6 +8,7 @@ in
   services.dnsmasq = {
     enable = true;
     settings = {
+      bind-interfaces = true;
       listen-address = [
         "192.168.42.1"
         "10.20.0.1"