diff --git a/modules/router/default.nix b/modules/router/default.nix
index d6f2633..cbcd846 100644
--- a/modules/router/default.nix
+++ b/modules/router/default.nix
@@ -187,7 +187,7 @@ in
         table inet filter {
           set hosted_services_tcp {
             type inet_service; flags interval;
-            elements = { 22, 80, 443, $DRAWPILE_TCP_PORT }
+            elements = { 22, $FORGEJO_SSH_PORT, 80, 443, $DRAWPILE_TCP_PORT }
           }
 
           set internal_access_tcp {
@@ -264,6 +264,8 @@ in
               $DEVICES : jump devices_out,
               $WIFI : jump wifi_out
             }
+
+            jump reject_politely
           }
 
           chain input {