diff --git a/networking/firewall.mod.nix b/networking/firewall.mod.nix
index 0fe944c..18cf3ec 100644
--- a/networking/firewall.mod.nix
+++ b/networking/firewall.mod.nix
@@ -5,18 +5,31 @@
       networking.nftables.enable = true;
     }
   ];
+
   fructose.modules = [
     {
       networking.firewall = {
         allowedUDPPorts = [
-          #    53 # pihole
-          #    5894 # couchdb
         ];
         allowedTCPPorts = [
-          3000 # forgejo
-          #    5894 # couchdb
+          3000 # forgejo http
+          222 # forgejo ssh
         ];
       };
     }
   ];
+
+  aspartame.modules = [
+    ({
+      services.fail2ban.enable = true;
+      networking.firewall = {
+        interfaces.eth0.allowedTCPPorts = [
+          80
+          222 # this is for forgejo
+          443
+          64783 # this is for murmur
+        ];
+      };
+    })
+  ];
 }
diff --git a/services/website/website-firewall.mod.nix b/services/website/website-firewall.mod.nix
deleted file mode 100644
index 80cabb5..0000000
--- a/services/website/website-firewall.mod.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{
-  aspartame.modules = [
-    ({
-      services.fail2ban.enable = true;
-      networking.firewall = {
-        interfaces.eth0.allowedTCPPorts = [
-          80
-          222 # this is for forgejo
-          443
-        ];
-      };
-    })
-  ];
-  fructose.modules = [
-    {
-      networking.firewall.interfaces.eth0.allowedTCPPorts = [ 222 ]; # when someones tries to ssh to forgejo, it goes -> aspartame -> fructose -> forgejo-container --- so fructose also needs this port open.
-    }
-  ];
-}