diff --git a/hosts/hel1-a/configuration.nix b/hosts/hel1-a/configuration.nix
index 213f3e0..77f00f6 100644
--- a/hosts/hel1-a/configuration.nix
+++ b/hosts/hel1-a/configuration.nix
@@ -287,7 +287,6 @@
         443
         41641 # tailscale
       ];
-      logRefusedConnections = false;
       checkReversePath = "loose"; # for tailscale
     };
   };
diff --git a/hosts/vm/configuration.nix b/hosts/vm/configuration.nix
index f35cac2..eb32eea 100644
--- a/hosts/vm/configuration.nix
+++ b/hosts/vm/configuration.nix
@@ -38,7 +38,6 @@ in {
     firewall = {
       allowedTCPPorts = [53];
       allowedUDPPorts = [53];
-      logRefusedConnections = false;
     };
   };
 
diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix
index 8d51475..323edf7 100644
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@@ -323,7 +323,6 @@
     firewall = {
       allowedUDPPorts = [53 80 443];
       allowedTCPPorts = [53 80 443];
-      logRefusedConnections = false;
       checkReversePath = "loose"; # for tailscale
     };
   };
diff --git a/hosts/vno1-rp3b/configuration.nix b/hosts/vno1-rp3b/configuration.nix
index 0fe11d7..93ed3cb 100644
--- a/hosts/vno1-rp3b/configuration.nix
+++ b/hosts/vno1-rp3b/configuration.nix
@@ -107,7 +107,6 @@
     firewall = {
       allowedUDPPorts = [myData.ports.kodi];
       allowedTCPPorts = [myData.ports.kodi];
-      logRefusedConnections = false;
       checkReversePath = "loose"; # for tailscale
     };
   };
diff --git a/modules/base/default.nix b/modules/base/default.nix
index 701a838..bef352e 100644
--- a/modules/base/default.nix
+++ b/modules/base/default.nix
@@ -143,6 +143,8 @@
       #vim.defaultEditor = true;
     };
 
+    networking.firewall.logRefusedConnections = false;
+
     services = {
       chrony = {
         enable = true;