diff --git a/hosts/fra1-b/configuration.nix b/hosts/fra1-b/configuration.nix
index 6c9c4a1..c149438 100644
--- a/hosts/fra1-b/configuration.nix
+++ b/hosts/fra1-b/configuration.nix
@@ -70,7 +70,6 @@ in
 
     services = {
       node_exporter.enable = true;
-      sshguard.enable = true;
       tailscale.enable = true;
 
       ssh8022.server = {
@@ -127,10 +126,7 @@ in
     useDHCP = true;
     firewall = {
       allowedUDPPorts = [ 53 ];
-      allowedTCPPorts = [
-        22
-        53
-      ];
+      allowedTCPPorts = [ 53 ];
     };
   };
 
diff --git a/modules/services/ssh8022/default.nix b/modules/services/ssh8022/default.nix
index b5a6cd6..e28fa0a 100644
--- a/modules/services/ssh8022/default.nix
+++ b/modules/services/ssh8022/default.nix
@@ -34,14 +34,26 @@
         cfg = config.mj.services.ssh8022.server;
       in
       lib.mkIf cfg.enable {
-        services.spiped = {
-          enable = true;
-          config = {
-            ssh8022 = {
-              inherit (cfg) keyfile;
-              decrypt = true;
-              source = "[0.0.0.0]:8022";
-              target = "127.0.0.1:22";
+
+        mj.services.friendlyport.ports = [
+          {
+            subnets = [ myData.subnets.tailscale.cidr ];
+            tcp = [ 22 ];
+          }
+        ];
+
+        services = {
+          openssh.openFirewall = false;
+
+          spiped = {
+            enable = true;
+            config = {
+              ssh8022 = {
+                inherit (cfg) keyfile;
+                decrypt = true;
+                source = "[0.0.0.0]:8022";
+                target = "127.0.0.1:22";
+              };
             };
           };
         };