diff --git a/flake.nix b/flake.nix
index 88f7c33..bcce7fc 100644
--- a/flake.nix
+++ b/flake.nix
@@ -10,6 +10,7 @@
     };
     nix-darwin.url = "github:LnL7/nix-darwin/master";
     nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
+    ip-whitelist.url = "github:Oak-Digital/nixos-ip-whitelist-firewall";
   };
 
   outputs = {
diff --git a/hosts/dnsc-vps-sm/default.nix b/hosts/dnsc-vps-sm/default.nix
index 9751afd..4bc0b09 100644
--- a/hosts/dnsc-vps-sm/default.nix
+++ b/hosts/dnsc-vps-sm/default.nix
@@ -10,6 +10,7 @@
     ./hardware-configuration.nix
     ./networking.nix
     inputs.home-manager.nixosModules.home-manager
+    inputs.ip-whitelist.nixosModules.default
   ];
 
   # Secrets
@@ -44,11 +45,24 @@
   systemd.services.NetworkManager-wait-online.enable = false;
 
   # Firewall
-  networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [
-    80 
-    443
-  ];
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [
+      80 
+      443
+    ];
+    ipBasedAllowedTCPPorts = [
+      {
+        port = 22;
+        ips = [
+          "100.103.199.4"
+          "100.115.100.87"
+          "100.83.40.63"
+        ];
+      }
+    ];
+  };
+  
 
   # My user account
   users.users.dennis = {