diff --git a/systems/amd-server-vm/configuration.nix b/systems/amd-server-vm/configuration.nix
index 32dfaf3..7aa1613 100644
--- a/systems/amd-server-vm/configuration.nix
+++ b/systems/amd-server-vm/configuration.nix
@@ -108,6 +108,23 @@
 
   # 8888 = scheibenmeister skip button
   networking.firewall.allowedTCPPorts = [ 25565 25566 8888 ];
+  networking.nftables.tables.ip_drop = {
+    family = "inet";
+    content = ''
+      set blocked-ip4 {
+        typeof ip saddr
+        flags interval
+        auto-merge
+        elements = { 45.144.212.240 }
+      }
+      chain input {
+        # -100 priority to run before the default filter input chain (0)
+        type filter hook input priority -100; policy accept;
+
+        ip saddr @blocked-ip4 log prefix "nftables drop: " level info counter drop
+      }
+    '';
+  };
   networking.hostName = "server-vm"; # Define your hostname.
 
   #services.murmur = {
diff --git a/systems/amd-server/configuration.nix b/systems/amd-server/configuration.nix
index 692cc07..9b21c3a 100644
--- a/systems/amd-server/configuration.nix
+++ b/systems/amd-server/configuration.nix
@@ -73,6 +73,7 @@
     };
 
     firewall.allowedTCPPorts = [ 25565 25566 ]; # localsend
+
   };
 
   security.pki.certificates = [