diff --git a/syncthing/fw/ID.fw b/syncthing/fw/ID.fw
new file mode 100644
index 0000000..600fa3a
--- /dev/null
+++ b/syncthing/fw/ID.fw
@@ -0,0 +1,10 @@
+[OPTIONS]
+
+enable: 1
+
+[RULES]
+
+IN ACCEPT -i net1 -log nolog
+IN HTTPS(DROP) -i net0 -log nolog
+IN HTTP(DROP) -i net0 -log nolog
+
diff --git a/syncthing/make.sh b/syncthing/make.sh
index 2fe8b54..bced7d1 100755
--- a/syncthing/make.sh
+++ b/syncthing/make.sh
@@ -77,6 +77,9 @@ sleep ${TIMEOUT:=5}
 		-e 's/127\.0\.0\.1:8384/0.0.0.0:8384/g' \
 		-i /var/lib/syncthing/.config/syncthing/config.xml
 
+echo "# Setup: firewall..."
+@ cp fw/ID.fw /etc/firewall/$ID.fw
+
 echo "# Post config..."
 pctSet $ID "${OPTS_STAGE_2}" $REBOOT