diff --git a/nixos/access/kanidm.nix b/nixos/access/kanidm.nix
index dff4f928..5aa0cc69 100644
--- a/nixos/access/kanidm.nix
+++ b/nixos/access/kanidm.nix
@@ -146,8 +146,13 @@ in {
       ])
     ];
 
-    networking.firewall.allowedTCPPorts = [
-      389 636
-    ];
+    networking.firewall = {
+      interfaces.local.allowedTCPPorts = [
+        389
+      ];
+      allowedTCPPorts = [
+        636
+      ];
+    };
   };
 }
diff --git a/nixos/plex.nix b/nixos/plex.nix
index 3163b67f..280d69f3 100644
--- a/nixos/plex.nix
+++ b/nixos/plex.nix
@@ -9,16 +9,10 @@
   # * 32469 - Plex DLNA Server
   # UDP:
   # * 1900 - DLNA
-  # * 5353 - Bonjour / Avahi
   # * 32410, 32412, 32413, 32414 - GDM Network Discovery
 
-  # Tautulli and Ombi will also be reverse proxied, presumably
-
-  networking.firewall = {
-    interfaces.local.allowedTCPPorts = [
-      32400
-    ];
-    allowedTCPPorts = [8324 32469 8181 5000];
-    allowedUDPPorts = [1900 5353 32410 32412 32413 32414];
+  networking.firewall.interfaces.local = {
+    allowedTCPPorts = [32400 8324 32469];
+    allowedUDPPorts = [1900 32410 32412 32413 32414];
   };
 }
diff --git a/nixos/syncplay.nix b/nixos/syncplay.nix
index b29a8e99..a142afe7 100644
--- a/nixos/syncplay.nix
+++ b/nixos/syncplay.nix
@@ -27,7 +27,7 @@ in {
   };
   users.groups.${cfg.group} = {};
 
-  networking.firewall.allowedTCPPorts = [cfg.port];
+  networking.firewall.interfaces.local.allowedTCPPorts = [cfg.port];
 
   services.syncplay = {
     enable = true;