diff --git a/machines/dev/fedi203/woodpecker.nix b/machines/dev/fedi203/woodpecker.nix
index 913cfc1f..52f016b0 100644
--- a/machines/dev/fedi203/woodpecker.nix
+++ b/machines/dev/fedi203/woodpecker.nix
@@ -203,14 +203,20 @@
 
   networking = {
     nftables.enable = lib.mkForce false;
+    firewall = {
+      allowedTCPPorts = [
+        22
+        80
+        443
+      ];
+      # needed for podman to be able to talk over dns
+      interfaces."podman0" = {
+        allowedUDPPorts = [ 53 ];
+        allowedTCPPorts = [ 53 ];
+      };
+    };
   };
 
-  networking.firewall.allowedTCPPorts = [
-    22
-    80
-    443
-  ];
-
   virtualisation.podman = {
     enable = true;
     autoPrune = {