diff --git a/hosts/bifrost/services/ssh.nix b/hosts/bifrost/services/ssh.nix
index 2d103eb..c91a7fb 100644
--- a/hosts/bifrost/services/ssh.nix
+++ b/hosts/bifrost/services/ssh.nix
@@ -1,12 +1,16 @@
 { config, ... }:
 let facts = config.nodeconfig.facts; in {
-  networking.firewall.interfaces.ens3.allowedTCPPorts = [ 22 ];
+  networking.firewall.interfaces = {
+    ens3.allowedTCPPorts = [ 2222 ];
+    ens4.allowedTCPPorts = [ 22 ];
+  };
   services.openssh = {
     enable = true;
     openFirewall = false;
     listenAddresses = [
-      { addr = facts.wireguard-ip; port = 22; }
+      { addr = facts.external-ip; port = 2222; }
       { addr = facts.local-ip; port = 22; }
+      { addr = facts.wireguard-ip; port = 22; }
     ];
     settings = {
       KbdInteractiveAuthentication = false;