diff --git a/bundles/wireguard/metadata.py b/bundles/wireguard/metadata.py
index f0600c3..ed5a8fa 100644
--- a/bundles/wireguard/metadata.py
+++ b/bundles/wireguard/metadata.py
@@ -226,7 +226,9 @@ def firewall(metadata):
         except NoSuchNode:  # roadwarrior
             ports['{}/udp'.format(config['my_port'])] = atomic(set(metadata.get('wireguard/restrict-to', set())))
         else:
-            ports['{}/udp'.format(config['my_port'])] = atomic({name})
+            ports['{}/udp'.format(config['my_port'])] = atomic(
+                set(repo.libs.s2s.WG_AUTOGEN_SETTINGS.get(name, {}).get('firewall', set())) | {name}
+            )
 
     return {
         'firewall': {
diff --git a/libs/s2s.py b/libs/s2s.py
index eba4728..136a257 100644
--- a/libs/s2s.py
+++ b/libs/s2s.py
@@ -23,6 +23,7 @@ WG_AUTOGEN_NODES = [
 WG_AUTOGEN_SETTINGS = {
     # special settings to apply when peering with a specific node
     'home.router': {
+        'firewall': {'versatel'},
         'no_autoconnect': True,
         'persistent_keepalive': False,
     },