diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix
index 1b9ae3d..43e8c91 100644
--- a/nix/deuxfleurs.nix
+++ b/nix/deuxfleurs.nix
@@ -421,6 +421,12 @@ in
         cfg.wireguardPort
       ];
 
+      # Don't spam logs with refused connections
+      logRefusedConnections = false;
+
+      # Use REJECT instead of DROP, to avoid timeouts (e.g. when trying to connect to the wrong SSH port)
+      rejectPackets = true;
+
       # Allow specific hosts access to specific things in the cluster
       extraCommands = ''
         # Allow UDP packets comming from port 1900 from a local address,