diff --git a/configuration/common/programs.nix b/configuration/common/programs.nix
index 8b4d56a..2eafc83 100644
--- a/configuration/common/programs.nix
+++ b/configuration/common/programs.nix
@@ -10,6 +10,7 @@
     colmena
     vim
     agenix
+    nixos-firewall-tool
   ];
 
   programs.mtr.enable = true;
diff --git a/flake.nix b/flake.nix
index 53bfe6a..65e05d0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -111,6 +111,7 @@
         nixfiles-generate-config
         nixfiles-updated-inputs
         nixfiles-update-ssh-host-keys
+        nixos-firewall-tool
         pyexcel-xlsx
         pyexcel-webio
         update-from-hydra
diff --git a/pkgs/nixos-firewall-tool/default.nix b/pkgs/nixos-firewall-tool/default.nix
new file mode 100644
index 0000000..b225e93
--- /dev/null
+++ b/pkgs/nixos-firewall-tool/default.nix
@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+
+pkgs.writeShellApplication {
+  name = "nixos-firewall-tool";
+  text = builtins.readFile ./nixos-firewall-tool.sh;
+  runtimeInputs = with pkgs; [
+    iptables
+  ];
+}
+
diff --git a/pkgs/nixos-firewall-tool/nixos-firewall-tool.sh b/pkgs/nixos-firewall-tool/nixos-firewall-tool.sh
new file mode 100755
index 0000000..17e7ce8
--- /dev/null
+++ b/pkgs/nixos-firewall-tool/nixos-firewall-tool.sh
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+ip46tables() {
+  iptables -w "$@"
+  ip6tables -w "$@"
+
+}
+
+show_help() {
+    echo "nixos-firewall-tool"
+    echo ""
+    echo "Can temporarily manipulate the NixOS firewall"
+    echo ""
+    echo "Open TCP port:"
+    echo " nixos-firewall-tool open tcp 8888"
+    echo ""
+    echo "Show all firewall rules:"
+    echo " nixos-firewall-tool show"
+    echo ""
+    echo "Open UDP port:"
+    echo " nixos-firewall-tool open udp 51820"
+    echo ""
+    echo "Reset firewall configuration to system settings:"
+    echo " nixos-firewall-tool reset"
+}
+
+if [[ -z ${1+x} ]]; then
+  show_help
+  exit 1
+fi
+
+case $1 in
+  "open")
+    protocol="$2"
+    port="$3"
+
+    ip46tables -I nixos-fw -p "$protocol" --dport "$port" -j nixos-fw-accept
+  ;;
+  "show")
+    ip46tables --numeric --list nixos-fw
+  ;;
+  "reset")
+    systemctl restart firewall.service
+  ;;
+  -h|--help|help)
+    show_help
+    exit 0
+  ;;
+  *)
+    show_help
+    exit 1
+  ;;
+esac
diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix
index 44e57ef..5aa6a7d 100644
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -8,6 +8,7 @@ self: super: {
   nixfiles-generate-config = self.callPackage ./nixfiles/nixfiles-generate-config.nix {};
   nixfiles-updated-inputs = self.callPackage ./nixfiles/nixfiles-updated-inputs.nix {};
   nixfiles-update-ssh-host-keys = self.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
+  nixos-firewall-tool = self.callPackage ./nixos-firewall-tool {};
   pyexcel-xlsx = self.python3.pkgs.callPackage ./pyexcel-xlsx {};
   pyexcel-webio = self.python3.pkgs.callPackage ./pyexcel-webio {};
   update-from-hydra = self.callPackage ./update-from-hydra {};