diff --git a/hosts/carbon/configuration.nix b/hosts/carbon/configuration.nix
index 34efa5a..b6d9ce7 100644
--- a/hosts/carbon/configuration.nix
+++ b/hosts/carbon/configuration.nix
@@ -14,6 +14,7 @@
       ./net-iot.nix
       ./net-lte.nix
       ./net-mgmt.nix
+      ./net-printer.nix
       ./net-voip.nix
       ./ntp.nix
       ./ppp.nix
diff --git a/hosts/carbon/net-printer.nix b/hosts/carbon/net-printer.nix
new file mode 100644
index 0000000..bc32d16
--- /dev/null
+++ b/hosts/carbon/net-printer.nix
@@ -0,0 +1,47 @@
+{ ... }:
+
+{
+  networking.vlans."enp1s0.206" = {
+    id = 206;
+    interface = "enp1s0";
+  };
+  networking.bridges."net-printer".interfaces = [
+    "enp1s0.206"
+  ];
+  networking.interfaces."net-printer".ipv4.addresses = [
+    { address = "10.152.206.1"; prefixLength = 24; }
+  ];
+
+  services.kea.dhcp4 = {
+    settings = {
+      interfaces-config = {
+        interfaces = [ "net-printer" ];
+      };
+      subnet4 = [
+        {
+          id = 206;
+          subnet = "10.152.206.0/24";
+          pools = [
+            {
+              pool = "10.152.206.100 - 10.152.206.240";
+            }
+          ];
+          option-data = [
+            {
+              name = "routers";
+              data = "10.152.206.1";
+            }
+          ];
+        }
+      ];
+    };
+  };
+
+  clerie.firewall.extraForwardFilterCommands = ''
+    # Allow access from Heimnetz to printer
+    ip46tables -A forward-filter -i net-heimnetz -o net-printer -j ACCEPT
+    ip46tables -A forward-filter -i net-printer -j DROP
+    ip46tables -A forward-filter -o net-printer -j DROP
+  '';
+
+}