diff --git a/container/iptables.v4 b/container/iptables.v4
new file mode 100644
index 0000000000000000000000000000000000000000..e488b8e274c15da399f955e8b67d2f422407f7a4
--- /dev/null
+++ b/container/iptables.v4
@@ -0,0 +1,8 @@
+# iptable v4 rules for lustmolch container {{name}}
+*filter
+
+-A INPUT -p tcp -m tcp --dport {{ssh_port}} 10.150.0.0/17 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport {{ssh_port}} 141.84.69.0/24 -j ACCEPT
+
+COMMIT
+
diff --git a/container/iptables.v6 b/container/iptables.v6
new file mode 100644
index 0000000000000000000000000000000000000000..987e03e33750dcee082929c8383993a4db7cbb5c
--- /dev/null
+++ b/container/iptables.v6
@@ -0,0 +1,7 @@
+# iptable v6 rules for lustmolch container {{name}}
+
+*filter
+
+-A INPUT -p tcp -m tcp --dport {{ssh_port}} 2001:4ca0:200::/48 -j ACCEPT
+
+COMMIT
diff --git a/container/sshd_config b/container/sshd_config
index 6c252b8afc128f290c2956866c41aab5349ec3c7..1c12459254d1cdb2eab18b39e278cd7f8c6e68e5 100644
--- a/container/sshd_config
+++ b/container/sshd_config
@@ -29,8 +29,8 @@ Port {{ssh_port}}
 # Authentication:
 
 #LoginGraceTime 2m
-PermitRootLogin prohibit-password
-#StrictModes yes
+PermitRootLogin without-password
+StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
 
@@ -53,7 +53,7 @@ PubkeyAuthentication yes
 #IgnoreRhosts yes
 
 # To disable tunneled clear text passwords, change to no here!
-#PasswordAuthentication yes
+PasswordAuthentication no
 #PermitEmptyPasswords no
 
 # Change to yes to enable challenge-response passwords (beware issues with
diff --git a/lustmolch.py b/lustmolch.py
index 78aa0c32e82fcbf27484e962d67879cf028dda03..83c92821c7f16ea6d4ce17f7aba991776542665e 100755
--- a/lustmolch.py
+++ b/lustmolch.py
@@ -13,7 +13,9 @@ cfg_template = namedtuple('cfg_template', ['source', 'path', 'filename'])
 
 template_files_host = [
     cfg_template('nginx', Path('/etc/nginx/sites-available'), '{name}'),
-    cfg_template('nspawn', Path('/etc/systemd/nspawn'), '{name}.nspawn')
+    cfg_template('nspawn', Path('/etc/systemd/nspawn'), '{name}.nspawn'),
+    cfg_template('iptables.v4', Path('/etc/iptables'), '{50-container-{name}.v4'),
+    cfg_template('iptables.v6', Path('/etc/iptables'), '{50-container-{name}.v6')
 ]
 template_files_container = [
     cfg_template('sshd_config', Path('/etc/ssh'), 'sshd_config')