diff --git a/install/x86-network-config.mk b/install/x86-network-config.mk
deleted file mode 100644
index ef7bd48..0000000
--- a/install/x86-network-config.mk
+++ /dev/null
@@ -1,3 +0,0 @@
-install-x86-network-config:
-	mkdir -p files/etc/config
-	cp misc/x86/uci/network files/etc/config/network
\ No newline at end of file
diff --git a/install/x86.mk b/install/x86.mk
new file mode 100644
index 0000000..9fe764a
--- /dev/null
+++ b/install/x86.mk
@@ -0,0 +1,7 @@
+install-x86-network-config:
+	mkdir -p files/etc/config
+	cp misc/x86/uci/network files/etc/config/network
+
+install-x86-firewall-rules:
+	mkdir -p files/etc/uci-defaults
+	cp misc/x86/uci-defaults/99-x86-firewall-rules.sh files/etc/uci-defaults/99-x86-firewall-rules.sh
\ No newline at end of file
diff --git a/misc/x86/uci-defaults/99-x86-firewall-rules.sh b/misc/x86/uci-defaults/99-x86-firewall-rules.sh
new file mode 100644
index 0000000..ecb8709
--- /dev/null
+++ b/misc/x86/uci-defaults/99-x86-firewall-rules.sh
@@ -0,0 +1,39 @@
+#/bin/sh
+
+set -e
+
+main() {
+    uci add firewall rule
+    uci set firewall.@rule[-1].name='Allow SSH on WAN'
+    uci set firewall.@rule[-1].src='wan'
+    uci set firewall.@rule[-1].proto='tcp'
+    uci set firewall.@rule[-1].dest_port='22'
+    uci set firewall.@rule[-1].target='ACCEPT'
+
+    uci add firewall rule
+    uci set firewall.@rule[-1].name='Allow HTTP on WAN'
+    uci set firewall.@rule[-1].src='wan'
+    uci set firewall.@rule[-1].proto='tcp'
+    uci set firewall.@rule[-1].dest_port='80'
+    uci set firewall.@rule[-1].target='ACCEPT'
+
+    uci add firewall rule
+    uci set firewall.@rule[-1].name='Allow HTTPS on WAN'
+    uci set firewall.@rule[-1].src='wan'
+    uci set firewall.@rule[-1].proto='tcp'
+    uci set firewall.@rule[-1].dest_port='443'
+    uci set firewall.@rule[-1].target='ACCEPT'
+
+    uci commit firewall
+    service firewall restart
+
+    # Forward DNS queries to public DNS
+    uci -q delete dhcp.@dnsmasq[0].server
+    uci add_list dhcp.@dnsmasq[0].server="8.8.8.8"
+    uci add_list dhcp.@dnsmasq[0].server="8.8.4.4"
+    
+    uci commit dhcp
+    service dnsmasq restart
+}
+
+main
\ No newline at end of file
diff --git a/targets/x86_generic.mk b/targets/x86_generic.mk
index a3d0cde..ead9569 100644
--- a/targets/x86_generic.mk
+++ b/targets/x86_generic.mk
@@ -2,7 +2,7 @@ all: x86_generic
 
 x86_generic:
 	$(MAKE) \
-		ADDITIONAL_INSTALL="install-x86-network-config" \
+		ADDITIONAL_INSTALL="install-x86-network-config install-x86-firewall-rules" \
 		OPENWRT_TARGET="x86/generic" \
 		EMISSARY_ARCH="386" \
 		OPENWRT_PROFILE="generic" \