diff --git a/services/firewall/rules.nft b/services/firewall/rules.nft
index 4df3f03..3aa9234 100644
--- a/services/firewall/rules.nft
+++ b/services/firewall/rules.nft
@@ -82,6 +82,12 @@ table inet firewall {
     ip saddr { $lan_net, $vpn_net } tcp dport 53 accept
     ip6 saddr $lan_net6 tcp dport 53 accept
 
+    # Allow Minecraft server access from LAN and VPN
+    ip saddr { $lan_net, $vpn_net } tcp dport 25565 accept
+    ip saddr { $lan_net, $vpn_net } udp dport 25565 accept
+    ip saddr { $lan_net, $vpn_net } tcp dport 19132 accept
+    ip saddr { $lan_net, $vpn_net } udp dport 19132 accept
+
     # Rules for WAN interface only
     iifname $wan udp dport 51820 accept                   # Allow Wireguard incoming from WAN