diff --git a/components/network/sshd/default.nix b/components/network/sshd/default.nix
index 2b80a1d..1743f4f 100644
--- a/components/network/sshd/default.nix
+++ b/components/network/sshd/default.nix
@@ -36,6 +36,13 @@ in
         make sure ssh is only available trough the tinc
       '';
     };
+    allowMosh = mkOption {
+      type = bool;
+      default = true;
+      description = ''
+        make mosh port available
+      '';
+    };
   };
 
   config = mkMerge [
@@ -69,6 +76,16 @@ in
         iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0
       '';
     })
+
+    (mkIf (cfg.allowMosh && cfg.enable) {
+      networking.firewall.allowedUDPPortRanges = [
+        {
+          from = 60000;
+          to = 61000;
+        }
+      ];
+    })
+
   ];
 
 }