diff --git a/lib/constants.nix b/lib/constants.nix
index 21aceec..7439c36 100644
--- a/lib/constants.nix
+++ b/lib/constants.nix
@@ -169,6 +169,10 @@ rec {
         port = 8448;
         dst = aa.middleman.internal.ipv4.address;
       }
+      {
+        port = 25565;
+        dst = aa.simpcraft-oci.internal.ipv4.address;
+      }
 
       {
         port = 2456;
diff --git a/nixos/boxes/colony/vms/estuary/default.nix b/nixos/boxes/colony/vms/estuary/default.nix
index d86402c..f06973c 100644
--- a/nixos/boxes/colony/vms/estuary/default.nix
+++ b/nixos/boxes/colony/vms/estuary/default.nix
@@ -393,7 +393,8 @@ in
                       # Safe enough to allow all SSH
                       tcp dport ssh accept
 
-                      ${matchInet "tcp dport { http, https, 8448 } accept" "middleman"}
+                      ip6 daddr ${aa.middleman.internal.ipv6.address} tcp dport { http, https, 8448 } accept
+                      ip6 daddr ${aa.simpcraft-oci.internal.ipv6.address} tcp dport 25565 accept
                       return
                     }
                     chain routing-udp {
diff --git a/nixos/boxes/colony/vms/estuary/dns.nix b/nixos/boxes/colony/vms/estuary/dns.nix
index f213a66..7748158 100644
--- a/nixos/boxes/colony/vms/estuary/dns.nix
+++ b/nixos/boxes/colony/vms/estuary/dns.nix
@@ -148,6 +148,8 @@ in
 
             valheim IN A ${assignments.internal.ipv4.address}
             valheim IN AAAA ${allAssignments.valheim-oci.internal.ipv6.address}
+            simpcraft IN A ${assignments.internal.ipv4.address}
+            simpcraft IN AAAA ${allAssignments.simpcraft-oci.internal.ipv6.address}
 
             mail-vm IN A ${net.cidr.host 0 prefixes.mail.v4}
             mail-vm IN AAAA ${net.cidr.host 1 prefixes.mail.v6}
diff --git a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
index bfef99a..77ee9b6 100644
--- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
@@ -352,6 +352,11 @@ in
         locations."/".proxyPass = "http://git-vm.${domain}:3000";
         useACMEHost = pubDomain;
       };
+
+      "mc-map.${pubDomain}" = {
+        locations."/".proxyPass = "http://simpcraft-oci.${domain}:8100";
+        useACMEHost = pubDomain;
+      };
     };
 
     minio =
diff --git a/nixos/boxes/colony/vms/whale2/default.nix b/nixos/boxes/colony/vms/whale2/default.nix
index 6901b95..dd6b157 100644
--- a/nixos/boxes/colony/vms/whale2/default.nix
+++ b/nixos/boxes/colony/vms/whale2/default.nix
@@ -50,6 +50,7 @@ in
       };
     }) {
       valheim-oci = 2;
+      simpcraft-oci = 3;
     };
 
     configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }:
@@ -63,6 +64,7 @@ in
           "${modulesPath}/profiles/qemu-guest.nix"
 
           ./valheim.nix
+          ./minecraft
         ];
 
         config = mkMerge [
diff --git a/nixos/boxes/colony/vms/whale2/minecraft/default.nix b/nixos/boxes/colony/vms/whale2/minecraft/default.nix
new file mode 100644
index 0000000..7b54d01
--- /dev/null
+++ b/nixos/boxes/colony/vms/whale2/minecraft/default.nix
@@ -0,0 +1,51 @@
+{ lib, config, allAssignments, ... }:
+let
+  inherit (lib) concatStringsSep;
+  inherit (lib.my) dockerNetAssignment;
+
+  # devplayer0
+  op = "6d7d971b-ce10-435b-85c5-c99c0d8d288c";
+in
+{
+  config = {
+    virtualisation.oci-containers.containers = {
+      simpcraft = {
+        image = "ghcr.io/itzg/minecraft-server:2023.12.2-java17-alpine";
+
+        environment = {
+          TYPE = "paper";
+
+          EULA = "true";
+          MOTD = "§4§k----- §9S§ai§bm§cp§dc§er§fa§6f§5t §4§k-----";
+          ICON = "/ext/icon.png";
+          DIFFICULTY = "normal";
+
+          WHITELIST = concatStringsSep "," [
+            op
+            "dcd2ecb9-2b5e-49cb-9d4f-f5a76162df56" # Elderlypug
+            "fcb26db2-c3ce-41aa-b588-efec79d37a8a" # Jesthral_
+            "1d366062-12c0-4e29-aba7-6ab5d8c6bb05" # shr3kas0ras
+            "703b378a-09f9-4c1d-9876-1c9305728c49" # OROURKEIRE
+            "f105bbe6-eda6-4a13-a8cf-894e77cab77b" # Adzerq
+            "1fc94979-41fb-497a-81e9-34ae24ca537a" # johnnyscrims
+          ];
+          OPS = op;
+
+          MAX_MEMORY = "4G";
+          MODRINTH_PROJECTS = concatStringsSep "," [ ];
+
+          TZ = "Europe/Dublin";
+        };
+
+        volumes = [
+          "minecraft_data:/data"
+          "${./icon.png}:/ext/icon.png:ro"
+        ];
+
+        extraOptions = [
+          ''--network=colony:${dockerNetAssignment allAssignments "simpcraft-oci"}''
+        ];
+      };
+    };
+  };
+}
diff --git a/nixos/boxes/colony/vms/whale2/minecraft/icon.png b/nixos/boxes/colony/vms/whale2/minecraft/icon.png
new file mode 100644
index 0000000..19829c3
Binary files /dev/null and b/nixos/boxes/colony/vms/whale2/minecraft/icon.png differ
diff --git a/nixos/modules/firewall.nix b/nixos/modules/firewall.nix
index f44621e..aaf95f3 100644
--- a/nixos/modules/firewall.nix
+++ b/nixos/modules/firewall.nix
@@ -222,7 +222,7 @@ in
                 "iifname ${cfg.nat.externalInterface} jump filter-iif-port-forwards"}
               ${optionalString
                 dipForward
-                (concatMapStringsSep "\n    " (ip: "${ipK ip} daddr ${ip} jump ${natFilterChain ip}") (attrNames cfg.nat.forwardPorts))}
+                (concatMapStringsSep "\n    " (ip: "jump ${natFilterChain ip}") (attrNames cfg.nat.forwardPorts))}
             }
           }