diff --git a/void-files/etc/firewall-conf/custom-input.conf.sample b/void-files/etc/firewall-conf/custom-input.conf.sample
new file mode 100644
index 0000000..7c8bddf
--- /dev/null
+++ b/void-files/etc/firewall-conf/custom-input.conf.sample
@@ -0,0 +1,12 @@
+# custom nftables ruleset
+# This file is included from /etc/firewall-conf/open-out.conf
+# and contains custom firewall rules for inbound traffic
+# rules can be added manually or by gui tools
+# Maintained by Project Trident: https://project-trident.org
+
+# uncomment to allow inbound ssh connections
+#add rule inet filter input tcp dport 22 accept
+
+# uncomment to allow inbound syncthing connections
+#add rule inet filter input tcp dport 22000 accept
+#add rule inet filter input udp dport 21027 accept
diff --git a/void-files/etc/firewall-conf/open-out.conf b/void-files/etc/firewall-conf/open-out.conf
index d42c0e5..e08fbda 100644
--- a/void-files/etc/firewall-conf/open-out.conf
+++ b/void-files/etc/firewall-conf/open-out.conf
@@ -15,5 +15,7 @@ add rule inet filter input iif lo accept
 add rule inet filter input ct state established,related accept
 # IPv6 neighbor discovery
 add rule inet filter input ip6 nexthdr icmpv6 icmpv6 type { nd-neighbor-solicit, echo-request, nd-router-advert, nd-neighbor-advert } accept
+# include file with custum inbound rules
+include custom-*.conf
 # drop all other packets
 add rule inet filter input counter drop