diff --git a/contrib/liveusb/etc/image/setup.sh b/contrib/liveusb/etc/image/setup.sh
new file mode 120000
index 000000000..a645eb309
--- /dev/null
+++ b/contrib/liveusb/etc/image/setup.sh
@@ -0,0 +1 @@
+setup.sh
\ No newline at end of file
diff --git a/contrib/liveusb/etc/sysconfig/ip6tables b/contrib/liveusb/etc/sysconfig/ip6tables
new file mode 100644
index 000000000..13f6e5ed7
--- /dev/null
+++ b/contrib/liveusb/etc/sysconfig/ip6tables
@@ -0,0 +1,31 @@
+*filter
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+
+# Allow loopback traffic
+-A INPUT -i lo -j ACCEPT
+
+# Allow established connections, and those not coming from the outside
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+
+# Allow HTTP
+-A INPUT -p tcp --dport http -m conntrack --ctstate NEW -j ACCEPT
+
+# Allow SSH
+-A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j ACCEPT
+
+# Allow Tinc
+-A INPUT -p udp --dport tinc -j ACCEPT
+-A INPUT -p tcp --dport tinc -j ACCEPT
+
+# Accept Pings
+-A INPUT -p icmpv6 -j ACCEPT
+
+# Reject everything else
+-A INPUT -j REJECT
+
+# We wont act as a router
+-A FORWARD -j REJECT
+
+COMMIT
diff --git a/contrib/liveusb/etc/sysconfig/iptables b/contrib/liveusb/etc/sysconfig/iptables
new file mode 100644
index 000000000..cfdd9d2f3
--- /dev/null
+++ b/contrib/liveusb/etc/sysconfig/iptables
@@ -0,0 +1,34 @@
+*filter
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+
+# Allow loopback traffic
+-A INPUT -i lo -j ACCEPT
+
+# Allow established connections, and those not coming from the outside
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+
+# Allow HTTP
+-A INPUT -p tcp --dport http -m conntrack --ctstate NEW -j ACCEPT
+
+# Allow VPN
+-A INPUT -s 10.0.0.0/8 -j ACCEPT
+
+# Allow SSH
+-A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j ACCEPT
+
+# Allow Tinc
+-A INPUT -p udp --dport tinc -j ACCEPT
+-A INPUT -p tcp --dport tinc -j ACCEPT
+
+# Accept Pings
+-A INPUT -p icmp -j ACCEPT
+
+# Reject everything else
+-A INPUT -j REJECT
+
+# We wont act as a router
+-A FORWARD -j REJECT
+
+COMMIT
diff --git a/contrib/liveusb/etc/sysconfig/network b/contrib/liveusb/etc/sysconfig/network
new file mode 100644
index 000000000..61c4a5ad8
--- /dev/null
+++ b/contrib/liveusb/etc/sysconfig/network
@@ -0,0 +1 @@
+NETWORKING=yes
diff --git a/contrib/liveusb/etc/systemd/system/setup.service b/contrib/liveusb/etc/systemd/system/setup.service
index 50206d3cc..be5b1bd10 100644
--- a/contrib/liveusb/etc/systemd/system/setup.service
+++ b/contrib/liveusb/etc/systemd/system/setup.service
@@ -5,7 +5,7 @@ After=dhclient.service
 
 [Service]
 Type=simple
-ExecStart=/s2ss/contrib/liveusb/setup.sh
+ExecStart=/etc/image/setup.sh
 RemainAfterExit=yes
 
 TimeoutSec=120