diff --git a/caddy/edit.sh b/caddy/edit.sh
new file mode 100755
index 0000000..eb31601
--- /dev/null
+++ b/caddy/edit.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+nvim /etc/caddy/Caddyfile
+
diff --git a/caddy/iptables/disable_iptables.sh b/caddy/iptables/disable_iptables.sh
new file mode 100755
index 0000000..28fdfc0
--- /dev/null
+++ b/caddy/iptables/disable_iptables.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+iptables -F
+iptables -X
+iptables -P INPUT ACCEPT
+iptables -P OUTPUT ACCEPT
+iptables -P FORWARD ACCEPT
+
+exit 0
diff --git a/caddy/iptables/iptables-caddy.sh b/caddy/iptables/iptables-caddy.sh
new file mode 100755
index 0000000..dd317b7
--- /dev/null
+++ b/caddy/iptables/iptables-caddy.sh
@@ -0,0 +1,67 @@
+#!/bin/sh
+#
+# mitchs iptables skeleton config
+# -------------------------------------------
+
+# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
+# variables
+# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
+SUBNET=192.168.100
+PIHOLE=$SUBNET.200
+# =/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=
+
+# flush
+iptables -F
+
+# deny all default
+iptables -P OUTPUT DROP
+iptables -P INPUT DROP
+iptables -P FORWARD DROP
+
+# ========================================================================
+# CADDY IPTABLES CONFIG
+#
+# permit any traffic on local lan
+iptables -A OUTPUT -j ACCEPT -d $SUBNET.0/24 -p tcp -m state --state NEW
+iptables -A OUTPUT -j ACCEPT -d $SUBNET.0/24 -p udp -m state --state NEW
+
+# permit 443 inbound from outside
+iptables -A INPUT -j ACCEPT -p tcp --dport 443 -m state --state NEW,ESTABLISHED
+####iptables -A INPUT -j ACCEPT -p tcp --dport 80 -m state --state NEW,ESTABLISHED
+# ========================================================================
+
+# dns to pihole
+iptables -A OUTPUT -j ACCEPT -d $PIHOLE/24 -p tcp --dport 53 -m state --state NEW
+iptables -A OUTPUT -j ACCEPT -d $PIHOLE/24 -p udp --dport 53 -m state --state NEW
+
+# permit local ssh
+iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --dport ssh -m state --state NEW
+iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --sport ssh -m state --state NEW
+iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --sport ssh -m state --state ESTABLISHED
+iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --dport ssh -m state --state ESTABLISHED
+
+# permit outgoing http,https,ftp as well for updates and things
+iptables -A OUTPUT -j ACCEPT -p tcp --dport 80 -m state --state NEW,ESTABLISHED
+iptables -A OUTPUT -j ACCEPT -p tcp --dport 443 -m state --state NEW,ESTABLISHED
+iptables -A OUTPUT -j ACCEPT -p tcp --dport 21 -m state --state NEW,ESTABLISHED
+
+# permit loopback
+iptables -A OUTPUT -j ACCEPT -o lo
+
+# permit established
+iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
+
+# save
+if command -v systemctl >/dev/null 2>&1 ; then
+	# redhat
+	if [ -f /etc/sysconfig/iptables ] ; then
+		iptables-save -f /etc/sysconfig/iptables
+	# arch
+	elif [ -f /etc/iptables/iptables.rules ] ; then
+		iptables-save -f /etc/iptables/iptables.rules
+	fi
+	# alpine
+elif command -v rc-service >/dev/null 2>&1 ; then
+	/etc/init.d/iptables save
+fi
+
diff --git a/caddy/restart.sh b/caddy/restart.sh
new file mode 100755
index 0000000..10af254
--- /dev/null
+++ b/caddy/restart.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+rc-service caddy stop
+rc-service caddy start
+
diff --git a/caddy/update.sh b/caddy/update.sh
new file mode 100755
index 0000000..80dd6b3
--- /dev/null
+++ b/caddy/update.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -e
+apk update
+apk upgrade --force-missing-repositories