diff --git a/cortex.spec b/cortex.spec
index e4ffb4d..266a677 100644
--- a/cortex.spec
+++ b/cortex.spec
@@ -21,6 +21,7 @@ BuildRequires: systemd-rpm-macros
Requires(pre): shadow-utils
Requires: systemd
+Requires: firewalld-filesystem
# systemd-rpm-macros ships a unit dep generator that parses User=/Group=
# from our .service file and emits Requires: user(cortex)/group(cortex).
@@ -56,6 +57,7 @@ cargo build --release -p cortex-cli
install -Dm755 target/release/cortex %{buildroot}%{_bindir}/cortex
install -Dm644 data/cortex.service %{buildroot}%{_unitdir}/cortex.service
install -Dm644 data/cortex-sysusers.conf %{buildroot}%{_sysusersdir}/cortex.conf
+install -Dm644 data/cortex-firewalld.xml %{buildroot}%{_prefix}/lib/firewalld/services/cortex.xml
install -dm755 %{buildroot}%{_sysconfdir}/cortex
install -Dm644 cortex.example.toml %{buildroot}%{_sysconfdir}/cortex/cortex.toml
install -Dm644 models.example.toml %{buildroot}%{_sysconfdir}/cortex/models.toml
@@ -78,6 +80,7 @@ install -Dm644 models.example.toml %{buildroot}%{_sysconfdir}/cortex/models.toml
%{_bindir}/cortex
%{_unitdir}/cortex.service
%{_sysusersdir}/cortex.conf
+%{_prefix}/lib/firewalld/services/cortex.xml
%dir %{_sysconfdir}/cortex
%config(noreplace) %{_sysconfdir}/cortex/cortex.toml
%config(noreplace) %{_sysconfdir}/cortex/models.toml
diff --git a/data/cortex-firewalld.xml b/data/cortex-firewalld.xml
new file mode 100644
index 0000000..490e2cc
--- /dev/null
+++ b/data/cortex-firewalld.xml
@@ -0,0 +1,7 @@
+
+
+ cortex
+ Cortex — inference gateway for multi-node GPU clusters
+
+
+
diff --git a/data/neuron-firewalld.xml b/data/neuron-firewalld.xml
new file mode 100644
index 0000000..3215487
--- /dev/null
+++ b/data/neuron-firewalld.xml
@@ -0,0 +1,6 @@
+
+
+ helexa-neuron
+ Neuron — per-node GPU discovery and harness daemon for cortex
+
+
diff --git a/helexa-neuron.spec b/helexa-neuron.spec
index 3cc74de..4c23c8a 100644
--- a/helexa-neuron.spec
+++ b/helexa-neuron.spec
@@ -24,6 +24,7 @@ BuildRequires: systemd-rpm-macros
Requires(pre): shadow-utils
Requires: systemd
+Requires: firewalld-filesystem
# systemd-rpm-macros ships a unit dep generator that parses User=/Group=
# from our .service file and emits Requires: user(neuron)/group(neuron).
@@ -58,6 +59,7 @@ cargo build --release -p neuron
install -Dm755 target/release/neuron %{buildroot}%{_bindir}/neuron
install -Dm644 data/neuron.service %{buildroot}%{_unitdir}/neuron.service
install -Dm644 data/neuron-sysusers.conf %{buildroot}%{_sysusersdir}/neuron.conf
+install -Dm644 data/neuron-firewalld.xml %{buildroot}%{_prefix}/lib/firewalld/services/helexa-neuron.xml
install -dm755 %{buildroot}%{_sysconfdir}/neuron
install -Dm644 neuron.example.toml %{buildroot}%{_sysconfdir}/neuron/neuron.toml
@@ -79,6 +81,7 @@ install -Dm644 neuron.example.toml %{buildroot}%{_sysconfdir}/neuron/neuron.toml
%{_bindir}/neuron
%{_unitdir}/neuron.service
%{_sysusersdir}/neuron.conf
+%{_prefix}/lib/firewalld/services/helexa-neuron.xml
%dir %{_sysconfdir}/neuron
%config(noreplace) %{_sysconfdir}/neuron/neuron.toml