diff --git a/common/tooling/opensnitch/default.nix b/common/tooling/opensnitch/default.nix
index 11daf60..044f755 100644
--- a/common/tooling/opensnitch/default.nix
+++ b/common/tooling/opensnitch/default.nix
@@ -132,6 +132,51 @@ in
           };
         };
 
+        osu_deny = mkIf (config.grimmShared.gaming && graphical) {
+          name = "osu-deny";
+          enabled = true;
+          action = "deny";
+          precedence = false;
+          duration = "always";
+          operator = {
+            type ="regexp";
+            sensitive = false;
+            operand = "process.path";
+            data = "/nix/store/[a-z0-9]{32}-osu-lazer-bin-${escapeRegex (getVersion pkgs.osu-lazer-bin)}-extracted/usr/bin/osu!";
+          };
+        };
+
+        osu_allow = mkIf (config.grimmShared.gaming && graphical) {
+          name = "osu-allow";
+          enabled = true;
+          action = "allow";
+          precedence = true;
+          duration = "always";
+          operator = {
+            type = "list";
+            operand = "list";
+            list = [
+              {
+                type = "simple";
+                operand = "dest.port";
+                data = "443";
+              }
+              {
+                type ="regexp";
+                sensitive = false;
+                operand = "process.path";
+                data = "/nix/store/[a-z0-9]{32}-osu-lazer-bin-${escapeRegex (getVersion pkgs.osu-lazer-bin)}-extracted/usr/bin/osu!";
+              }
+              {
+                type = "regexp";
+                sensitive = false;
+                operand = "dest.host";
+                data = "(api\.github\.com)|((.+\.)?ppy\.sh)";
+              }
+            ];
+          };
+        };
+
         ncspot = mkIf (config.grimmShared.spotify.enable) {
           name = "ncspot";
           enabled = true;
@@ -375,13 +420,13 @@ in
                 operand = "dest.port";
                 data = "123|37|53";
               }
+#              {
+#                type = "regexp";
+#                sensitive = false;
+#                operand = "dest.host";
+#                data = ".*\.nixos\.pool\.ntp\.org";
+#              }
               {
-                type = "regexp";
-                sensitive = false;
-                operand = "dest.host";
-                data = ".*\.nixos\.pool\.ntp\.org";
-              }
-                            {
                 type = "simple";
                 operand = "user.id";
                 data = "154";
diff --git a/common/tooling/opensnitch/discord_hosts/hosts.list b/common/tooling/opensnitch/discord_hosts/hosts.list
index ba4e398..9ae3f9f 100644
--- a/common/tooling/opensnitch/discord_hosts/hosts.list
+++ b/common/tooling/opensnitch/discord_hosts/hosts.list
@@ -4,6 +4,7 @@ discordapp.net
 discord.gg
 discord.com
 vencord.dev
+discord-attachments-uploads-prd.storage.googleapis.com
 
 github.com
 githubusercontent.com