diff --git a/hosts/calufrax/default.nix b/hosts/calufrax/default.nix
index 6a69dc6..33d1631 100644
--- a/hosts/calufrax/default.nix
+++ b/hosts/calufrax/default.nix
@@ -16,6 +16,30 @@
     };
   }; 
 
+  programs.firejail = {
+    enable = true;
+    wrappedBinaries = {
+      packettracer9 = {
+        executable = lib.getExe pkgs.ciscoPacketTracer9;
+
+        # Will still want a .desktop entry as the package is not directly added
+        desktop = "${pkgs.ciscoPacketTracer9}/share/applications/cisco-packet-tracer-9.desktop";
+
+        extraArgs = [
+          # This should make it run in isolated netns, preventing internet access
+          "--net=none"
+
+          # firejail is only needed for network isolation so no futher profile is needed
+          "--noprofile"
+
+          # Packet tracer doesn't play nice with dark QT themes so this
+          # should unset the theme. Uncomment if you have this issue.
+          ''--env=QT_STYLE_OVERRIDE=""''
+        ];
+      };
+    };
+  };
+
   services.upower.enable = true;
   services.power-profiles-daemon.enable = true;
 
@@ -57,6 +81,11 @@
     isSystemUser = true;
   };
 
+  environment.systemPackages = with pkgs; [
+    ciscoPacketTracer9
+  ];
+
+
   boot.kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_latest;
 
   hardware.graphics.extraPackages = with pkgs; [vpl-gpu-rt mesa.opencl libvdpau-va-gl intel-media-driver intel-vaapi-driver libva-vdpau-driver vulkan-validation-layers];