diff --git a/services/45-bitlbee b/services/45-bitlbee
new file mode 100644
index 0000000..3ee3f5d
--- /dev/null
+++ b/services/45-bitlbee
@@ -0,0 +1,2 @@
+&def_service(bitlbee, bitlbee, tcp, 6667);
+&allow_service_for_all(bitlbee);
diff --git a/services/45-ghost b/services/45-ghost
new file mode 100644
index 0000000..cadd3a5
--- /dev/null
+++ b/services/45-ghost
@@ -0,0 +1,3 @@
+&def_service(ghost, ghost, tcp, 9000);
+&allow_service_for(ghost, web);
+&allow_service_for(postgres, ghost);
diff --git a/services/45-parkendd b/services/45-parkendd
new file mode 100644
index 0000000..431c160
--- /dev/null
+++ b/services/45-parkendd
@@ -0,0 +1,14 @@
+&def_service(parkendd, parkendd, tcp, 22);
+&forward_to_service(parkendd, tcp, 2222);
+&allow_service_for(postgres, parkendd);
+
+&def_service(parkenddweb, parkendd, tcp, 1338);
+&def_service(parkenddweb2, parkendd, tcp, 1339);
+&forward_to_service(parkenddweb, tcp, 1338);
+&forward_to_service(parkenddweb2, tcp, 1339);
+
+# park-api.higgsboson.tk points to parkendd.higgsboson.tk
+# therefore DNAT port http/https back to web container
+@def $parkendd_ip6 = @resolve(parkendd, AAAA);
+@def $web_ip6 = @resolve(web, AAAA);
+domain ip6 table nat chain PREROUTING daddr $parkendd_ip6 proto tcp dport (http https) DNAT to $web_ip6;