diff --git a/imports.tf b/imports.tf
new file mode 100644
index 0000000..ce6d284
--- /dev/null
+++ b/imports.tf
@@ -0,0 +1,54 @@
+import {
+  to = openstack_networking_secgroup_v2.mailu
+  id = "d422a797-f933-4a88-9daa-ad3bf51fd524"
+}
+
+import {
+  to = openstack_networking_secgroup_rule_v2.mailu-tcp4-ingress["22"]
+  id = "ee1d0145-522d-4bb2-8ba2-e4241c103678"
+}
+
+import {
+  to = openstack_networking_secgroup_rule_v2.mailu-tcp4-ingress["25"]
+  id = "1c044046-80b4-4482-8345-92537c3220ac"
+}
+
+import {
+  to = openstack_networking_secgroup_rule_v2.mailu-tcp4-ingress["80"]
+  id = "aff5f8e3-6d72-4378-b80c-46948b157d06"
+}
+
+import {
+  to = openstack_networking_secgroup_rule_v2.mailu-tcp4-ingress["110"]
+  id = "0d3c863b-8f4e-4db8-96a2-0714951e3719"
+}
+
+import {
+  to = openstack_networking_secgroup_rule_v2.mailu-tcp4-ingress["143"]
+  id = "b21d57e8-8f50-41d3-bb7f-42456c2e1d60"
+}
+
+import {
+  to = openstack_networking_secgroup_rule_v2.mailu-tcp4-ingress["443"]
+  id = "bb495a69-4c90-431a-a634-7b5459315a65"
+}
+
+import {
+  to = openstack_networking_secgroup_rule_v2.mailu-tcp4-ingress["465"]
+  id = "39e2ac5c-2040-4c2b-9ad5-22c424b0abcb"
+}
+
+import {
+  to = openstack_networking_secgroup_rule_v2.mailu-tcp4-ingress["587"]
+  id = "c664a4f7-d968-46ca-b476-c444078a6ab2"
+}
+
+import {
+  to = openstack_networking_secgroup_rule_v2.mailu-tcp4-ingress["993"]
+  id = "76d6ca04-3aad-466c-8b75-f75c063ca097"
+}
+
+import {
+  to = openstack_networking_secgroup_rule_v2.mailu-tcp4-ingress["995"]
+  id = "db876dde-1e0b-47fa-8960-6c82e495acf3"
+}
diff --git a/mailu.tf b/mailu.tf
index 2891e77..a1f9de2 100644
--- a/mailu.tf
+++ b/mailu.tf
@@ -1,9 +1,46 @@
+resource "openstack_networking_secgroup_v2" "mailu" {
+  name                 = "mailu"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "mailu-ipv4-egress" {
+  direction         = "egress"
+  ethertype         = "IPv4"
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.mailu.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "mailu-ipv6-egress" {
+  direction         = "egress"
+  ethertype         = "IPv6"
+  remote_ip_prefix  = "::/0"
+  security_group_id = openstack_networking_secgroup_v2.mailu.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "mailu-icmp4-ingress" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "icmp"
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.mailu.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "mailu-tcp4-ingress" {
+  for_each          = toset(["22", "25", "80", "110", "143", "443", "465", "587", "993", "995"])
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = each.value
+  port_range_max    = each.value
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.mailu.id
+}
+
 resource "openstack_compute_instance_v2" "mailu" {
   name        = "mailu"
   flavor_name = "m1.medium"
   key_pair    = "AJ OpenStack bootstrap" # TODO lol
   security_groups = [
-    "mailu" # TODO import this
+    openstack_networking_secgroup_v2.mailu.name
   ]
 
   block_device {
@@ -15,6 +52,6 @@ resource "openstack_compute_instance_v2" "mailu" {
   }
 
   network {
-    name        = "general_servers2"
+    name = "general_servers2"
   }
 }