diff --git a/Earthfile b/Earthfile
index 56ccfa387ac4d4d1508086d71d3909ae3bea491a..2c59020e3629b013557ab2756c6157cd226ba26a 100644
--- a/Earthfile
+++ b/Earthfile
@@ -3,30 +3,24 @@ VERSION --use-copy-include-patterns 0.5
 install-deps:
     FROM debian:stable@sha256:13db79e523a13e3e55b606128a4193d7b9ae788d0c11c95d6a6de0bd30aa3a14
 
-haproxy-deps:
-    FROM haproxy:2.4.18-bullseye@sha256:67ed10438e40db6df112c5e45ac64d69881d4e9e11254320bd946fe54cb4a0f6
-
 shorewall-deps:
-    FROM jess/shorewall:latest@sha256:d6b7b4b01e1c0184727a49a38a9eb410ca9efe6341da84a87e7d7d96d65768f0
+    FROM +install-deps
+    RUN apt update
+    RUN apt install shorewall shorewall6 ipset -y
     USER root
 
-validate-haproxy:
-    FROM +haproxy-deps
-    COPY ./roles/firewall/files/haproxy.cfg /tmp/haproxy.cfg
-    RUN haproxy -c -V -f /tmp/haproxy.cfg
-
 validate-shorewall:
     FROM +shorewall-deps
+    RUN apt update
+    RUN apt install shorewall ipset -y
     COPY ./roles/firewall/files/shorewall /tmp/shorewall
-    RUN shorewall check /tmp/shorewall
+    RUN --privileged shorewall check /tmp/shorewall
 
 validate-shorewall6:
     FROM +shorewall-deps
     COPY ./roles/firewall/files/shorewall6 /tmp/shorewall6
-    RUN shorewall6 check /tmp/shorewall6
-
+    RUN --privileged shorewall6 check /tmp/shorewall6
 
 test:
-    BUILD +validate-haproxy
     BUILD +validate-shorewall
     BUILD +validate-shorewall6