diff --git a/modules/global/networking.nix b/modules/global/networking.nix
index e8124e3..4d73a4e 100644
--- a/modules/global/networking.nix
+++ b/modules/global/networking.nix
@@ -1,8 +1,12 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
   networking = {
     useDHCP = false;
-    firewall.checkReversePath = "loose";
+    firewall = {
+      checkReversePath = "loose";
+      trustedInterfaces = [ "tailscale0" ];
+      allowedUDPPorts = [ config.services.tailscale.port ];
+    };
   };
 
   services = {