diff --git a/nix/modules/networking/wireguard-mesh.nix b/nix/modules/networking/wireguard-mesh.nix
index d82078a..5efd364 100644
--- a/nix/modules/networking/wireguard-mesh.nix
+++ b/nix/modules/networking/wireguard-mesh.nix
@@ -65,9 +65,10 @@ in
       };
     };
 
-    # networking.firewall = {
-    #   allowedUDPPorts = [ 51820 ];
-    # };
+    networking.firewall = {
+      allowedUDPPorts = [ 51820 ];
+      trustedInterfaces = [ "wg0" ];
+    };
 
     systemd.tmpfiles.rules = [
       "d /etc/wireguard 0700 root root -"