From 508d5a3525d81e938e62c9aa65fad310485f28ca Mon Sep 17 00:00:00 2001
From: lucalise <luca_lise@icloud.com>
Date: Wed, 4 Feb 2026 21:28:38 -0800
Subject: [PATCH] fix: re add firewall configuration

---
 nix/modules/networking/wireguard-mesh.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/nix/modules/networking/wireguard-mesh.nix b/nix/modules/networking/wireguard-mesh.nix
index d82078a..5efd364 100644
--- a/nix/modules/networking/wireguard-mesh.nix
+++ b/nix/modules/networking/wireguard-mesh.nix
@@ -65,9 +65,10 @@ in
       };
     };
 
-    # networking.firewall = {
-    #   allowedUDPPorts = [ 51820 ];
-    # };
+    networking.firewall = {
+      allowedUDPPorts = [ 51820 ];
+      trustedInterfaces = [ "wg0" ];
+    };
 
     systemd.tmpfiles.rules = [
       "d /etc/wireguard 0700 root root -"