tailscale was bypassing firewall

author: Devin Finlinson <devin.finlinson@pm.me> 2026-04-13 21:31:12 -0600
committer: Devin Finlinson <devin.finlinson@pm.me> 2026-04-13 21:31:12 -0600
commit: 92c419df57a72545a3ca444bdbd6217b6718b925 (patch)
tree: cc96619170626339ca7e5a62ff7ef2c6822bb42b /modules
parent: cf40354daee832052036732b44fab5603f83f353 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/nixos/tailscale.nix b/modules/nixos/tailscale.nix
index e3635fd..8fa49be 100644
--- a/modules/nixos/tailscale.nix
+++ b/modules/nixos/tailscale.nix
@@ -5,6 +5,7 @@
       "--login-server https://bosco.myrmexia.xyz"
       "--operator defin"
     ];
+    extraSetFlags = ["--netfilter-mode=nodivert"];
   };
   systemd.services.tailscaled.after = [ "systemd-networkd-wait-online.service" ];
   networking.firewall = {
author	Devin Finlinson <devin.finlinson@pm.me>	2026-04-13 21:31:12 -0600
committer	Devin Finlinson <devin.finlinson@pm.me>	2026-04-13 21:31:12 -0600
commit	92c419df57a72545a3ca444bdbd6217b6718b925 (patch)
tree	cc96619170626339ca7e5a62ff7ef2c6822bb42b /modules
parent	cf40354daee832052036732b44fab5603f83f353 (diff)