From 92c419df57a72545a3ca444bdbd6217b6718b925 Mon Sep 17 00:00:00 2001
From: Devin Finlinson <devin.finlinson@pm.me>
Date: Mon, 13 Apr 2026 21:31:12 -0600
Subject: tailscale was bypassing firewall

---
 modules/nixos/tailscale.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'modules/nixos')

diff --git a/modules/nixos/tailscale.nix b/modules/nixos/tailscale.nix
index e3635fd..8fa49be 100644
--- a/modules/nixos/tailscale.nix
+++ b/modules/nixos/tailscale.nix
@@ -5,6 +5,7 @@
       "--login-server https://bosco.myrmexia.xyz"
       "--operator defin"
     ];
+    extraSetFlags = ["--netfilter-mode=nodivert"];
   };
   systemd.services.tailscaled.after = [ "systemd-networkd-wait-online.service" ];
   networking.firewall = {
-- 
cgit v1.2.3