diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix
index 20b325c..298f35d 100644
--- a/hosts/poseidon/default.nix
+++ b/hosts/poseidon/default.nix
@@ -40,6 +40,10 @@ in
   systemd.services.tailscaled = {
       path = [ pkgs.procps ];
   };
+  networking.firewall = {
+    trustedInterfaces = [ "tailscale0" ];
+    allowedUDPPorts = [ config.services.tailscale.port ];
+  };
 
   virtualisation.docker = {
     enable = true;