{ ... }: {
  networking = {
    firewall = {
      enable = true;
      allowedTCPPorts = [
        53   # DNS
        80    # HTTP
        443   # HTTPS
      ];
      interfaces = {
        tailscale0= { 
          allowedTCPPorts = [
            53   # DNS
            80    # HTTP
            443   # HTTPS
          ];
        };
      };
    };
  };
}