{
  # Enable using nftables instead of iptables
  networking.nftables.enable = true;
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [
      25
      80
      143
      179
      389
      443
      465
      587
      636
      993
      4130
      4190
      6900
      8000
    ];
    allowedUDPPorts = [
      80
      636
      4367
      6900
      34197
    ];
    allowedUDPPortRanges = [
      {
        from = 480;
        to = 510;
      }
    ];
    trustedInterfaces = [
      "tailscale0"
      "wg0"

      # DN42 Interfaces
      "wg42_bandura"
      "wg42_bluemedia"
      "wg42_catgirls"
      "wg42_chris"
      "wg42_iedon"
      "wg42_kioubit"
      "wg42_liki"
      "wg42_lutoma"
      "wg42_potato"
      "wg42_sunnet"
      "wg42_uffsalot"
      "wg42_usman"
    ];
    extraForwardRules = ''
      meta iifname "wg42_*" meta oifname "wg42_*" accept
      meta iifname tailscale0 meta oifname "wg42_*" accept
      meta iifname "wg42_*" meta oifname tailscale0  tcp dport 22 accept
    '';
  };
}