feat(firewall): add Tailscale configuration

guillaumededrie · Dec 27, 2023 · 7751773 · 7751773
1 parent c3293d8
commit 7751773
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/files/etc_nftables.conf.j2 b/files/etc_nftables.conf.j2
@@ -68,6 +68,10 @@ table inet firewall {
         # UPnP
         ip daddr 239.255.255.250 udp dport 1900 counter accept comment "Accept UPnP"
 
+        # Tailscale, see: https://tailscale.com/kb/1082/firewall-ports
+        udp sport 41641 counter accept comment "Allow Tailscale Direct Wireguard tunnels"
+        udp dport 3478 counter accept comment "Allow STUN protocol behind NAT"
+
         log prefix "[nftables] Output Denied: " counter reject
     }