From 20c667bbfbc649d319ce02b439f1ca9ec5502fc2 Mon Sep 17 00:00:00 2001
From: chn <chn@chn.moe>
Date: Wed, 12 Nov 2025 11:23:05 +0800
Subject: [PATCH] modules.services.tailscale: fix

---
 modules/services/tailscale.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/services/tailscale.nix b/modules/services/tailscale.nix
index b066f8e1..0d81028a 100644
--- a/modules/services/tailscale.nix
+++ b/modules/services/tailscale.nix
@@ -11,8 +11,8 @@ inputs:
       disableTaildrop = true;
       # authKeyParameters should not be set
       authKeyFile = inputs.config.nixos.system.sops.secrets."tailscale".path;
-      extraUpFlags = [ "--login-server=https://headscale.chn.moe" "--accept-dns=false" ];
-      extraSetFlags = [ "--accept-dns=false" ];
+      extraUpFlags = [ "--login-server=https://headscale.chn.moe" "--accept-dns=false" "--netfilter-mode=off" ];
+      extraSetFlags = [ "--accept-dns=false" "--netfilter-mode=off" ];
     };
     nixos.system.sops.secrets."tailscale" = {};
     networking.firewall.trustedInterfaces = [ inputs.config.services.tailscale.interfaceName ];