diff --git a/modules/system/networking/nebula/default.nix b/modules/system/networking/nebula/default.nix
index 4e07a2dd..149ee176 100644
--- a/modules/system/networking/nebula/default.nix
+++ b/modules/system/networking/nebula/default.nix
@@ -46,8 +46,7 @@ inputs:
         };
         secrets."nebula/key" = {};
       };
-      networking.firewall.enable = false;
-      # networking.firewall = { trustedInterfaces = [ "nebula.nebula" ]; }
-      #   // (if nebula.lighthouse != null then {} else { allowedTCPPorts = [ 4242 ]; allowedUDPPorts = [ 4242 ]; });
+      networking.firewall = { trustedInterfaces = [ "nebula.nebula" ]; }
+        // (if nebula.lighthouse != null then {} else { allowedTCPPorts = [ 4242 ]; allowedUDPPorts = [ 4242 ]; });
     };
 }