{ config, pkgs, ... }:

{
  config = {
    networking.nftables.enable = true;
    networking.firewall = {
      enable = true;
      allowPing = true;
      allowedTCPPorts = [ 53 80 443 ];
      allowedUDPPorts = [ 53 443 ];
      interfaces."podman*".allowedTCPPorts = [ 443 ];
    };
  };
}