diff --git a/ops/nixos/lib/common.nix b/ops/nixos/lib/common.nix
index 30d3296df4..4484dc9413 100644
--- a/ops/nixos/lib/common.nix
+++ b/ops/nixos/lib/common.nix
@@ -102,6 +102,11 @@ in
     programs.mtr.enable = true;
     services.openssh.enable = true;
     services.tailscale.enable = true;
+    networking.firewall.interfaces.tailscale0 = {
+      # Just allow anything in on tailscale0.
+      allowedTCPPortRanges = [{ from = 0; to = 65535; }];
+      allowedUDPPortRanges = [{ from = 0; to = 65535; }];
+    };
 
     boot = {
       kernelModules = [ "tcp_bbr" ];