diff --git a/ops/nixos/totoro/default.nix b/ops/nixos/totoro/default.nix
index ac232ac263..3335322d54 100644
--- a/ops/nixos/totoro/default.nix
+++ b/ops/nixos/totoro/default.nix
@@ -109,6 +109,10 @@ in {
       3702  # samba-wsdd
     ];
     firewall.checkReversePath = false;  # breaks Lifx
+    firewall.extraCommands = ''
+      # Allow all inbound UDP from localnet for Lifx purposes...
+      iptables -A nixos-fw -p udp --src 192.168.1.0/24 --dst 192.168.1.40 -j nixos-fw-accept
+    '';
 
     macvlans.mv-plex = { interface = "br-ext"; };
     interfaces.mv-plex = {