diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix
index 52c65d0..2c3b6a9 100644
--- a/hosts/default/configuration.nix
+++ b/hosts/default/configuration.nix
@@ -176,7 +176,24 @@
 
   # For xdebug...verify actual necessity
   # Have had to use this, but I think it can be disabled still - perhaps w/xdebug binding setting...don't know.
-  networking.firewall.allowedTCPPorts = [ 9003 ];
+  #networking.firewall.allowedTCPPorts = [ 9003 ];
+
+  networking.firewall = {
+    allowedTCPPorts = [ 9003 ];
+    allowedUDPPorts = [ 51820 ];
+    # if packets are still dropped, they will show up in dmesg
+    logReversePathDrops = true;
+    checkReversePath = "loose";
+    # wireguard trips rpfilter up
+    #extraCommands = ''
+    #  ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
+    #  ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
+    #'';
+    #extraStopCommands = ''
+    #  ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
+    #  ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
+    #'';
+  };
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;