{
  networking.firewall = {
    enable = true;
    allowedUDPPorts = [ 53 ];

    allowedTCPPorts = [
      80
      443
    ];

    allowedUDPPortRanges = [
      {
        from = 60000;
        to = 61000;
      }
    ];
  };
}