[Linux - NixOS] Twingate not detecting firewall on NixOS – Twingate

Applicable to:

Twingate Component: Client
Platform: Linux (NixOS)

Overview

The Twingate Client does not detect a firewall if networking.firewall is used to configure firewall rules, on NixOS.

Cause

While the NixOS provided firewall solution uses iptables in the backend (a firewall solution supported by the Twingate Client), the Twingate Client is unable to detect NixOS’s iptables use of inetworking.firewall.

Solution

To use iptables for the Twingate Client device posture firewall, the firewall requirements must be met.

Firewall Requirements

⚠️ Warning

Before applying any changes to firewall rules, review your organization's security policies and test in a controlled environment.
Changing firewall policies may block legitimate traffic, including SSH and DNS. Always ensure that essential traffic is explicitly allowed before setting restrictive policies.

networking.firewall must be disabled.
iptables must be installed.
INPUT chain's default policy must be set to DROP.
For details on setting default policies in iptables, see either:
- iptables documentation online: https://linux.die.net/man/8/iptables
- man iptables

In this article: