diff --git a/modules/networking.nix b/modules/networking.nix
index fe43004..c4bd1cf 100644
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -1,34 +1,44 @@
 { ... }:
 {
-  networking.firewall = {
-    enable = true;
+  networking = {
+    wireless.iwd.enable = true;
 
-    # Open ports in the firewall.
-    allowedTCPPorts = [ ];
-    allowedUDPPorts = [ 51820 ];
-    allowedTCPPortRanges = [
-      {
-        from = 1714;
-        to = 1764;
-      }
-    ];
-    allowedUDPPortRanges = [
-      {
-        from = 1714;
-        to = 1764;
-      }
-    ];
+    networkmanager.wifi.backend = "iwd";
 
-    # if packets are still dropped, they will show up in dmesg
-    logReversePathDrops = true;
-    # wireguard trips rpfilter up https://nixos.wiki/wiki/WireGuard#Setting_up_WireGuard_with_NetworkManager
-    extraCommands = ''
-      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
-      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
-    '';
-    extraStopCommands = ''
-      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
-      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
-    '';
+    firewall =
+      let
+        wgPort = 51820;
+      in
+      {
+        enable = true;
+
+        # Open ports in the firewall.
+        allowedTCPPorts = [ ];
+        allowedUDPPorts = [ wgPort ];
+        allowedTCPPortRanges = [
+          {
+            from = 1714;
+            to = 1764;
+          }
+        ];
+        allowedUDPPortRanges = [
+          {
+            from = 1714;
+            to = 1764;
+          }
+        ];
+
+        # if packets are still dropped, they will show up in dmesg
+        logReversePathDrops = true;
+        # wireguard trips rpfilter up https://nixos.wiki/wiki/WireGuard#Setting_up_WireGuard_with_NetworkManager
+        extraCommands = ''
+          ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport ${toString wgPort} -j RETURN
+          ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport ${toString wgPort} -j RETURN
+        '';
+        extraStopCommands = ''
+          ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport ${toString wgPort} -j RETURN || true
+          ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport ${toString wgPort} -j RETURN || true
+        '';
+      };
   };
 }