diff --git a/modules/core/network.nix b/modules/core/network.nix
index 7be2c5b..1d07504 100644
--- a/modules/core/network.nix
+++ b/modules/core/network.nix
@@ -10,6 +10,23 @@
       # { from = 4000; to = 4007; }
       # { from = 8000; to = 8010; }
       # ];
+
+      ### https://nixos.wiki/wiki/WireGuard#Setting_up_WireGuard_with_NetworkManager
+      # if packets are still dropped, they will show up in dmesg
+      logReversePathDrops = true;
+      # wireguard trips rpfilter up
+      extraCommands = ''
+        iptables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
+        ip6tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
+        iptables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
+        ip6tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
+      '';
+      extraStopCommands = ''
+        iptables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
+        ip6tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
+        iptables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
+        ip6tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
+      '';
     };
   };
 
diff --git a/modules/home/packages.nix b/modules/home/packages.nix
index aeee925..f3bf2bf 100644
--- a/modules/home/packages.nix
+++ b/modules/home/packages.nix
@@ -42,6 +42,7 @@
     yazi # terminal file manager
     yt-dlp
     zenity
+    wireguard-tools
     winetricks
     wineWowPackages.wayland
     wtype