diff --git a/modules/netdata.nix b/modules/netdata.nix
index 7e3738c..1e2b6b7 100644
--- a/modules/netdata.nix
+++ b/modules/netdata.nix
@@ -53,6 +53,11 @@ in
       internalOnly = true;
       contentSecurityPolicy = null;  # Netdata dashboard has its own CSP requirements, cannot be overridden
     };
+
+    # Allow direct Tailscale access to Netdata port
+    networking.firewall.extraCommands = lib.mkAfter ''
+      iptables -I INPUT 1 -p tcp --dport ${toString cfg.port} -s 100.64.0.0/10 -j ACCEPT
+    '';
   };
 
 }
\ No newline at end of file