diff --git a/states/nftables/templates/rules.nft.j2 b/states/nftables/templates/rules.nft.j2
index 8b36b90..eccb175 100644
--- a/states/nftables/templates/rules.nft.j2
+++ b/states/nftables/templates/rules.nft.j2
@@ -11,6 +11,7 @@ add chain ip filter OUTPUT { type filter hook output priority 0; policy accept;
 add chain ip filter DOCKER
 add rule ip filter INPUT iifname lo counter accept
 add rule ip filter INPUT iifname tun* counter accept
+add rule ip filter INPUT iifname tailscale* counter accept
 add rule ip filter INPUT iifname br* counter accept
 add rule ip filter INPUT iifname veth* counter accept
 add rule ip filter INPUT iifname lxc* counter accept
@@ -60,6 +61,7 @@ add chain ip6 filter6 FORWARD { type filter hook forward priority 0; policy acce
 add chain ip6 filter6 OUTPUT { type filter hook output priority 0; policy accept; }
 add rule ip6 filter6 INPUT iifname lo counter accept
 add rule ip6 filter6 INPUT iifname tun* counter accept
+add rule ip6 filter6 INPUT iifname tailscale* counter accept
 add rule ip6 filter6 INPUT ct state related,established counter accept
 add rule ip6 filter6 INPUT icmpv6 type {destination-unreachable, packet-too-big, time-exceeded, echo-request, echo-reply, mld-listener-query, mld-listener-report, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect, parameter-problem, router-renumbering} accept
 {%- for network in net.ip_networks %}