diff --git a/modules/zerotier/default.nix b/modules/zerotier/default.nix
index df99677..3997cdc 100644
--- a/modules/zerotier/default.nix
+++ b/modules/zerotier/default.nix
@@ -1,7 +1,27 @@
-{ config, lib, pkgs, ... }:
+{ lib, ... }:
 {
-  networking.firewall.allowedTCPPorts = [ 9993 ];
-  networking.firewall.allowedUDPPorts = [ 9993 ];
+  networking.firewall.allowedTCPPorts = [
+    9993 
+    # FIXME: figure out why it's not enough to just allow it on interface zt*
+    5353
+  ];
+  networking.firewall.allowedUDPPorts = [
+    9993
+    5353
+  ];
+  systemd.network.networks = {
+    zerotier.extraConfig = ''
+      [Match]
+      Name=zt*
+
+      [Network]
+      LLMNR=true
+      LLDP=true
+      MulticastDNS=true
+      KeepConfiguration=static
+    '';
+  };
+
   services.zerotierone = {
     enable = true;
     joinNetworks = [