{
  config,
  lib,
  ...
}:
let
  cfg = config.machine.coturn;
in
with lib;
mkIf cfg.enable {
  networking.firewall = {
    interfaces.enp2s0 =
      let
        range = with config.services.coturn; [
          {
            from = min-port;
            to = max-port;
          }
        ];
      in
      {
        allowedUDPPortRanges = range;
        allowedUDPPorts = [
          3478
          5349
        ];
        allowedTCPPortRanges = [ ];
        allowedTCPPorts = [
          3478
          5349
        ];
      };
  };
}