I’ve found the built in nix firewall to be somewhat lacking (can’t have different ports open on different networks for instance, I would rather reduce my attack surface while out on other people’s/public WiFi)
Is it possible to use other firewall software on NixOS declaratively?
opnsense and pfsense, though they run on freeBSD
Also OpenWRT if you want to stay on Linux, but OpenWRT is a nightmare for updating