It seems a bit hacky. From what I gather[1][2] networking.firewall.extraCommands will keep adding the rules on every “deployment”. Does that mean every time I run nixos-rebuild switch? If so is there a better way to do it?
networking.firewall.extraCommands
nixos-rebuild switch
[1]
[2]