diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix
index 41aff1480a05a..e89f86a2d4ec6 100644
--- a/nixos/modules/services/networking/wireguard.nix
+++ b/nixos/modules/services/networking/wireguard.nix
@@ -284,6 +284,7 @@ in
 
     systemd.services = mapAttrs' generateUnit cfg.interfaces;
 
+    networking.firewall.allowedUDPPorts = filter (i: i != null) (mapAttrsToList (name: values: values.listenPort) cfg.interfaces);
   };
 
 }
diff --git a/nixos/tests/wireguard/default.nix b/nixos/tests/wireguard/default.nix
index b0797b963235b..d4a88da3b6200 100644
--- a/nixos/tests/wireguard/default.nix
+++ b/nixos/tests/wireguard/default.nix
@@ -28,7 +28,6 @@ import ../make-test.nix ({ pkgs, ...} : {
         };
       };
 
-      networking.firewall.allowedUDPPorts = [ 23542 ];
       networking.wireguard.interfaces.wg0 = {
         ips = [ "10.23.42.1/32" "fc00::1/128" ];
         listenPort = 23542;