diff --git a/nixos/modules/services/security/opensnitch.nix b/nixos/modules/services/security/opensnitch.nix
index acb51c2e942b..bffe17a948d1 100644
--- a/nixos/modules/services/security/opensnitch.nix
+++ b/nixos/modules/services/security/opensnitch.nix
@@ -207,6 +207,7 @@ in
       };
       tmpfiles.rules = [
         "d ${cfg.settings.Rules.Path} 0750 root root - -"
+        "L+ /etc/opensnitchd/network_aliases.json - - - - ${cfg.package}/etc/opensnitchd/network_aliases.json"
         "L+ /etc/opensnitchd/system-fw.json - - - - ${cfg.package}/etc/opensnitchd/system-fw.json"
       ];
     };
diff --git a/nixos/tests/opensnitch.nix b/nixos/tests/opensnitch.nix
index 0e97717f45bd..cde4ae6efc17 100644
--- a/nixos/tests/opensnitch.nix
+++ b/nixos/tests/opensnitch.nix
@@ -54,10 +54,23 @@ in
               action = "allow";
               duration = "always";
               operator = {
-                type = "simple";
-                sensitive = false;
-                operand = "process.path";
-                data = "${pkgs.curl}/bin/curl";
+                type = "list";
+                operand = "list";
+                list = [
+                  {
+                    type = "simple";
+                    sensitive = false;
+                    operand = "process.path";
+                    data = "${pkgs.curl}/bin/curl";
+                  }
+                  # Check that network aliases like "LAN" are properly resolved.
+                  {
+                    type = "network";
+                    sensitive = false;
+                    operand = "dest.network";
+                    data = "LAN";
+                  }
+                ];
               };
             };
           };