diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix
index daf9b3c..1a08e0d 100644
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -139,6 +139,7 @@
               "infrastructure",
               "wg_cloonar",
               "smart",
+              "podman*",
               "multimedia"
             } udp dport { 53, 67, 68 } counter accept
 
@@ -148,6 +149,9 @@
             # iifname "multimedia" ip saddr <chromecast IP> tcp dport { llmnr } counter accept
             # iifname "multimedia" ip saddr <chromecast IP> udp dport { mdns, llmnr } counter accept
 
+            # Allow all returning traffic
+            ct state { established, related } counter accept
+
 
             # Allow returning traffic from wg_cloonar and drop everthing else
             iifname "wg_cloonar" ct state { established, related } counter accept
@@ -204,7 +208,7 @@
               "multimedia",
               "smart",
               "wg_cloonar",
-              "podman1",
+              "podman*",
             } oifname {
               "wan",
             } counter accept comment "Allow trusted LAN to WAN"
diff --git a/hosts/fw.cloonar.com/modules/gitea.nix b/hosts/fw.cloonar.com/modules/gitea.nix
index 0c7a67f..e686237 100644
--- a/hosts/fw.cloonar.com/modules/gitea.nix
+++ b/hosts/fw.cloonar.com/modules/gitea.nix
@@ -131,20 +131,6 @@ in
     labels = [
       "ubuntu-latest:docker://shivammathur/node:latest"
     ];
-    settings = {
-      runner = {
-        envs = {
-          DOCKER_DAEMON_CONFIG = ''
-            {
-              "dns": ["10.42.97.10"]
-            }           
-          '';
-        };
-      };
-      # container = {
-      #   options = "--network=server";
-      # };
-    };
   };
 
   # containers.git-runner = {