diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix
index ee93393..283e044 100644
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -72,6 +72,7 @@
               "lan",
               "podman0",
               "server",
+              "vserver",
               "infrastructure",
               "wg_cloonar",
               "smart",
@@ -81,6 +82,7 @@
               "lan",
               "podman0",
               "server",
+              "vserver",
               "infrastructure",
               "wg_cloonar",
               "smart",
@@ -111,14 +113,15 @@
 
             # lan and vpn to any
             # TODO: disable wan when finished
-            iifname { "wan", "lan", "server", "podman0", "wg_cloonar" } oifname { "lan", "server", "podman0", "infrastructure", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept
-            iifname { "infrastructure" } oifname { "podman0", "server" } counter accept
+            iifname { "wan", "lan", "server", "vserver", "podman0", "wg_cloonar" } oifname { "lan", "server", "vserver", "podman0", "infrastructure", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept
+            iifname { "infrastructure" } oifname { "podman0", "server", "vserver" } counter accept
 
             # Allow trusted network WAN access
             iifname {
               "lan",
               "infrastructure",
               "server",
+              "vserver",
               "podman0",
               "multimedia",
               "smart",