diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix
index ebdb116..09c023f 100644
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -203,7 +203,10 @@
           # Setup NAT masquerading on external interfaces
           chain postrouting {
             type nat hook postrouting priority filter; policy accept;
-            oifname { "wan", "wrwks", "wg_epicenter", "wg_ghetto_at" } masquerade
+            oifname { "wan" } masquerade
+            oifname { "wrwks" } masquerade
+            oifname { "wg_epicenter" } masquerade
+            oifname { "wg_ghetto_at" } masquerade
           }
         }
       '';
diff --git a/hosts/fw.cloonar.com/modules/unbound.nix b/hosts/fw.cloonar.com/modules/unbound.nix
index c7d304a..b119ad6 100644
--- a/hosts/fw.cloonar.com/modules/unbound.nix
+++ b/hosts/fw.cloonar.com/modules/unbound.nix
@@ -107,30 +107,30 @@ let
           "10.43.97.1"
         ];
       }
-      {
-        name = "epicenter.works.";
-        forward-addr = [
-          "10.50.60.1"
-        ];
-      }
-      {
-        name = "akvorrat.at.";
-        forward-addr = [
-          "10.50.60.1"
-        ];
-      }
-      {
-        name = "epicenter.intra.";
-        forward-addr = [
-          "10.14.1.1"
-        ];
-      }
-      {
-        name = "intra.epicenter.works.";
-        forward-addr = [
-          "10.14.1.1"
-        ];
-      }
+      # {
+      #   name = "epicenter.works.";
+      #   forward-addr = [
+      #     "10.50.60.1"
+      #   ];
+      # }
+      # {
+      #   name = "akvorrat.at.";
+      #   forward-addr = [
+      #     "10.50.60.1"
+      #   ];
+      # }
+      # {
+      #   name = "epicenter.intra.";
+      #   forward-addr = [
+      #     "10.14.1.1"
+      #   ];
+      # }
+      # {
+      #   name = "intra.epicenter.works.";
+      #   forward-addr = [
+      #     "10.14.1.1"
+      #   ];
+      # }
     ];
   };
 in {