diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix
index 635134d..29daf46 100644
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -65,7 +65,7 @@
 
             # lan and vpn to any
             # TODO: disable wan when finished
-            iifname { "wan", "lan", "wg_cloonar" } oifname { "lan", "wg_cloonar", "server", "multimedia", "smart", "wrwks", "wg_epicenter", "wg_ghetto_at" } counter accept
+            iifname { "wan", "lan", "wg_cloonar" } oifname { "lan", "server", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept
 
             # Allow trusted network WAN access
             iifname {
@@ -99,7 +99,8 @@
           # Setup NAT masquerading on the ppp0 interface
           chain postrouting {
             type nat hook postrouting priority filter; policy accept;
-            oifname { "wan", "wrwks", "wg_epicenter", "wg_ghetto_at" } masquerade
+            # oifname { "wan", "wrwks", "wg_epicenter", "wg_ghetto_at" } masquerade
+            oifname { "wan" } masquerade
           }
         }
       '';