diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix
index 5da49ec..a6e4dca 100644
--- a/systems/LoutreOS/configuration.nix
+++ b/systems/LoutreOS/configuration.nix
@@ -107,11 +107,25 @@
         ];
       };
       extraCommands = ''
+        ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true
+        ip6tables -w -F loutreos-forward 2>/dev/null || true
+        ip6tables -w -X loutreos-forward 2>/dev/null || true
+        ip6tables -w -N loutreos-forward
+        ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT
+        ip6tables -A loutreos-forward -j ACCEPT -i eno2
+        ip6tables -A loutreos-forward -j nixos-fw-log-refuse
+        ip6tables -w -A FORWARD -j loutreos-forward
+
         # Redirect local network request from server external IP to internal IP
         # Make the server available even without internet access
         iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true
         iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1
       '';
+      # remove refs to nixos-fw-log-refuse before restarting firewall
+      # prevents "ressource busy" errors
+      extraStopCommands = ''
+        ip6tables -D loutreos-forward -j nixos-fw-log-refuse 2>/dev/null || true
+      '';
     };
   };