diff --git a/nixos/server/firewall.nix b/nixos/server/firewall.nix
index f7a3478..7ea651c 100644
--- a/nixos/server/firewall.nix
+++ b/nixos/server/firewall.nix
@@ -44,7 +44,7 @@
             chain POSTROUTING {
               type nat hook postrouting priority 100; policy accept;
               oifname "${ips.netInt}" masquerade
-	      ip saddr ${ips.wgSpan}.0/24 oifname "${ips.netInt}" masquerade comment "WireGuard"
+	      iifname "${ips.netInt}" oifname "${ips.wgInt}" masquerade comment "Traffic from public to WireGuard"
             }
           '';
         };