diff --git a/modules/server/nftables/default.nix b/modules/server/nftables/default.nix
index fcd0bef..6293cfb 100644
--- a/modules/server/nftables/default.nix
+++ b/modules/server/nftables/default.nix
@@ -1,5 +1,7 @@
-{ config, lib, ... }:{
-  config = lib.mkIf (true) {
+{ config, lib, ... }:
+let
+ cfg = config.syscfg.server;
+in{
     boot.kernel.sysctl = {
       "net.ipv4.ip_forward" = 1;
       "net.ipv6.conf.all.forwarding" = 1;
@@ -12,12 +14,15 @@
           type filter hook input priority filter; policy drop;
           ct state established,related accept
           iifname "lo" accept
-          tcp dport {5432, 6379} ip saddr { 10.0.0.0/8, 169.254.0.0/16 } accept
-          tcp dport {80, 443, 22} accept
-          udp dport {80, 443, 22} accept
+          tcp dport {22} accept
+          ${if cfg.database then ''tcp dport {5432, 6379} ip saddr { 10.0.0.0/8, 169.254.0.0/16 } accept'' else ""}
+          ${if cfg.web then ''tcp dport {80, 443} accept
+          udp dport {80, 443} accept'' else ""}
+          
           
         }
       }
+      ${if cfg.nftables.enable then ''
       table inet nat {
         chain prerouting {
           type nat hook prerouting priority dstnat; policy accept;
@@ -43,7 +48,6 @@
           type nat hook postrouting priority srcnat; policy accept;
           oifname { ${lib.concatMapStringsSep ", " (iface: ''"${iface}"'') config.syscfg.server.nftables.ifs} } masquerade
         }
-      }
+      }'' else ""}
     '';
-  };
 }
\ No newline at end of file