diff --git a/modules/server/nftables/default.nix b/modules/server/nftables/default.nix
index ea206e9..4c8a412 100644
--- a/modules/server/nftables/default.nix
+++ b/modules/server/nftables/default.nix
@@ -20,6 +20,7 @@ in{
           type filter hook input priority filter; policy drop;
           ct state established,related accept
           iifname "lo" accept
+          iifname { "podman*", "veth*" } accept
           tcp dport {422, 22} accept
           ${if builtins.length DBallApps > 0 then ''tcp dport {5432, 6379} ip saddr { 10.0.0.0/8, 169.254.0.0/16 } accept'' else ""}
           ${if cfg.web then ''tcp dport {80, 443} accept