diff --git a/ansible/router/tasks/main.yaml b/ansible/router/tasks/main.yaml
index ae0cfc15c9d063035745189b875be13a50498ecb..996821c15329e14f1ffa40d9ed3e05e1530d6981 100644
--- a/ansible/router/tasks/main.yaml
+++ b/ansible/router/tasks/main.yaml
@@ -27,6 +27,7 @@
     name: sshd
     state: restarted
     enabled: yes
+    daemon_reload: yes
 
 - name: Setup firewall
   include_tasks: firewall.yaml
diff --git a/ansible/router/templates/etc/nftables.conf.j2 b/ansible/router/templates/etc/nftables.conf.j2
index 6c88617348765fe824a06514374bdc1b2417d343..dff68928c27d4fe8a8c9488d9758c1c18edcc418 100644
--- a/ansible/router/templates/etc/nftables.conf.j2
+++ b/ansible/router/templates/etc/nftables.conf.j2
@@ -29,10 +29,12 @@ table inet filter {
     type filter hook forward priority 0;
 
     oif $wan accept
-    iif $wan drop
 
     ct status dnat accept
     iif $wan ct state related, established accept
+
+    # Drop everything else
+    iif $wan drop
   }
 
   # Allow all packets sent by the firewall