diff --git a/wireguard.nix b/wireguard.nix
index c745de8..00e9dd4 100644
--- a/wireguard.nix
+++ b/wireguard.nix
@@ -10,12 +10,11 @@
       mtu = 1400;
       autostart = true;
       postUp = ''
-        ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
-        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o ${lib.head config.vars.interfaces} -j MASQUERADE
+        ${pkgs.procps}/bin/sysctl -w net.ipv4.conf.wg0.rp_filter=2
+        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o wg0 -d 10.6.0.1 -j SNAT --to-source ${config.vars.local_ip}
       '';
       postDown = ''
-        ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
-        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o ${lib.head config.vars.interfaces}
+        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o wg0 -d 10.6.0.1 -j SNAT --to-source ${config.vars.local_ip}
       '';
       privateKey = config.vars.wg_privateKey;
       peers = [{