diff --git a/machines/dev/fedi203/woodpecker.nix b/machines/dev/fedi203/woodpecker.nix
index 1f0e58b5..17d8f50d 100644
--- a/machines/dev/fedi203/woodpecker.nix
+++ b/machines/dev/fedi203/woodpecker.nix
@@ -202,7 +202,6 @@
   };
 
   networking = {
-    nftables.enable = lib.mkForce false;
     firewall = {
       allowedTCPPorts = [
         22
@@ -215,6 +214,8 @@
         allowedTCPPorts = [ 53 ];
       };
     };
+    # helps make sure DNS resolves from the containers
+    nftables.enable = lib.mkForce false;
   };
 
   virtualisation.podman = {