diff --git a/system/etc/nftables.conf b/system/etc/nftables.conf
index 455bede..ec468b6 100644
--- a/system/etc/nftables.conf
+++ b/system/etc/nftables.conf
@@ -34,11 +34,7 @@ table inet filter {
 		iifname "virbr0" counter reject with icmpx type port-unreachable
 	}
 
-	chain libvirt_postrouting {
-		ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24 counter masquerade
-	}
-
-	# Default to drop all inbound traffic, unless they meet our criteria
+	# Default to drop all inbound traffic, unless they meet the criteria
 	chain input {
 		type filter hook input priority 0; policy drop;
 
@@ -131,6 +127,12 @@ table inet filter {
 		counter comment "Count accepted packets"
 		#log prefix "[nftables] Outbound Accepted: " flags all counter accept
 	}
+}
+
+table inet nat {
+	chain libvirt_postrouting {
+		ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24 counter masquerade
+	}
 
 	chain postrouting {
 		type nat hook postrouting priority 100; policy accept;