diff --git a/modules/clerie-firewall/default.nix b/modules/clerie-firewall/default.nix
index 863ab46..d27020e 100644
--- a/modules/clerie-firewall/default.nix
+++ b/modules/clerie-firewall/default.nix
@@ -24,6 +24,9 @@ let
 
     ip46tables -N forward-filter
 
+    # Allow packets from existing connections
+    ip46tables -A forward-filter -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
     ${cfg.extraForwardFilterCommands}
 
     ip46tables -A FORWARD -j forward-filter