diff --git a/install.sh b/install.sh
index 69078f9..2ffc61c 100755
--- a/install.sh
+++ b/install.sh
@@ -14,7 +14,6 @@ base_dir=$(pwd)
 cd ./installation
 source ./basic.sh
 source ./podman.sh
-source ./firewall.sh
 
 cd "$base_dir"
 
diff --git a/services/basic/global.policy.json b/services/firewall/global.policy.json
similarity index 100%
rename from services/basic/global.policy.json
rename to services/firewall/global.policy.json
diff --git a/services/basic/icmp.policy.json b/services/firewall/icmp.policy.json
similarity index 100%
rename from services/basic/icmp.policy.json
rename to services/firewall/icmp.policy.json
diff --git a/installation/firewall.sh b/services/firewall/install.sh
similarity index 92%
rename from installation/firewall.sh
rename to services/firewall/install.sh
index 93de9e3..f8cb4e9 100644
--- a/installation/firewall.sh
+++ b/services/firewall/install.sh
@@ -5,7 +5,7 @@ apk add -u awall # important -u flag!
 apk add ip6tables iptables
 modprobe -v ip_tables
 modprobe -v ip6_tables
-modprobe -v iptable_nat #if NAT is used
+#modprobe -v iptable_nat #if NAT is used
 
 # Register services
 rc-update add iptables
diff --git a/services/basic/outgoing.policy.json b/services/firewall/outgoing.policy.json
similarity index 100%
rename from services/basic/outgoing.policy.json
rename to services/firewall/outgoing.policy.json
diff --git a/services/wireguard/vpn_traffic.policy.json b/services/wireguard/vpn_traffic.policy.json
new file mode 100644
index 0000000..f275d8a
--- /dev/null
+++ b/services/wireguard/vpn_traffic.policy.json
@@ -0,0 +1,12 @@
+{
+    "description": "Allow VPN traffic through Wireguard interface",
+    "filter": [
+        {
+            "in": "VPN",
+            "out": "_fw",
+            "service": [ "ssh", "dns", "ping", "http", "https" ],
+            "action": "accept",
+            "src": "10.0.0.1/24"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/update.sh b/update.sh
index 1c2f910..a5b91e2 100644
--- a/update.sh
+++ b/update.sh
@@ -24,8 +24,8 @@ for service in "./services"/*/; do
   for policy in *.policy.json; do
     [ -e "$policy" ] || continue
     POLICY_NAME="${policy%.policy.json}"
-    ln -sf "./$policy" "/etc/awall/optional/$POLICY_NAME.policy.json"
-    awall enable "$POLICY_NAME.policy"
+    ln -sf "./$policy" "/etc/awall/optional/$POLICY_NAME.json"
+    awall enable "$POLICY_NAME"
   done
 
   cd "$base_dir"